Download document () of 20
Clear selection
Download selection
United States Select your location
Submit form in new Tab
We make what matters work*
Submit form in new Tab
Eaton rol byod
Explore our newest acquisition – Boyd Thermal
Digital
Services
Markets
170961867
Industry-first collaboration
Learn how we’ve joined forces with Siemens Energy to fast-track data center construction and reduce deployment timelines by up to two years.
Support
1010067800
Part number search >
Search for catalog numbers
Company
Eaton rol byod
Explore our newest acquisition – Boyd Thermal
MyEaton

Favorites

Manage favorites

How To Id Iot Solutions: An Application Perspective

I. INTRODUCTION 

The internet of things (IoT) and industrial internet of things (IIoT) promise to revolutionize manufacturing and life itself as we know it. While IoT devices will enhance the lives of many in the form of smart fitness devices or smart coffee makers, for example, providing health and convenience benefits, IIoT devices will improve safety and efficiency for mission critical industrial applications where millions or billions of dollars could be at stake for a single application should the integrity or security of the data IIoT devices transmit be compromised. If you are an engineer responsible for the design, construction or maintenance of complex systems you’ve inevitably heard these promises and begun assessing how IIoT might impact your role and your business. A quick search of IEEE Xplore® yields some astonishing results in the relevant fields of IoT. For example, a keyword search of “industrial internet of things” cites roughly 1,500 references. Broaden that search to “internet of things” and the references climb to nearly 19,000. Broaden the scope further to something similar to “wireless sensor” and you’ll be overwhelmed by nearly 90,000 references. Take these searches to your average web search engine and these numbers increase exponentially. So where does one begin if they seek to be proactive in capitalizing on the promises of a more “connected” business? 

If you’re reading this paper, there is a likelihood that you think you might be or fear you are the “IDIoT” this paper warns of. The authors of this paper would argue that if one is actively seeking knowledge than those doubts are unwarranted. To help prepare for the inevitability of widespread IIoT, this paper will attempt to help prioritize how to approach a deployment strategy while addressing the most common challenges in highly secure industrial facilities. 

While IoT and IIoT are relatively new terms that have evolved over the last decade, the concept dates back to the mid twentieth century where it was identified that any one machine or system can be connected to another machine or system [1]. Since that time, we have witnessed systems grow increasingly more complex while managing the tasks of several interdependent sub-systems in computers, automobiles and air travel to name a few. In the context of a large petro-chemical facility or process, there are no shortage of complex systems already leveraging some level of interdependency through existing supervisory control and data acquisition (SCADA) systems and other networking solutions. The advent of IIoT is poised to strain these existing systems by the sheer volume of data they will produce. The Industrial Internet Consortium suggests the success of IIoT relies on the convergence of operational technology and information technology and is driven by technology advances in ubiquitous connectivity and pervasive computation [2]. 

wireless-access-type.jpg
It would be short-sighted to look at the impact of IIoT on one business or facility alone. The European Union has emphasized that IIoT promises to blur the lines that traditionally divide the markets including manufacturing, transportation, utility and healthcare. For example, this will be accomplished by leveraging common platforms of data management to coalesce for new insights, services and value creation opportunities [1]. While economic impact estimates of IoT and IIoT may vary greatly, they are none the less staggering. Experts suggest that by the year 2020 over 20 billion devices will be connected, annual spending on IoT related development will approach $16 billion and annual revenue will reach $8.9 trillion [1, 3]. In deploying successful IIoT devices, the challenge remains in bringing the data together in a secure and affordable way that provides the performance, flexibility and scale needed. Table I illustrates the forecasted developments in IIoT by connection type while comparing them with respect to key evaluation criteria [1].

As the adoption of IIoT devices increases in traditional industrial environments, coupled with the ease and cost effectiveness of these network technologies, the opportunity to partially or fully replace the existing infrastructure will develop [4]. Whether partial or full replacement of the infrastructure is required, there persists the challenge to find the appropriate link layer technologies to bring the network together. In doing so, the same emphasis on security will persist as it has within the traditional infrastructure. As IIoT deployments become more pervasive going beyond monitoring and into the control system, security takes on a new meaning of safety as well. Safety comes in the form of both human lives and catastrophic environmental consequence if not mitigated properly [5]. 

