Executive Summary

Oil & Gas operations across the value chain are fraught with challenges in maximizing margins while mitigating risks of owning and operating critical infrastructures and assets. In order to overcome these issues, organizations are increasingly adopting  new technologies that help resolve business problems, enhance services delivery, and standardize and rationalize solutions for cost optimization. Process control domains across different entities within the Oil  & Gas value chain use various forms of automation system components such as sensor networks, SCADA, distributed control systems, terminal automation systems, etc. to support critical business processes and operational processes. Most organization production & manufacturing units are operated,  managed & controlled by local business groups. In this context, global transformation and outsourcing of IT services within the business critical process control domain is gaining importance as industry leaders seek ways to achieve and maintain sustainable business growth.

A key rationale for this transformation is  the need and possibility of bringing  the best practices of the wider enterprise IT to the process control  domain - which includes standardization,  centralization,  global services delivery, remote monitoring, asset management, etc. A Gartner report on key Information Technology/Operational Technology (IT/OT) integration areas suggests that by 2015, more than 70% of CIOs will oversee the connected performance of all their enterprises' digital assets. This clearly calls for a shared accountability between the business and enterprise IT groups in recognizing and adapting to technological changes, as emerging technologies like the  Cloud,  Virtualization  and OPC- UA continue to evolve dramatically in process control domain. The increased need for integrating real-time systems with applications at levels above is also driving dedicated focus on improving cybersecurity of these  systems. From an organizational standpoint, this sums up a transformation - from a small set of business users maintaining business critical systems in silos; to shared ownership between enterprise IT and business wherein they can leverage the maximum potential from interconnected real-time systems and adopt rapidly-evolving technological changes.

Wipro’s Oil & Gas group leverages its key domain and technology capabilities across the process control system hierarchy to help customers traverse this transformational journey. We support customers with our core skills in process control domain gained through key engagements with Energy super-majors in providing different types of IT services within the  process control domain and experience of providing globally managed security services, plant network designing and planning services, application migration & support services and other similar services for energy and manufacturing customers.

Introduction

Today's oil and gas industry is  faced with volatile oil prices, spiraling production costs, diminishing resources and a growing demand that is fast outstripping  supply. Broad regulatory and policy changes related to health, safety and environment in the oil & gas industry, including those related to green gas emissions, are predicted to increase spending by energy companies on a range of technologies and systems. With further industry consolidation expected in the coming years, oil majors are increasingly looking at ways to manage their multiple and dispersed business units across the globe while keeping an eye on costs. The focus is  now on transforming the organization to become interconnected, intelligent, risk complaint, and above all, sustainable in a world of constraints.

This paper highlights the need for standardization and transformation of IT services within the process control domain. The paper draws on first- hand experience of Wipro in providing such services to multiple Energy super-majors and capabilities as a system integration partner for key process control system vendors within the Manufacturing domain. This paper further discusses the various types of IT  services within the process control domain that Oil & Gas organizations can consider along with suggested approaches to ensure seamless transformation.

This  paper addresses several target groups within the customer organization, but  there may also be  specific IT and business groups within the industrial facility supporting various aspects within the process control and monitoring domain who may find this paper useful.

CIOs: An increasing number of Chief Information Officers (CIOs) within the Oil  & Gas and other manufacturing businesses are being asked to oversee the connected performance of their enterprise Information Technology (IT) and Operational Technology (OT). In this context, we believe the information in this paper is a good starting point to look at assessing the organization’s maturity level and initiate site-level and global IT services standardization accordingly within the process control domain.

Business Groups Supporting the Process Control Systems: This group is a very important set of stakeholders that understands the rapid technological changes taking place within this domain and also the importance of service reliability of the underlying  critical IT infrastructure within the PCD. This  paper will help bring in fresh perspectives and approaches to this group on the why, what and how globally standardized PCD IT services can help overcome some of the critical challenges and bring in efficiency improvements.

Enterprise IT Architects: Most  organizations are already starting to realize the benefits of leveraging IT groups and skills within the process control domain and adopting best practices from the office IT domain. This paper provides additional inputs to  the IT groups within the customer organizations that are involved in IT services standardization within different business processes, including support of critical IT infrastructure within the process control domain.

