In industrial settings, the life cycle of equipment can be long, and having the latest connected devices isn’t always an option. Here are some tips for making IoT and non-IoT assets work together.
I can attest from personal experience that IoT, like cloud, will take longer for companies to implement than many people think.
This was confirmed in a recent site visit I had with a large utility company. The company was accounting for all of its assets across its entire utility grid—and the results were surprising. Among these assets was a pump that had been installed in 1898, and was still in service!
“Tracking these assets and trying to connect everything with IoT can be a substantial challenge for company IT managers who are charged with this responsibility,” said Dean Weber, chief technology officer at Mocana, which sells an IoT security platform.”In the IT world, equipment becomes obsolete in three to five years, and asset management schedules are calibrated to this. In the industrial controls and manufacturing environment, equipment can be in service for as long as forty years.”
The primary concern that Weber voiced was for security break-ins that could occur because not all technology assets could be IoT-enabled.
“It’s a challenge for IT departments because you have to think differently about a manufacturing environment with its long equipment life cycles,” said Weber. “What you usually end up with in manufacturing is a mix of both green field and brown field devices, and you have to somehow cobble together a connected infrastructure.”
Weber defines a green field device as one which is IoT enabled. In contrast, brown field devices are not IoT-enabled, and the goal is to make those that are able to be IoT-enabled usable with IoT.
Companies like Mocana deliver gateways between the IoT and non IoT worlds by digitalizing non-IoT devices so they can be secured and monitored over IoT networks. “We use cryptography, which consists of sophisticated algorithms and secret keys to encrypt and decrypt data to IoT-enable brown field devices,” said Weber.
For example, a ruggedized device that might be used on a manufacturing floor like a programmable logic controller, might not be IoT-enabled, but it might have a processor and a memory array that are digitally signed by the manufacturer. By using these codes and digitally signing them cryptographically, a company can onboard these non-IoT drives into their total IoT security scheme.
“This helps with overall security because hackers are capable of penetrating traditional firewalls and user id/password authentication, and you can go beyond that,” said Weber. “Companies now need more robust forms of security such as encryption of devices and data, digital signatures, etc., to combat hackers, and IoT is the mechanism to do this.”
For IT managers who must manage these end-to-end networks of IoT and non-IoT devices, there are additional challenges. These include:
It’s difficult to track analog equipment assets if there’s no automation that can help you track them. The forgotten 1898 utility company pump is a prime example. The solution in this case is to physically identify and track these assets—and to plan to replace them with an updated solution as soon as you can.
Use asset management software
There are affordable asset management systems that not only track assets but provide best practice workflows and automation for management of assets. If you don’t have asset management software in place for both IoT and non-IoT equipment, get it.
Convert as many brown field assets to green field assets as you can
As you are inventorying all of your assets, flag those that are brown field assets without IoT and see how many of these you can convert to use with IoT. For those assets that absolutely cannot be IoT-enabled, develop a plan to replace them over time.
Don’t forget risk management
While IoT is a great enabler for device security across your entire infrastructure, it also receives new threats because IoT is penetrable by hackers, and unconnected analog devices are actually less so. For this reason, you should regularly review your risk management practices at the same time that you review your assets. In the IoT world there is continual risk—as there was in the non-IoT world that predated it.