Home » Relations Between Operations and IT Get More Complicated
Relations Between Operations and IT Get More Complicated
By Control Global Staff
According to a survey of 134 individuals in critical infrastructure companies charged with responsibility for managing security, compliance and/or operations in industrial automation environments, conducted by security solution and services provider Industrial Defender (www.industrialdefender.com), the relations between operations and IT are complicated and will become more so in the future. The survey included those in the oil and gas, water, chemical and electric/gas utilities, government, manufacturing, pharmaceuticals and transportation.
According to the survey, this increasing complication springs from a number of factors. First, 73% of those surveyed expect to see either significant or moderate increases in connectivity between industrial endpoints and corporate IT infrastructure over the next three to five years. Meanwhile, the industrial infrastructure itself is growing more complex—at least in the eyes of the slightly more than 50% of those surveyed who expect the number of industrial endpoints to increase by 50% or more over the next three to five years.
Answers to questions regarding the growth of connectivity reflect another of the basic causes of complexity: the diverging opinions of the corporate and operation staffs. Thirty-three percent of the corporate respondents expect the growth in industrial endpoints will be more than 150%, while only 12% of those in the industrial control environment felt the same way. Corporate respondents also expect more connectivity between their corporate and control networks than do their operation colleagues.
Three to five year growth in industrial endpoints
Figure 1. In this chart from Industrial Defender, survey respondents predicted that
industrial endpoints will increase by 50% over the next five years.
Another disconnect that complicates the environment is the divergence of on-paper responsibilities and day-to-day activities. Industrial operations professionals have seen their responsibilities regarding security and compliance broaden over the last few years, but there is a clear gap between responsibility and the amount of time devoted to these activities. Of those surveyed, 66% have either "primary" or "significant" responsibility for managing security within automation environments, 57% for managing compliance/audits and 55% for operational management. But 72% admit to spending less than 25% of their time per month managing security.
Good News, Bad News
The good news is that there is a significant overlap between managing security, compliance and operations. Many of the activities and procedures required for monitoring critical systems' health and performance, alarm management, data and asset management, tracking changes and managing incidents and problems are the same for all three areas. The bad news is that a majority of the respondents feel they could be doing much better at managing all these areas—especially if they are working in a multi-vendor environment with assets from multiple suppliers., For example, only a third of respondents report having a "moderately strong" ability to monitor critical system health and performance, while more than 70% say they have a poor to moderate ability to gain a unified view of their operations. While nearly 90% felt that managing incidents and problems was "extremely" or "very" important to security and operation management, and 74% felt the same way about compliance and audits, only a quarter said their operations currently have a "very" or "extremely strong" ability to manage problems across a diverse asset base.
Brian Ahern, CEO of Industrial Defender, suggests that the solution to this growing complexity is to take advantage of that overlap. "Let's not try to justify investments in security and compliance. Rather than going at it that way, address the challenge of addressing the operational inefficiencies associated with a complex environment. If you can talk about gaining efficiencies there, security and compliance can become a byproduct of that investment. If you can get a solid understanding of real-time asset activity and state data, it puts you in a better position to manage. A unified approach to managing and protecting the infrastructure will justify investment in intelligent endpoints."
SANS Control Security Training Coming to Houston
SANS Institute will hold ICS Security Training event on June 10-15 in Houston
Compressor Controls: Saudi Aramco Buys First GE Compressor Control Systems
Saudi Aramco has purchased advanced compressor control technology from GE for the Haradh GOSP-1 facility in Saudi Arabia's Eastern Province.
ISA Training Through June in Houston
Technician training, engineering survival and SIS boot camps for condensed, intense, comprehensive educational experience.
NIST Releases Initial Cyber Security Framework Comment Analysis
The National Institute for Standards and Technology has released an initial analysis of the hundreds of comments by industry and the public they have received on the Obama Administration's "Improving Critical Infrastructure Cyber Security" executive order.
Past Time to Upgrade Your DCS?
Upgrading Your DCS: Why You May Need to Do It Sooner Than You Think
Metso Provides New Heating Solution for Finnish Utility
Finland's largest pellet-fired heating plant produces environmentally friendly energy in Tampere
K-BIM Consortium Selects Siemens' Parasolid for New AEC Applications
-BIM, a consortium of commercial, academic and government organizations wants the new application suite to help create a national standard for building information management (BIM)
Friday p.m. Wrap-Up:This Week on ControlGlobal and Elsewhere
Some of the week's biggest stories in process automation
What's Bad Weather Costing Us?
U.S. taxpayers paid nearly $100 billion responding to damages caused by last year’s extreme weather events associated with climate change, about $1,100 per taxpayer, according to an analysis by the Natural Resources Defense Council (NRDC).
BP, Shell, Statoil Raided by EC
European Commission investigators raided the offices of oil companies BP, Royal Dutch Shell and Statoil as well as data collector Platts as part of a larger inquiry into price manipulation of the global crude market.
- All news »
Access the entire print issue on-line and be notified each month via e-mail when your new issue is ready for you. Subscribe today.
- Featured White Papers