This article is from WeChat official account:Journal of Chinese Academy of Engineering (ID: CAE-Engineering)< / span> , author: Hong Xuehai, Cai Di, the original title: “strategic Research Shu-oriented” Internet + “of OT and IT integration development”, title figure from the visual China
Information technologies (IT) such as the Internet, Internet of Things, big data, artificial intelligence, edge computing, etc., are increasingly infiltrating the industrial field and integrating with industrial technology. The industrial “Internet +” fusion application represented by the Industrial Internet has been produced, which is of great significance for promoting the digital transformation and development of my country’s industry and transforming from a large manufacturing country to a strong manufacturing country.
The integration of operational technology (OT) and IT has become the key to industrial digital transformation and the high-quality development of manufacturing. At present, the integration of OT and IT, especially computing technology, has become an important direction for industrial digital transformation and upgrading.
The Journal of the Chinese Academy of Engineering “Chinese Engineering Science” published “Research on the Integration of OT and IT Facing “Internet +”. The article carried out a demand analysis for the development of OT and IT integration, and combed the current situation of OT and IT integration from the establishment of industrial Internet of Things, development of cross-platform analysis framework, development of open platforms, and implementation of cloud-based data collection and monitoring systems; The technical path for the future integration of two types of technology systems is proposed, such as establishing a complete computing stack integrating OT and IT, continuing to promote the industrial Internet, and strengthening the security guarantee for the integration of OT and IT.
The article pointed out that strengthening the standardized application of OT and IT integration technology, including the establishment of assessment of key asset risks, paying attention to the underlying data, strengthening the development of detection systems, separating communication functions, and applying artificial intelligence technology The security assurance system of the integration of OT and IT in China provides key support for the in-depth development of my country’s “Internet +” operation in the field of industrial manufacturing.
I. Preface
The combination of the Internet, consumption, and services has produced many consumer “Internet +” applications, which has promoted the development of my country’s consumer Internet industry. Internet, Internet of Things, big data, artificial intelligence (AI), edge computing, high-performance computing and other information technology (IT) has penetrated more and more into the industrial field, and has been integrated and developed with industrial technology, resulting in industrial “Internet +” integrated applications represented by the industrial Internet. It is of great significance to promote the digital transformation and development of China’s industry, from a large manufacturing country to a strong manufacturing country.
OT is the abbreviation of Operational Technology. Although it is usually translated as operational technology, its essence is the integrated application of electronics, information, software and control technology. OT can be defined as: software and hardware technology for monitoring or controlling various terminals, processes and events of the enterprise, including data collection and automatic control technology. Therefore, OT includes not only hardware facilities (such as robots, motors, valves, CNC machine tools, etc.), but also various software to control these facilities technology.
Currently, the integration of OT and IT, especially computing technology, has become an important direction for industrial digital transformation and upgrading. IT and OT and communication technology (CT) are deeply integrated, enabling the industrial Internet to initially realize the comprehensive connection of data and entities, and promote service and data innovation , To promote the realization of the value of data, but also to make real-time decision-making possible.
This article discusses the integration and development of IT and OT, studies and judges the needs, current situation and progress of the integration of OT and IT technology, and demonstrates the future integration of OT and IT technology and the security issues of OT and IT integration. Targeted countermeasures and suggestions are put forward in order to provide theoretical reference for the development and research of my country’s “Internet +” action in the field of industrial manufacturing.
2. Demand analysis for the integrated development of OT and IT
Developing towards digital transformation is the world’s major industrial country’sThe main direction of development, the release of a number of industrial digital transformation strategies represented by German Industry 4.0, marks the arrival of the industrial digital era. The key to achieving industrial digital transformation lies in solving the integration problem of IT and industrial technology, and OT has become an application bottleneck.
The integration of OT and IT aims to reduce industrial costs, optimize industrial business processes, reduce industrial process risks, implement development and integration faster, and promote the standardization of communication and control industrial process equipment.
After the integration of the two, the existing IT software, hardware and environmental equipment can easily access OT equipment and its operating process data. OT equipment and process data can be spread through the IT infrastructure, and then in the entire enterprise(or a larger scope) to share these equipment and process data. During operation, new IT technology (such as AI, edge computing, blockchain, etc.) can be used to analyze and apply industrial equipment quickly and accurately And industrial process data, and then realize the global optimization of enterprise information sharing methods, and provide comprehensive decision support for industrial manufacturing and process management.
The integration of OT and IT can open up OT equipment, environmental facility data, and IT infrastructure data to achieve two-way interoperability. On the one hand, the OT system uses IT infrastructure to obtain industrial equipment and process data, and uses various algorithm models in the IT field to carry out state monitoring and risk boundary estimation of OT industrial equipment and processes, effectively reducing the potential risks of industrial organizations.