In addition to the technical challenges impeding mass deployment of IIoT devices, significant challenges in compelling and accepted business models remain. While human safety is paramount to most oil and gas operations, and industrial applications as a whole, it is often the most challenging to create financial models around. Instead, we often focus on the easier models to articulate and justify, such as energy or maintenance savings, which lack sufficient catalyst to promote the technology effectively. Critical to the velocity and success by which IIoT will be eventually mass deployed are the myriad of early adopters who see the potential and financially supplement the industry’s development in improved solutions and governing standards [3]. It is likely more critical for a business to consider the right IIoT deployment strategy, with respect to business readiness, infrastructure optimization and future expansion, than it is to consider solutions on the basis of the specific problem it solves at the time. 

The remainder of this paper is organized as follows. Section II reviews the results of an oil and gas industry survey across both upstream and downstream businesses to assess perceived IIoT benefits and risks. Section III will highlight some of the obstacles that arise in focusing on solving specific sensing challenges without properly considering the broader network requirements and lessons one has learned from similar technology deployments. Section IV examines the best practices for addressing cybersecurity while Section V highlights opportunities and methodologies for securely leveraging the internet for process functions. Section VI attempts to take the learnings and apply them to a broad deployment strategy in the context of an oil and gas application.

II. WHERE ARE WE NOW? A SURVEY OF TWO OIL AND GAS INDUSTRIALS 

If the industry is to address the challenges of widespread IIoT deployment, one must first identify and understand what those challenges are. In an effort to do so, the authors have distributed a survey to a variety of individuals in a large oil and gas refining business (downstream) as well a large services business heavily focused on drilling (upstream) in order to gain perspective on the perceived benefits and challenges of IIoT technology. Of the survey respondents, the results are distributed fairly evenly with approximately 58% of the response coming from upstream businesses and the remaining from downstream businesses as shown in Figure 1.

oil-and-gas-industry-segment.jpg
While it is important to assess the perspective of various business entities within the oil and gas value chain, it is perhaps equally as important to consider the perspectives within each segment by functional role and level of responsibility within the organization. As most would agree, it takes more than a good idea to make change. IIoT inherently will involve an entire organization’s resources to successfully specify, procure, provision, analyze and maintain the systems one creates with it. If any one of the functional areas does not execute to the chosen strategy, the results will likely fall short of the intent if deployment can be achieved at all. Figure 2 breaks down the survey responses by functional role, level of influence and industry experience.

Those surveyed were asked a series of questions related to the perceived benefits and challenges IIoT technology would evoke within their businesses. They were also asked questions pertaining to the role the internet and/or third party service providers might play in IIoT deployment along with strategies for aggregating data from multiple OEM equipment and IIoT device suppliers. Lastly, the survey asked a series of questions in an effort to quantify one of the promised benefits of IoT, reduction in equipment failure, by identifying the economics of the downtime presently experienced in these facilities all of which is summarized in Appendix A at the conclusion of this paper. 

While the survey asked many questions it is important to be grounded in both the benefits and challenges those surveyed perceived in the future adoption of connected technologies. It is only with this understanding and focus that the industry can respond with targeted solutions having the greatest influence on the rate of adoption and return on investment. Of the ten potential benefits from IIoT provided, those surveyed decisively identified safety and improved operational efficiency as significant benefits with reduced downtime identified as a moderate benefit. All other choices appear to be of modest benefit. Despite predictions that IIoT will bring industries and supply chains closer together [1], those surveyed indicated improved customer relationships and improved supplier products or services were among the lowest perceived benefits. The full comparison of perceived benefits can be seen in Figure 3. 

