By Vanessa Chris
By Vanessa Chris
Gone are the days when manufacturing IT was its own separate entity, with its own dedicated computers, closed systems and subnets.
Today, for companies to communicate effectively and run smoothly, they must have all their networks aligned. Corporate and manufacturing systems alike must share information—from inventory control to production schedules—and if one catches a virus and goes down, the rest are vulnerable as well.
“Before, if you had power in your facility and had the people there, you could keep the plant running and get whatever you needed out of it,” says Dennis Brandl, founder of BR&L Consulting. “When people integrated their systems, suddenly everything was interconnected. The IT department became a critical part of a company’s infrastructure.”
This coexistence is particularly challenging because manufacturing is a unique beast. In many cases, manufacturing IT has a 24/7-uptime requirement—this means that, while an office system might be able to be shut down and rebooted on a Saturday afternoon without much disruption, the same can’t be said for a manufacturing system. Rebooting, backing up and installing patches and virus protection all pose challenges—particularly for the ill prepared.
A department on its own
To get around these challenges, it’s important to have a strong foundation in place. One of the first steps, therefore, is to recognize the unique nature of manufacturing IT—and make sure those working on it understand it as well.
Depending on the size of your company, this could mean designating a specific subset of the IT department solely to manufacturing. Given the fast-paced nature of the industry, this will give IT professionals a chance to train themselves on the specific peculiarities of manufacturing systems and understand the needs of the engineering team.
“If someone isn’t trained in this, they might say ‘oh, we’ll just change the router rules,’ and then production will shut down because the PLCs can’t communicate,” says Brandl. “You need a subset of IT that is trained to take care of PLC programming, MES configurations, recipe writing—those sorts of things.”
If a designated department isn’t in the cards—say, for example, because you’re a smaller company with a one-person IT department—you may want to consider selecting one person on the engineering team to be responsible for manufacturing IT. If this is the case, however, you have to ensure they’re properly trained—and understand the appropriate jargon, common risks and basic IT principles.
“It’s always a challenge for the smaller companies, but the advantage is that they have a lot less hardware to deal with,” says Brandl. “They don’t have five or six brands of servers, and five different versions of databases. They’re dealing with a smaller subset of the whole IT product space—so it’s easier because they only have a couple of things to work around.”
If you opt to outsource your IT services, you want to be particularly careful and make sure that the company has experience dealing with manufacturing, says Brandl. He cites one company he worked with who outsourced their IT support and network support to a different organization in a different country. The IT company decided to run port scans on the business and manufacturing networks, with devastating results.
“The port scans were hitting on PLCs and embedded devices that were sitting on the Ethernet. These devices were not designed to manage this influx of information from a port scan. It overloaded their buffers and the system crashed,” he says. “This outsourcing company didn’t think these devices should be on the network anyway. That’s when things can go wrong—when you don’t recognize there are differences.”
Basic rules of thumb
Regardless of who is responsible for your manufacturing IT department, it’s important that they remain current, and follow some basic rules of thumb when developing IT policies and procedures.
When looking for a starting point in developing IT policies and procedures, Brandl says one of the best resources is the Information Technology Infrastructure Library—or ITIL. Developed by the U.K. government, ITIL lays out a set of standard practices for IT service management that can be applied to any company.
There are also a few key lessons that every manufacturing department should take to heart, he says, the most important of which is making sure to segment your corporate and manufacturing networks.
“If you’re coming into this with your PLCs and different systems, and you’re supposed to get them hooked into the corporate system, you have to be aware that you can’t always follow the same corporate policies as a desktop system,” he says. “ISA 99 offers a set of technical reports that talk about how you should define those networks, segment them and create that security.”
Segmenting your networks will allow you to control things like password changes and regularly-scheduled updates—things that can be catastrophic to a manufacturing network if they are unplanned.
“A lot of companies have systems set up to automatically download and install the updates that come from Microsoft once a month. You have to make sure those policies don’t get set in your manufacturing systems.”
When updates are required for manufacturing IT systems, it’s important to create sandboxes in which to test them first, before integrating them into production systems. Brandl also suggests making use of virtual machines, which offer IT departments both on the plant floor and in other parts of the company more flexibility.
And, of course, when in doubt, ask for help. There are lots of vendors and IT consultants out there that can help you with the often overwhelming world of manufacturing IT.
“We’re trying to run really reliable, Six Sigma production lines that never go down and run at 99 per cent run rates. Any glitch is going to mess you up,” says Brandl. “Your system has to be rock solid—and we’re trying to build rock solid IT platforms on technologies that change every six months.
Vanessa Chris is a freelance writer based in Toronto.