Posted on

Security in the World of the Industrial Internet of Things

The Industrial Internet of Things (IIoT) is becoming an indispensable part of the manufacturing industry, leading to real-time monitoring and an increase in overall equipment effectiveness (OEE) and productivity. Since the machines are being connected to the intranet and sometimes to the Internet for remote monitoring, this brings a set of challenges and security concerns for these now-connected devices.

 What causes security to be so different between OT and IT?

Operational Technology (OT) manufacturing equipment is meant to run 24/7. So, if a bug is found that requires a machine to be shut down for an update, that stop causes a loss in productivity. So, manufacturers can’t rely on updating operational equipment as frequently as their Information Technology (IT) counterparts.

Additionally, the approach of security for OT machines has largely been “security through obscurity.” If, for example, a machine is not connected to the network, then the only way to access the hardware is to access it physically.

Another reason is that OT equipment can have a working lifetime that spans decades, compared to the typical 2-5-year service life of IT equipment. And when you add new technology, the old OT equipment becomes almost impossible to update to the latest security patches without the effort and expense of upgrading the hardware. Since OT equipment is in operation for such a long time, it makes sense that OT security focuses on keeping equipment working continuously as designed, where IT is more focused on keeping data available and protected.

These different purposes makes it hard to implement the IT standard on OT infrastructure. But that being said, according to Gartner’s 80/20 rule-of-thumb, 80 percent of security issues faced in the OT environment are the same faced by IT, while 20 percent are domain specific on critical assets, people, or environment. With so many security issues in common, and so many practical differences, what is the best approach?

The solution

The difference in operation philosophy and goals between IT and OT systems makes it necessary to consider IIoT security when implementing the systems carefully. Typical blanket IT security systems can’t be applied to OT systems, like PLCs or other control architecture, because these systems do not have built-in security features like firewalls.

We need the benefits of IIoT, but how do we overcome the security concerns?

The best solution practiced by the manufacturing industry is to separate these systems: The control side is left to the existing network infrastructure, and IT-focused work like monitoring is carried out on a newly added infrastructure.

The benefit of this method is that the control side is again secured by the method it was designed for – “security by obscurity” – and the new monitoring infrastructure can take advantage of the faster developments and updates of the IT lifecycle. This way, the operations and information technology operations don’t interfere with each other.

Posted on

Control Meets IIoT, Providing Insights into a New World

In manufacturing and automation control, the programmable logic controller (PLC) is an essential tool. And since the PLC is integrated into the machine already, it’s understandable that you might see the PLC as all that you need to do anything in automation on the manufacturing floor.

Condition monitoring in machine automation

For example, process or condition monitoring is emerging as an important automation feature that can help ensure that machines are running smoothly. This can be done by monitoring motor or mechanical vibration, temperature or pressure. You can also add functionality for a machine or line configuration or setup by adding sensors to verify fixture locations for machine configuration at changeovers.

One way to do this is to wire these sensors to the PLC and modify its code and use it as an all-in-one device. After all, it’s on the machine already. But there’s a definite downside to using a PLC this way. Its processing power is limited, and there are limits to the number of additional processes and functions it can run. Why risk possible complications that could impact the reliability of your control systems? There are alternatives.

External monitoring and support processes

Consider using more flexible platforms, such as an edge gateway, Linux, and IO-Link. These external sources open a whole new world of alternatives that provide better reliability and more options for today and the future. It also makes it easier to access and integrate condition monitoring and configuration data into enterprise IT/OT (information technology/operational technology) systems, which PLCs are not well suited to interface with, if they can be integrated at all.

Here are some practical examples of this type of augmented or add-on/retrofit functionality:

      • Motor or pump vibration condition monitoring
      • Support-process related pressure, vibration and temperature monitoring
      • Monitoring of product or process flow
      • Portable battery based/cloud condition monitoring
      • Mold and Die cloud-based cycle/usage monitoring
      • Product changeover, operator guidance system
      • Automatic inventory monitoring warehouse system

Using external systems for these additional functions means you can readily take advantage of the ever-widening availability of more powerful computing systems and the simple connectivity and networking of smart sensors and transducers. Augmenting and improving your control systems with external monitoring and support processes is one of the notable benefits of employing Industrial Internet of Things (IIoT) and Industry 4.0 tools.

The ease of with which you can integrate these systems into IT/OT systems, even including cloud-based access, can dramatically change what is now available for process information-gathering and monitoring and augment processes without touching or effecting the rudimentary control system of new or existing machines or lines. In many cases, external systems can even be added at lower price points than PLC modification, which means they can be more easily justified for their ROI and functionality.