Distribution-of-survey-responses.jpg
Rank-order-of-survey-responses.jpg
In order to realize any of the perceived benefits that connected technologies can deliver one must acknowlege and mitigate the risks or impediments that preclude successful deployment. Not surprisingly, the survey revealed definitively that perceived security threats and the resulting loss of process control is the most significant challenge of IIoT adoption. Perceived loss of intellectual property and legacy infrastructure should be considered moderate risks and all others appear to be low risks by comparison. Figure 4 summarizes the data in order of perceived risk.

While organizational resistance appeared to be of low risk, it should be noted that 17% of those surveyed perceived that the use of IIoT, or internet connected solutions and services, was unlikely in their business within the next five years. Of those that perceived internet connected solutions were unlikely to impact their business, 50% were in a position of authority (policy and/or decision maker).

The remainder of the paper will focus on the critical risk areas identified in the survey to bring greater awareness to mitigation strategies after first reviewing what lessons one can transfer from other recent technology introductions to industrial facilities. 

Rank-order-of-survey-responses-by-perceived-risk.jpg

III. THE PITFALLS OF SHORT-SIGHTED DEPLOYMENT

An entire paper could be dedicated to the lessons learned from deploying a new technology for the first time and only later realizing the compromises unknowingly made in the process. Instead of relenting on the possibilities, this paper will focus on a small group of important points to understand as one endeavors to evolve their corporate policy with respect to IIoT. 

1) The perception of new security threats related to IIoT are genuine concerns that are getting much attention from the industry and third party standards bodies such as Underwriters Laboratory (UL). Initiated in 2016, UL created the Cybersecurity Assurance Program with a series of cybersecurity outlines under UL2900 [6]. National Institute of Standards and Technology (NIST) released their own Framework for Improving Critical Infrastructure Cybersecurity [7] in 2014. While both provide excellent guidance there is still some work to do for the industry to adopt a standard process. 

2) Careful planning and prioritization of the variety of data to be transmitted is necessary to ensure both wired and wireless systems provide the performance desired. Unanticipated latency in the system will drive added cost and likely impede further pursuit of new applications for IIoT by the consumer. 

3) Adoption may be most influenced by the ease of provisioning and interoperability between new IIoT devices of competing protocols and the legacy infrastructures they will reside within. 

As the race for market position continues for device and service providers, many have raised concerns over the ensuing market fragmentation and ecosystem complexity by the volume of solutions available. Further, it will be those technologies that gain the greatest financial thrust during this period that will prevail due to the inherent economies of scale and not necessarily those that offer superior technological or performance advantages [1]. Successfully leveraging connectivity solutions from competing providers will prove to be a formidable task. It is imperative that each business develop its own strategy accounting for both legacy and new data compatibility and the scale at which the data will evolve over time. Building automation suppliers and system integrators will be forced to solve many of the fragmentation concerns caused by the variety of connectivity technologies such as wired or wireless, short-range or long-range and standard or proprietary protocol along with the middleware needed to facilitate them [1]. While 802.11 (Wifi) is the prevalent wireless technology in the office environments of petro-chemical facilities, 802.15.4 (best known as WirelessHART or ISA100.11a) is the predominant wireless technology in the process areas of those same facilities. Further complicating matters, Modbus, Ethernet and building automation and control network (BACnet) among others provide wired connectivity in these facilities as well. The variety of connectivity solutions poses significant challenges in scale and performance of the network. In a safety critical environment such as those found in petro-chemical facilities, maintaining control and managing latency are of utmost importance. In addition to system performance, specifiers must also consider system flexibility as the differences between devices, the varying quality of the raw data they produce and individual data analysis preferences of the user in order to yield the most value from the system [8].

The closest comparison offering insight in to IIoT adoption in petro-chemical and hazardous area applications may be light emitting diode (LED) lighting. Just over a decade ago, LED lighting for general illumination was introduced to petrochemical facilities in hazardous locations as defined by the National Electrical Code and NFPA497 [9, 10]. Adoption of LED lighting in non-hazardous applications only preceded this trend by a few years. There is little argument over the benefits of solid state lighting and the improvements that can be gained in energy efficiency, control and safety. However, more than 10 years after the introduction of LED lighting the industry has yet to adopt a common practice for system reliability at the luminaire level, one of the most notable inputs in assessing traditional return on investment calculations. Likewise, while photometry standards exist for assessing lumen output and distribution, the consumer often specifies LED lighting based on perceived equivalency to traditional lighting without appreciation for how the photopic visual response may vary by lighting source [11]. The end result often leads to dissatisfaction with the lighting installation due to excessive light levels and/or diminished economic benefit from the conversion of traditional light sources to LED based technologies.

