A multinational energy corporation is working to adopt technology to increase efficiency and improve data-driven decision making throughout its fleet of vessels. The vessels are equipped with on board systems including navigation, cargo management, vibration monitoring, engine monitoring and more, and the company set out to make better use of data and workflows in the remote, maritime environment.

The company was looking for a solution to limit the amount of bandwidth used to send data, while consolidating data into a single repository on each vessel and sending it once to a cloud environment where it could be made available for internal and external use. They aimed to implement a solution with operational technology (OT) gateways on the vessels to solve key OT challenges and accomplish their goals for modernization.

Project Goals and Challenges

The ultimate goal of the project was to adopt a scalable, reliable, secure and efficient way to share data among various users and applications without affecting the vessel’s mission critical performance. The data would be sent to the cloud for advanced analytics and used to increase efficiency at multiple levels of the vessel from engine performance to maintenance. 

The company faced several implementation challenges and needed a flexible and open solution. First, the many OT systems on the vessel were siloed and maintained by various vendors, making data extraction difficult. Second, some data workflows were redundant since the data paths were being built for each separate use case. Third, network bandwidth was a major challenge since the vessels use a VSAT (very small aperture terminal) that is a highly expensive satellite communication channel.

Last and certainly not least, the infrastructure on the vessels subscribed to the Purdue Model of Computer Integrated Manufacturing, meaning each vessel housed levels 3 (operations), 3.5 (DMZ) and 4 (business systems). To maintain a secure architecture, no level above can talk to the levels below. The customer needed a solution that could push data upstream without any security vulnerabilities.

Challenges:

• Siloed OT systems on the vessel
• Separate and redundant data paths for each use case
• Limited VSAT bandwidth
• Purdue Model requirements for security

Solution Requirements

To meet the goals and challenges for the project, the customer set out a series of clear requirements for the solution. 

1. Hardware independent with the ability to run in a Docker environment
2. Able to integrate multiple data sources from various vendors on a vessel
3. Support for standard OT protocols including MODBUS, OPC-UA, MQTT and more
4. Remote configuration capabilities since vessels have no IT or OT staff
5. Able to send a single stream of data to the cloud without duplication
6. Provide local temporary storage on the vessel for data buffering
7. Scalable and cost-effective without changing the core vessel architecture

To solve these challenges and meet the requirements, the customer began to look for a common software platform and associated protocols that could handle data efficiently while giving various data consumers secure access.  They chose the Ignition SCADA software from Inductive Automation with MQTT and Sparkplug modules from Cirrus Link.

Ignition

The customer chose the Ignition SCADA platform as the main navigation program and integration layer primarily for its high-availability and full suite of tools including SCADA systems, I/O servers, firewall and router. The ability to customize the modular solution using open standards was a draw, and the customer chose the more general Ignition and Cirrus Link modules over other solutions built specifically for the vessel industry because they wanted support for most legacy and modern protocols and did not want to be tied into one proprietary solution. Ignition Edge was deployed at the OT layer, DMZ layer and business layer to serve as a data broker to both the customer’s proprietary cloud and vendor cloud. Deployed via OT gateway, Ignition offered a common platform from which various users and applications could securely access the data from various OT systems.

MQTT

Cirrus Link Solutions designed MQTT Modules for Ignition to integrate data from OT to IT. MQTT (Message Queue Telemetry Transport) is a proven, standard machine-to-machine data transfer protocol that is quickly becoming the leading messaging protocol for Industrial IoT. Adding the Cirrus Link MQTT Modules to the Ignition SCADA system platform allowed the customer to move data securely and efficiently from the OT layer upstream to the cloud.

MQTT was ideal for this use case as a publish/subscribe, extremely simple and lightweight messaging protocol ideal for constrained networks. MQTT is designed for intermittent connection with a queuing system baked in and remedies for unexpected disconnects. Due to its pub/sub nature MQTT can broadcast very efficiently and only sends a message when the value of a signal changes – or report by exception.

MQTT is based squarely on top of TCP/IP, taking benefit of best-in-class security standards. The MQTT connection is always outbound from the lower level to the higher level as shown in the diagram above requiring no open ports, creating a virtual air gap for data to transit across the Purdue Model.  The encrypted outbound TLS connection offers the methodology to move data up from lower levels. The MQTT Sparkplug connection to the MQTT Server on each level creates an open standard for interoperability without opening itself up to security breaches. Another benefit of Sparkplug is it offers the modeling and unified name space needed to make the data useful to those processes upstream.

Sparkplug

While the data is pushed up to any number of data consumers with MQTT, it is auto-discovered with Sparkplug B so the customer can operate safely and securely across each of the levels on the vessel where safety is critical. Sparkplug is an open-source software specification that facilitates serving OT data up to applications via MQTT with contextualization so any subscriber can learn everything about the device and data immediately without compromising security.      Sparkplug defines a standard MQTT topic namespace, payload and session state management for the MQTT message, and decouples the data to enable a one-to-many approach for unlimited data consumers.

Together, the solution allows the customer to establish a single source of truth for the data, while making it easy to consume without giving any other system access to the OT systems.  If tags change or new devices are added, the applications using the data are automatically subscribed to all new information.

Results

The solution allows the customer to connect and pull data from all their OT systems and get that data upstream to the cloud to analyze it and make improvements. The customer has been able to consolidate useful OT system data for use cases both onboard or off-board the ship. They have begun to look at engine management data for instance, and analyzed it for better predictive maintenance, improved operations and fuel savings.

Since MQTT only sends data on exception, the solution greatly reduces the amount of bandwidth required to get the needed data from the vessels to the cloud. Only relevant data needed by the user and application make it to the cloud.

The project was originally slated to be deployed on tens of vessels in a three-year period ending in 2023. The project moved swiftly and is now expected to be completely implemented on all vessels one year early, by the end of 2022. Ignition with MQTT and Sparkplug is fast and easy to scale – the customer simply adds the OT gateways to the vessels, starts to collect data via MQTT, then adds context with Sparkplug and enables cloud and enterprise systems to use the data immediately.

Data is available all the time, within the Purdue Model, and sent on exception to drastically reduce the communications over the limited network while still providing the data applications need to drive cloud analytics and efficiencies.

Case Study -Modernizing Vessel Control Systems with Ignition and MQTT