Achieving Real-Time Situational Awareness INDUSTRY PERSPECTIVE
Introduction Federal government budgetary constraints and new regulatory guidelines demand that agencies and departments do more with less while still meeting fluid mission objectives. The federal government now must meet more stringent mandates to create and maintain the security and resilience that directly supports current and continuous critical business processes as they protect assets, services, functions and employees. Agencies must continually innovate, improve, and streamline their operations to ensure mission success. The key to this success relies heavily upon the continuous improvement of operations by ensuring trusted operational data. But this feat can be extraordinarily challenging if the data that holds the answers is scattered amongst disparate systems, formats, and processes. Add the recent technical demands presented by the Internet of Things (IoT), with its inherent complexities of connecting to hundreds or thousands of assets, and one can appreciate what government agencies are facing. Enter the PI System by OSIsoft – a long-proven and vendor-agnostic commercial-offthe-shelf (COTS) software infrastructure that connects sensor-based data, operations and stakeholders to enable real-time operational intelligence. In this industry perspective, GovLoop partnered with OSIsoft to learn more about the PI System and how it’s helped their government partners deliver greater operational improvements and breakthroughs that ultimately lead to comprehensive enterprise transformation.
OSIsoft’s PI System collects, analyzes, visualizes and shares large amounts of high-fidelity, time-series data from an enormous amount of sources to stakeholders and systems across all operational technology (OT) and information technology (IT) operations. IoT necessitates the need for agency leaders and managers to find ways to support and enhance mission objectives. Legacy architectures continue to morph with the addition of new sensors, new systems and as a result, system sensor mosaics are continuously created. “The miniaturization of sensors, the lower cost of sensors and the fact that everything new – including building supplies, vehicles and weapon systems – comes equipped with sensors has resulted in a proliferation of complex sensor data that can be turned into insightful information,” said Steven J. Sarnecki, Vice President, Federal with OSIsoft. Sensor-based data, however, is only one of the many types of data used to support decisions. Although many industries recognize the value of combining operations and business
data, differences in function, technology stacks, technology protocols, and cultures have created significant barriers to OT and IT convergence. To derive insights from data across an enterprise, a data infrastructure that allows decision-makers to centralize data silos is needed; true enterprise situational awareness is a must. This data infrastructure must provide one version of the truth, enable data governance and provide data context and accessibility to operational data from all assets across the enterprise. Organizations must have the ability to use operational intelligence to create holistic enterprise intelligence. To enable the enterprise to clearly understand and make impactful decisions regarding operational costs, value and return, enterprise operations data needs to be combined with business data. By adopting a data infrastructure for managing operational intelligence and integrating it with business information, both operations and leadership can transform their world with data.
INDUSTRY PERSPECTIVE 2
The PI System: An Interoperable, Open Data Infrastructure OSIsoft bridges the gap between OT and IT with the PI System. The PI System is an interoperable, open data infrastructure that connects stakeholders, assets and sensor-based data in real-time for cogent, accurate, and forecasted decision making; sensor-data analytics that directly supports mission assurance. Currently, the PI System partners with government agencies from the Department of Energy (DoE), National Aeronautics and Space Administration (NASA), and Department of Defense (DoD), to the National Institute of Standards and Technology (NIST), and select Intelligence and National Security Community (INS) agencies to ensure that their critical assets and physical and logical infrastructures are secure, reliable, safe, and costefficient. Due to OSIsoft’s long standing as a leader in the community, the PI System has a variety of connection capabilities, which include close to 500 different interfaces. These allow the system to access a huge diversity sensors that are found on the majority of operational and business data sources, including Supervisory Control and Data Acquisition (SCADA) systems, Distribution Control Systems (DCS), Programmable Logic Controllers (PLC), databases, text files and HTML pages.
THE COMPONENTS PI Interfaces Data originates from numerous sources; as such, the almost 500 interfaces connect to an incredibly wide range of data sources used by the federal government. The PI Interfaces buffer data and then translate diverse communication protocols and collection intervals so all the data speaks a common language. “One of the nice things about the interface is, if for any reason there is a break between the interface and the PI Server, the data is buffered and held until communications are restored back to the PI Server,” said Bob Conroy, Senior Account Executive for Civilian Agencies with OSIsoft. “So, one now has a level of data integrity right at the data source in the interface that’s converting data into the PI protocol.”
PI Server Enterprise systems are constantly creating data. The PI Server collects large volumes of sub-second data and stores more than 20 million streams of high-fidelity data. The PI Server provides operational context to raw data streams. An asset-based metadata layer organizes data by asset topology, so that data retrieval is more intuitive to users across the enterprise. The PI Server also includes auto-event capture, streaming, asset-based analytics, notifications and performance-monitoring tools.
PI Tools Stakeholders need tools to collaborate around data and information. Thus, PI Client Tools provides visualization and analysis for stakeholders across an organization and includes:
⇾ Graphic displays ⇾ Automated analysis and reporting spreadsheets ⇾ Web-based, ad hoc trending that can be visualized on multiple devices “The PI System connects to all the data sources our government partners have today, the systems they’re installing, and systems they’re going to install next month or next year that they haven’t even figured out yet,” said David Doll, Industry Principal for Facility and Energy Management with OSIsoft. The data is collected in its original format without requiring custom coding or large development projects to get value out of the data. What’s more, administrators can feed data into their business intelligence systems or enterprise resource planning systems through configuration, not custom coding.
