OMAC Tackles Digitalization Data Governance and Security

The group launches a cyber resilience task force on the heels of releasing a best practices guide for sharing digital data.

Getty Images Data Governance 64668284d7c82
Getty Images

In February, the Organization for Machine Automation and Control (OMAC)’s digital transformation workgroup released a best-practices guide for data governance. The report is a summary of the things that manufacturers, OEMs, systems integrators, and technology providers need to consider when they are setting up an Industrial Internet of Things (IIoT) solution in a manufacturing environment.

The document covers topics related to the structure of data, the forms of data, and the sharing of date in terms of how it should be curated and managed. “These are things that are new to a lot of people who have been learning about the value proposition, but are now taking the first steps to putting solutions together,” said Spencer Cramer, founder and CEO of ei3 and chairman of OMAC, during an interview at the ARC Industry Leadership Forum in Orlando. “And with these first steps they are going into the unknown because they haven’t done it before, it’s all brand new. OMAC is attempting to provide guidelines that can be used by people to get started and benefit from the experience of others who have already done it.”

As a company, ei3 is a member of OMAC and involved with the digital transformation workgroup because it has been focused on the IIoT aspect of digitalization in its own technology stack since it was founded in 1999. Now, the company wants to give back to the industry by sharing experiences.

This is the time to help manufacturers because the term “digital transformation” has reached the board room, and now IT and OT groups are tasked with making it happen—whatever that may mean to the organization.

In general terms, digital transformation “is taking existing processes, products, and practices and adding digitalization to them in ways that give them new processes, products, and practices, which then are there to meet the rapidly changing market conditions,” Cramer said.

But the first step in any digital transformation journey is connecting machines.

ei3 has more than 100,000 machines and devices connected in factories around the world and has made it easy for machine builders to connect equipment for remote service, or manufacturers who own machines can connect them themselves.

“We’ve streamlined the process of deployment to the level that it is something that can be done by the companies that own or build the equipment, reducing the need for technical specialists,” Cramer explained. “And by doing that, we make the solution more secure because if you go with an open ended box of solutions and people who don’t necessarily understand the nuance and potential pitfalls of creating a global industrial network, they could configure it wrong. By combining a managed network with purpose-built edge devices, which we have, those devices keep people from going off the road and keep them focused on building a safe and secure solution of connectivity.”

Once everything is connected you can start to flow data and convert the data into information—which is where the data governance comes in.

The notion of sharing data drives the need for an independent and trusted provider of IoT services which can also enforce rules through a good data governance policy. One of the areas that ei3 is good at is enforcing permission layers so that only the data of relevance is shared with the appropriate parties. It’s called the “principle of least privilege” and it’s a core element of cybersecurity that is built into the foundation of the ei3 platform.

Secure digital transformation

The sharing of data comes with its own share of security risk, which is why ei3 is also leading OMAC’s newly formed Cyber Resilience Act Task Force.

The Cyber Resilience Act (CRA) was passed by the European Union to address the alarming surge of cyber attacks on hardware and software products by creating technical requirements that businesses must comply with. This initiative is crucial for companies that aim to maintain a robust cybersecurity posture while continuing to sell their products in the EU.

The OMAC CRA task force, launching in June 2023, aims to deliver a concise document for both a technical and managerial audience to gain understanding of the requirements needed to achieve compliance. New participants are welcome to join and share their perspectives towards a comprehensive understanding of the CRA's scope and compliance requirements for each product it affects, as well as insights into efficiently achieving compliance. The task force hopes to publish its initial guidance document by September 2023.

Read what OMAC and ei3 are doing to help OEM's secure remote access.

“As cyber threats continue to escalate, it is imperative that manufacturing organizations prioritize cybersecurity and plan to comply with regulations that will safeguard their products and customers. I am confident that this task force will provide invaluable guidance and I encourage businesses to join us in this critical initiative,” Cramer said.

Industry professionals interested in joining the CRA Task Force to help create guidance and best practices for security products can find more information here.