On the other hand, new technologies such as cloud and virtualization in the IT field can improve the accessibility, stability and fluidity of OT industrial equipment and process data. Deploy a common IT infrastructure, taking into account the storage and flow of OT data, the OT end can access the massive data of the IT end; data collection and monitoring control in the OT side will not be affected (SCADA) When the system is working, with the help of cloud and virtualization technology, the server of the enterprise factory or production workshop can be migrated to the cloud, which helps to reduce the number of equipment and facilitate the implementation of updates.
Three, the current status of the development of OT and IT integration
In the industry 3.0 era, OT and IT have independent interfaces, and there is no tendency for the two to merge. Entering the era of “Internet +” action and Industry 4.0, the trend of integration of OT and IT has beenAppears, but the interface between the two determines the degree and direction of integration. The relationship interface is mainly manifested in 10 aspects such as function, domain, access, assets and personnel, change frequency, environment, interface and network, life cycle, target, and operating system. The integration of OT and IT is also mainly focused on these 10 aspects. At present, the industrial Internet of Things (IIoT), industrial Internet, cloud-based deployment, etc. are the focus of research on the integration of OT and IT.
(1) Industrial Internet of Things
The establishment of IIoT is a key measure to achieve the integration of IT to OT. IIoT technology is booming. Industrial manufacturing companies learn from the Internet of Things technology to deploy IIoT services, making the traditional industrial equipment and process management transform towards the Internet of Things: an optimized job shop scheduler monitoring system based on IIoT is proposed to track the tasks being performed by the machine and Closed-loop feedback path, based on this to realize the automatic detection of job completion time and dynamic rescheduling based on this; the development of dual microcontrollers (MCU)(MCU) architecture ensures the flexible control of IIoT devices such as programmable controller (PLC); it has established a platform based on a single virtualization platform and a high level of technology. The integrated data center network has the function of supporting the infrastructure of the Internet of Things; an advanced analysis framework is proposed, which can be used as a standardized application of IIoT in industrial and mining enterprises.
(2) Cross-platform analysis framework
In response to the IIoT application needs of traditional industrial manufacturing companies, the market provides candidate solutions for a variety of technologies and platforms; however, due to compatibility, it is often time-consuming and laborious for companies to choose solutions. Therefore, the compatibility advantages of the cross-platform analysis framework can meet the actual IIoT needs of traditional manufacturing companies. With mining enterprise applications as the background, a cross-platform analysis framework has been developed, which integrates IIoT and multiple types of advanced analysis technologies, and has the function of using IIoT as the data source of the analysis framework; through layer-by-layer analysis to evaluate the performance of the system, it is easy to evaluate differences Based on the services and technologies under the architecture, the enterprise deployment plan is optimized.
(3) Open platform
The vigorous development of cloud computing technology has promoted the transfer of enterprise-level applications and data from private platforms to open platforms. Developing an open platform is a pragmatic choice to deal with this trend.
The Predix basic system platform launched by General Electric Company (GE), as an open platform, can be applied to industrial manufacturing, energy, and medical Various industrial fields, including equipment health and failure prediction, production efficiency optimization, energy consumption management, scheduling optimization, and other complete application scenarios are provided for various types of industrial equipment; the use of data-driven and mechanism combination methods solves the problem of traditional industrial enterprises. Balance the problems faced by quality, efficiency, and energy consumption, and promote the rapid digital transformation of industrial enterprises.
The MindSphere platform launched by the German Siemens company (SIEMENS) uses a cloud-based open Internet of Things architecture to integrate sensors, controllers and various The industrial field equipment data collected by the information system is transmitted to the cloud in real time through a secure channel, and the cloud provides enterprises with services such as big data analysis and mining, industrial application development, and intelligent application value-added services.
The literature studies the creation of a technology-integrated data center network on a virtualized platform to support the operation of the Internet of Things infrastructure and provide flexibility, scalability and function expansion capabilities for the Internet of Things applications in the data center.
(4) SCADA system based on cloud deployment
Refer to the International Standard ISA-95 for the integration of enterprise systems and control systems developed by the Instrument, Systems and Automation Association (ISA), and the industrial automation model points There are five levels: business and planning, production operation management, supervisory control, factory control, and physical process. Among them, the first two levels belong to the IT level, and the last three levels belong to the OT level. The supervisory control layer (the layer where the SCADA system is located) can be regarded as the interface between IT and OT, and it is also the key point for the connection between IT and OT.
If cloud-based deployment is implemented at this level, you can build a user (or operator)Remote monitoring (using sensor) and controlling (using actuator)< /span>Functional industrial system, thereby greatly improving the efficiency and flexibility of the connection between OT and IT.
