Skip to main content

OT/ICS Cybersecurity

The Control System Engineer's Guide to Improved Safety, Reliability, and Productivity - Configuration Management (Part 3 of 4)

Configuration Management

Processing industries have been focused on improving mechanical reliability and automation for the past 30 to 40 years with the goal of increasing the time between unplanned shutdowns and turnarounds. Some examples of this include reliability centered maintenance, risk-based inspections and rotating equipment improvements (double mechanical seals, oil mist systems and vibration analysis). All of these improvements have significantly increased the reliability of the plant by increasing the time between equipment outages by a factor of two to three times. 
 
During this time period, automation systems continued to evolve. Today’s systems have become incredibly complex, with thousands of measurements, integrated applications and more interoperability than ever before. As a primary mechanism for the continuous improvement of the plant, they undergo changes to their configuration almost constantly. This combination of greater complexity and continual change leaves facilities vulnerable to the effects of undocumented, unauthorized and even malicious changes to system configuration.  
 

The Challenge: Complexity and Interdependency of Automation Systems 

Managing complex automation systems is not a trivial task. The interworking of automation systems has been compared to the human genome as an automation system is made up of encoded configurations that define the nature and specific function of each information cell. Each control system has a unique, and often proprietary, internal structure that makes it different from vendor to vendor and from generation to generation. The complexity of a control system is amplified as it interacts with other systems. And unlike the genome of natural organisms, the automation genome is in rapid state of change, as it is the primary platform for continuous process improvement. Frequent changes to a system increases its complexity and propensity to configuration errors. Most control systems have limited automatic documentation capabilities, and none of them document the important relationships that exist between different systems at a site - for example, the interconnections between the DCS, the PLC and the historian.  
 
Documentation and the proper management of complex configurations of automation assets is a formidable challenge for companies in every industry.  



Interaction between Humans and Automation 

Through advancements in technology (Modbus, serial interfaces, OPC, FOUNDATION Fieldbus, HART Protocol, ethernet based control systems, etc.) today’s automation systems are at all-time highs for the level of integration. This has provided numerous benefits, but it has also introduced some new challenges that need to be addressed. 
 


Challenges Directly Attributed to the Level of Integration: 

Changes in one system have a high probability of directly or indirectly impacting another system. As a result, multiple disciplines within the automation organization could be impacted.  Almost all modern automation systems provide a limited self-documentation tool, but this is not enough to understand the impact of a change.  

These tools do not document the integration across multiple systems. As such, the person investigating the change does not see that they may be impacting another system. 


 
Challenges Associated with Each Stand-Alone System: 

  • Inadequate documentation 

  • Loss of knowledge and critical skills 

  • Poor configuration integrity 

  • Lack of adequate change tracking 

  • Managing spare capacity 

 
In a nutshell, interoperability between these systems has been created through the level of integration. If you couple that with the stand-alone issue of managing a single automation system, it can create a high-risk situation for people interacting with these systems.  
 
A lack of proper configuration management contributes to industrial accidents. However, there are opportunities to improve reliability as it relates to automation system configuration.


If these opportunities are seized, a processing plant may be affected by the following:   

  • Degraded safety and environmental compliance 

  • Reduced production and profitability 

  • Damaged plant equipment 

  • Tarnished good neighbor reputation 

  • Impaired ability to restart after a disaster  

Read more in this series:


Ready to learn more? Discover What's New in OT/ICS Cybersecurity.

About the Author

Nick Cappi is Vice President, Portfolio Strategy and Enablement for OT Cybersecurity in Hexagon Asset Lifecyle Intelligence division. Nick joined PAS in 1995, which was acquired by Hexagon in 2020. In his role, Nick oversees commercial success of the business, formulates and prioritizes the strategic themes, and works with product owners to set strategic product direction. During his tenure at PAS, Nick has held a variety of positions including Vice President of Product Management and Technical Support, Director of Technical Consulting, Director of Technology, Managing Director for Asia Pacific Region, and Director of Product Management. Nick brings over 26 years of industrial control system and cybersecurity experience within the processing industries.

Profile Photo of Nick Cappi