Security in the World of the Industrial Internet of Things

The Industrial Internet of Things (IIoT) is becoming an indispensable part of the manufacturing industry, leading to real-time monitoring and an increase in overall equipment effectiveness (OEE) and productivity. Since the machines are being connected to the intranet and sometimes to the Internet for remote monitoring, this brings a set of challenges and security concerns for these now-connected devices.

 What causes security to be so different between OT and IT?

Operational Technology (OT) manufacturing equipment is meant to run 24/7. So, if a bug is found that requires a machine to be shut down for an update, that stop causes a loss in productivity. So, manufacturers can’t rely on updating operational equipment as frequently as their Information Technology (IT) counterparts.

Additionally, the approach of security for OT machines has largely been “security through obscurity.” If, for example, a machine is not connected to the network, then the only way to access the hardware is to access it physically.

Another reason is that OT equipment can have a working lifetime that spans decades, compared to the typical 2-5-year service life of IT equipment. And when you add new technology, the old OT equipment becomes almost impossible to update to the latest security patches without the effort and expense of upgrading the hardware. Since OT equipment is in operation for such a long time, it makes sense that OT security focuses on keeping equipment working continuously as designed, where IT is more focused on keeping data available and protected.

These different purposes makes it hard to implement the IT standard on OT infrastructure. But that being said, according to Gartner’s 80/20 rule-of-thumb, 80 percent of security issues faced in the OT environment are the same faced by IT, while 20 percent are domain specific on critical assets, people, or environment. With so many security issues in common, and so many practical differences, what is the best approach?

The solution

The difference in operation philosophy and goals between IT and OT systems makes it necessary to consider IIoT security when implementing the systems carefully. Typical blanket IT security systems can’t be applied to OT systems, like PLCs or other control architecture, because these systems do not have built-in security features like firewalls.

We need the benefits of IIoT, but how do we overcome the security concerns?

The best solution practiced by the manufacturing industry is to separate these systems: The control side is left to the existing network infrastructure, and IT-focused work like monitoring is carried out on a newly added infrastructure.

The benefit of this method is that the control side is again secured by the method it was designed for – “security by obscurity” – and the new monitoring infrastructure can take advantage of the faster developments and updates of the IT lifecycle. This way, the operations and information technology operations don’t interfere with each other.

Start Condition Monitoring With Vibration Sensors

IIOT (Industrial internet of things) has gained much traction and attraction in past years. With industries getting their assets online for monitoring purposes and new IO-Link sensors providing a ton of information on a single package, monitoring machines has become economically feasible.

Vibration is one of the most critical metrics regarding the health of machines, providing early detection of potential faults – before they cause damage or equipment failure. But since this is a relatively new field and use case, there is not much information about it. Most customers are confused about where to start. They want a baseline to begin monitoring machines and then finetune them to their use case.

“Vibration is one of the most critical metrics regarding the health of machines…”

One approach to solve this is to hire a vibration expert to determine the baseline and the best location to mount the vibration measuring sensor. Proper setup increases the threshold of getting into condition monitoring as a new user figures out the feasibility of such systems.

I direct my customers to this standardized baseline chart from ISO, so they can determine their own baselines and the best mounting positions for their sensors. The table shows the different standards for severity for different machine classes. These standards detail the baseline vibration and show the best place to mount the sensor based on the machine type.

Click here for more information on the benefits of condition monitoring.


Getting Condition Data From The Shop Floor to Your Software

IIoT (Industrial Internet of Things)  is becoming more mainstream, leading to more vendors implementing innovative monitoring capabilities in the new generation of sensors. These sensors are now multifunctional and provide a host of additional features such as self-monitoring.

With these intelligent sensors, it is possible to set up a system that enables continuous monitoring of the machines and production line. However, the essential requirement to use the provided data for analysis and condition monitoring for preventative and predictive maintenance is to get it from the shop floor to the MES, ERP, or other analysis software suites.

There are a variety of ways this can be done. In this post we will look at a few popular ways and methods to do so.

The most popular and straightforward implementation is using a REST API(also known as RESTful API). This has been the de facto standard in e consumer space to transport data. It allows multiple data formats to be transferred, including multimedia and JSON (Javascript Object Notation)

This has certain disadvantages like actively polling for the data, making it unsuitable for a spotty network, and having high packet loss.

MQTT(Message Queuing Telemetry Transport) eliminates the above problem. It’s very low bandwidth and works excellent on unreliable networks as it works on a publish/subscribe model. This allows the receiver to passively listen for the data from the broker. The broker only notifies when there is a change and can be configured to have a Quality of Service(QoS) to resend data if one of them loses connection. This has been used in the IoT world for a long time has become a standard for data transport, so most of software suits have this feature inbuilt.

