ISA Interchange

Welcome to the official blog of the International Society of Automation (ISA).

This blog covers numerous topics on industrial automation such as operations & management, continuous & batch processing, connectivity, manufacturing & machine control, and Industry 4.0.

The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Does IIoT Live Up to the Hype?

There sure is an awful lot of hype about the Industrial Internet of Things (IIoT). One cannot attend a trade show without seeing a dozen new IIoT products or services. Every one of those new offerings promises to completely revolutionize your business and bring untold riches to your company.

But is IIoT really a game changer? Or is it just a trendy buzzword? And if it is real, how do you get it to live up to its promise at your company?

I have provided security guidance for a number of IIoT projects. I have also been facilitating teams of IIoT experts in "think tanks" for Fortune 500 companies rolling out IIoT projects. At first I was pretty cynical about IIoT. After all, haven't we been connecting smart industrial devices for decades? Network-connected remote terminal units, programmable logic controllers, and human-machine interfaces (HMIs) are nothing new.

But the more I got involved in IIoT, the more I saw that it was something new. Integration was not just between systems on the plant floor. It offered corporate, customer, and partner-wide connectivity on a whole new scale. As a result, it had the potential to unlock tremendous value in the manufacturing chain and transform the way a company does business.

I also quickly discovered that, like all new ideas, IIoT is not without its challenges. These include increased security risks, the potential for information overload, a shortage of staff with the needed skill sets and experience, and unexpected effects on corporate culture. Deploy IIoT incorrectly, and you can have a big mess on your hands. So here are three IIoT best practices I have learned that can make your IIoT project live up to its promise.


#1  Whole company involvement

IIoT is not a "wiring problem." It is not limited to the information technology (IT) department. And it is not just the concern of the chief information officer. When an IIoT project rolls out, it can affect everyone from the operator on the plant floor to the general manager.

We all know that when people do not understand how something will affect their jobs, they are often scared. When they are scared, they are likely to roadblock. Road blocking can result in projects that do not achieve their objectives-or fail outright. IIoT projects are no exception. In fact, because they can affect so many aspects of a business, they absolutely need wide-ranging involvement to be a success.

Ingersoll Rand Residential HVAC group recently rolled out an IoT solution called the Nexia Home Intelligence system. One of the things it does is enable technicians to remotely troubleshoot air conditioners. This both improves customer satisfaction through faster service response times and saves the company money by reducing unneeded or incorrectly provisioned calls.

As good as it is for the customer and the company, this new system affects how service specialists do their jobs. It changes their work day from one of constant service calls on the road to more in-office troubleshooting and preparation. Now, if the technicians felt threaten by the system, it would be easy for them to sabotage it through incorrect diagnoses or rolling out trucks regardless. Fortunately, the project was successful because the Ingersoll Rand IIoT deployment included the opportunity for the service teams to accept the IIoT concept, comment on it, and understand how it would benefit both them and the company in the long run.

This highlights how critical it is for the entire company to be involved and aligned in the success of any IIoT project. Everyone needs to have a stake in helping the project achieve the ultimate win-win scenario in the company's best interest. Thus, the project team must encompass everyone who might contribute or be affected. And it will need experience in a lot of different areas, including analytics, joint IT/OT operations, communication and management, and security designs and architecture. Everyone's skill sets and cooperation are needed to seamlessly integrate IIoT into the workspace.

So how can you get whole company buy-in? Instead of specifying IIoT projects from the top down, senior management can ensure that the necessary tools are available to its operational teams for IIoT projects. This way the people with the hands-on experience of the process, products, and customers can help the company derive real value from an IIoT deployment.

Bill Brown, the director of digital innovation at the tool manufacturer Stanley Black & Decker, recently explained how his job is to offer an easy-to-use IIoT platform for the different business units to be able to roll out their IIoT vision. "The system needs to be so easy that people will adopt quickly without being told to do it," explains Brown. This enables the entrepreneurial fast thinkers and problem solvers to implement IIoT more efficiently, easily, and effectively.