Why? – IT Services Transformation in the PCD

There are several reasons why some organizations, particularly industry leaders, have already realized the need for IT services transformation in the PCD and have begun this journey. 

Key drivers for PCD IT services transformation:

1. Move to Open PCS
2. Evolving New Technologies
3. Real-time Information Integration
4. Vendor Rationalization
5. Remote Support
6. Enterprise IT involvement in PCD
7. PCD IT Tools Standardization

Move to Open Process Control Systems: Process control systems have, over the years, moved from being proprietary and closed setup to adopting open standards and allowing seamless integration and interoperability of multi-vendor systems. This, in turn, requires increased involvement of personnel with skills that have traditionally remained in IT groups. The move to open and more seamlessly connected systems is  a key factor driving the need for this change within the process control domain.

Evolving Technologies: A significant change in the recent years has been the adoption of evolving technologies and platforms within the process control systems,  which have long since traditionally  remained in the Information Technology (IT) domain. Some relevant examples of these include the adoption of Microsoft operating systems and technologies and, more  recently,  Virtualization technologies for SCADA and DCS servers, Operator  stations,  Engineering workstations and other advanced applications at  Level 3  in the  Purdue  model  for  control system  hierarchy. At  the   lower  levels of  the   hierarchy,  wireless technologies particularly wireless mesh-based  sensor  networks  and wireless  video  are  being  adopted   for  monitoring  previously un- instrumented  and  hazardous areas  in various industrial  applications. Valuable data from these networks are then securely integrated into the control  systems and  are  also securely made  available to  wireless- enabled applications at different levels. Although its adoption may be currently nascent within the process control domain, Cloud computing is another emerging area that organizations are starting to consider in consuming  Business  Processes, Software, Infrastructure or Platform as services.

Real-Time Information Integration: Enabling the availability of real-time information for timely decision making is crucial to ensure efficient operations and management of a plant. A typical scenario is the ability to integrate the applications that Planners & Schedulers use with information in the real-time domain to drive production efficiencies and optimize inventories. Most organizations are currently  in pursuit of several such smart initiatives. However, with the  growing need for integration, an important consequence is  that these real-time systems are now more at risk to external threats. A dedicated focus on improving cyber-security of these systems is clearly an important initiative and organizations need to make a concerted effort to comply with stringent regulations and global security standards.

Vendor  Rationalization: Most large Oil & Gas and Manufacturing organizations have standardized or consolidated vendors for several key areas in the  process control domains. Main Automation Contractors (MAC) for supply of process control and automation systems or large IT hardware vendors providing servers, desktops and other such infrastructure are good examples of such rationalization that have occurred or are ongoing. However, there is still a myriad set of services from various individual vendors that the customer’s  local business and IT groups have to deal with. The need of  the hour is a globally standardized service integrator that can deliver a standardized  set of these services.

Remote Monitoring and Support: Another key driver is the increased need for centralised remote monitoring of all key processes that enable customers to leverage their network of  key experts, regardless of where they are. Cost-efficiency drive of the ogranization, combined with several technologies enabling the remote monitoring and management of systems and application, enable organizations to leverage this capability.

Enterprise IT Involvement in PCD: While process control systems have traditionally been managed by smaller sets of business groups in individual sites, it is becoming important for business groups and Enterprise IT to come together to manage and  adapt  to  changes happening within this domain and bring about transformation. CIOs and other stakeholders are increasingly recognizing  the need for IT service standardization within the process control  domain and are looking for ways to  standardize  their operations and embark on the transformational journey.

PCD  IT Tools Standardization: Organizations require standardized solutions that can be deployed globally in enabling provisioning of IT services with the process control domain. In some cases, providing this software or  solutions as service from a  central group will  result in improved utilization of these resources. There are several IT service tools and enablers for deploying, migrating and maintaining the systems in the  process  control  domain that  have huge scope for solution standardization.

Some examples of these tools include:

• Software for deploying Microsoft patches
  
• Anti-virus updates
• Solutions and applications for firewall management
• Plant network monitoring  & management
  
• Asset & Inventory management
  
• Servers & desktops life-cycle management
  
• Remote Application  hosting  & support
  
• Intrusion detection
  
• Secure remote access for troubleshooting and file-transfers

In the current scenario of fast-evolving automation system and supporting IT infrastructure products, it is important for organizations to migrate quickly to the latest technology platform to stay competitive in a volatile marketplace. Organizations are starting to recognize the need for transformation and are beginning  to  bring in standardization in a variety of IT services within the process control domain.

