What did 2015 mean to Operational System?

As we enter the final weeks of 2015, did it live up to what we expected, what trends did it star to cement into Operational System design.

These are just some of observations I have seen:

1/ Shift to significant operational transformation programs, vs just projects, as accelerated in the second half of 2015. Certainly we have seen a lot of projects initially started or investigated as projects in 2014, in 2015 reemerge as multi-site, multiyear transformation programs. With the understanding that these programs are on journey both in technology, but also operational goals/ outcomes, and culture.

Certainly a couple of us have seen a significant amount of time allocated to evolving these opportunities working with the customer to help define their outcomes, the approaches, this has been and is still continuing as educational process for all involved. This is fundamentally changing the engagement models between end user vendors and engineering houses as a partnership, requiring changes on both sides.

2/ Cyber Security/ Application Security: This continues to grow as a huge area of interest, but this year it shifted not only how to secure, but how to maintain successfully, evolve their business and agile operations in a tighter security model. Realization that cost is not just in setting up a secure operational environment, but the cost of evolving and sustaining it while maintaining an agile business requires a strategy on it’s own.

3/ Operational Awareness/ Effectiveness: Understanding, not the “aging workforce” but the transformation in both “workforce culture/ approach” and transformation in “Workspace”  are real. That today's and last ten years of operational systems will not satisfy the agile decisions that required, but also the changing workspace culture and methods. The amount of workshops and strategies sessions I have asked to be involved in 2015 was three times that of 2014, and they were clear strategic discussions around people and how people will operate in the future.

4/ Understanding and reality of Internet of Things: The hype has been here and continues around IOT. But there has been some real sole searching in many industrial companies to understanding what it means to them. Many it dawned as the operational alignment end efficiencies they have in the “walls of the plant” now can extend to the “mobile plant”. In Oil and Gas, and Mining moving to include “extraction” wells, equipment in the operational process in real-time. In many other industries, it moved the mobile receivables plants, distribution trucks and then the distribution centers, etc. to be included in the “end to end” operational control.

5/ Realization that the Operational architecture of the future near and long term will have Internet and “cloud” as a natural part of it, and we must design the security, and systems assuming on premise and off premise architecture.

All of the above does surprise us, based on the trends, but it is good to see the shift from talk to reality. I would expect that 2016 this strategic journey programs to increase. Certainly the scope of operational responsibility is changing include a end to end supply chain, that means move outside the plant walls with the traditional systems, and we will see the alignment of Process operations and utility operations (power) into one operational strategy and control.   

Have a very happy holiday season and may 2016 continue the momentum to deliver operational solutions that will handle the "operational transformation" happening around us.

Information Technology/Operations Technology (IT/OT) for the Oil and Gas Industry

Blog from Stan DeVries

Since 2006, some oil & gas companies have attempted to align what has been called IT and OT with different organization approaches.  It is valuable to consider what these two “worlds” are:

The world of IT is focused on corporate functions, such as ERP, e-mail, office tools etc.  The following key characteristics apply:

•          The dominant verb is “manage”.
•          Systems design assumes that humans are the “end points” – information flows begin and end with humans.
•          The focus is on financial aspects – revenue, margins, earning per share, taxes etc.
•          The focus is also on cross-functional orchestration of the corporate supply chain
•          The main technique is reporting – across all sites in the corporation.
•          One of the methods is to enforce a standard interface between enterprise applications (especially ERP) and the plants/oil fields/refineries/terminals.
•          Policies for managing information are mostly homogenous, and the primary risk is loss of data.

In contrast, the world of OT is focused on plant operations functions.  The following key characteristics apply:

•          The dominant verb is “control”.
•          Systems design assumes that “things” (equipment, materials, product specifications etc.) are the “end points” – information flows can begin and end without humans.
•          The focus is on operational aspects – quality, throughput, efficiency etc.
•          The focus is also on providing detailed instructions for operations areas – to equipment and to humans
•          The main technique is controlling – within a related group of sites or a single site.
•          One of the methods is to accommodate multiple protocols and equipment interfaces.
•          Policies are usually diverse and asset-specific; risk includes loss of data, loss of life, loss of environment, loss of product and loss of equipment.

