Time to Modernize
Vision includes a solid security program
By Gregory Hale, editor/founder ISSSource
The old system keeps chugging along and throughput remains steady, but everyone knows it is time to jump headfirst into the new age of automation to take advantage of what technology has to offer. But that leap of faith brings on a new set of issues like costs, benefits -- and security.
Welcome to modernization in a security-frenetic world.
"Modernization is identifying and enabling a future that is more valuable than today," said Brian Freer, Technical Sales Consultant for Modernization at Schneider Electric. "If you look at systems today, it is what I call a three-tiered birthday cake. You have the base layer, which is the I/O layer that ties into the instrumentation out in the field. You have the control and logic layer that has all the smarts built in, then you have all the Windows and applications on top. If you look at all the technology you have in place, the stuff that gets the oldest fastest, is what is up in the display and application layers. The control layer is going to last you 15 to 20 years. The I/O layer is going to last 20 to 30 years, that is the stuff you will not have to change very frequently."
Modernization, which industry analysts say could be a US$65 billion market, is more than just updating a system, it is all about taking the ancient legacy technology installed before cybersecurity was ever a thought and understanding what that system should look like today and how it will look in five years.
"I am not a big fan of modernization until you have an overall view and overall vision of what you want to do," said John Boville, Marketing Manager at Schneider Electric. "If you spend money on a modernization project, make sure you get a return, but not only that, it is not a one-time deal, you need to see benefits for the long haul. For example, the finance guys may be happy because you get a one year pay back on your upgrade project, but what about beyond that. What about year two or year three? Are you continuing to get benefit from it? Look holistically over the whole control systems rather than a unit by unit modernization. The user can approach it in a stage-wise approach as long as they have an overall plan."
Today and Tomorrow
When it comes to modernization, end users would not consider a project unless they knew something was wrong.
"Part of modernization means plugging holes in what you have today while making sure you don’t make anything worse moving into the future," said Brian Courchesne, Director, Systems Marketing at Schneider Electric. “In fact, the goal should be to further protect what you have today; to make your systems and procedures and facility more cyber secure and more protected for the future.”
With awareness at an all-time high, security needs to be a part of the modernization plan.
“The Stuxnet situation proves you can distribute worms in programming software without networks, where you can have centrifuges speeding up and going bad,” Boville said. "If you have programming software you are at risk. I think people mistakenly think because they don’t have Ethernet in their plants at the manufacturing level, they are safe. But they are not."
"…you need to consider different ways to adapt to cyber threats … have a
system that can adapt to change and continually upgrade and monitor.
That is modernization. A continual process … to protect and decrease the
risk to your operation and increase the value you get out of it".
Executive Thought Process
Executives understand the risks to the company’s reputation of having a cyber incident and not handling it properly are enormous.
"Those risks can be greater than the exposure of losing some data or a competitive threat," Courchesne said. "Cybersecurity is fundamental and it is not something that can be fixed in a patchwork kind of way. That is certainly a driver for modernization. For companies to look at a fundamental foundation for cybersecurity and ask 'if I have something to work with that I can build upon or am I putting fresh paint on an old building that will collapse at some point in time anyway?"
The thing about cybersecurity is it is a sustaining application. It is not a one-time thing. You can’t buy cybersecurity and have it and be done forever. As cyber terrorists adapt techniques and methods and come out with a million new ways to attack you, you also need to be considering different ways to adapt to cyber threats and have a system that can adapt to change and continually upgrade and monitor. That is modernization. A continual process changing and improving your environment to protect and decrease the risk to your operation and increase the value you get out of it as well."
Connecting Plant Personnel
Modernization and cybersecurity are all about change management and having everyone within the organization on the same page.
Courchesne talked about three reasons for change:
1. It is driven because they are forced to because something breaks in the plant, there is an
audit violation or there is a cyber security regulation that comes out or a corporate edict that
says you have to change to comply. In those cases, people will see it as a cost
2. The second area is if there is an opportunity to change because of another event or the timing
of another project. are implementing a system that means you have to take down part of the plant
that is an opportunity to make changes in other elements of that plant.
3. The third area is a strategic decision as a means to gain competitive advantage. You develop a
vision to the future and understand the steps you need to take to get there, knowing it is a journey
and you are not going to take it all at once. In those cases, there are specific investments as part
of that vision that will have huge benefits in the long term.
Knowing the reasons for change are important, but having a conversation and not working in a vacuum is imperative.
"One batch customer with an antique control system was going through the future state characteristics when the plant manager said 'why are we doing this, just tell me what we need to buy.' The operations manager came in and said 'if I could switch products on the fly that would make us over US1 million a year.' Another one came in and said ‘if we could cut 30-second cycle times out of each of the batches, that would make us US$500,000 a year’ and then the plant manager thought about it and said 'if I could consolidate my batch control and my continuous control that would save me US$300,000 a year."
All of a sudden they were living with this old (technology), but realized if they modernized their control system, there is close to $2 million to gain out of it,” Freer said. "Until that moment, they never had the conversation."
Yes, technology is there, but all parties need to sit down and cultivate ideas to achieve greater benefits. "Technology," Freer said, "becomes more valuable when we use it to uncover the buried treasure that is out there."
For related information, click on any of the links below:• [White paper series] How the Industrial Internet of Things can help industrial management
• Optimizing profitability in the connected enterprise
• PLC Migration and Upgrades