在制药厂六小时进入一个八小时的过程,生产突击了致命的障碍并关闭,基本上冲洗了10万美元的排水管。问题:软件更新发生在错误的时间。它在IT世界上的例行更新证明了在运营技术(OT)的世界中昂贵的错误。
Welcome to the brave new world, where IT and OT intersect in ways that plant operators couldn’t have imagined just a few years ago. That intersection is allowing companies to streamline processes and maintenance, and connect vendors and suppliers with data to save time and money. Except when it doesn’t go as planned.
In the case of the pharmaceutical company, the problem was a window that popped up on an interface to ask the operator if he would like to update the software. Choosing to update resulted in a reboot of the batch server that was running a medicine-making process—and the loss of vital genealogy required by the U.S. Food and Drug Administration (FDA).
它是Gregory Wilcox,全球技术和业务发展经理Rockwell Automation,后来把它放了,“一个非常糟糕的一天。”批次被破坏,制药公司只能在Wilcox和其他专家拨打政策,程序,技术和培训,以帮助确保从未重复过任何错误。
Despite the potential pitfalls, the benefits of connected automation—machines and processes that share information with each other and the businesses that operate them as well as with customers and suppliers—are legion, and growing all the time.
“连个以工厂为家的资产与企业, and connecting manufacturers and suppliers can offer tremendous value,” says Scot Wlodarczak, a manager for industry marketing atCisco和一位发言人Industrial IP Advantage, a trade group dedicated to education about industrial information architectures. “In fact, it’s estimated that four out of 10 companies will be disrupted in their market position by companies fully embracing connected factory solutions.”
Key to realizing those benefits is mitigating the potential risks—which, fortunately, can be done with proper planning and use of already-established best practices. It starts with getting off on the right foot.
Connecting the dots
思科IOE垂直解决方案工程组织副总裁Tony Shakib表示,奠定了对自动化过程或工厂已经必须与之合作的自动化过程或工厂的评估。起点是Shakib调用级别一级 - 刚刚获取组件,包括机器,连接和共享数据。
An important consideration here is how tightly to link IT and OT systems, says Ryan Lepp, director of business development for industrial automation and the Internet of Things (IoT) forPanduit。“你的终身目标是一个完全融合的网络,它和OT共存吗?”他问他的客户。他的推荐是统一的网络,以降低成本。
Once machines and processes are sharing data, Shakib says, companies deploying connected automation can proceed to level two—making use of all that data. Predictive maintenance is one benefit to be achieved at level two. “By having a constant connection monitoring the health of these devices, quite often you can predict when something’s going to go down months ahead of time,” he explains. Reducing or eliminating downtime is an obvious benefit, saving millions of dollars for manufacturers.
同样在二级,数据可以以另一个方式流回机器。“而不是不得不花时间用不同的产品手动改变机器,而是使用不同的产品使用不同的产品,机器上的设备几乎可以随着食谱而变化,”战略合作和合作伙伴关系高级经理Robert Miller说Mitsubishi Electric Automation。配方(有关如何构建新产品的信息)指示每种机器的伺服和其他部分重新配置以处理不同尺寸,形状和重量的产品。
Level three connects a factory with outside suppliers and customers, potentially extending the benefits of connectivity to the entire supply chain. But greater connectivity presents greater security risks. “End users need to adapt and embrace these new business models to remain competitive,” Wlodarczak says. “However, turning traditionally siloed industrial networks into borderless industrial Ethernet networks shared with suppliers can open up new attack vectors.”
幸运的是,仔细的规划和最佳实践可以防止糟糕的一天。
保护网络
Proper security practices operate on multiple levels, Wilcox says. “We always recommend to customers that they use a holistic defense-in-depth approach,” he says, which should address security at the physical, electronic and administrative levels.
Physical security not only restricts physical access to certain areas of the plant, but also prevents machines and controls from connecting to the wrong networks or devices. Source: Rockwell Automation |
Security at the physical layer can be as simple as restricting physical access to certain areas of a plant to only those who need to be there. That’s an approach all too often overlooked, Wilcox says. “Unfortunately, sometimes our customers have what’s commonly referred to as an M&M approach to security,” he says. “It’s hard candy outside and it’s soft and gooey inside. Once you get past the perimeter, whether at the receptionist or even a guard, at times there are no procedures to actually track visitors.” Access control provided by locked doors opened by ID badges can go a long way toward mitigating this potential security risk.