I also quickly discovered that, like all new ideas, IIoT is not without its challenges. These include increased security risks, the potential for information overload, a shortage of staff with the needed skill sets and experience, and unexpected effects on corporate culture. Deploy IIoT incorrectly, and you can have a big mess on your hands. So here are three IIoT best practices  I have learned that can make your IIoT project live up to its promise.


#2 Focus on business value

IIoT is meant to drive business value. It is not just how you are collecting data through interconnectivity; it is why you want to do this in the first place. If someone asks you, "How does IIoT [or the data derived] make your company better?" and you are unable to answer with a specific reason, you should reconsider the project. The more specifically you can define the business value, the more likely you are to attain it.

How do you get everyone onboard so that you can indeed focus on the goal? The one strong strategy is to pilot, then scale. Start small and get some clear wins. Celebrating little triumphs goes a long way; you get the naysayers and traditionalists off your back sooner (and there will always be these types), but you can also win them over to your cause. Your opponents can become your allies.

A well-known turbine manufacturer tried this tactic, beginning small before expanding based on its initial success. One of its manufacturing products is the impellers used in centrifugal compressors, both single stage and multi-stage, bound for process gas plants, ethylene plants, mines, and wastewater treatment facilities. These impellers can range in diameter from 16 in to 72 in, either milled or fabricated from expensive alloys. This puts the component value from $100K to $400K. Having them sit around in inventory is very expensive.

Two critical post-processing operations for impellers are balancing and blade frequency testing. Specifically, impeller blade testing requires the blade frequency to be measured for each of the 17-23 blades. Before the IIoT project, it was someone's job to take these individual measurements and document them in a spreadsheet. After that, a hardcopy of the data was delivered to an engineer for review, where approval or rejection of a given blade was communicated. In the case of a rejected blade, a certain amount of material had to be removed, determined by the standard blade geometry and operational speed. The process took days to weeks to complete, translating to at least $200,000 in (wasted) inventory costs.

The extra days in held inventory were quite a significant cost on its own, but with the addition of the extensive manual processing and paperwork approval, this was a prime area for implementing IIoT technologies with automation and machine intelligence.

By automating the process via IIoT and adding intelligence into the blade-ring test machine, multiple problem areas-transcription errors, man hours, held-up inventory, and consequent expenses-were addressed. All of the tasks are repeatable, and could therefore be completed autonomously. The operator is immediately informed of pass/fail results, and alerts can be sent remotely to the engineer if approval is required. It was not a big project per say, but the process got clear wins and a huge return on investment (ROI). That helped people within the company understand why they would want to support another, larger IIoT process in the future.


#3 Design security and robustness in from the start

The best IIoT systems are those designed from the very beginning with security and robustness in mind. They include elements such as automated failback features, an increased tolerance for short-term failures, and security monitoring within the system operations plan. Brown of Stanley Black & Decker explains that his company's IIoT deployments could not be centered in the cloud-they needed to be able to work on premise. "If the Internet connection goes down, your system still needs to function."

Experts such as the chief security architect of Polyverse Corporation, Steven C. Venema, recommend reviewing the ISA/IEC 62443 standards (formerly known as the ISA99 standards) as a preliminary road map toward partitioned architectures for the industrial control system (ICS) and supervisory control and data acquisition domain. "Partition your equipment and systems designs," Venema cautions, "to allow security components to be updated on a faster cycle than other operational components." As "the complete security life-cycle program for industrial automation and control systems," ISA/IEC 62443 consists of 11 standards and technical reports. It introduces the concepts of zones (groupings of logical or physical assets that share common security requirements based on criticality, consequence, and other such factors; equipment in a zone should share a strong security level capability) and conduits (paths for information flow between zones). ISA/IEC 62443 standards provide requirements based on a company's assessment of cyberattack risks and vulnerabilities.

Within the oil industry, a large refinery created a security architecture that effectively protected its operations based on these standards. In its oil refinery process facility, the company had multiple operations (with basic control, safety, and HMI/supervisory systems). It also had considerable wireless and remote communications needs, both for maintenance and for communications to downstream customers.

