Situational awareness
Imagine, if you will, an overhead crane moves on a collision course towards an unsuspecting worker. Or that a water pump feeding a buildingโs air conditioning system starts vibrating abnormally. Or that a carbon dioxide leak in a brewery fermentation system spews gas into occupied areas. Each scenario represents an inflection point at which disaster could strike or be averted. The outcomes hinge on the level of situational awareness that exists at the edge of each site.
Situational awareness is knowledge of the current environment, and projections of future environments across time and space. Successful decision making relies on situational awareness, and its absence can put life and property at risk. In the three scenarios above actionable situational awareness requires both direct observation of the physical world (such as CO2 gas sensing by an Internet of Things [IoT] sensor) and a combination of declared and inferred contextual data from the logical world (such as location, identity, and applications in use). Edge IoT data originates in machines, while contextual data comes from edge data networks that link people and machines.
The conjunction of edge IoT data and context is called โhyper-awareness,โ and its business value stems from connecting, protecting, and analyzing the interactions of machines and people. Hyper-aware metadata can be shared across business applications, allowing new use cases to be supported just by tapping into available data without replacing any infrastructure.
Both the facility automation and IT industries have devoted huge resources over decades to creating connected facilities that touch every machine in the building. Connectivity is essential for sharing data, but is not by itself the end game. The edge networks that connect us also generate their own contextual information, and if that goes untapped then a connected building wonโt be able to achieve hyper-awareness or deliver the safety, efficiency, productivity, profitability, and other benefits derived from situational awareness.
Hyper-aware facilities are a fusion of edge Internet of Things (IoT), Operational Technology (OT), and network-generated context. IoT and OT devices are the eyes and ears of the facility, while the IT systems provide contextual information (including location, identity, applications in use, and security posture) as well as serving as a backbone for facility-wide communications.
The evolution of automated facilities
Starting in the early 1980s automation companies focused on better ways to reliably connect machines at a price point that was practical for even for low-priced sensors and actuators. At that time every subsystem was isolated and operated independently using dedicated cabling.
As IP networks emerged, the value of converging systems into a common backbone and standardizing on ways to interoperably share data became more apparent. Different automation standards emerged from the process, with gateways as on-ramps to the IP backbone. Sensor, actuators, displays, and other system were embedded with these technologies, and the promise of truly smart facilities was one step closer.
Problem was these were all competing, non-interoperable standards with different physical layers and protocols. Since they could not interoperate customers typically selected and stuck with one technology. Intense price competition meant that few vendors made money from selling devices, so instead they embedded manufacturer-specific features that locked customers into using their brand of products. That includes adding manufacturer-specific extension to open standard protocols, so that the full range of features can only be accessed using that vendorโs gear.
Automation network security was an afterthought, at best, so systems were often physically and logically isolated to protect them from attack. The combination of proprietary protocols and isolation made the data they carried inaccessible to other systems. The result was islands of isolation.
The rise of hyper-awareness
Ironically, the innovations that enable facilities to become situationally aware didnโt arise from traditional automation control vendors. Rather they came from the IT industry.
Enterprise IT buyers have long mandated edge cybersecurity, open data exchange, application awareness, and specialized location services that the automation buyer was, until very recently, unable to obtain. Advanced IT cybersecurity systems must identify every user and device before permission to access the edge network is granted. These identity data can be shared with other authorized applications, enabling a rich suite of services based on who โ or what โ is on the edge network, how network resources are being used, and the real-time security posture of network users.
Delivering toll-quality voice and jitter-free video over an IP network for unified communications like Microsoft Teams and Zoom requires an understanding on the type of traffic traversing the edge network. Deep packet inspection makes it possible not only to improve the quality of service of latency-sensitive applications running on the network, but also to identify and share in real-time which applications are in use.
Since IT networks are the backbone of businesses, business applications that optimize inventory and monitor time-and-motion need accurate edge location data about assets and people. These location data, like the other services described above, are accessible to authorized applications.
