Vishnu Murali Director IT NRG Energy

05.26.2015

According to the results of a 2015 MPI/Rockwell survey Less than half (45%) of manufacturers surveyed said that their OT

and IT teams collaborated on issues such as upgrading legacy operations or enterprise systems

A scant 37% reported a collaborative approach to solving technical enterprise issues

Nearly 10% reported no collaboration between the two departments.

- Industry Week

Dumpers, loaders and heavy mining equipment

Sensors to monitor asset performance

Onboard event logging and prognosis

Transmission of events from assets

Intelligent asset response Resource deployment Remote

troubleshooting……

Enterprise backbone integration

Communication networks and database

Hardware / Software updates

Integrating Enterprise ERP with OT applications

Integration between Equipment data logger and big data back-end / cloud

Field service management Supply chain

management…..

Tesla’s Response

Tesla communicated the recall to its customer but told them “not to worry”. Next day morning 29, 222 cars were updated with the fix while the customers were sleeping overnight. Previously Tesla had also performed a silent / non-recall fix where in it had to tweak the settings of the electronic shock absorbers to make it more resilient at high speed.

GM’s Response

GM asked its customers to take its cars to the dealers for update and fix.

NIST ICS (Special Publication 800-82, Revision 2, Guide to Industrial Control Systems (ICS) Security (Pages 2-16 to 2-17)(4)

Category IT Systems OT Systems

Primary Players • CIO • Computer Science Grads • “Wintel geeks” / Younger generation

• COO, Engineers, Technicians, Production Managers and Staff

• Older staff who moved up through then ranks from line operators to technicians

Primary Focus • Data confidentiality and integrity is paramount • Automation of business processes • Information management and manipulation

• Safety and protection of the process and equipment

• Response to human and other emergency interaction is critical

• Controlling physical process

Component Lifetime • Lifetime in order of 3-5 years • Lifetime in order of 15-20 years

Security Approach • Confidentiality, Integrity and Availability • Availability, Integrity, Confidentiality

Performance Requirement

• Non-real time • High throughputs demanded • Downtimes acceptable

• Real-time • Reponses is time-critical • Downtime or delays unacceptable

Data • Complex data type • Multilayered analytics • Low data rate (10k records/second)

• Simple data type • Just-in-time analytics • High data rate (1M messages/sec)

Interfaces and Networks

• Web browser • Keyboard • TCP/IP based • Typical IT networking practices

• HIM • Sensors with embedded OS and Programs • Codded displays and touch screens • Serial based communication (Moving to TCP/IT)

Culture

CIO

CTO

CMO

CDO

CISO COO

CDA

CEA

Awareness of Enterprise OT Systems Landscape and Degree of Convergence

Consensus That Convergence Means a Change in Managing OT

Rationalization and Alignment of OT Management and Methods With IT Tools

Integration of IT and OT Systems and Infrastructure

Optimize and Standardize Processes

LEVEL 1

LEVEL 2

LEVEL 3

LEVEL 4

LEVEL 5

Research

Foundation

Alignment

Integration

Transformation

1. As-is IT & OT Architecture

2. As-is OT mtn. process mapping

3. IT-OT Technical integration Architecture (Data, Security)

1. IT-OT Competency Center model

2. Vision, Goals, Charter, R&R and Governance

3. CC Operating Norms

4. Cross departmental training through job rotation

1. To-be integration architecture

2.OT Risk and Roadmap profiling – Heat Map

3. Vendor Collaboration

4. Process alignment

1. Pilot Integration Projects

2. Vendor Collaboration

3. Monitoring

4. Cyber Security Testing

1. Launch targeted transformation initiatives

2. Measure benefits

3. Repeat

Source: © 2011 Gartner

Where do we begin? 1. Start with NIST framework and evolve it to suite the needs 2. Perform Risk Assessment – Technology, Market Forces, Vendor strategy, Business Strategy, IT Strategy 3. Establish Vision and “to-be” state 4. Market and Sell business case to the business stakeholders 5. Establish a focused team that will work on execution of process, frameworks and data analysis 6. Create a center of excellence along with vendors participation

What are some of the challenges that you are facing in your organization with IT/OT integration?

What is your IT / Cyber Security department doing to bridge the IT and OT skills gap?

What approach are you taking to address security concerns as part of your IT /OT initiatives?

How are you getting the stakeholder buy-ins on related investments?

Vishnu Murali Vish.murali@nrg.com askvishnu@gmail.com Cell: 513 478 7004