The third option is to use OPCUA, which is the standard for M2M communication. OPCUA provides additional functionality over MQTT as it was developed with machine communication in mind. Notably, inbuilt encryption allows for secure and authenticated communication.

In summary, below is a comparison of these protocols.

A more detailed explanation can be found for these standards :




Implement a Smart Factory Using Available Technologies

What is a Smart Factory?

The term smart factory describes a highly digitalized and connected system where machines and equipment using sensor technology improves processes through monitoring, automation, and optimization. The wealth of data enables predictive maintenance and an increase in productivity through planning and decreased downtime.

The smart factory’s core building blocks are various intelligent sensors that provide a critical measure for the machine’s health, such as temperature, vibration, and pressure. This data combined with production, information, and communication technologies forms the backbone of what many refer to as the next industrial revolution, i.e., Industry 4.0.

The technologies that make the Industrial Internet of things or Industry 4.0 possible have always been available for the information technology domain. The same technology and software can be used to implement the next generation of industries.

How would I go about implanting these technologies?

The prerequisite to implementing any smart factory is using a sensor(s) with the ability to provide sensing information and to monitor its health. For example, an optical laser sensor can measure distance and monitor the beam’s strength reflected, alerting that the glass window might be foggy or dirty. These sensors are readily available in the market as most IO-Link sensors come with the diagnostics inbuilt. However, it varies from vendor to vendor.

The second step is getting the data from the operational technology side to the information technology level. The industrial side of things uses PLCs for control, which should be left alone as the single source of control for security reasons and efficiency. However, most IO-Link-enabled network blocks can tap into this data in read-only mode using JSON (JavaScript Object Notation) or a REST API.  With the IO-Link consortium officially formalizing the REST API, we will see more and more vendors adopting it as a feature for their network blocks

The final step is using this data to visualize and optimize the process. There are various SCADA and MES software systems that make it possible to do this without much development. But for maximum customizability, it’s recommended to build a stack that fits your needs and provides the option to scale. There are very mature open-source software options and applications that have been in used in the IT world for decades now and transfer seamlessly to the industrial side.

A data visualization of the current and amperage of an IO-Link device

The stack I have personally used and seen other companies implement is Grafana as a dashboarding software, InfluxdB as a time-series database, telegraf as a collector, and Mosquitto as MQTT broker.

The possibilities for expansion are limitless, leaving the option to add another service like TensorFlow for some analytics.

All of these are deployed as container services using Docker, another open-source project. This helps for easy deployment and maintenance.

A demonstration of this stack can be seen at the following link

Username and password are both “balluff” (all lowercase).

Building Blocks of the Smart Factory Now More Economical, Accessible

A smart factory is one of the essential components in Industry 4.0. Data visibility is a critical component to ultimately achieve real-time production visualization within a smart factory. With the advent of IIoT and big-data technologies, manufacturers are finally gaining the same real-time visibility into their enterprise performance that corporate functions like finance and sales have enjoyed for years.

The ultimate feature-rich smart factory can be defined as a flexible system that self-optimizes its performance over a network and self-adapts to learn and react to new conditions in real-time. This seems like a farfetched goal, but we already have the technology and knowhow from advances developed in different fields of computer science such as machine learning and artificial intelligence. These technologies are already successfully being used in other industries like self-driving cars or cryptocurrencies.

Fig: Smart factory characteristics (Source: Deloitte University Press)

Until recently, the implementation or even the idea of a smart factory was elusive due to the prohibitive costs of computing and storage. Today, advancements in the fields of machine learning and AI and easy accessibility to cloud solutions for analytics, such as IBM Watson or similar companies, has made getting started in this field relatively easy.

One of the significant contributors in smart factory data visualization has been the growing number of IO-Link sensors in the market. These sensors not only produce the standard sensor data but also provide a wealth of diagnostic data and monitoring while being sold at a similar price point as non-IO-Link sensors. The data produced can be fed into these smart factory systems for condition monitoring and preventive maintenance. As they begin to produce self-monitoring data, they become the lifeblood of the smart factory.


The tools that have been used in the IT industry for decades for visualizing and monitoring server load and performance can be easily integrated into the existing plant floor to get seamless data visibility and dashboards. There are two significant components of this system: Edge gateway and Applications.

Fig: An IIoT system

Edge Gateway

The edge gateway is the middleware that connects the operation technology and Information technology. It can be a piece of software or hardware and software solutions that act as a universal protocol translator.

As shown in the figure, the edge gateway can be as simple as something that dumps the data in a database or connects to cloud providers for analytics or third-party solutions.


One of the most popular stacks is Influxdb to store the data, Telegraf as the collector, and Grafana as a frontend dashboard.

These tools are open source and give customers the opportunity to dive into the IIoT and get data visibility without prohibitive costs. These can be easily deployed into a small local PC in the network with minimal investment.

The applications discussed in the post:




Node-red Tutorial