These two worlds must be integrated but their requirements and strategies must be kept separate.  The following diagram suggests a strategy to achieve this:

The above diagram recommends the following methods to bridge these two worlds:

•          Use a “value generation” metric to justify and harmonize the equal importance of these two worlds.  “Value” can be measured both in terms of financial value (more on this below) and in terms of risk.
•          Reconcile units of measure using thorough activity-based costing, down to senior operators and the technicians which support them.
•          Correctly aggregate and disaggregate information at the appropriate frequency.  Operators require hourly information (in some industries, every 15 minutes).
•          Centralize and distribute information with an approach called “holistic consistency” – allow for the diversity of information structures and names for each area of operation, but enforce consistent structure and naming between sites (or in some cases, between operations areas).
•          Integrate and interoperate with appropriate methods and standards, which must address visualization, mobility, access and other aspects as well as information.
•          Apply a consistent cybersecurity approach across multiple areas of the IT/OT system, allowing for information to flow “down” and “across”.  An “air gap” approach has been proven to be unsustainable, but a multi-level approach called “defense in depth” has been proven to be effective and practical.

Oil and gas companies have implemented a variety of organization structures for bridging these two worlds.  Some companies divide IT into two areas, called Infrastructure and Transformation.  New technologies which are strongly linked to new ways of working are first managed by the Transformation section of IT, and then as these mature, they are transferred to Infrastructure.  The main functions of OT are closely linked to Transformation, because operations can continue without OT – OT is almost always a value-add.  We observe the following organizational approaches:

•         IT reporting to Finance, and OT reporting to Engineering/Technical Services or to Operations
•         OT reporting to Transformational IT, with an operations-background IT executive

Regardless of the organization approach, the objectives are reliable and business-effective improvement, whether in the office or in the sites.

Data Diodes for Levels 2-3 and 3-4 Integration

Blog entry by Stan DeVries.

Data diodes are network devices which increase security by enforcing one-direction information flow.  Owl Computing Technologies’ data diodes hide information about the data sources, such as network addresses.  Data diodes are in increasing demand in industrial automation, especially for critical infrastructure such as power generation, oil & gas production, water and wastewater treatment and distribution, and other industries.  The term “diode” is derived from electronics, which refers to a component that allows current to flow in only one direction.

The most common implementation of data diodes is “read only”, from the industrial automation systems to the other systems, such as operations management and enterprise systems.

This method is not intended to establish what has been called an “air gap” cybersecurity defense, where there is an unreasonable expectation that no incoming data path will exist.  An “air-gap” is when there is no physical connection between two networks.  Information does not flow in any direction.  Instead, the data diode method is used as part of a “defense in depth” cybersecurity defense, such as the NIST 800-82 and IEC 62443 standards.  It is applied to network connections which have greater impact on the integrity of the industrial automation system.

One-way information flow frustrates the use of industrial protocols which use the reverse direction to assure that the data was successfully received, and subsequently triggers failsafe and recovery mechanisms when information flow is interrupted.  A data diode can pass files of any format and streaming data such as videos and an effective file transfer, vendor neutral approach, in industrial automation is to use the CSV file format.  The acronym CSV stands for comma-separated values, and there are many tools available that quickly format these files on the industrial automation system side of the data diode, and then “parse” or extract data on the other side of the data diode.

There are 2 architectures which are feasible with data diodes, as shown in the diagrams below.

The single-tier historian architecture uses the industrial automation system’s gateway, which is typically connected to batch management, operations management and advanced process control applications.  This gateway is sometimes called a “server”, and it is often an accessory to a process historian.  A small software application is added which either subscribes to or polls information from the gateway, and this application periodically formats the files and sends them to the data diode.  Another small application receives the files, “parses” the data, and writes the data into the historian.

