In social media, one reads criticism about the 5-layer architecture model according to ISA S95 again and again. The arguments range from "collecting worthless data" to the assumption that it is impossible to seamlessly connect the individual layers and thus enable smooth communication among them. Likewise, the security of such a structure is often questioned.

One of Quantis' fields of activity is the creation and implementation of a modern IT / OT architecture. The points of criticism are justified, especially since the market is full of structures that have precisely the above-mentioned deficiencies.

In order to stand out from error-prone IT / OT architectures, we have focused on the task at hand and created an architecture model for our customers that does justice to it. This enables us to guarantee security, data quality and smooth communication. During the years of the pandemic, we were forced to rethink our processes and applications. The procurement of hardware as well as customs regulations made our work more difficult and travel activities were partly prohibited. For this reason, we completely converted our IT / OT software architecture to a virtual basis.

A modern IT / OT architecture in a manufacturing company consists of several layers that fulfill specific functions and are interconnected.

The lowest layer comprises the devices, sensors and actuators used in production to collect data and control physical processes. These devices are often interconnected via an industrial network architecture such as Ethernet. When older machines are no longer compatible with OPC UA, they are equipped with adapters and different software drivers to read their data.

The next layer is the OT control layer, which consists of control systems such as PLC (Programmable Logic Controller) and DCS (Distributed Control System) that enable automation of production processes. Such systems communicate with the devices on the lower layer and collect data for process control. All relevant KPIs of a line are calculated and made available here. It is also possible to send raw data from here to the cloud, but this can lead to a high volume of data.

The layer that builds on this is the IT layer, which consists of IT systems such as MES (Manufacturing Execution System) and ERP (Enterprise Resource Planning). These systems support the planning, control and monitoring of production processes and enable better integration of manufacturing and business processes. At Quantis, the Data Bridge is connected in the IT layer, which acts as a central collection point (broker) for all KPIs and raw data of a plant.

If the customer places particular emphasis on cyber security, there is the option of a protocol switch that converts the machine data into the correct format and encrypts it.

Over an existing company network, the values are forwarded via router/firewall to the appropriate platforms such as the Pocket Factory, to Data Lakes and to various cloud providers. The IT layer can also be based on AI/ML technologies to make data-driven decisions and improve efficiency and quality of processes.

The top layer contains the interfaces for operators and users to access data and control production via various end devices. These can be HMI (Human Machine Interface) systems, mobile applications or web portals.

To successfully implement this architecture, it is important that the different layers can communicate with each other securely and seamlessly, and that a clear data strategy is defined to optimize the integration, analysis and use of data.

Cybersecurity and organizational structure, friction points for seamless integration

Security and organizational structure are indeed important factors for seamless integration of IT/OT architectures in a manufacturing company.

For cybersecurity, it is important that IT and OT systems are adequately secured and that security policies and measures are developed and implemented to prevent attacks on the systems.

Our organizational structure lies in a one -way strategy in obtaining the data. The path of data always goes from the store floor to the cloud, but never back to the store floor. This avoids subsequent data manipulation. Another measure for seamless communication between the layers is exclusive access from the edge to the machine data on the store floor level via the OPC UA standard.

With regard to cyber security, we have developed and implemented a number of additional measures. The customer has sovereignty over the complete infrastructure and administration of the same. This also includes ownership and provisioning of the virtual edge and the data bridge. AMQP/MQTT protocols with protocol switching and encryption are used to transfer data from the edge to the cloud. These ensure security and high data throughput.

Training and awareness activities for employees are also important to increase cybersecurity awareness. Quantis implements, develops and trains client employees at the application level. Intensive employee training increases careful handling of sensitive company data.

Further, as a supporter, Quantis is given limited access to company data. In addition, security measures include firewall systems, protocol changes in the data bridge, and multiple encryption of data. There are authentication and access control procedures at the terminal access level to ensure data security.

In terms of organizational structure, it is important that IT and OT teams work closely together and have clear roles and responsibilities to ensure that systems are seamlessly integrated. It may also be useful to establish joint leadership for IT and OT to foster closer collaboration and coordination. In addition, it is important that the organizational structure is flexible enough to respond quickly to changes in the environment, such as new threats or production requirements. Within the scope of our access permission, we have the possibility to react in case of changes in the structure of a line. For example, adjusting KPIs and connecting or disconnecting cloud providers, ERP systems and machines is possible at any time and can be done by administrators themselves after training.

