Sunday, August 19, 2012
At various stages of my career, I have seen the segregation of information technology management in manufacturing companies, in a wide variety of vertical markets. This is true even today in oil & gas, petro-chemicals and computer hardware manufacturing firms.
The primary purpose of this segregation was and is to maintain strict access controls, separation of duties, differing IT practices and skill sets. In this blog, I would like to share my observations and recommendations relating to this segregation and future collaboration.
Many manufacturing plants separate IT roles into two major groups – Those working in the Control System (CS) and those in the corporate or enterprise. The IT staff in both these teams report to different directors, C-level executives or vice-presidents. They rarely collaborate, occasionally communicate and hardly draw from each other’s expertise. Each IT team is a self-sufficient group working within their own budgets, resources, tasks and goals.
The separation of IT roles is primarily in the areas of Control System applications and equipment. The organizational structure is also different since IT, within in the Control System team, report to Control System managers, who ultimately report to the COO and not the CIO. The unique tasks and operations managed by IT within the Control System team are some of the following:
1. Manage IT infrastructure and applications relevant to the Industrial Control Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) – Control and monitor industrial processes, collect and utilize historian data, interface with Programmable Logic Controllers (PLC), connect to sensors, perform Analog-to-Digital and Digital-to-Analog signal conversions, etc.
2. Communication infrastructure – Connect and manage cables, wireless and interfaces such as repeaters, switches, routers, WAPs and firewalls that link the PLC farm, remote terminal units, RS-422/232 based equipment, and back-end application servers or databases to each other. A proper design and deployment will factor in scalability, redundancy, security through VLANs and Access Control Lists (ACLs), and others. Operational tasks include traffic monitoring for bandwidth threshold, drops in connections, and errors or data loss across interfaces.
3. Security of Control Systems – Facilitate, test and monitor data traversing across the campus that is usually harsher than that in the corporate network. Perform penetration tests with varying degrees of intrusion on computer systems and networks to validate that security continues to be aligned with pre-set goals and levels.
In my view, the following common roles and tasks of both these groups can be collaborated to jointly take on the responsibilities of managing IT in the Control Systems and Enterprise:
1. Back-end systems – Server hardware, OS, DB and common applications administration, security, X.500 directory, backup & restore, monitoring, maintenance, anti-virus deployment, patch management, and others.
2. Front-end workstations and terminals – Hardware, OS and common applications management, authentication, helpdesk support, security, and imaging, among others.
3. Networking gear – Monitoring, standardizes on hardware and design, patching, penetration tests, sharing of spares, etc.
4. Backup & disaster recovery – Pooling of all site data into common backup targets, verification of data through granular restores and full system recovery, off-site transport of tapes through single reputed carrier, mock drills for disaster recovery at varying levels of outage, and others.
5. Documentation – Documentation with varying levels of detail for the review and acceptance from different roles within the plant. Documenting policies, procedures, accountability and responsibilities assigned that need to be vetted and verified. Setting up chain of custody for shared responsibilities.
This is not an exhaustive list of shared and segregated tasks and operations by IT within the Control System and Enterprise sections. However, with convergence of data, equipment and services; IT resources can be optimally utilized for redundancy, shared services, added tasks and overall productivity.