ACHIEVING REAL-TIME SITUATIONAL AWARENESS
3
The PI System provides real-time situational awareness for a range of scenarios and use cases. Below we highlight a few key use cases.
High-Performance Computing and Data Centers The current data-driven and technology reliant world has elevated data centers to the status of critical infrastructure. Real-time data analysis and constant uptime are crucial for government agencies, e-commerce providers, educational institutions and a range of industries such as finance and transportation. Additionally, energy conservation legislation places increased focus on High-Performance Computing Center and data center efficiency. The PI System helped Lawrence Livermore National Laboratory’s Terra Scale Simulation Facility collect data from computing racks, electrical metering equipment, building management systems and energy utility data to earn Leadership in Energy and Environmental Design (LEED) Gold certification from the U.S. Green Building Council.
Critical Infrastructures and Facilities The PI System is embedded in critical infrastructure and deployed at over 17,000 sites in 110 countries worldwide. In fact, the PI System is used by 15 out of 16 critical infrastructure sectors today. By utilizing a PI System infrastructure, a broad range of federal partners, as well as commercial industries, have cut costs by reducing IT complexity, optimizing personnel, and driving operational excellence. The PI System received the Department of Defense’s Risk Management Framework certification and continues to play a key role in helping DoD enhance its mission readiness/mission assurance, operational effectiveness, and energy security. Numerous military bases such as the Anniston Army Depot and Norfolk Naval Station use real-time sensor data from the PI System to better manage their facilities and reduce their energy consumption and cost. The PI System is handling 100,000 data streams for the Army Corps of Engineers in Huntsville, Ala. alone, and is expected to scale up to a million or more as the project matures. DoD has more than 300,000 buildings in its portfolio, each with a multitude of potentially unsecured industrial control systems. The PI System assists by improving DoD’s building cybersecurity with its ability to manage data from diverse operations technology and information technology sources.
INDUSTRY PERSPECTIVE 4
Energy Management, Renewable Energy and Micro Grids Federal agencies such as DoE and the Department of the Interior (DoI) use the PI System to perform their energy monitoring, managing and their federal energy regulation challenges. The PI System connects a wide diversity of data sources from utilities, microgrids and other sources into a single pane of glass for real-time monitoring, thus providing a Common Operating Picture (CoP). It captures and historizes in near perpetuity, vast amounts of sensorbased data over long periods of time. The PI System further presents all data for advanced analytics that support load management and predictive insights into energy consumption and demand. The PI System is used to manage the largest radioactive and chemical waste facilities in the U.S., which are subject to strict environmental regulations. The PI System enables data collection from scattered control systems, improving data quality, accuracy and timely accessibility. One hundred percent of the ISOs and RTOs that run our nation’s Grid rely upon the PI System.
Condition-Based Maintenance Condition-based maintenance (CBM), “maintenance when need arises,” is performed after one or more indicators show that equipment is going to fail or that equipment performance is deteriorating. However, when enterprises rely on these reactive, “runto-failure” maintenance strategies, they incur costs due to reduced equipment availability, lost production time and maintenance of larger spare parts inventory. Maintenance workflows based on vendor recommended, calendar-based schedules are more proactive but are still conservative and not tied to actual equipment use. The PI System solves these issues by, leveraging real-time condition monitoring to trigger workflows in enterprise asset management systems traditionally maintained by IT. Because maintenance managers can now continuously monitor limit exceptions or fault detections in real time, enterprises use the PI System for CBM to eliminate unnecessary maintenance costs, reduced downtime and extend asset lifecycle, reducing overall capital costs.
IT/OT Convergence
Cybersecurity
Sensor technologies, connectivity and real-time analysis are lowering barriers to enabling digital services in government. These trends are driving many enterprises to focus on strategies to capitalize on OT-IT integration. Over the last several decades, industries have transitioned from analog and pneumatic controls to digitalized PLCs, DCS and SCADA systems. It is now Operational Technologies that provide plant personnel with ever-increasing volumes of data to monitor, optimize and control industrial processes.
“Industrial Control Systems (ICS), Distribution Control Systems (DCS) and SCADA all play a part in a federal enterprise’s holistic cybersecurity solution,” said Paul J. Geraci, OSIsoft’s Senior Director for Intelligence and National Security. “The majority of people that use the term ‘cybersecurity’ are actually just thinking of ‘IT security’. However, with the proliferation of IoT, we’ve come to know that ‘cyber’ encompasses a whole lot more. If an outside hacker or an insider threat penetrates an industrial network and disrupts critical processes or controls, people can get hurt, and the nation could come to a standstill; further, if OT and IT networks are converged, particular attention must be paid to each and every endpoint.”