What? - IT Services Transformation in the PCD

Having understood the needs and drivers for IT services standardization within the process control domain, organizations can now consider a range of services for standardization and accordingly select a single IT services vendor or an ecosystem of select vendors to deliver these services. A representation of IT processes and types of application software solutions that may be involved within the PCD is shown below.

At a broad level, the different types of activities and services that may be considered by an organization for standardization are as follows:

Firewall Management: Most process control system architectures use firewalls between Level 2 and Level 3 of the system hierarchy (Purdue model) and between Level 3 and the office network. With the recent introduction of wireless sensor networks, there may be additional firewalls that can get added between Wireless networks and the control systems. When all the process control domains of an organization are aggregated at a regional or global level, the number of firewalls that would need to be managed can be enormous and can be done in a standardized way.

Patch and Anti-Virus Management: The servers and workstations in the process control domain that run various process control and advanced applications are now based on Windows operating system. All  these nodes  require regular Microsoft and anti-virus updates  to  keep  the system protected from various threats and vulnerabilities. The complete distribution of patches and updates to these systems globally  may be standardized and centrally managed.

Remote Monitoring: Process control systems are becoming increasingly integrated with levels above. Business groups that maintain these systems are  under  pressure  to  keep  these  systems secure,  while simultaneously enabling   remote   access  so  that  different  types  of technical and process expertise can be leveraged inside and outside the organization. There are specific solutions such as secure access portals that enable such remote monitoring from anywhere and there is a good opportunity for organizations to standardize this for secure access to all their process control domains globally.

Asset  and  Inventory Management: In  the current scenario,  small business groups are trying to optimize on software licenses,  hardware inventory,  etc.  to  ensure availability and uptime of these systems.

However this is a sub-optimal approach when compared with how the software and hardware assets are managed within the office and IT networks. There is a clear opportunity to globally and optimally manage assets and inventory.

Intrusion  Detection: As explained earlier, with improved focus on minimizing risks and threats with enhance cyber-security, most process control domains have already adopted or are currently adopting specific solutions for intrusion detection. These include alerts as well specific actions that can be taken to avert critical incidences from occurring.

Wired and Wireless Network Monitoring and Support: With movement  from proprietary control networks to open IP-based networks and the increasing adoption of wireless technologies for sensor networks and video, organizations have an opportunity to standardize these networks. Many of the  best practices from such services already provided in the office network may be carried forward with careful consideration of special circumstances and criticality of the process control domain.

Servers, Desktops and Virtualization Services: With increased adoption of the virtual environment by process control system vendors are faced with several challenges of staying ahead of changes in hardware configuration. There is an opportunity for standardization of managing the lifecycle of these servers and desktops.

Remote Application Hosting and Support: Most organizations have some form of local or global standards on how applications in the process control domain are selected, deployed and later supported. With the increased ability to securely access these applications remotely from a central command center and with proven global service delivery models, there is immense potential to centrally manage many of these tasks by leveraging a shared pool of resources.

Secure Access Management: Secure remote access to the process control domain is very important for users outside the  domain for making secure file  transfers, deploy product and OS patches and be able to  perform a variety of activities remotely. Organizations may deploy standard secure access portals or similar products to enable and handle this access management process.

Migration Services: Given the rapid occurrence of new product releases within the PCD, organizations may benefit by standardizing on different applications and then engaging a vendor for standard migration services to complete migration across all the plants globally.

While the above points are some of the critical categories of services that can be potentially investigated  for bringing in standardization and improvements  within the  process  control  domains,  there  may  be organization or  site  specific  services that  can  also be  studied  and standardized.

How? – IT Services Transformation in the PCD

To bring about standardization  and transformation, organizations may use various approaches depending on their current level of maturity and focus. Represented below is a maturity model that organizations can use for assessment and initiate programs to move to the next level of maturity.

 The different approaches that may be taken on this transformational journey are as follows:

Implement/Upgrade PCD IT service enablers: One of the critical items in this transformational journey is for organizations to deploy or migrate to standardized solution components that enable provisioning of standardized PCD IT services.  Examples  of such solution components may include,  but are not limited  to,  secure access portals, application and infrastructure virtualization  solutions, intrusion detection solutions, central patch and anti-virus updates  distribution solutions, asset and inventory management  solutions and  wired  and  wireless network monitoring applications and solutions.

