IT / OT Convergence: Part 3 The integration of information and operational systems
This four part blog provides my point of view on what IT / OT convergence is, why it is important to engage with the topic and where we are heading.
Part one, the introduction, can be found here.
Part two looked at the use of information technology in operational systems, available here
This instalment takes a closer look at the integration of information and operational systems.
Why should we integrate IT and OT?
As our population grows and society expects an ever increasing standard of living we are bumping up against constraints (e.g. finite amount of water, green house gas emissions associated with electricity generation). This requires us to optimise our systems that use and depend on constrained resources.
IT and OT systems each have data that can be of of use to the other. Consider for example a Demand Side Response (DSR) system that reduces electricity consumption, when there is not enough supply, by manipulating Time of Use (ToU) tariffs (see earlier blog). Such a system needs access to data from operational systems (e.g. frequency data from the transmission system operator, load information from distribution network operators) as well as commercial, customer and regulatory information (e.g. tariffs that are available, how many customers are on ToU tariffs, typical response of customers to different tariffs, regulatory constraints on the use of ToU tariffs). It then needs to send a signal to customers to alert them to a tariff increase. This could be via SMS (an information system by my definition) but could also be a message that is sent to a smart meter which passes the information on to appliances in the home that respond automatically (this is OT).
Another example, from the water industry, is the use of rain forecasts, waste water network design information (IT), current network status as reported by SCADA and other sensors (OT) to optimise the settings on pumps and valves (IT and OT) to minimise the impact of rain on the waste water network (e.g. prevent combined sewer overflows).
Not all examples require a complete feedback loop. There are simpler examples, such as using operational data (e.g. temperature, vibration , load) together with data held in IT systems (e.g. system configuration, asset location) to estimate the remaining life of components and do predictive maintenance. This can prevent failures as well as reduce the cost of maintenance by doing it only when necessary.
The opportunities presented by IT OT integration can be classified as follows:
- Use of operation data to improve decision making. Examples include condition based and predictive maintenance, system performance analysis, failure reporting, analysis, and corrective action systems (FRACAS).
- Use of external data by OT systems to optimise operations. Examples include weather forecasts, cost information, asset status (including remaining estimated life).
- Reduce human error. If operators always use data presented by IT systems to manually change settings in operational systems without adding any value (e.g. checking for dangerous parameter combinations) then there is a risk of human error that is removed if the systems are integrated.
- Optimise interaction between multiple OT systems.
- Consistent business processes that span the organisation (and cross the IT OT organisational divide)
Why were these systems not integrated from the start?
IT and OT systems did not just use different technology (as outlined in the previous instalment) but have also been kept separate at a design and organisational level; reasons for this include:
- Technology and standards differences made integration difficult
- Security policy did not allow integration (OT systems were / are often "air gapped" from enterprise systems)
- Organisational separation of operations, planning and engineering teams was not conducive to integrating processes, let alone systems
- IT systems did not have the analytical capabilities that they do today
Technology advances are removing many of the barriers to IT OT integration and providing new opportunities for doing so. Key trends are:
- IT OT technology convergence (discussed in previous instalment) is making it technically easier and more cost effective to integrate systems
- The reduction in the cost of sensors (by using commodity components and economies of scale)
- Growth of affordable more reliable connectivity (e.g. mobile / GPRS, power line carrier (PLC), mesh networking, ADSL, long range radio and satellite)
- The ability to collect, store and analyse huge amounts of sensor (and other) data at low cost
- Access to sensor data from other providers and the Internet of Things (IoT)
- Improvements in IT security capabilities
- The increasing use of data historians to collect all operational and sensing data in one system that makes it available to other systems via a standard interface
- Data interchange standards such as the Common Information Model (CIM)
- Standard messaging protocols that provide publish and subscribe capabilities (e.g. MQTT)
The preceding arguments pose the question: Why are we not integrating all of these systems? There are significant challenges that have to be overcome.
Non functional characteristics
Enterprise systems and operational systems are usually developed to different requirements. The former may for example have lengthy scheduled maintenance down times. Take our DSR example: We may need DSR to work on a Saturday afternoon during the FA Cup Final; this would be problematic if the enterprise system that deals with tariffs and regulations is not available at that time.
Operational systems have to be very reliable. Quickly re-booting and trying again is usually not an option. In Enterprise systems the cost benefit trade-off may have resulted in a lower cost, less reliable system. Similar differences may apply to disaster recovery requirements.
Most enterprise systems have no direct impact on safety, many systems that monitor and control physical assets often do.
And then there is security. I won't cover this in much detail here as many of the concerns were discussed in the previous blog. It is however important to note that the security risk that is acceptable for an enterprise system could result in more severe consequences if that system has a direct interface with an operational system. Such an interface could also make an otherwise uninteresting (to potential attackers) enterprise system a much more attractive target.
Integrating more systems usually increases complexity. Increasing the number of system interactions makes it more difficult to understand the impact of a change to any of the components or a failure of a component.
As already discussed: OT and IT are usually not just separated at a technical level but are also different organisations. Key questions that need to be addressed before systems can be integrated are:
- Who owns the end to end system design?
- Who is responsible if there is a failure?
- How will cultural, design and development method and tooling, testing and similar differences be overcome?
Our increasing demand for limited resources require us to optimise the use of these resources and the assets we use to access them. The decreasing cost of instrumentation, interconnection and intelligent use of data is making it increasingly cost effective to analyse, optimise and automate our infrastructure. There are significant benefits to be gained by sharing information between IT and OT systems and even integrating them to execute seamless end to end processes.
There are also significant challenges as noted above. They are being mitigated to some extent by changes in technology and how we use it:
- More and more enterprise systems support always-on web and mobile channels to customers, suppliers and business partners. This is leading to increasingly stringent availability, performance and security requirements, designs and implementations.
- Architecture and design methods, techniques, good practice and tools make it possible to deal with the complexity inherent in the systems-of-systems that we are creating.
- Connecting enterprise systems to the internet has led to improvements in security technology and processes.
Integrating these systems is not easy but there are potentially large gains. To realise these we need to start with the right use cases, ones that pose relatively low risk and large gains. This will allow us to build confidence and trust across organisational boundaries, gain experience and demonstrate the benefits of IT OT integration.
PS: Thanks go to Andy Stanford-Clark (@andysc) for his review of and thoughtful input to this blog!