Foresight and integration
July 2017, Integrated Solutions, Industrial (Industry)
The industrial segment of the South African economy has been under pressure for some time. The challenges faced by the industry are vast and varied, as are the threats of crime and fraud – like every other part of the South Afri-can economy.
In the past, security was something industry could add to the perimeter and perhaps to the access points to working areas, with perhaps a few cameras looking over these areas. Today, however, security is a more pressing concern, but at the same time it’s not something these companies want to spend a lot of money on, primarily due to the lack of return they feel security technology can provide.
Fortunately, as security technologies have advanced and converged into the IP platform, security solutions can today provide better coverage of operations than ever before, but it has also become possible to make use of security technology to assist in other areas of the business, such as health and safety, workforce management and more.
Hi-Tech Security Solutions spoke to two companies about their experience in dealing with the risks industrial concerns face.
• Xone Integrated Security, a South African systems integrator, and
• An industry expert from a global provider of security (and other) technologies and services who requested anonymity, so we call him John.
Is the industrial sector really any different from the rest of the business world when it comes to the security risks these companies have to deal with? It seems everyone is dealing with the same onslaught from seemingly better funded, protected and skilled criminal organisations.
Our industry expert believes the threats the industrial market faces today fall into three primary categories:
• Internal sabotage/ interruption to processes.
• Loss of intellectual property (IP).
• Theft of infrastructure.
Ian Downie, a director of Xone Integrated Security agrees, noting that syndicates are operational both within and external to these companies, looking for ways to cause trouble and/or make a profit. Their plans can include sabotage or industrial espionage, since forcing machinery to come to a standstill means a long recovery process to getting everything up and running safely, causing significant losses to the business.
Downie also raises the spectre of cyber-attacks, a relevant issue considering malware purportedly brought down eastern European power stations recently. Not only can cyber-attacks take a system down and keep it down by corrupting digital processes and data, it can also be used to steal plans and other company secrets.
Sadly, Downie says many companies in this sector are ill-equipped to deal with these threats. “The mindset of these operations is to focus on efficiency of delivery,” says Downie. “People’s primary job is to deliver a certain number of products in a certain time at a specific margin. Everything else takes second place.
“As soon as we deal with customers and they shift their mindset to including security objectives with an integrated focus, we see significant changes in what can be achieved both in terms of risk mitigation as well as efficiency. The effective integration of technology plays a key role here.”
When security and business systems are integrated, it offers the customer a more complete overview of their situation ‘on the floor’, allowing management to more closely track and measure almost every area of their operation. When the integrated systems all report into a management platform, supported by an effective workflow in which processes are automated, it helps the organisation to drive key deliverables and manage by exception – in other words, only get involved when there is an issue that needs attention.
Downie provides the example of a machine breaking and needing repairs, a normal event in every business. If the same equipment breaks down every day and the same people repair it, this would be an exception the platform highlights, allowing management to look into the issue.
Of course, as John notes, it isn’t simply a matter of installing technology and forgetting about it. Firstly, the implementation is of critical importance. The systems must be installed properly and integrated with other systems effectively, without causing more problems. Secondly, one can’t forget the human element.
If any technology is going to deliver benefits, it needs to have buy-in from the people using it. This applies to the people on the floor who may be under surveillance or may be required to use biometrics to track their time or access a machine, as well as those who set and manage the various policies and processes. It takes technology and people working together to make it all run smoothly.
Processes support efficiency and safety
Of all the different parts of a solution, the policies and procedures are perhaps the most important to ensure that in every foreseeable situation, both people and systems have a process to follow. For example, if there is an accident, the systems should automatically shut down in a safe manner (except for safety systems such as fire sprinklers, for example) and employees need to know what to do and where to go.
“Key to industrial environments is always the danger associated with manufacturing and ultimately workforce safety,” notes John. “Being able to muster staff in case of emergencies and track their whereabouts in these situations is a key deliverable that can be done through technology.”
As Downie notes, surveillance cameras can be used to immediately determine how many people are in a particular area, while biometric access controls could be used to know exactly who they are. Similarly, to prevent time wastage, if someone is not supposed to be in an area, they can be denied access or someone can be alerted to their presence.
In the industrial setting, effective policies and procedures allow for the automated monitoring of shifts to ensure that all shifts function at maximum efficiency and safety, even a late shift when the supervisor is not there. Should there be a problem, the right people can almost instantly be notified and the correct action initiated. Moreover, analysing the patterns of movement and activity after a shift provides more insight into how processes can be improved. Using your security technology for this additional value-adding service is not that hard to achieve if everything was planned and set up correctly.
Convergence and more
These solutions are attainable today, but convergence is the route to follow to make it happen and to be able to integrate various systems successfully. Our industry expert says this is more prevalent today than ever, as IT professionals in organisations are more involved and as the IoT (Internet of Things) gains momentum in industry. And although the security industry sees convergence as more systems moving to TCP/IP, John says that, “apart from Ethernet, security systems can now interface with popular field busses like Modbus, BACnet and OPC in order to share alarms and commands with process control equipment like PLCs.”
This enables a central management system that can monitor and control, and as Downie mentioned, allow for management by exception instead of having supervisors waste time wandering about peering over people’s shoulders. Unfortunately, many companies have stayed with the silo approach to everything and this limits the efficiencies they can attain from a central management platform.
“It’s a decision based on what people are used to rather than what can be done.” Downie says CCTV and video analytics is a prime example of this as people tend to confine surveillance to camera security feeds rather than integrating the video streams into a process that can assist in monitoring activity and improving productivity.
The cyber question
When dealing with integrated systems and solutions these days, the question of cyber security always takes centre stage. Downie says this is a serious issue, even in the industrial sector. These systems can be protected by firewalls and managed access to the network, but when you allow external access to your systems, as is required in a digitised supply chain, you can open yourself to vulnerabilities.
Of course, not implementing your systems efficiently and not keeping them up to date with the latest security patches is an easy way to place yourself at risk without even trying. The solution is to design your digital infrastructure from a security perspective from the beginning in order to provide for unhindered business data transmission and processing. Some would say it’s impossible to support efficiency and productivity because security is a bottleneck, but proper planning makes it a reality.
John notes that one secure product is not sufficient as the servers and the rest of the infrastructure must be planned and deployed correctly (and maintained) if users want to avoid vulnerabilities .
Taking industry to the next level, or Industry 4.0 as is the popular label these days is a task every company in this field will be dealing with (if they are not already). Digitising industry is not something to be wary of or to avoid as the benefits far outweigh the challenges. However, understanding the challenges and the risks and using the technologies available in both the security and business world (and securely integrating them for greater value) is the key to making more widgets in less time at a higher margin.
For more information, contact Xone Integrated Security, +27 (0)82 906 7600, firstname.lastname@example.org, www.xone.co.za