Babel Buster Network Gateways: Big Features. Small Price.
Engineering and IT (Information Technology) evaluate and respond to computer system issues in ways that are repeatedly at odds. Nowhere is this more evident and disruptive than in plant Process Control and Automation. Regular dust-ups between Engineering and IT on the shop floor reveal characteristics and approaches that are strikingly dissimilar on both career and personal levels. One suspects the other of holding different values and approaches to life and work, or at least of Ďjust not getting it.í Their adversarial positions are not only deeply rooted; they are actually growing daily as the respective responsibilities of Engineering and IT concerning control and security straddle both their worlds. In truth, what they are not getting is each otherís perspective.
Different perspectives, poor communication
The age of the two professions is actually symbolic of these dissimilarities. Engineering is a mature profession, where as IT is a young calling. The continuous bickering hints accurately at a generation gap. Give or take a leap year, engineers are predominantly the Baby Boomers, while Generation X dominates the IT world. Many engineers began their careers while the IT guys were learning the alphabet. Differences in work-ethic, company loyalty, terminology, spending habits, and general approach to life itself make each generation shake its head in disbelief. "They just donít get it," each says of the other. While not the key drivers of conflict, this describes the two vehicles on collision course and the point of impact is the intersection of Control and Security.
In years gone by the roles of IT and Engineering were clearly identified. IT presided over the business computers and networks. These were based on standard architectures and standard equipment that were available from a variety of vendors. On the other hand, Engineering controlled the systems for automation and control, which were typically propriety in nature.
Nowadays, the domains of both have become intertwined and the lines are blurred because PCs have successfully infiltrated the Automation world. In addition, as economic forces compel corporations to increase efficiency, more information must seamlessly pass between the business and automation networks. Suddenly, Engineering must work with IT to setup standards-based networks, computers, and operating systems.
"You have control issues"
Business networks abound with users (people), and network resources (printers, drives, faxes, computers, etc). Consequently, information security is one of ITís key foundations. Imagine the commotion when an unauthorized person receives access to the CEOís email. IT has nightmares about this. So IT systems have implemented security that limits peopleís access to information based on various parameters, such as their user accounts, passwords, positions, physical locations, etc. Accordingly, the attitude of IT is typically to lock down information from everyone and then provide it only when absolutely necessary.
On the other hand, the engineerís automation networks are traditionally far smaller, with only a few trusted users, who use proprietary systems. Engineers could easily achieve protection from the outside world with "security by obscurity." So they would typically provide access to everyone and not worry about individual user access. But as standards-based hardware, firmware, and software successfully penetrated Automation systems, it became easier to access production information. This elevated concerns of information access security.
Of course, standards-based systems come with built-in security features that are turned on by default. Indeed, engineers must now ensure that their plant networks are protected and compliant with federal, industrial, or even company cyber-security regulationsand requirements. Engineers, who typically lack the cyber-security training, must configure security whether they like it or not. After struggling in vain they give up and grudgingly call IT for help. IT rolls its eyes. "Engineers! They just donít get it." More conflict.
Real-time meets transactional systems
As IT is called in to the cyber-security rescue, they treat the Automation networks as they would their Business networks, since they lack plant-floor production environment knowledge. Dynamic addressing (meant for large networks) wreaks havoc in the pedantic Automation world where the network topology remains static for years. Frequent reboots (typical for PCsand Windows) have devastating effects in real-time systems built for 24x7 production. "Donít worry," says the newly minted IT kid who is used to his transactional systems in the business world. "Itís just like email," they add, "youíll catch up!" Of course, if production data is not captured in real-time it is gone forever. If the PC was rebooting at 2:00 AM during an automated patch update, it will stop collecting data. Never again will anyone know what the vessel pressure was at 2:03 AM just before the turbine shutdown. Did the relief valve open because the turbine stopped or was it the other way around? What was the root-cause? How can we conduct our post-mortem analysis? Who is responsible for the 5 hours of lost downtime? How can we ensure this doesnít happen again? The engineer shakes his head. "IT! They just donít get it."
The IT and Engineering dynamic duo
When control and security concerns overlap and the two sides disagree, they are often not even aware enough of one anotherís perspective problems to be equipped to ask investigative questions. The bone of contention is frequently related to the systems they supervise Ė Engineering in production and IT in business.
IT personnel know how to setup secure systems that are built with authentication, authorization, and encryption in mind. They are able to capture information on who, where, when, and why anyone was accessing systems to determine what happened in the event of a problem. Engineers, on the other hand, understand the unique requirements of real-time systems as they affect operations and production. At the point where they converge, Engineering and IT find conflict and their lack of cooperation adversely affects the entire enterprise.
Finding common ground
Driven by technology, the IT-Engineering convergence continues to affect control and security systems where they overlap. The contentious and disputed area of intersection between Engineering and IT is also where OPC lives and works. OPC is a global industrial connectivity standard that enables process control and manufacturing applications to communicate with each other using an interoperable, reliable, and secure connection. OPC is meant to provide the bridge between IT security concerns and systems engineering requirements for real-time process control and automation.
The key to make these systems interoperate is to teach IT personnel and engineers how to speak each otherís language. They must learn the key TLAs (three letter acronyms) to transform misunderstandings into meaningful and productive conversations.
Employee frustration destroys communication and builds information silos. It is possible to turn people and relationships around completely once they begin to understand each other. The result is a united assault on the problem, not on one another. There is no doubt that Engineering and IT can finally be on the same page in security, Process Control, and Automation.
I see this on a regular basis. It is cool to see that look of "Ah-ha! I get it now. And I see you understand too."
About the Author:
Randy Kondor is a Computer Engineer, and is the President of the OPC Training Institute, the worldís largest OPC Training company. Since 1996, Randy has been vastly involved within the OPC industry and a strong supporter of the OPC Foundation. He continues to dedicate himself to spreading the OPC Foundationís message about system interoperability and inter-vendor cooperation.
Contact information: Email:
Phone: +1-780-784-4444 Fax: +1-780-784-4445
Copyright © 2009 OPC Training Institute (OPCTI). All rights reserved. The information contained in this document is proprietary to OPCTI. No part of this document may be reproduced, stored in a retrieval system, translated, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission from OPCTI.
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]