Wham! A cyberattack slams enterprise IT, reverberating at lightning speed to a company's servers. The network crashes; email is down. Months-long delays ensue before email and other system layers are restored at all locations. What would earlier have impacted only IT systems now has the potential to also halt production and slow order fulfillment.
This scenario isn't conjecture; it’s actually been all too real for at least a couple of global manufacturers we’re aware of. At one pharmaceuticals company, for example, because the manufacturing operations technologies were connected with IT’s ERP systems, the company’s business slowed to a crawl. Manufacturing was halted due to limited or no visibility into when operations could fulfill customer demand.
It's an irony of our digital age: The increasingly connected systems at large, global manufacturing enterprises face a real risk of disconnection as a result of disasters, both natural and man-made, like a ransomware attack or cybersecurity breach. In both cases, shutdowns are costly and difficult to recover from, since they snap the links in vital chains of information exchange within and across the extended enterprise.
The Downside of Hyperconnectivity
Connectedness engendering risk? How can this be, in an era of information redundancy, distributed networks, incremental backups and cloud-powered enterprise systems? Simple: The ongoing effort to connect operational technology (OT) with enterprise IT systems has led to informational dependencies that create operational risk. Unexpected or unplanned business interruptions shutter key enterprise IT systems that are linked to OT. When disaster hits, their necessary connection is severely impaired.
Last year, another global manufacturing company experienced a catastrophic shutdown of one of its core IT systems locations during a hurricane. Operating in multiple locations, the company has devoted substantial resources and time to tying OT to its enterprise IT architecture – as many industrial companies have. But when the hurricane hit, its core facility housing its ERP system went down. With its manufacturing systems tied to enterprise IT, clean-room manufacturing facilities – each having cost more than $1 billion to build – were effectively shuttered. The company lost weeks of valuable production, with a corresponding impact on its top and bottom lines.
Planning for Hyperconnectivity’s Unintended Consequences
Industry 4.0 has brought a marked shift in the management of the manufacturing function, from the C-suite to the factory floor. However, turning Industry 4.0 from a lofty concept to an enterprise reality is still a work in progress. Clearly, digitizing the enterprise can improve process efficiency, increase flexibility to shifts in customer demand, improve integration of systems, increase visibility into operations and lower costs. But, at what cost?
For instance, do manufacturers need to forsake these benefits and consider disconnecting for fear of being victimized by hyperconnectivity? Certainly not. But disaster planning today must extend to full contingency planning for breakdowns in communications between enterprise IT and factories’ OT. Vitally important elements include scenario planning, disaster planning and taking the necessary precautions that enable individual manufacturing factories to run in isolation for short periods of time.
Such planning needs to proceed along two tracks:
- How to manage enterprise IT systems and local-factory operations in the event that one factory faces an impending threat: a hurricane or flood, a corresponding mandated evacuation, or a forecast shutdown of power from local utilities.
- How to address a completely unexpected, unanticipated systems breakdown that’s the result of a malicious cyberattack – a virus, ransomware, denial of service or corruption of key operational or enterprise data.
Insulated by Design – for a Time
Companies need to know how to isolate individual factories and operate in a mode where they are disconnected from enterprise IT systems for a pre-determined period – a day, a week or a month – even if they’re not running at optimal levels. One option is to implement an architecture that works for IT applications, as in using an enterprise service bus. This abstraction can be achieved by an equivalent manufacturing service bus (MSB) (see figure below) in an operational mode, where it functions in a secure, isolated bubble.
That way, the MSB acts as a buffer between enterprise systems and production systems in each facility. For example, when the plant is connected to the network and operational systems, necessary handshakes would occur with enterprise information to ensure current and available data arrives safely to inform production runs. But if enterprise IT suffers an outage, the MSB would have built-in resiliency at the plant level to buffer data locally; plant systems can then run in isolation. When connectivity is restored, the MSB can securely exchange local data with the network and ensure data is current and integrated with the enterprise systems.
Businesses would do well to think of individual factories and facilities as nodes on the network of the hyperconnected enterprise, operating as disconnected entities for a predefined period. Getting there won't be simple.
In our view, it’s crucial for manufacturers to define an IT-OT architecture for resilient plant operations. This will allow operations at manufacturing sites to continue business-as-usual and minimize the financial impact of operational failures, which – left unchecked – can run into the billions of dollars. It's an investment worth making now.
Pawan Kale, Cognizant’s Chief Architect of Connected Products, contributed to this blog.