With the advent of the PI System, heretofore murky paths are now well-lit for organizations to leverage this data outside of OT domains. Harmonizing OT and IT systems allows agency managers to uncover latent return on investments and establish new levels of transparency to drive overall enterprise performance.
“The majority of people that use the term ‘cybersecurity’ are actually just thinking of ‘IT security’. However, if an outside hacker or an insider threat penetrates an industrial network and disrupts critical processes or controls, people can get hurt, and the nation could come to a standstill.” ⇾ Paul J. Geraci, OSIsoft’s Senior Director for Intelligence and National Security.
ACHIEVING REAL-TIME SITUATIONAL AWARENESS
5
The PI System allows stakeholders across the federal enterprise to access the same data for different reasons through a Common Operating Picture (CoP). Facilities managers might use the PI System to monitor an industrial control system for energy usage or green IT initiatives. At the same time, the analysts within the Security Operations Center (SOC) or Network Operations Center (NOC) may also have a server to receive that same information, but for different mission related objectives. “Think of a war-time Joint Operation Center. Each section within looks at the same intelligence for different purposes. This allows humans to be not only IN, but ON the loop,” Geraci said. The PI System creates an abstraction layer to actively reduce the threat surface, referred to as the “PI System in the middle” architecture. The result is that cyber risks to critical control centers are reduced by providing a “safe harbor” for operating data, minimizing interaction with the open enterprise.
Case Study: The PI System at Work
Washington River Protection Solution Washington River Protection Solutions (WRPS), a contractor for DoE, manages the Hanford Site Tank Farms, home of the largest volume of radioactive and chemical waste in the United States. The site is under close regulatory scrutiny and must comply with strict environmental regulations. To improve its reporting capabilities and compliance efforts, WRPS needed better visibility into operations across the facilities. Managers chose the PI System to upgrade and integrate its legacy systems into a central automated repository, resulting in more reliable data and easier access and reporting for better decision-making.
The Challenge
The Result
Hanford is a highly visible federal site with strict environmental regulations. Control systems that required manual collection of field readings were scattered throughout the site. This data collection was paper-based and needed to be manually transcribed into the control system.
The PI System was deployed to consolidate data from isolated, custom-developed solutions into one system. PI Interfaces automatically collects high-fidelity data from WPRS’s legacy systems. PI Interfaces allows each of the different legacy data storage systems, whatever its architecture or format, to feed seamlessly into one OSIsoft database. For manual data, digital data collection using PI Manual Logger has replaced handwritten field reports. The PI System architecture is leveraging firewalls and native security to isolate and protect the control systems.
Furthermore, there were isolated data systems with multiple interfaces and schemas. Most data analysis required manually comparing and collating information across systems and across paper reports, so access to data was limited.
Thus, data quality and accuracy have improved. Data access is no longer constrained by database size restrictions, report processing times or retrieval delays. WPRS now has ubiquitous data access. Decision-makers have increased visibility of both historical and real-time information into operations. Compliance verification is also much easier now.
INDUSTRY PERSPECTIVE 6
Conclusion OSIsoft’s COTS technology, the PI System, offers a reliable solution for numerous uses by providing the ability to collect, analyze, visualize and share large amounts of high fidelity, time-series data. This provides federal organizations “Mission Assurance” via real-time technical surveillance and analysis of their sensor/ sensornetwork data -- no matter the mission. It achieves this by seamlessly integrating an organization’s existing secure infrastructure, and growing with the enterprise’s needs. By leveraging and sharing large amounts of high-fidelity, time-series data from multiple sources to stakeholders and systems across all departments, and by accessing key data and insights, agencies now can deliver greater operational improvements and breakthroughs. This will ultimately lead to stronger mission assurance, increased cybersecurity and safety, and the situational awareness that provides true Operational Intelligence.
About OSIsoft
About GovLoop
OSIsoft is the global leader for operational intelligence. As makers of the PI System, OSIsoft has delivered the premiere open-enterprise infrastructure connecting sensor-based data, operations, and stakeholders - enabling real-time, actionable and predictive operational intelligence for over 35 years. OSIsoft’s government clients have long embraced the PI System to deliver real-time holistic cybersecurity, regulatory compliance, asset health, best-of-breed energy management, process improvement, and quality control across their operations.
GovLoop’s mission is to “connect government to improve government.” We aim to inspire public-sector professionals by serving as the knowledge network for government. GovLoop connects more than 250,000 members, fostering crossgovernment collaboration, solving common problems and advancing government careers. GovLoop is headquartered in Washington, D.C., with a team of dedicated professionals who share a commitment to connect and improve government.
Founded in 1980, OSIsoft, LLC is privately held and headquartered in San Leandro, California, with its Washington, D.C. Federal office located in Vienna, VA. Inquiries: federal@osisoft.com.
For more information about this report, please reach out to info@govloop.com.
To learn more about the PI System, visit osisoft.com/federal.
ACHIEVING REAL-TIME SITUATIONAL AWARENESS
7
1152 15th St. NW, Suite 800 Washington, DC 20005 (202) 407-7421 | F: (202) 407-7501 www.govloop.com @govloop
INDUSTRY PERSPECTIVE 8