When comparing LED to IIoT adoption, both will have experienced exponential growth over their first 10 years of deployment. Both require early adopters as catalyst for growth. And the frustrations of that early adoption will create iterative enhancements to industry standards and stricter specifications to address those concerns. Despite these challenges, early adoption will come with the competitive advantage providing new data on the product, process or service along with intangible benefits to the products and services we don’t yet understand. 

IV. CYBERSECURITY

The survey results of this paper definitively identified cybersecurity as the most significant concern with respect to the future of connected devices and for good reason. In all aspects of life people are confronted with stories of cyber-attack including data breaches in healthcare, banking, merchants and the US presidential elections as a small subset of examples [11, 12, 13, 14]. The NIST Framework for Improving Critical Infrastructure Cybersecurity sums up why the petro-chemical industry, a vital contributor to the world economy, must continue to take the topic seriously. “The national and economic security of the United States depends on the reliable functioning of critical infrastructure”. By design, IIoT systems will connect machines, sensors and actuators in oil and gas installations where a security breach could result in hazards to on-site personnel, productivity loss or significant financial impact. These risks may be mitigated by accounting for the following requirements: data and user confidentiality and integrity, user authentication and authorization, service availability, data freshness and nonrepudiation to ensure IIoT devices cannot deny actions in addition to sensors manufactured such that they can only access data during the time they are commissioned [1]. These requirements likely necessitate changes to current security practices for traditional industrial control systems to ensure network stability and integrity. As these systems will employ actuators in some applications, posing greater safety risk, the security schemes should not be over simplified to traditional IT systems either.

Typical-cyber-physical-production-architecture-vulnerabilities.jpg

The oil and gas industry experienced one of the most significant cyber-attacks in August of 2012. As CNN reported, in a matter of hours 35,000 computers within one major oil and gas company were partially or fully disabled. While oil production remained intact, all other business systems were in a state of chaos. Unable to facilitate procurement, tanker trucks were turned away for 17 days with the corporation finally relenting and giving oil away to address demand. While the financial impact has not been published, it can be assumed to be significant not only for the business targeted, but all those depending on the company’s supply chain as well [15]. What financial impacts were realized by upstream and downstream supply chain partners? How would the world respond to up to 10% of its oil supply being at risk? 

In the oil and gas cyber breach example, it was believed to be orchestrated by individuals from within the facility [15]. Accepting this conclusion, it is important to appreciate each of the areas by which a system is vulnerable. Figure 5 illustrates a cyber-physical production environment architecture and the vulnerabilities within it [5].

System performance and diversity of system architectures will emphasize the importance of machine-to-machine authentication in lieu of trusting only the protocol by which they communicate [16]. It is equally critical to safeguard the individual devices from malicious modification of their firmware or data to ensure secure operation of IIoT systems. While traditional IT systems may be temporarily disabled to address an attack, availability of process control and automation is of fundamental importance to petro-chemical facilities [5]. 

The NIST cybersecurity framework previously referenced provides structure for assessing risk in a connected environment. The framework is comprised of three primary parts: the Framework Core, the Framework Profile and the Framework Implementation Tiers. The implementation tiers range from Tier 1 (least) to Tier 4 (most) and denote the level of thoroughness in the risk management practice. The framework provides the criteria needed for consideration in any application. Table II is an abbreviated example illustrating the various functions and categories to be considered. Also included are example controlled unclassified information (CUI) and their descriptions. 

