Network security is a legitimate fear when it comes to Smart Manufacturing. Overall, SM unleashes the potential of IIoT technologies by integrating three key productivity factors: the automation process which provides operational information, or data, necessary for production, followed by analytics.
Smart manufacturing brings together two different work groups – Operation Technology and Information Technology – like an “unstoppable force meeting an immovable object.” During this merger of technology, several gigabytes of data is exchanged, increasing the need for solid network security.
Manufacturers need to find ways to secure such substantial amounts of data as part of or before they undergo a comprehensive modernization plan.
Recent global ransom ware attacks sent shock waves throughout the factory floor. The super villain “WannaCry hit 200,000 computers across 150 countries. As of June 2017, $130,634.77 was transferred to retrieve encrypted data. Malware “Petya” took down Ukraine’s nuclear power plant and some major private companies worldwide.
While we aren’t bringing this up to scare you, it’s important that manufacturers build a strong fortress with a much thicker firewall to withstand natural and artificial calamities. Smart systems require protection from vulnerabilities that spring from wireless networks, increased connectivity and sensor use, and more.
There are several players in firewall market for protecting the enterprise. But having a dedicated firewall for the automation devices and the factory floor is the next important thing.
Modern industrial firewalls can be locally or centrally managed. Locally managed is common for OT plant personnel and OEM applications. Centrally managed is common for IT. Cisco and Rockwell now give power to the control engineers on the factory floor to secure their networks with the Cisco Industrial Security Appliance 3000 and Allen-Bradley Stratix 5950, respectively.
The Stratix 5950 incorporates new security technology (Adaptive Security Appliance, or ASA, firewall and FirePOWER) that establishes a security buffer between cell zones, ultimately protecting machines and even entire lines. Potential intrusions and undesirable activity can be observed in the monitor-only mode at the operations level. Bringing this kind of experience to the OT level is a unique component of the 5950.
Using Cisco DPI technology (deep-packet-inspection), visibility into the network can reach the plant floor. While this is not new to IT managers, it is new to plant managers who now have the same visibility. Data can be gathered on any network connection, including EtherNet/IP, monitoring application traffic.
Partnering with Cisco allows for an integration with IT and talks the language of the control or process engineer on the plant floor. This translates to minimal intervention by IT. It allows more power to OT to secure their own fortress.