In early March 2017, the Pentagon sent out a notice to its employees:
“JSP Notice: March Madness Video Streaming and Network Consumption
SUMMARY: March Madness is officially upon us. Your JSP support team acknowledges and appreciates that college basketball fans within the DoD are excited to cheer on their favorite teams, update brackets, and otherwise obsess over the Big Dance. In preparation for the event, JSP engineers will closely monitor bandwidth consumption and server availability to handle additional network strain as best as they can. However, it is important to remember that we share a single network and visiting non-mission essential websites degrades network performance for everyone.
Please keep in mind; if you’re streaming video to watch your favorite player shooting free throws, you’re consuming network resources that could be served to support the Warfighter”….(Source)
Yes, as strange as it sounds, even the United States Military Headquarters had concerns over whether or not its network would be able to handle employees streaming basketball games during March Madness. After you get past the dismay of learning that some level of your tax dollars may be going to fund Final-Four viewing by our federal government, there is actually an important concept in network design to consider here: stuff that happens on a network, whether intended or unintended, can affect the other things that live on the same network.
What does this have to do with Industrial Control Systems?
As is the case in the Pentagon, companies with industrial control systems rely heavily on networks to get things done. Unlike the tools of twenty or thirty years ago, much of today’s technology relies on a network connection in order to operate effectively. Whether it’s supporting a Warfighter or supporting a production line, networks are instrumental in getting data from one place to another. When the network is down or heavily congested by non-essential traffic, it can cause business to grind to a halt.
There are some important best practices in industrial network design that engineers can take in order to avoid some of these issues and ensure critical business operations keep running. One of the first items to consider is the difference between Information Technology, or IT networks, and Operational Technology, or OT networks, and why it is important to treat them differently.
Information Technology vs Operational Technology
In general when people use the word “network”, they are most often referring to an Information Technology (IT) network. These are the types of networks that connect our laptops to the internet or to printers and allow us to do things like browse the web, check email, and perhaps even stream the occasional NCAA basketball game. These networks are indeed important and often essential to business operations. But in manufacturing plants and other facilities that use industrial control systems, IT is not the only network that exists. There are also Operational Technology, or OT networks.
OT or Operational Technology networks, just like IT networks, are generally made up of computers, servers, and network switches. However, unlike IT networks, OT networks are comprised of an entirely different set of hardware components that you would typically find on a manufacturing plant floor. These are the components of industrial control systems (ICS). Some of these components include programmable logic controllers (PLCs), which control manufacturing equipment or human-machine interfaces (HMI) that allow operators to interface with machinery. OT networks also include supervisory control and data acquisition (SCADA) systems that collect data from different types of processes. These pieces of equipment are generally very different from typical IT devices, and as a result they must be treated differently.
Reliability, Availability, Maintainability, and Security
Some of the biggest differences between IT and OT networks can become evident when you consider the cases in which problems might occur. At some manufacturing facilities, when employees are unable to access email or access the web due to a network issue, it can be a major inconvenience. However, at those same facilities, when a production line is down because of an OT network issue, it could result in more than just an inconvenience. Delays in production time could result in the loss of countless dollars from unmade products. In this scenario, the company’s OT network would have vastly different requirements for uptime than its IT network.
Another scenario might be when a company produces products with no problems, but important data from the manufacturing process cannot be collected and stored. Some operations in the pharmaceutical and medical industries require that information about certain batches be stored for regulatory compliance. Imagine if a network problem caused that data not to make it to the appropriate server. This again could result in lost money and/or scrapped production.
Consider yet another case: where an employee clicks on an emailed link that contains a virus or malware. Although the employee’s personal computer may become unusable and may set him or her back several days, it is unlikely to affect a manufacturing process. However, if the malware/virus were to be downloaded on a manufacturing server, or somehow spread to the OT network and infect manufacturing HMIs and servers, the consequences could be dire. Production could be halted, important data could be lost, and considerable time and money could be spent trying to restore things back to working order.
For these reasons, and many more, it is generally a good idea to keep IT and OT networks separate and closely control the boundaries between them. The less impact that an inconsequential, internet-connected office computer can have on a production floor, the better. There are many guides available online that provide detailed methods to design control system networks. If you are a controls engineer who doesn’t have a great deal of experience with IT and networking, or if you are an IT professional that has been asked to create a network for a control system, consider exploring some of these guides. It will likely help your control systems and their networks become stronger and more reliable solutions.
For More Information on how Avanceon can help your company design its OT network, click here: