Secure the first mile for IIoT
It is no secret cybersecurity will play a major role in the evolution of the Industrial Internet of Things (IIoT). It is also no secret information technology (IT) and operations technology (OT) have to work together to ensure a more cohesive working enterprise.
“How do we ensure the right people get the right data,” said Claudio Fayad, vice president process systems and solutions at Emerson Automation Solutions during his presentation at the Emerson Global Users Exchange in Austin, Tex.
Gathering information from the plant floor through an increase in sensors capability and then transferring that data throughout the enterprise is what the IIoT is all about, but there are security risks.
That is where what Fayad called securing the first mile comes into play.
Architectural designs connect data from operational systems to the IT environment. Part of the security design calls for using servers, firewalls, gateways, data diodes, along with user management, data encryption, key management, code signing, and data flow control.
Fayad explained that part of the security posture using the Purdue model where there is the traditional plant floor levels 0 through 3, then the IT levels 4 through 5. What they are saying the secure first mile exists between level 3 and 4, what they are saying is level 3.5.
The Purdue model, Fayad said, uses conventional layered security through firewalls and user management. It requires multiple levels of software to move data from one layer to another. It also involves multiple stakeholders. Network penetration could be difficult, but not impossible. It would be effective, but complex to maintain, he said.
A much simpler method, he said, would be to use a data diode, or a one-way communication, to protect against inbound communications.
“There would be no physical connection to allow data into the plant,” Fayad said.
In this model, the field gateway collects data from the OT systems and converts OT protocols into protocols that support unidirectional data flow. The data diode physically disables the inbound path and creates an “air gap” for inbound communications, Fayad said. The edge gateway converts the incoming protocols into IoT protocols and it provides secure data transfer to the IT systems.
Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information Website covering safety and security issues in the manufacturing automation sector. This content originally appeared on ISSSource.com. Edited by Chris Vavra, production editor, CFE Media, Control Engineering, email@example.com.
See additional stories from ISSSource about the IIoT linked below.