Not all responsibility for adherence to cybersecurity best practices should fall on the system owners and specifiers. All parties involved in the supply chain must ensure compliance as well, hence the evolution of the UL2900 series of outlines [6] intended to validate compliance of IIoT devices and products. 

function-catagory.jpg

V. INTERNET VS. INTRANET 

As described in the 2012 oil and gas cyber-attack, not all cybersecurity breaches occur with the internet as the primary vehicle to penetrating the network. Whether the preferred network solutions include cloud based services or not, cybersecurity measures need to be strategically planned and provisioned. While some organizations may be evaluating or initiating adoption of cloud based data services it is understood that most petro-chemical operations reside on traditional SCADA networks as illustrated in Figure 6. Procurement and business communications leveraging the internet are partitioned from process control and monitoring networks via the firewall.

As the demand for increasing business intelligence grows so will the data that will sustain it. So how does a business effectively utilize human and financial resources to anticipate, capitalize and maintain escalating data storage requirements? Is it practical to recapitalize a business’s data center every two to three years as technologies evolve? The answers to these questions may suggest an opportunity to responsibly manage the coexistence of on premise and cloud based solutions. Figure 7 illustrates a typical hybrid architecture. Responsibility 

Traditional-sensor-network-leveraging-SCADA.jpg

in this sense means more than simply a mindset, so one can again leverage a framework, similar to that published by NIST, to assist in methodically assessing the business needs and risks associated with each data set transmitted via the network. Some questions to consider may include: 

  • Should the data be breached, what are the potential ramifications of exposure? 
  • Does the data set identify personnel or other legally restricted data? 
  • Is the data directly related to process control? 
  • What risks are associated with uni-directional data flow from control networks to the cloud? 
  • What latency can the business accommodate compared with the latency of the chosen network solution? 
  • Who is the target audience for the data and how do they need it analyzed? 
  • Is the desired data within the core competence of your business to analyze? 

Beyond these questions we must also consider how these risks may be mitigated by the devices themselves through fail safe designs including intelligent devices that leverage artificial intelligence (AI) to predict abnormalities or changes in behavior. Safety critical functions should be controlled by the local device regardless of an attack on the software. These provisions will secure remote attack while physical access control may be required to safeguard the system from attack within. An

On-premise-and-third-party-based-data-hosting-architecture.jpg

example scenario in need of a fail-safe solution is a control system where the gateway or server either cannot deliver a data packet to the control valve or the control valve cannot authenticate the packet. In response to this situation, the control valve should reside in a safe state such as normally open or closed based on the process requirements [4]. While performance may not be optimal, provisions such as these will maintain risks at an acceptable level. 

As the demand for IIoT devices increases it will become more and more burdensome to commission new devices, manage the data traffic and latency and seamlessly integrate the data into existing or new advanced analytics. To satisfy demand will require highly scalable solutions for data and device management. The sheer volume of data traffic may financially strain an organization’s ability to consider cloud based storage, but therein lies an opportunity for equipment manufacturers and contractors to add scale as a function of the services they already provide. Local data management and analytics where necessary will improve latency and security but challenge a business’s scalability; therefore, there should not be an either-or consideration but rather there should be a where and when allocation in the overall system architecture [5]. 

VI. DEPLOYMENT STRATEGY – BRINGING IT ALL TOGETHER FOR AN APPLICATION


The possibilities for improved safety and reduced maintenance resulting from advanced sensor networks and IIoT are nearly endless. It seems fictional to imagine an environment where process equipment systems can be tethered to each other and the humans they interact with to create a new immersive ecosystem that actively prevents catastrophic incidents and autonomously optimizes production, but IIoT is the mechanism by which this is possible. Why can’t equipment authenticate an operator’s credentials and enable functionality based on this authorization? Why can’t that same equipment enable maintenance while validating that the technician adorns the proper personal protective equipment and provide the latest service instructions while also creating real time maintenance logs of the work performed? How can the lighting and other surveillance and safety systems be augmented to respond to changing work or environmental conditions while improving human response to accidents? Figure 8 provides a few examples of different potential IIoT developments that could be used to compliment process monitoring and control. While we may not witness all of these specific solutions, IIoT is poised to bring similar fantasies to fruition within the coming years. In this context, these possibilities are only shared to illustrate the scope by which IIoT could influence the industry and the planning required to capitalize on the solutions when available.