The Wonderware Historian version 2014 R2 and later versions can efficiently receive constant streams of bulk information, and then correctly insert this information, while continuing to perform the other historian functions.  This function is called fast load.

For L2-L3 integration, the two-tier historian architecture also uses the industrial automation system’s gateway.  The lower tier historian often uses popular protocols such as OPC.  This historian is used for data processing within the critical infrastructure zone, and it is often configured to produce basic statistics on some of the data (totals, counts, averages etc.)  A small software application is added which either subscribes to or polls information from the lower tier historian, and this application periodically formats the files and sends them to the data diode.  Another small application receives the files, “parses” the data, and writes the data into the upper tier historian.

The Wonderware Historian has been tested with a market-leading data diode product from Owl Computing Industries, called OPDS, or Owl Perimeter Defense System.  It uses a data diode to transfer files, TCP data packets, and UDP data packets from one network (the source network 1) to a second, separate network (the destination network 2) in one direction (from source to destination), without transferring information about the data sources.  The OPDS is composed of two Linux servers running a hardened CentOS 6.4 operating system.  In the diagram below, the left Linux server (Linux Blue / L1) is the sending server, which sends data from the secure, source network (N1) to the at-risk, destination network (N2). The right Linux server (Linux Red / L2) is the receiving server, which receives data from Linux Blue (L1).

The electronics inside OPDS are intentionally physically separated, color-coded, and manufactured so that it is impossible to modify either the sending or the receiving subassemblies to become bi-directional.  In addition, the two subassemblies communicate through a rear optic fiber cable assembly which makes it easy for inspectors to disconnect to verify its functionality.  The Linux Blue (L1) server does not need to be configured, as it accepts connections from any IP address. The Linux Red (L2) server, however, must be configured to pass files onto the Windows Red (W2) machine.  This procedure is discussed in section 8.2.2.6 of the OPDS-MP Family Version 1.3.0.0 Software Installation Guide.  The 2 approaches can be combined across multiple sites, as shown in the diagram below.  Portions of the data available in the industrial automation systems are replicated in the upper tier historian.

“Staying Evergreen” key to Cyber Security Strategy!!!

This week I spoke at SCADA Australia conference, where many of the leading companies in the SCADA, geographical industry, such as water, power distribution, rail etc. While the increased awareness of the empowering real-time analysis and decisions was discussed. The major discussions were around Cyber Security strategies and threats and virtualization. The surprise to me was the fact that the debates did not link these two discussions, and there was very gradual take up on virtualization.

This is very different to what we have seen elsewhere in the world especially North America and Western Europe where virtualization has become the default approach to the industrial architecture. People discussed the reason why people go to virtualization is a cost of servers, yes this is a factor but in most cases this is only a side benefit. The big advantage is the abstraction of the software application from the hardware and infrastructure.

Speaking with customers the linkage between Cyber Security and the need to stay current, not just patching etc, is becoming a main stay of their “sustaining” strategy. Many of the security fixes and improvements do not happen in patches,  but in point and major releases, this is with infrastructure software such as Operating Systems, and databases, as well as industrial software. So many leading companies are looking at architectures and deployments that enable their systems to stay “evergreen” eg on the current releases. The advantages happen in security but also in general cost of sustaining the system so you do not end up with major application jumps.

So I ask myself why you would not employ standard architectures on a virtualized platform, allowing hardware to evolved and for high availability architectures to allow upgrades of software and minimal time to switch over from the running version to new version, plus providing an environment for testing. Many of you will say that is what we doing, but within the last 6 weeks in eastern / central Europe, ASEAN and Australia I have seen a reluctance to adopt virtualization this I would understand if we turned back the clock 4 to 5 years ago, but the technology is very mature today, and well proven.

The other trend happening is the move away from customization and everything to configured, using standard tools and capability. This is key to enabling applications to stay evergreen, the advantage of customization vs cost to sustain is just not worth it. A solution architecture decision should not an event, it must be a journey, with the key consideration of operational continuity will be sustained which maintaining the systems in an “evergreen” state.