29 November, 2006

Fact # 3 - Standardization - IT and DCS Merging

Standardization with existing IT vendors is happening to SCADA systems and is subjecting new areas (Control systems) to old threats (Hackers and worms). This results in the creation significant risks to safety, environment and business.

Part 1 Here

More and more control systems, historians and actual control devices are adopting standard readily available operating systems, communication protocols and connection mechanisms. This subjects control systems to the same threats that plague other IT systems. It also gives them some significant advantages in both dealing with the threats and providing service. The rate of this occuring is also accelerating.

One of the largest items that conserns me about this fact is the reduced cycle times of deployments. Older Control Systems could litterally go for decades and work fine. In Jake's comment to my IT vs Control Engineer challenge he points out the breakneck speed that IT systems have to respond to new threats. In pure info security circles we have moved from hacks to worms to zero days now to less than zero day threats. (This was an interesting thread to watch develop it starts here.)

As more moves (and it is going to move wether we want it to or not) this is just going to get more pronounced.

I recently participated in an email go around about the lack of support for NT4 with a few industry heavyweights and how we communicate the risk this entails to the ACS community as a whole. One of them liked this article from 2001 about NT4 SP7.

Hell in the IT world companies are born, grow, go through a mid life crisis and either go out of business or a gobbled up and disassembled in a quarter of the time that most engineers expect their overall plant control system to last.

How many out there still have VAX, DEC and Compaq? How about IP21 systems? The list goes on.

They work fine the problem is that if you want to buy a new system you have to get Microsoft, Linux, or AIX as the OS. (yes I know the PLC's are different, I am mostly talking about the historians and control stations here, it still matters)

There really is very little choice. This means you have to be thinking about what you are going to do when Vista has been out for 4 years and MS (rightly) refuses to support 2003 let alone 2000.

There are a lot of implications to compressing the cycle time from 50 years to 20, to 10 and then to 5 or less. I think this is the biggest fact we have to prepare for but certainly not the only.

1 comment:

Jake Brodsky said...

This is one reason why I think Control Systems in particular would be a very good fit for Open Standards and Open Source Software. Support for such software is something that anyone could do, even if the integrating firm has gone out of business, the original software writers are long gone, or even if the computer hardware itself is orphaned.

In this case, the user would receive a full copy of compilable source code. This will ease transition in to newer hardware and newer software without having to trash the whole control room and start over with new everything.

We just recently exorcised the last NT4 boxes from our networks just a few months ago. Many were only five years old. I know this is commonplace in the computer industry, but it is tiresome and I'm looking for something a bit more long term.

Microsoft's model of purchasing a whole new OS (and usually a new computer so that you can run it) every few years or so is exactly the sort of thing that got the US auto industry in such trouble in the 1980s. Many people prefer consistency and quality, instead of a new model every year. The same is true in the SCADA and DCS world.

This is where I see an opportunity for Open Source Software and Open Standards to make substantial inroads in to the market. In the industrial automation industry, proprietary standards are less and less attractive because we are less and less sure of a company's future. Nobody wants to buy proprietary I/O panels for a distribution SCADA system if we don't have some assurance that the company will be able to service our equipment for another 15 years.

However in the software industry, companies are born, peak, and die in less time than that. Open standards are more resilient. Even if the original person who wrote the software is long gone and doing other things, you can still show the source code to a consultant and ask them to fix it, improve it, migrate it, or replace it.

There is even an open source MS-DOS clone out there, supported by an enthusiastic community of contributors. This is great news for legacy applications.

In the end, it's the integrators who will make the decision to go with open source or with a proprietary OS. I think as more and more mangers become aware of the advantages of Open Source, I think they'll opt for the stability it has to offer.

That's not to say that open source is free of bugs, or even that it's better than proprietary code. I make no such claim. I do point out, however, that it is better suited for long term projects than closed source...