Manternach cautions, “There’s a risk associated with reassigning the automation engineer who’s been functioning as the plant IT person to report to an IT boss. Whether it’s stated or not, the message is that IT is more important than improving and optimizing process control. There’s frequently an assumption that the process control/automation engineer wants to be involved in plant IT, when the reality is he or she probably assumed those duties out of necessity. Savvy organizations make informed reassignments of people that produce a win-win-win. Automation engineers are happy to return to doing what they do best; unit managers and operators are happy because the process has fewer excursions, better quality, and greater throughput; and IT folks are happy because one of their own understands the idiosyncrasies of plant IT.”
Jim Sprague, who works for a major middle-east oil and gas producer/refiner, says, “We get great support from the IT folks located at our plants. It’s in the corporate office that conflicts between I&C [instrumentation and control] and IT often occur. For example, we wanted to install a few wireless transmitters, but corporate IT said they have jurisdiction over ‘frequency sensitive equipment;’ thus our ability to explore emerging technologies is sometimes slowed by jurisdictional issues. We’ve just begun to implement a solution we hope will prove beneficial: reassigning a few IT folks to our I&C group with an I&C boss.”
Cross-Training and Hiring
Regardless of how the integration of IT domains occurs, simply reassigning people and redrawing an organizational chart isn’t sufficient to ensure success. The use of open information technology platforms in process control applications also requires rethinking training and hiring practices.
More companies are training process control professionals in IT topics, and educating IT professionals in the priorities and unique needs of the process control environment.
Jack Koziol, of Chicago-based InfoSec Institute says, “We’re seeing an increase in IT professionals attending our SCADA security courses. Many of our students arrive with a wealth of enterprise IT knowledge, but quickly acknowledge that they need to modify policies, thinking, and habits to successfully protect their control and data acquisition systems.”
Cross-training existing employees is one thing, but who you hire in the first place is also worthy of investigation. Nye says, “ExxonMobil prefers that its new hires have earned dual degrees, one in chemical engineering and a second in computer science.”
Invensys vice president, Peter Martin, sums it up this way, “We no longer tolerate islands of automation, and we shouldn’t tolerate islands of culture.”
Narrowing the Plant-Enterprise Gap
Ian Verhappen, MTL’s fieldbus technology director and founder of ICE-Pros, Fort McMurray, Alberta, says, “The gap between plant IT and enterprise IT is getting smaller, thanks in part to enterprise IT folks having to provide high-reliability systems to meet the growing demands of a 24/7 global business environment. From these new business demands, enterprise IT has developed a much keener awareness of the impact of such things as shutting systems down to install a patch or upgrade.”
That’s good news for most companies because, despite the breadth and width of process industries, when it comes to plant IT, most companies face many of the same issues, so sharing best practices benefits everyone.
Plan ahead. Though it’s not always recognized, process control and safety systems get on a project’s critical path at some point, usually just before startup, which is about the same time data historians, engineering workstations and other open platforms are being connected to the corporate network. Informed, integrated IT cultures have already discussed and worked through the various issues necessary to make the connections and maintain the project schedule. The same may not hold true for companies clinging to IT islands.
Mitigate security risk. An effective means of mitigating security risk is to insist on separating the process control environment from safety and business systems. ExxonMobil, for example, insists that firewalls be used to separate basic controls from supervisory control systems, which are separated from the MES-level systems by another firewall. Safety and control system integration is limited to read-only access of the safety data by the control system. “By separating control and safety we may well prevent a security event from becoming a safety event,” explains Nye.
Know the policies. You can save yourself a lot of heartache by learning about, helping to develop, and/or applying your company’s IT policies. For example, ExxonMobil’s policies declare “no Windows” at the basic process control layer, as well as rigorous procedures for managing and controlling anti-virus protection, home-grown node health monitoring agents, and patch management practices for all Windows-based nodes. External network interfaces, including any wireless access points, are centrally managed across the corporation, each having been subjected to a formal risk assessment process. Authentication and encryption are standard features of any external ExxonMobil link.
Apply common sense. John Rezabek, controls specialist with BP Amoco Chemicals, Lima, Ohio, says, “The biggest issue I’ve had with enterprise IT folks is their zeal for what I perceive as overly paranoid hyper-security. I concede that most IT security is a more-or-less severe speed bump for a sufficiently motivated hacker. The greater threat is likely to come from the disgruntled insider whose login is already past much of the security.” Before insisting certain policies are applied to process control systems, plant and enterprise IT folks should conduct a risk assessment to ensure a thorough understanding of where threats are likely to originate and how IT policies might impact process control system availability and reliability.