Some studies have conducted an in-depth analysis of the deployment scenarios involved in the deployment of SCADA systems in the cloud, and designed a benchmark test system for virtualization, additional network connections with cloud data centers, and increased computing load due to security measures. The performance of cloud-deployed SCADA systems under different configurations is established; a model standard framework is established for cloud-linked SCADA systems to formally define the behavior of the SCADA system; the cloud-based SCADA system developed based on the micro-service architecture has significantly improved the SCADA system’s performance performance.
4. Pre-judgment of the technological path for the development of OT and IT integration
The integration of OT and IT can not only promote IT to play the role of networking, cloudification, and intelligence on the OT side, but also ensure that the OT side makes more use of the enabling technology of the IT side. Convergence modes are mainly divided into two types: connect the OT end information with the IT end, that is, establish a connection between the IT end and the OT end; output the OT end information to the IT end, so that the OT end information can be shared in a larger range, that is, the OT end information Cloudification.
The ideal situation for the integration of OT and IT lies in the pursuit of a unified integration technology framework (such as power industry application demonstration). In order to achieve the two-way integration of OT and IT, it is mainly promoted from the establishment of a complete computing stack system and the continuous development of the industrial Internet, while strengthening the system security measures for the integration of OT and IT.
(1) Establish a complete computing stack integrating IT and OT technology
The manufacturing industry has the characteristics of “large quantity and wide range” of products. Manufacturing production line equipment is the main battlefield for the integration of IT and OT technology, and the key area for the high-quality development of industrial manufacturing. Taking PLC and computer numerical control (CNC) application as a breakthrough, strengthen the research and development of a complete set of autonomous and controllable computing stacks(see Figure 1). On the basis of realizing the true integration of OT end and IT end, and promoting the wider sharing and application of OT end information, a complete set of autonomous and controllable computing stacks are used to promote the upgrade of low-end production line equipment to mid-to-high end(reform); while striving to narrow the gap with the international advanced level, at the same time improve the profitability and international competitiveness of my country’s manufacturing industry, and build an intelligent equipment ecosystem that adapts to my country’s national conditions.
Figure 1 Schematic diagram of a complete set of computing stacks integrating OT and IT
Currently, foreign companies and products still dominate many aspects such as knowledge bases, design tools, software, and operating systems, but domestic products or open source communities have an alternative foundation; foreign products dominate the processor chip market, but there is an alternative technology foundation in China ; Domestic products dominate other computer hardware and application software. As the computing component of industrial equipment, the intelligent equipment computing stack is the key and necessary way to realize the integration of OT and IT. The relationship with industrial equipment is similar to Android( Android) technology stack and smart phones.
(2) Continue to promote the Industrial Internet
Industrial Internet is an important carrier and key platform to realize the integration of OT and IT, and it is of great value to continue to promote related technology research and development and deepen the application of the industry. The development process of the Industrial Internet is intertwined with the three main lines of IT, OT and CT. The platform functional architecture (see Figure 2) is highly similar to the cloud computing architecture , But added the edge layer; including infrastructure as a service(IaaS), platform as a service(PaaS), software as a service(SaaS ) The key content is similar to cloud computing. The edge layer is essentially the production site and belongs to the OT part. OT is located at the bottom layer and implements data collection and action execution; CT connects all nodes and is responsible for data transmission; IT is located at the upper layer and is responsible for data calculation and analysis.
Figure 2 Schematic diagram of the functional architecture of the industrial Internet platform
(3) Strengthen the security guarantee for the integration of OT and IT
Industrial systems have evolved from an early “isolated” state to today’s open environment, from the initial use of serial communication to the currently widely adopted transmission control protocol/Internet protocol based (TCP/IP) communication, information security-related issues inevitably arise. The security challenges faced in the process of the integration and development of OT and IT mainly include two aspects.
One is the defect of the OT system itself. Recalling the original design intention, OT and critical infrastructure are isolated from the network, so they will not be threatened by external network security. However, after undergoing digital transformation, these once isolated systems have become networked devices and become high-value targets favored by attackers. In addition, the security risks faced by SCADA, PLC, etc. also tend to appear.
The second is the security risk of the integration of OT and IT. Due to the wide application of IT, traditional OT equipment no longer runs independently on isolated networks and proprietary platforms, but needs to be interconnected with other systems. The integration of the two fundamentally solves the cross-system interconnectionInteroperability issues, but bring potential security risks such as external attacks, internal malicious vulnerability attacks, and incorrect operations, which are specifically manifested in the following aspects.
1. PLCs security
PLC mainly faces the problems of independent guarantee and information security, and its own design has defects. The PLC uses a scanning mode of work (period 1~100 ms), data cannot be updated before the end of the scanning period(If the PLC input signal time is less than the reaction time, there will be a possibility of misreading); the output and input status will be changed after each program execution and before the next program execution Update once (“Program end regeneration”), which leaves enough time for attackers to carry out malicious attacks. In addition, the small memory capacity, the operating system used, and the lack of security mechanisms in the used communication protocol are also deficient factors that lead to security risks.