Overall, seamless integration of IT / OT systems in a manufacturing enterprise requires a comprehensive approach that considers both the technical and organizational aspects and focuses on developing a comprehensive security and data strategy.

Industry standard ISA S95

ISA S95 defines a standard architecture for production that provides a common language for IT and OT systems, facilitating seamless integration. The standard describes a hierarchical architecture defined at different levels from the sensor level to the enterprise level. This layering supports a clear separation of functions and responsibilities and facilitates the integration of IT and OT.

Another advantage of ISA S95 is that it promotes interoperability between systems that originate from different manufacturers and are used in different areas. The standard specifies common data definitions and communication protocols that enable different systems to exchange data and work together seamlessly.

Although ISA S95 does not cover all current developments in IT / OT integration, it remains an important reference point for the design of IT / OT architectures in the manufacturing industry. Especially for companies that do not yet have a comprehensive IT / OT integration, ISA S95 can provide a valuable basis for the transformation and

modernization of their production processes.

Limitations of ISA S95 in IT/OT Integration

Some of the developments that ISA S95 does not cover are:

Cloud - Computing: ISA S95 was developed before cloud - computing was widely adopted. The standard does not specify specific requirements for cloud-based systems, although this is becoming increasingly relevant for modern IT / OT integration.

Big Data Analytics: ISA S95 does not specifically address Big Data Analytics, although the increasing availability of data and the ability to analyze it are of great importance to the manufacturing industry.

Artificial Intelligence (AI): ISA S95 does not directly address AI, although this is an emerging topic in IT / OT integration. AI systems can help optimize production processes and increase efficiency.

Open Systems: ISA S95 focuses on the integration of proprietary IT and OT systems. However, the development of open systems that are interoperable and flexible is becoming increasingly important.

It is important to note that ISA S95 is a foundational industry standard that serves as a reference point for integrating IT and OT in the manufacturing industry. However, companies should implement additional steps to ensure that their IT/OT integration is in line with current developments and best practices.

Further measures for smooth integration of IT and OT

To achieve smooth integration of IT and OT in a manufacturing company, there are several industry standards and measures that companies can take.

Some of them are:

Industry 4.0: Industry 4.0 is a concept that aims to integrate IT and OT to enable smarter, more flexible and more efficient production. It involves the networking of machines, the use of Big Data and analytics, and the automation of processes. Companies can use the principles of Industrie 4.0 as a guide to transform their production processes.

OPC UA: OPC UA (Open Platform Communications Unified Architecture) is an industry standard for the interoperability of systems. It enables seamless integration of IT and OT systems, regardless of manufacturer or application area. OPC UA also provides secure and encrypted data transmission and enables the integration of cloud-based systems.

IEC 62443: IEC 62443 is a framework for industrial control system security. It provides guidelines for securing IT and OT systems and offers protection against cyberattacks. Companies can use IEC 62443 guidelines to develop and improve their IT / OT security strategies.

Data quality: Another important objection to the IT / OT layer model is the lack of data quality. You have to be able to filter, process and validate data. With the streaming analytics app PureData, Quantis is able to check and validate data for anomalies, dependencies as well as changes. This makes it possible to detect erroneous data as well as identify false, illogical, outliers, plateau values or undefined values. Data is validated through ongoing analysis and rework to maintain the highest possible data quality.

DevOps: DevOps is a software development methodology that aims to improve collaboration between IT and OT teams.

After implementing such an architecture, one goal of an organization should be to ensure efficient and secure processes. In this context, data also plays an important role, as it can help to identify and optimize weak points in the operational process. In the DevOps philosophy, software development and operations teams are brought together to ensure close collaboration. New computational rules can emerge from this data, which in turn increases data quality and reduces data volume. These new rules can then be implemented at the store floor level, creating a continuous cycle. Through close collaboration between software developers and operations teams, new standards can be developed not only in one plant, but also in all plants of a company. In this way, the DevOps philosophy not only contributes to greater efficiency and security in operations, but also to a joint approach to establishing uniform standards in all plants of a company.

Quantis as a comprehensive system integrator

The implementation of our IT / OT architecture model in collaboration with a large beverage manufacturer was very successful. With the strategies outlined, it was possible to seamlessly connect all layers. The high security standards and the guarantee of a consistently high data quality directly convinced the customer to equip further plants with this architecture.