Futuristic-view-of-IIoT-within-a-petro-chemical-facility.jpg
While this paper has addressed some considerations for system latency, there exist some standards for appropriate data delivery times in critical applications. The IEEE1646-2005 standard prescribes requirements for electric power substation automation [17]. While IIoT extends well beyond the substation, the process by which these recommendations were assessed is broadly applicable. Table III and IV, taken from the IEEE1646 standard, demonstrate the data or message types possible in application and the acceptable latency and transport performance criteria for each. 
IEEE1646-standard.jpg
communication-of-critical-data.jpg

Comprehensive data models are necessary to account for the variety of data to be exchanged within a system or system of systems and account for the bandwidth available for communication of critical data. Control systems often operate with what is considered five nines, or 99.999%, availability and therefore must prioritize the data holistically [1]. Cost will likely be the biggest challenge in meeting this objective. Many IIoT applications do not require high throughput and low latency data transmission, which will constrict bandwidth and consume significant power. Instead, battery operated sensors can be an affordable deployment alternative in some applications. Further, single gateway solutions with multiple radios have been proven to have lower latency performance and optimal cost over multiple gateway solutions each with a single radio [18].

As previously mentioned, WirelessHART and ISA100.11a are prevalent in many petro-chemical facilities. Cecilio and Furtado demonstrated that the protocol is designed for fluctuating wireless performance yet can achieve 100% data delivery with a node duty cycle as low as 2.48% [4]. Duty cycle is an important consideration for each sensor type and while these protocols are prevalent today, latency can be a significant concern. This factor alone may be significant enough to necessitate development or deployment of alternative protocols for industrial monitoring and control as IIoT networks expand over time. To this extent, it is important to anticipate that the algorithms and data formats may change over time and therefore, organizations must ensure instruction exists for interpreting historical raw data if reformatting is necessary. 

Standards development and public policy are likely influencers of IIoT adoption as well. For example, the European Union adopted a 20-20-20 renewable energy directive establishing their climate change goals in 2009 [3]. The 20-20-20 directive specifically targets at least 20% reduction in greenhouse gases, 20% energy consumption from renewable sources and 20% improvement in energy efficiency by the year 2020. Undoubtedly, these requirements will become more aggressive in the near future. How will IIoT enable the significant improvements needed to meet future objectives? How might IIoT address other environmental, political or regulatory pressures to improve waste and air quality, noise pollution, light pollution and energy efficiency? Regardless of those pressures, is one not obligated to exploit every opportunity to improve worker safety and environmental conservation that is financially plausible to ensure future sustainability?

VII. CONCLUSION

The authors have presented survey data from upstream and downstream oil and gas businesses to examine the highest perceived benefits and risks to deploying large scale sensor systems and IIoT. In an effort to help realize the enormous potential of IIoT and address the risks, available standards and accepted planning methodologies have been presented to enhance awareness.

As with any rapidly evolving technology introduction, early adopters of the technology serve as the catalysts for continued development and optimization. IIoT left up to select individuals to solve only specific tactical problems will stifle the potential opportunities and business improvements. Instead, each business requires a collective cross-functional strategy with thoughtful requirements and specifications for data management and system performance in order to ensure the scalability required for the eventuality of IIoT. 

VIII. ACKNOWLEDGEMENTS 

The authors would like to thank the employees of Schumberger and Shell Chemical who participated in the survey and provided valuable insights into the potential for IIoT deployment in the oil and gas industry. Special thanks are also expressed to Mike DiFlorio for his work on illustrations for the paper. 

Eaton is an intelligent power management company dedicated to improving the quality of life and protecting the environment for people everywhere. We are guided by our commitment to do business right, to operate sustainably and to help our customers manage power ─ today and well into the future. By capitalizing on the global growth trends of electrification and digitalization, we’re accelerating the planet’s transition to renewable energy and helping to solve the world’s most urgent power management challenges.
Company
Quick links
© 2026 Eaton. All Rights Reserved.