“We have to be able to do application updates on the fly and upgrade control system hardware without shutting down operations,” Adriana says. “Until recently, that simply wasn’t an option. System installations were often complex, one-of-a-kind integrations, and any sort of upgrade could lead to system application errors and operating system mismatches. Fully integrated software applications meant that the complete application had to be updated or reinstalled to take advantage of even a minor feature update.”
“Once running, these integrated systems were robust and reliable, but in general the system management philosophy was ‘if it’s not broke, don’t fix it,’” Adriana adds. As a result, operating system updates were only performed during scheduled outages, and antivirus updates were not performed on a timely basis. Critical components such as controllers were only upgraded when the plant was offline, and during those rare shutdowns Adriana ran around with USB sticks, taking as much advantage as possible of the opportunity to update the plant’s operational technology (OT) infrastructure during these inevitably brief turnarounds.
The tight dependencies between hardware, operating system and application software also meant that system lifecycle was dependent on version support by the operating system supplier. Oftentimes this meant that outdated software and operating systems were kept running longer than advisable to match up with hardware lifecycles, so that all components could be replaced at once.
A new normal
All that started to change for Adriana a few years ago, when the plant moved to the latest process automation system architecture from ABB. “The real breakthrough was a complete decoupling of hardware and software dependencies—applications executing in self-sufficient, orchestrated containers can be automatically shifted from one piece of hardware to another—or even up into the cloud,” Adriana explains. “This means that system updates can be performed at any time with little need of system expertise. New applications can be downloaded from the cloud and deployed seamlessly without affecting operations or production. And, in the unlikely case that assistance is needed, remote experts are available to troubleshoot any issue.”
Control system applications are now independent of operating system platforms, allowing system lifecycle strategy to be dictated by business demands and not by software and hardware dependencies. “Systems are now always up to date, reducing the risk of cyber-attack or production loss due to software failure,” Adriana explains. “Plus, there’s no need for handholding by the system vendor since we can readily do the updates ourselves, or even schedule them to happen automatically.”
This latest system software is also designed with security and modularity within. An update of any software component does not have any effect on another software component. Nevertheless, the system behaves as a full integrated system towards the user. “With security as part of the design, communication and intellectual property are secured in multiple ways, including certificate management, encryption, and user access control for every software component,” Adriana says.
Further, hardware components such as control appliances can be readily replaced with equivalent appliances of higher capacity or increased performance to streamline the implementation of new functionality or to allow for the control of more complex or demanding applications. This proved especially convenient for Adriana when the plant recently purchased a new purification unit to be integrated with one of the plant’s existing reactor trains. “We bumped one of the existing control appliances up a size and were able to download the necessary software from the ABB marketplace. After a few minor configuration steps, we were fully operational in no time.”