At various stages of my career, I have
seen the segregation of information technology management in manufacturing companies,
in a wide variety of vertical markets. This is true even today in oil &
gas, petro-chemicals and computer hardware manufacturing firms.
The primary purpose of this
segregation was and is to maintain strict access controls, separation of
duties, differing IT practices and skill sets. In this blog, I would like to share
my observations and recommendations relating to this segregation and future collaboration.
Many manufacturing plants separate IT
roles into two major groups – Those working in the Control System (CS) and
those in the corporate or enterprise. The IT staff in both these teams report
to different directors, C-level executives or vice-presidents. They rarely
collaborate, occasionally communicate and hardly draw from each other’s
expertise. Each IT team is a self-sufficient group working within their own budgets,
resources, tasks and goals.
The separation of IT roles is
primarily in the areas of Control System applications and equipment. The
organizational structure is also different since IT, within in the Control
System team, report to Control System managers, who ultimately report to the
COO and not the CIO. The unique tasks and operations managed by IT within the
Control System team are some of the following:
1. Manage IT infrastructure and applications relevant
to the Industrial Control Systems (ICS) or Supervisory Control and Data
Acquisition (SCADA) – Control and monitor industrial processes, collect and utilize
historian data, interface with Programmable Logic Controllers (PLC), connect to
sensors, perform Analog-to-Digital and Digital-to-Analog signal conversions,
etc.
2. Communication infrastructure – Connect and
manage cables, wireless and interfaces such as repeaters, switches, routers,
WAPs and firewalls that link the PLC farm, remote terminal units, RS-422/232
based equipment, and back-end application servers or databases to each other. A
proper design and deployment will factor in scalability, redundancy, security
through VLANs and Access Control Lists (ACLs), and others. Operational tasks
include traffic monitoring for bandwidth threshold, drops in connections, and errors
or data loss across interfaces.
3. Security of Control Systems – Facilitate, test
and monitor data traversing across the campus that is usually harsher than that
in the corporate network. Perform penetration tests with varying degrees of
intrusion on computer systems and networks to validate that security continues
to be aligned with pre-set goals and levels.
In my view, the following common roles
and tasks of both these groups can be collaborated to jointly take on the
responsibilities of managing IT in the Control Systems and Enterprise:
1. Back-end systems – Server hardware, OS, DB and common
applications administration, security, X.500 directory, backup & restore, monitoring,
maintenance, anti-virus deployment, patch management, and others.
2. Front-end workstations and terminals – Hardware,
OS and common applications management, authentication, helpdesk support, security,
and imaging, among others.
3. Networking gear – Monitoring, standardizes on hardware
and design, patching, penetration tests, sharing of spares, etc.
4. Backup & disaster recovery – Pooling of
all site data into common backup targets, verification of data through granular
restores and full system recovery, off-site transport of tapes through single reputed
carrier, mock drills for disaster recovery at varying levels of outage, and
others.
5. Documentation – Documentation with varying
levels of detail for the review and acceptance from different roles within the
plant. Documenting policies, procedures, accountability and responsibilities
assigned that need to be vetted and verified. Setting up chain of custody for
shared responsibilities.
This is not an exhaustive list of
shared and segregated tasks and operations by IT within the Control System and
Enterprise sections. However, with convergence of data, equipment and services;
IT resources can be optimally utilized for redundancy, shared services, added
tasks and overall productivity.
