Cybersecurity

Build secure networks as strategic backbones for digitalization

Operations technology (OT) and information technology (IT) organizations need to collaborate and build networks that effectively use digitalization to create an efficient and secure environment for companies.
By Donald Mannon May 11, 2019
Courtesy: CFE Media

Recent technology advancements, such as cloud computing, advanced analytics, and Big Data, have given rise to the Industrial Internet of Things (IIoT). What makes it all work is secure and deterministic connectivity. That’s why industrial enterprises wishing to pursue end-to-end digitalization of operations must consider networks to be the strategic backbone.

Without these networks, modern industrial enterprises would come to a standstill. Companies need to connect large, strategic assets and capabilities consisting of sophisticated information technologies (IT) to support users in offices and remote locations. These technologies include enterprise resource planning (ERP) systems, customer relationship management (CRM) systems, Big Data analytics, and other core applications residing in data centers, the cloud, or both. Data and network security and access are paramount to prevent compromised data integrity and privacy from hacker intrusions.

To keep production running, IT needs to provide secure, interconnected operations of complex operational technology (OT) landscapes. These start at the field level, operating in real time and often in extreme environments. They include thousands of sensors, actuators, valves, instrumentation, and other devices, usually from many different vendors. That’s not to mention constituent machinery and even conveyor systems, which are also from diverse sources. Meanwhile, all these components must feed and draw operational data into and from dynamic, vertical infrastructures consisting of a wide range of controllers, operator systems, and manufacturing execution systems (MES).

Unfortunately, many industrial enterprises have built networks as components of an IT/OT infrastructure and have added networks or extending networks afterward. The result is a patchwork of sub-optimal network segments, creating information islands preventing true, end-to-end digitalization. A fragmented network topology can expose operations to security vulnerabilities hackers can exploit to access to critical assets and data on or off the shop floor.

OT networks exceed IT demands

Building a strategic network backbone to support digital data flow through an industrial enterprise means IT and OT teams must collaborate to meet office and production requirements. Production requirements always will be much more demanding.

That’s when the data of a control command, for example, must get to its destination with precise, millisecond timing, to open or close a valve or start or stop a motor.

At a macro level, many industrial facilities, such as utilities, public communications, and transportation systems, must operate in real- or near-real time and with 99.999% uptime or better. Reliability, durability and availability are critical because lives may be at stake. Safety incidents and non-compliance with regulatory requirements also can incur costly fines. In contrast, enterprise IT networks can operate on a best-effort basis with data latencies much higher than what OT networks can allow. Office users won’t notice one or two second delays in sending an email or accessing a database, but such delays can cause production disruptions, possibly endangering personnel, the environment, or both.

Networks use modern industrial communications

Complex, automated production systems require a distributed control system (DCS) to operate. Organized as a hierarchy, a DCS starts by linking small components and machines that do the work on the production floor to programmable logic controllers (PLCs). The PLCs, in turn, link to human-machine interfaces (HMIs), interactive displays through which human operators can monitor and adjust performance as needed.

One or many DCSs can be integrated vertically to even higher-level systems for overall production management and visibility. To efficiently and securely move data deterministically, modern industrial communications use sophisticated data-prioritization and security techniques, such as:

Multicasting. The Internet Group Management Protocol (IGMP) enables devices, routers and switches on an OT network to transmit critical data on a one-to-many or many-to-many basis. The global OPC Unified Architecture communications standard also can link machines from different vendors.

Redundancy. In general, two types of redundancy can support reconfiguration times of a few milliseconds or even microseconds in the event of a fault.

  • System redundancy: Backup systems and communication components operate in parallel with primary systems, which fall over to them if the latter goes down.
  • Media redundancy: Should the network be interrupted, the plant will continue to operate along substitute communication paths. Two leading protocols are Profinet-compliant media redundancy protocol (MRP) and high-availability seamless redundancy (HSR).

VLAN segmentation. Virtual local area networks (VLANs) can partition one physical LAN into smaller, logical LANs. These separate networks connect OT automation systems from IT systems for better security and optimized real-time performance. OSI layer-2 access switches handle data traffic within a VLAN while layer-3 switches and routers direct data traffic across different VLANs.

Network IT/OT collaboration

The collaboration of IT and OT teams is the key to interconnecting each environment over a strategic backbone network in practical, secure and accountable ways that leverage their respective strengths and meet requirements. This collaboration can provide the “best of both worlds” to facilitate end-to-end digitalization needed for quantum gains in operational efficiency, visibility, flexibility and security. Fully digitalized industrial enterprises, supported by well-aligned IT and OT teams, will benefit from dynamic threads of data running throughout operations.

On the enterprise IT side, they’ll be able to execute business strategies faster, gain performance feedback and insights sooner, respond to market changes and opportunities more quickly, and improve their time to market with new products and services. On the OT production side, they’ll improve the reliability, visibility and security to boost machine availability and utilization.

Successful IT/OT collaboration helps companies enjoy competitive advantages over those that don’t consider networks to be strategic assets.

Donald Mannon, industrial market development, Siemens Industry Inc. Edited by Chris Vavra, production editor, Control Engineering, CFE Media, cvavra@cfemedia.com.

MORE ANSWERS

Keywords: Digitalization, information technology, operational technology

Industrial enterprises must consider networks to be the strategic backbones of their operations.

Network expectations differ for information technology (IT) and operational technology (OT).

IT/OT collaboration is key to ensure a practical and secure strategic backbone.

Consider this

What techniques have been effective in promoting IT/OT collaboration in your company?

Want this article on your website? Click here to sign up for a free account in ContentStream® and make that happen.


Donald Mannon
Author Bio: Donald Mannon, industrial market development, Siemens Industry Inc.