it ot integration_vishnu_murali_05262016_updated
TRANSCRIPT
Vishnu Murali Director IT NRG Energy
05.26.2015
According to the results of a 2015 MPI/Rockwell survey Less than half (45%) of manufacturers surveyed said that their OT
and IT teams collaborated on issues such as upgrading legacy operations or enterprise systems
A scant 37% reported a collaborative approach to solving technical enterprise issues
Nearly 10% reported no collaboration between the two departments.
- Industry Week
Dumpers, loaders and heavy mining equipment
Sensors to monitor asset performance
Onboard event logging and prognosis
Transmission of events from assets
Intelligent asset response Resource deployment Remote
troubleshooting……
Enterprise backbone integration
Communication networks and database
Hardware / Software updates
Integrating Enterprise ERP with OT applications
Integration between Equipment data logger and big data back-end / cloud
Field service management Supply chain
management…..
Tesla’s Response
Tesla communicated the recall to its customer but told them “not to worry”. Next day morning 29, 222 cars were updated with the fix while the customers were sleeping overnight. Previously Tesla had also performed a silent / non-recall fix where in it had to tweak the settings of the electronic shock absorbers to make it more resilient at high speed.
GM’s Response
GM asked its customers to take its cars to the dealers for update and fix.
NIST ICS (Special Publication 800-82, Revision 2, Guide to Industrial Control Systems (ICS) Security (Pages 2-16 to 2-17)(4)
Category IT Systems OT Systems
Primary Players • CIO • Computer Science Grads • “Wintel geeks” / Younger generation
• COO, Engineers, Technicians, Production Managers and Staff
• Older staff who moved up through then ranks from line operators to technicians
Primary Focus • Data confidentiality and integrity is paramount • Automation of business processes • Information management and manipulation
• Safety and protection of the process and equipment
• Response to human and other emergency interaction is critical
• Controlling physical process
Component Lifetime • Lifetime in order of 3-5 years • Lifetime in order of 15-20 years
Security Approach • Confidentiality, Integrity and Availability • Availability, Integrity, Confidentiality
Performance Requirement
• Non-real time • High throughputs demanded • Downtimes acceptable
• Real-time • Reponses is time-critical • Downtime or delays unacceptable
Data • Complex data type • Multilayered analytics • Low data rate (10k records/second)
• Simple data type • Just-in-time analytics • High data rate (1M messages/sec)
Interfaces and Networks
• Web browser • Keyboard • TCP/IP based • Typical IT networking practices
• HIM • Sensors with embedded OS and Programs • Codded displays and touch screens • Serial based communication (Moving to TCP/IT)
Culture
CIO
CTO
CMO
CDO
CISO COO
CDA
CEA
Awareness of Enterprise OT Systems Landscape and Degree of Convergence
Consensus That Convergence Means a Change in Managing OT
Rationalization and Alignment of OT Management and Methods With IT Tools
Integration of IT and OT Systems and Infrastructure
Optimize and Standardize Processes
LEVEL 1
LEVEL 2
LEVEL 3
LEVEL 4
LEVEL 5
Research
Foundation
Alignment
Integration
Transformation
1. As-is IT & OT Architecture
2. As-is OT mtn. process mapping
3. IT-OT Technical integration Architecture (Data, Security)
1. IT-OT Competency Center model
2. Vision, Goals, Charter, R&R and Governance
3. CC Operating Norms
4. Cross departmental training through job rotation
1. To-be integration architecture
2.OT Risk and Roadmap profiling – Heat Map
3. Vendor Collaboration
4. Process alignment
1. Pilot Integration Projects
2. Vendor Collaboration
3. Monitoring
4. Cyber Security Testing
1. Launch targeted transformation initiatives
2. Measure benefits
3. Repeat
Source: © 2011 Gartner
Where do we begin? 1. Start with NIST framework and evolve it to suite the needs 2. Perform Risk Assessment – Technology, Market Forces, Vendor strategy, Business Strategy, IT Strategy 3. Establish Vision and “to-be” state 4. Market and Sell business case to the business stakeholders 5. Establish a focused team that will work on execution of process, frameworks and data analysis 6. Create a center of excellence along with vendors participation
What are some of the challenges that you are facing in your organization with IT/OT integration?
What is your IT / Cyber Security department doing to bridge the IT and OT skills gap?
What approach are you taking to address security concerns as part of your IT /OT initiatives?
How are you getting the stakeholder buy-ins on related investments?
Vishnu Murali [email protected] [email protected] Cell: 513 478 7004