Author: Daniel Ehrenreich, Consultant and Lecturer, SCCE
The world will start seeing promising and positive changes when people cease talking about how many tens of billions of IoT devices will be connected to each other in 2020 and 2030 and invest time into in-depth understanding of what the Internet of Things (IoT) and Industrial IoT (IIoT) Ecosystems are and how they must be structured to deliver operating and financial values. These IoT devices are not talking to each other but are linked to a network which allows them to communicate with the designated service provider, which in turn sends decision-oriented data to users.
Nowadays, a huge percentage of IoT / IIoT Ecosystem projects do not deliver the expected operating and financial values because, due to lack of in-depth understanding, project decisions were blindly made.
This short paper is aimed at outlining the key considerations which allow you to understand what people are trying to “sell you” and ask architecture-related questions. You need to verify that the proposed solution matches your expected operating and cost benefits.
IoT and IIoT Ecosystem Service Providers
Both IoT and IIoT devices (see illustrations below) do not usually communicate with each other (exceptions are possible), but communicate with the designated service provider. These service providers perform a dedicated process related to each service they handle. Their process is professional, technology oriented and aimed at generating desired operating and cost benefits.
IIoT Ecosystem devices can be added, operating independently from other devices which may already be integrated and being monitored by the ICS. IIoT Ecosystems may also utilize temporarily added end point IIoT devices which are similar to the existing devices but are not linked to the ICS.
The table below outlines examples of Service Provider operations offered by IoT and IIoT Ecosystems.
IoT Ecosystem architecture
When dealing with commercial-type applications, such as are listed in the left side of the table, we must pay attention to the following components and system sections which comprises the IoT Ecosystem:
a) The field sensors monitoring the relevant parameters applicable to the IoT ecosystem.
b)The network can be cellular (1 step) or a 2 steps link using a gateway and a short-range link.
c) A cloud-based service provider/expert center is handling the IoT Ecosystem and publish the outcome of the analysis to 3rd party users and the organization which handles the site.
Figure 1 and Figure 2 below outline the 2 typical possibilities for connecting IoT field devices with the IoT service provider through a 1 step wireless link and a 2 step communication network.
IIoT Ecosystem architecture
In industrial-type applications, such as are listed in the right side of the table, some IIoT Ecosystems may reuse the existing sensor devices (part of the installed ICS) and some other Ecosystems will require adding new IIoT devices, completely isolated from the ICS. In this case the following components and system sections comprise the IIoT Ecosystem:
1) Architecture similar to IoT Ecosystems
Figure 3 and 4 below are showing two IIoT ecosystem architectures which are similar to IoT Ecosystems. On the left side you see several distant pumps monitored through a cellular network connecting each sensor with the service provider. On the right side you may see several sensors temporarily attached to the pump for monitoring multiple parameters through an on-site IIoT gateway.
2) Reuse of existing sensors which are part of the ICS
a) The ICS sensors are monitoring relevant parameters applicable to the IIoT ecosystem.
b) These are monitored through the data gateway (Fig 5) and the data is sent to the IT network.
c) The IT system is publishing via webserver the relevant data accessible via the Internet.
d) A cloud-based service provider/expert center is handling that specific IIoT Ecosystem process.
e) It will resend the results of the analysis to a 3rd party user or the organization’s IT network.
3) Adding new sensors, which are isolated and independent from the ICS
a)The added field sensors are monitoring the relevant parameters applicable to the IIoT ecosystem.
b)The data is collected via a data gateway (Fig 5) which is linked to the organization’s IT network.
c)The IT system is publishing via webserver the relevant data accessible via the Internet.
d)A cloud-based service provider/expert center is handling that specific IIoT Ecosystem.
e)It will send the results of the analysis to a 3rd party user or the organization’s IT network.
Figure 5 below is outlining a combined Ecosystem configuration as described in para 2 and para 3 above. As mentioned, the existing sensors will always communicate with the ICS control center through a data gateway linked to the ICS network. If for IIoT analysis purposes there is a need to add additional (permanent or temporary) sensors, these shall be linked through the data gateway directly to the IT Network.
In this paper we outlined multiple system architectures applicable for IoT and IIoT ecosystems. Furthermore, it is important to explain that all Ecosystem-architectures such as those outlined above must comprise an entity which handles the IoT/IIoT end point device management, responsible for fault monitoring and periodic software updates. In addition, it is important to emphasize again the following topics:
a)IoT and IIoT devices are not communicating with each other (some exceptions are possible).
b)They communicate with a service provider which provides the operating and financial values.
c)IoT and IIoT Ecosystems may utilize similar sensors but the service provider performs different tasks.
The achievable values delivered by these systems depend on the performance of the cloud-based service provider. Furthermore, it is also important to differentiate between IoT and IIoT ecosystems for the purpose of selecting adequate cyber defense, which is important for most commercial IoT Ecosystems but is highly critical for IIoT Ecosystems serving operation of manufacturing and utility processes. Understanding these topics will help your organization to deploy successful IoT and IIoT projects which achieve the targeted goals.
About Daniel Ehrenreich
Daniel Ehrenreich, BSc. is a consultant and lecturer acting at Secure Communications and Control Experts, and periodically teaches in colleges and present at industry conferences on integration of cyber defense with industrial control systems; Daniel has over 27 years of engineering experience with ICS for: electricity, water, gas and power plants as part of his activities at Tadiran, Motorola, Siemens and Waterfall Security. Selected as the Chairman for the ICS Cybersec 2019 conference taking place on 16-9-2019 in Israel and for the Asia ICS Cyber Security conference taking place in Singapore on 7-11-2019.