物理安全性也可以扩展到物理上防止机器和控制连接到错误的网络或设备。这可以通过连接到错误的地方的电缆确保。例如,Panduit使电缆和连接器促进这种物理安全性的级别。“我们有一条可用于配置和构建网络的物理安全的整个线路,”Lepp说。
Miller表示,在电子级别的电子级别可以确保只有已知的设备能够确保只有已知的设备能够共享数据,注意到CC-Link IE是基于以太网的网络,提供了这种安全级别的网络。“CC-Link IE是固有的确定性和固有的安全,因为它使用的技术和沟通,”米勒透露,他为美洲主任CC-Link Partner Association。“除非网络控制器知道某个设备,否则新设备将无法通过该网络进行通信。”换句话说,他解释说:“你不能只是走到一个CC-Link,即网络,用一台笔记本电脑插入它并破解系统。”
最后,管理访问控制应该限制用户只有部分网络或已被授权使用的软件。来自Rockwell自动化的FactoryTalk安全性等软件包可以帮助系统管理员建立适当的软件和硬件访问级别,基于谁登录来自该位置的系统。
稳定网络
As the example with the rebooting batch server at the pharmaceutical plant exemplifies, greater connectivity also can present challenges to maintaining uptime. Uptime is often less critical in the purely IT world than it is in the operational world, and bringing operational-level uptime to a converged network is the name of the game for many plant operators.
Lepp说,一步一步在确保网络正常运行时间简化了。需要计划。“如果没有策略或计划,”他解释说,“你开发了这个通信巢,你可能有关键的失败点。”
规划应包括确保交换机具有足够容量来处理通过它们的数据量的因素。“这是一个越来越多的问题,”米勒说。“随着更多设备可用于网络和通过网络监控,数据将越来越多。”并且更多的数据增加了网络拥塞的风险,这可以将过程带来研磨停止。
Lepp cites the case of a food and beverage plant whose network teetered on the brink of collapse at any given moment because of too much network traffic. “If you added anything, it would crash the network,” he recalls. “If you took that extra device out, the network could recover and you could start the machine again.” Lepp and his team solved the problem by carefully assessing the network and then redesigning it to handle more data.
Such reconfigurations could include what’s known as zone architecture, Lepp says. “What a zone architecture does, is it pulls the switches out of a control panel and puts them into a rafter or higher level, then you disburse the backbone network off into individual zones,” he explains. That way, even if a control panel does go offline for any reason, the distributed switches keep the network and the systems that depend on them up and running.
In addition to reducing data loads, zone architecture promotes redundancy, another key to enhancing uptime. This can extend to cables as well as to switches. Lepp and his team make sure that there are backup data lines connecting switches, controls and machines. Equally important is that the lines don’t all follow the same route. “If you have got redundant fiber lying in the same pathway, then the physical location isn’t redundant,” Lepp says. “As soon as you hit that with a forklift, your network is down.”
The future of connected automation
思科和罗克韦尔自动化已经在融合的植物植物以太网(CPWE)上进行了合作,这是一种不断发展的参考体系结构,用于连接自动化。每个合作伙伴都维护自己的实验室,在添加最佳实践之前,在添加到越来越多的参考资料库之前。例如,六月发布的白皮书概述了使用案例部署工业防火墙。Panduit也最近引入了参考架构的物理基础架构建议。
All of which should help plant engineers and operators in the future avoid the kinds of problems faced by the pharma manufacturer and its errant software upgrade process. In that case, Wilcox says, plant managers were able to keep the problem from happening again through additional operator education (don’t accept a system upgrade while a batch is running), improved communication between IT and OT departments (don’t try to upgrade production servers while they’re running), and preventive controls (critical systems are only upgradable on maintenance days). “To my knowledge, that customer has never had an incident like that again,” he says. “A little pain upfront, but it was a happy ending.”
Call it growing pains on the way to a new world of connected automation.