Taking Stock: Implementing the Critical First Steps of System Lifecycle Analysis for Industrial Organizations

Welcome to the fourth piece in our series of articles on system lifecycle analysis for industrial organizations. Whatever industry your company is in, you will undoubtedly have numerous devices across multiple sites, perhaps even remote monitoring stations and a range of industrial automation solutions. As systems become more complex, companies need more highly evolved processes to ensure they remain secure, can deal with shutdowns and maintenance windows, and have proper mitigation plans for maintaining business continuity in extenuating circumstances, such as the recent pandemic. 

System lifecycle management is a way to assess every aspect of your industrial systems and ensure they meet current regulations and are recoverable should a disaster or some other interruption occur. In this article, we’ll go over the basics and take a deeper dive into the first two steps of ICA Engineering’s unique system lifecycle analysis proposition: Inventory Evaluation and Gap Analysis.

The Importance of Systems Lifecycle Analysis

Why is it so important to secure proper system lifecycle management? The primary reason is to ensure business continuity. Even the slightest disruption to production or manufacturing could cause loss of profits, something no business can afford in a competitive market. Beyond not having items to sell, though, there are many other impacts to reduced production.

  • You may lose contracts if it seems like your facility is unreliable.
  • This can damage your wider brand reputation.
  • Consumers who don’t want to wait for your products may go to the competition.
  • If those clients have a great experience elsewhere, they may not return.

For industrial settings like wastewater management or utility companies, of course, disruption goes beyond the corporate factor. When hackers took down the Ukrainian energy facility in the 2015 Sandworm attack, it left around 230,000 people without power. The Colonial Pipeline ransomware attack of 2021 showed that cybercriminals can shut down major utilities with seemingly little effort – although many of these attacks are actually years in the planning. Of course, disaster doesn’t just come from outside your organization. If equipment fails or parts of your industrial systems shut down due to wear and tear, the impact can be just as devastating.

Having holistic processes covering all aspects of your various systems, from industrial automation to human-machine interfaces (HMI), means that you’re prepared for any eventuality and more likely to survive or even thrive in challenging situations.

The Steps in Systems Lifecycle Analysis

ICA Engineering understands the complexities of modern industrial systems. They’ve used this experience and knowledge to create their Systems Lifecycle Analysis service, a proposition that helps industrial organizations prepare for the unexpected – and the standard issues caused by machinery wear and tear, maintenance, or even personnel issues such as skilled employees retiring.

Systems Lifecycle Analysis is broken down into four main steps:

  • Inventory Evaluation
  • Gap Analysis
  • Risk Analysis
  • Remediation planning

Each step will look different depending on your industry. For example, food manufacturing industries are often at risk from fire or explosion due to small particles in the atmosphere, like flour. In cases like this, remediation planning might explore the pros and cons of intrinsic safety technologies versus explosion-proof containment. 

Inventory Evaluation

The first step in any system lifecycle management process has to be an evaluation of what devices make up your systems. These will include controllers, HMIs, network switches, variable frequency drives, remote devices such as IIoT linked to industrial automation, plus all the various program files, development and runtime software, or apps linked to every device.

Cataloging everything you have goes beyond a simple list of devices. Makes, models, and even firmware editions are vital to ensure that any risk analysis and remediation planning is relevant. To keep the catalog useful, a process should be established to ensure it is quickly updated when hardware, software, or firmware upgrades occur. Proper documentation is vital to making this inventory an effective tool for business continuity.

Gap Analysis

Once an effective inventory has been created, it’s time to start a thorough gap analysis. Gap analysis is the space between where you are now and where you need to be in terms of spare parts, security, documentation, or other aspects of maintaining business continuity. What is it that you’re missing?

Many legacy systems don’t have the ability to create meaningful backups or might be missing development files that are tricky to obtain. This becomes a risk when devices fail and operators are faced with the challenge of getting them back up and running. Some equipment may have come to the end of its lifecycle, meaning that firmware updates or spare parts simply aren’t available anymore. Manufacturer’s technical support and repair services may be unavailable.  Understanding the potential causes of issues like this is a critical part of gap analysis. For example, an automated machine on the factory floor that runs on older software might not be upgradeable to software that meets current security requirements, due to hardware or operating system limitations. This leaves a “backdoor” into the control system, potentially creating access for cybercriminals and placing the whole industrial setting at risk of shutdown or sabotage.

Assessing the gaps between what’s desirable, what’s necessary, and what your organization actually has is vital for identifying potential risks.

Our next article will segue into the final two steps of systems lifecycle analysis: Risk analysis and creating a remediation plan to help ensure business continuity. If you want more information on any of the topics in this article, contact a member of the team at ICA Engineering.


Welcome to the ICA Blog

SUBSCRIBE FOR BLOG UPDATES

    Recent Blog Articles

    In multi-designation sites, should you be running a range of safety protocols? I...

    READ ARTICLE