2. Remote terminal unit(RTUs)Security
RTU is the basic unit of the SCADA system, and the main security risks faced by it come from:
①The embedded real-time operating system that is mostly used by RTU software platform has security vulnerabilities and does not even provide security monitoring and protection mechanisms;
②The SCADA system will run for a long time after it is started, and it is difficult to repair security vulnerabilities in time. The computer where it is infected by viruses will become the source of security threats to the RTU equipment;
③The communication protocol adopted by RTU lacks a security mechanism, and the information is transmitted in plain text, and the corresponding communication process is easy to be monitored and attacked. Focus on the development of network intelligent RTU and intelligent security RTU. The former can improve network utilization and transmit data in real time, while the latter requires data to be encrypted and transmitted in ciphertext before data transmission.
3. Human-machine interface (HMI)security
As the scale of the factory expands and the complexity of the organization increases, the control precision and accuracy of field devices have become the main factors to ensure production, which has a significant impact on the HMI of industrial control. Traditional HMI has undergone the transformation from text-based to graphical interface, which basically realizes the diversified expression of multimedia information, and guarantees users’ information perception and processing requirements for industrial control field equipment.
However, HMI and control PLC usually have password settings to prevent decrypting passwords, stealing programs, and ensuring system security, which has become a key issue that HMI design must face. It is necessary to prevent loopholes in the encryption method of the product itself, the central processing unit and the program storage chip can be “two-in-one” and the hardware encryption can be performed, and the external interface of the communication line can also be eliminated.
4. SCADA system security
The security risks of the SCADA system mainly come from unauthorized and illegal access, the openness of industrial control standard protocols and common technologies, industrial control software and hardware product defects, and practitioners. In addition, due to the deployment of SCADA systems in the cloud, enterprises are accompanied by system risks that extend from cloud security.
V. Countermeasures and suggestions
(1) Strengthen the standardized application of OT and IT integration technology
There are many types of industrial equipment, and the interface standards and communication protocol standards are not uniform enough, making data collection for industrial equipment and processes a relatively complicated link. At the same time, it is also difficult to develop a unified integration framework to take into account the needs of various industrial scenarios. The standardization construction of the integration of OT and IT technology needs to be strengthened.
The emerging OPC unified architecture based on time-sensitive network (OPC UA over TSN) protocol has attracted attention from all walks of life for its rich functions; While solving the problem of the inconsistency of OT and IT network communication standards and data formats, almost “arbitrary data access capabilities” can be realized. Therefore, combining the actual business needs of domestic industrial enterprises, focusing on the promotion and use of the OPC UA over TSN protocol is particularly important for the integration and development of OT and IT.
(2) buildEstablish a security system integrating OT and IT technology
The first is to implement key asset risk assessments to provide critical references for system development. The protection of important assets should be increased reasonably, and defensive measures should be taken to a certain extent for conventional assets. Through reasonable division and key protection, the defense forces are concentrated to implement system protection more accurately and efficiently.
The second is to increase the focus on the underlying data. It is recommended to change the current phenomenon of focusing more on source address, source port, destination address, and destination port related metadata, and instead focus on data related to the bottom layer of the OT system and data transmission. Avoid possible loopholes in the communication security mechanism of the OT system, and accurately guarantee system security through in-depth understanding of the underlying data.
The third is to develop a detection system with anti-intrusion capabilities. We should focus on strengthening the research and development of intrusion detection systems as the first threshold for system protection, detecting network data packets and establishing a database of network intrusion behaviors, keeping the database up to date, so that a large proportion of network attacks can be shut out.
Fourth is to separate the communication function. Most of the attacks occur during network communication between OT and IT fusion system. The functional part responsible for network communication should be separated from the fusion system; an independent system for network communication should be designed to focus on information interaction with the main system. safety. In this way, the risks faced by OT and IT integration systems can be greatly reduced when they are attacked.
Fifth, strengthen the use of AI technology. AI technology is in a new stage of vigorous development, and related technologies can play a greater role in the integration of OT and IT security. By giving computers the ability to learn, recognize and deal with cyber attacks through AI, there is a huge room for development and a prominent potential.
This article is from WeChat official account:Journal of Chinese Academy of Engineering (ID: CAE-Engineering)< / span> , This article taken from Chinese Academy of Engineering published “China Engineering Science” 2020 the fourth period, author: Hong Xuehai, Cai Di, source: facing the “Internet +” of OT and IT Research on Integrated Development[J].Engineering Science in China,2020,22(4):18-23.