To secure its operations, the company divided its systems into zones and subzones-depending on operational function, security capabilities and requirements, perceived risk, and process level-to best adjust the security requirements for each particular operation. After analyzing potential threat sources, the company relocated the safety integrated system in each operational unit to its own zone (instead of being part of a basic control zone). Conduits were defined and documented, breaking down the overall system into manageable chunks. The zones and conduits were then implemented with industry security appliances, including firewalls and virtual private networks, which were tried and tested. The technologies introduced into the control systems also made significant improvements to plant performance and productivity, and the company successfully continued to use and maintain ISA/IEC 62443 standards as a framework for security improvements.

In your IIoT security checklist, strategize to ensure and implement the following proactive and protective measures:

  • Design security in from the start. Never leave it as an afterthought.
  • Enlist expert help. Fuse a team of senior management and security specialists who can communicate and work together to design protective strategic measures that work seamlessly with the plant's (and whatever products or services therein) functionality and features.
  • Compartmentalize IIoT solutions into security zones to prevent the spread of malware throughout the plant. In tandem, integrate security best practices during each phase of the developmental process on the plant floor.
  • Monitor your IIoT system continuously to understand vulnerabilities and manage emerging threats. It is essential to detect issues as early as possible.

IIoT should not be a raw or experimental practice. It must be designed reliably and with evolving security systems that are punctually followed and updated. Otherwise, it is no different than installing a burglar alarm system in your house . . . and never bothering to turn it on.


IIoT: A new way of examining an old problem

"IIoT is an evolution . . . it is moving legacy systems into the new age of technology to take advantage of everything [that] new technology and connectivity have to bring."-Vimal Kapur, president of Honeywell Process Solutions

At its core, IIoT is not a new technology. It takes advantage of some new technologies, but it is actually a new way of examining an old problem. We have always had the data-test results, analytics, asset management information, maintenance information-but it has often been inaccessible, overlooked, or obscured in our operating procedures. IIoT lets us rethink the way industry integrates the data buried in our manufacturing process.

Effectively implementing IIoT is a continuous process that demands strategic planning, a focus on company goals, the coordination of teams with diverse skill sets, and an investment in quality security measures. The adoption of IIoT brings immediate benefits, such as improved reliability and reduced downtime. Simultaneously, it also enables long-term benefits by establishing a platform for continuous development and offering a greater ROI by integrating information quantity and quality.

By creating a forward-thinking company culture, by maintaining corporate focus, and by designing IIoT systems with appropriate security measures, your business can overcome obstacles and strategically implement IIoT best practices to gain an immense competitive advantage in the digital future.

A version of this article also was published at InTech magazine.

Eric J. Byres
Eric J. Byres
Eric Byres, CTO and VP Engineering of Tofino Security (part of Hirschmann, a Belden Brand), is a well-known industry expert in the field of industrial cybersecurity and is chair of the ISA99 Security Technologies Working Group, chair of the ISA99 Cyber Threat Gap Analysis Task Group and Canadian representative for IEC TC65/WG13, a standards effort focusing on an international framework for the protection of process facilities from cyberattack. Eric was recognized for his contributions to the automation industry when honored by the International Society of Automation as an ISA Fellow for his outstanding achievements in science and engineering.

Related Posts

ISA's Top Blog Posts of 2024 (So Far)

It's been a great year so far for the International Society of Automation (ISA). ISA members from around ...
Kara Phelps Jun 21, 2024 2:00:00 PM

ISA Podcast Spotlights Digital Twins and Cybersecurity in Australia

The International Society of Automation (ISA) continues to produce episodes of its podcast, Podomation. R...
Liz Neiman Jun 18, 2024 7:00:00 AM

ISA Technical Content Available at Pub Hub

Did you know that the International Society of Automation (ISA) offer a vast library of its technical con...
Liz Neiman Jun 14, 2024 12:56:14 PM