While large automation companies still employ vendor lock-in based on proprietary solutions, newer vendors have bucked the trend by producing open standards-based IoT and OT sensors and actuators. A growing number of manufacturers have implemented these protocols with a goal of building truly open, interoperable automation devices and systems.
The IT technology to accomplish hyper-awareness exists today, and the good news is that even legacy IoT and OT devices can be tapped for data so long as the payloads can be interpreted. The most sophisticated IT networks, such as those from Aruba, go one step farther by interfacing with wireless edge IoT devices directly from radios embedded within or plugged into Aruba Wi-Fi access points. That means IoT sensors can be deployed virtually anywhere within a facility on an as-needed, โlick-and-stickโ basis using existing IT infrastructure and without installing any new cabling. Instead the Wi-Fi access points serve as secure edge gateways.
By way of example, consider the industrial and manufacturing market. Sensors, programmable logic controllers, and other OT systems are the driving force behind industrial and manufacturing processes. OT has historically been isolated from corporate IT networks in the belief this protects OT systems from attack, but also because OT and IT workflows are markedly different.
OT is managed by the chief operating officer with a focus on uptime, resiliency, and reliability. IT is managed by the CIO and security by the CISO, with a focus on application delivery, extensibility, and data security. IT systems are routinely rebooted to add security patches, operating system updates, and new features โ an operating mode that is at odds with always-up OT systems.
The different operating modes have made it challenging to merge OT and IT systems. Cyberattacks on air-gapped OT systems, combined with initiatives to lower infrastructure costs while remaining agile, are now driving OT and IT together. The goal is end-to-end uniform security and uniform visibility, over commonly shared infrastructure, from OT devices in manufacturing cells to IT applications in executive suites.
The solution is to supplement OT systems with contextual information like location, identity, applications in use, and security posture from highly resilient IT networks. The resulting โhyper-awareโ networks are secure, robust, and largely future-proof in the face of new business initiatives.
The Aruba ESP platform for hyper-aware networks
This is where Aruba ESP comes in.
Aruba ESP is the industryโs first AI-powered hyper-aware network designed to connect, protect, and automate integrated IoT, operational technology (OT), and IT operations. Unified infrastructure supports wired and wireless OT devices, from automated guided vehicles (AGVs) to programmable logic controllers. Ruggedized Aruba switches work in uncontrolled environments, while increased safety Ex-rated Aruba Wi-Fi access points support asset tracking, worker safety, and social distancing in hazardous areas.
Built on a Zero Trust and SASE framework, Aruba ESP protects machines and users from edge to server to cloud, over wired, wireless, and SD-WAN connections. And it interfaces with more than 150 leading security vendors to provide complete east-west and north-south protection against cyberattacks.
Aruba ESPโs AIOps services leverage AI-powered software to automatically identify degrading communication and application performance before it becomes impactful. It takes the issue to root-cause quickly, reducing mean time to repair, while the high availability design keeps running during fault conditions.
Aruba User Experience Insight, an element of Aruba ESPโs AIOps services, provides early warning of user experience degradation before it becomes impactful, and pinpoints where in the chain troubleshooting should be focused. These benefits help keep applications and processes running without interruption, foster proactive maintenance to keep critical processes optimized, and save time by focusing IT troubleshooting when it matters most.
Aruba ESP provides uniform security and uniform visibility from I/O to CEO, using an extensible, hyper-aware architecture that adapts to changing business needs. And itโs available on a subscription basis for customers that prefer an OpEx-based model or when budgets are tight.
We invite you to reach out to Aruba and let us help you drive the future of automation.
M_Tennefoss
Michael Tennefoss is responsible for Aruba's ecosystem of technology partners and strategic initiatives, including IoT. Prior to joining Aruba in 2007, Tennefoss spent more than 20 years in the control networking and physical security industries with Echelon Corporation, Stellar Systems and Vindicator Technologies.