Leverage Integrated Global Command  Centers  (GCC):  Most of the services described  in  previous  sections  do  not  require  an  onsite personnel presence and can be delivered through a centrally managed shared pool of resources in a Global Command Center  (GCC) with minimal onsite support.  This  helps an  organization leverage proven global service delivery models  for  a  varied range  of  standardized services for all their process control domains globally.

Managed Security  Services:  For organizations with special  focus on security  it  is  best  to  leverage a  Managed Security  Services model delivered through a  central Security  Operations  Center  (SOC)  and supported by a limited onsite personnel support. At a broad level, these standardized services may include  Firewall management, intrusion and threat detection, anti-virus  management, Microsoft patch and updates management,  vulnerability   assessments  and   others.   This   enables organizations to   get  the  benefit  of  standardized  security   services delivery for all their process control domains, leveraging an optimal mix of central and local resources.

Phased Approach in Standardizing Services in Brownfield  Sites: One of the important challenges in this transformational  journey  is to have the ability to migrate from current service models to the new standardized service model without disrupting business operations. In such a case, a phased approach may be taken. First,  a site survey is  undertaken to understand various vendors involved and the current service model for each area, following  which   the  standardized  service model can be tailored to suit site-specific needs. The transition to the new model may then be carefully planned,  deployed and governed.

These  are  some  approaches organizations may take  to  begin implementation of globally standardized services. However, it is important to note that a key success criteria in making this transformation happen is for the business groups and Enterprise   IT groups in the customer organizations to come together as a single team and own shared accountability for success. Potential failure modes are traditional  belief by business groups that process control systems and domain does not  fall under the  purview of  Enterprise IT and the Enterprise IT team’s inability to understand the special circumstances and criticality of process control systems. In summary, it is important for the organization’s leadership to recognize the need for transformation in this domain and gear-up these groups towards a common goal.

Wipro’s Value Proposition for PCD IT Services

Wipro’s  overall vision  for Process Control Domain IT services is  to  be  able to provide comprehensive IT services for everything from Sensor-to- Boardroom (S2B) across different industries leveraging our own rich experience in these domains and by expanding/investing in relationships with key partners in this area. System integrators like Wipro have an important role to play in such initiatives apart from Main Automation Contractors and IT software and hardware vendors.

As a System Integrator, our distinct value propositions for such a transformation initiative are highlighted below:

Thought for the Industry

Transforming IT services within the Process Control Domain to reduce costs and meet business challenges is a key exercise requiring careful management of internal and external stakeholders. At the highest level of maturity, it will require a seamless and collaborative effort of a vendor ecosystem to deliver the end-to-end solution in a robust, reliable and consistent manner. While some of the Energy industry leaders have recognized the need for transformation and are embarking on such initiatives, a large section of the industry is yet to recognize the cost savings and business impact such an initiative can bring. It is time for business and IT leadership in these Energy and Manufacturing organizations to come together and recognize the importance of such an initiative and take their organizations to the next level of process and service maturity.

References

• Multiple Gartner reports on IT/OT integration issues and opportunities.
• Wipro’s case studies on providing IT services  within the Process control domain to Energy super-majors.

Vasuki Upadhya is a Senior Solution Architect with the Oil & Gas – Energy, Natural Resources & Utilities vertical, Wipro. He has 15 years of experience in the global IT sector, providing consulting, architecture design, architecture assurance, and architecture assessment of solutions in the energy and utilities domain. He works with key customers to create and provide effective IT solutions for complex business challenges. He also works with Wipro’s strategic partners to create joint solutions that focus on common industry needs.

Laxshmivarahan R is a Solution Architect with the Oil & Gas – Energy, Natural Resources & Utilities vertical, Wipro. He has 12 years of industry experience working with different multinationals in the areas of process and industrial automation systems and applications within the Oil & Gas and Manufacturing domain. He works with key customers supporting them in business analysis, early-stage program consulting and solution architecting. He has Bachelors in Electronics & Telecom Engineering and a Post-graduation in Management from Indian Institute of Management Bangalore (IIMB).