How to build resilient industrial networks that are secure and scalable

Industrial networks are changing, adapting and evolving. Driven by trends like IT/OT convergence, the Industrial Internet of Things (IIoT) and Industry 4.0, this shift demands a new approach to device management, moving beyond isolated systems. As machines become more interconnected and data-driven, a strong and secure network foundation is a necessity. The conversation is shifting to how to design and manage integrated systems for security and scalability.

Device management foundation

“There’s a lot of work and a lot of conversation today about the IT/OT integration,” says Steve Biegacki, strategic integration committee (SIC) chairman at FieldComm Group. “When you talk to companies like Amazon Web Services (AWS), Google, Microsoft and the IT companies, and you ask them, ‘Where do you think the data for that machine comes from?’ And they look at you and go, ‘Well, it kind of comes from the controllers that are in there.’ And I say, ‘Where do you think the controller informatio actually generates from?’ The controller only knows what it sees in the sensors and actuators on the machine. It's not out of the ether someplace.”

Biegacki continues: “The device management is one of the more important parts of putting a machine together, and so the methodology you use to actually design the control system to take into account what the devices are going to be in the system, whether there's pneumatics, whether there's variable frequency drives, whether there's pressure and temperature gauges, whatever it might be, needs to be considered as part of this overall design.”

Cybersecurity priority

“We should talk about cybersecurity,” says Aaron Dahlen, applications engineer at DigiKey. “This is challenging from an industrial control perspective. It’s challenging to keep pace in the ever-changing cat-and-mouse game. It’s hard enough to keep our home and office PCs safe. It’s even harder for industrial controls when we add demanding real-time capabilities. Also, when is the last time you updated the virus definition on your PLC? We recognize that popular PLCs are targeted. In fact, even the white hats learn the names of PLC families as they practice launching and defending attacks against critical infrastructure.”

Dahlen continues: “Choosing the correct software and hardware becomes a multidisciplinary activity. This is especially true as we transfer data off the machine and as we very carefully allow limited control. As an example, we still look to the Stuxnet PLC worm, even though it has been 15 years since the incident. This is a wake-up call to carefully consider the network design and our industrial maintenance procedures.”

Choose your PLC wisely

“When it comes to building or upgrading an automated system, the selection of network devices and I/O components plays a crucial role—not just in functionality, but in how quickly and efficiently the system can be installed and brought online,” says Bill Nyback, senior application engineer at ABB. “It all ties back to ease of commissioning. Choosing components that integrate smoothly with your existing controllers and automation architecture can significantly reduce the time needed for setup and programming. For instance, if your devices are designed to communicate effortlessly with widely used PLCs, the process of configuring I/O, establishing network communication and writing control logic becomes much faster, saving both time and money.”

Scope and scale for expansion

“It is always worth considering the scope and scale of the system you are building,” says Natalie Co, product engineer at MiSuMi. “Certain network topologies lend themselves better to expansion than others. For example, bus topology is cheap and easy to set up but has limited scalability due to data degradation as it travels down a single line. This thought process also applies to the physical hardware devices—an eight-point I/O block might work right now, but what if you add additional sensors? Unless you’re willing to make semi-regular component upgrades to your system, it may be worth investing in more capable components from the start.”

Network topology map

“When selecting hardware components, it is essential to consider communication standards, power requirements, environmental certifications and form-factor compatibility,” says Felipe Costa, senior networking and cybersecurity product manager at Moxa. “I always recommend starting with a network topology map to evaluate integration points. Compatibility with existing industrial protocols, such as Profinet, EtherNet/IP and Modbus, and the system’s deterministic performance requirements—real-time behavior, redundancy, bandwidth—are also critical. Additionally, cybersecurity compliance, such as ISA/IEC 62443 readiness, is no longer optional; it is a foundational requirement for secure integration.”

Get your subscription to Control Design’s daily newsletter.

Modular software architecture

“When designing new software for integration into an existing industrial network, one of the most important principles is modularity,” says Azad Jafari, I/O product manager at Beckhoff. “A modular software architecture allows individual components or functions to be developed, tested and updated independently. This not only simplifies maintenance and troubleshooting but also makes it easier to adapt or scale the system in the future without disrupting the entire network. The software must support the same industrial communication protocols used in the existing network and be capable of interacting with devices using these protocols reliably and efficiently.”

Supply chain diversification

“In the supply chain, similar to financial markets, no one is compensated for the risk that can be diversified out of their position,” says Thomas Kuckhoff, automation product manager at Omron Automation. “In other words, if supply chain teams are all at risk for systematic disruptions, then focusing on unsystematic risks yields a more robust position. For industrial equipment, diversifying the number of sources of replacement sensors, light curtains, servo motors or other wearable devices allows supply chain teams to take the risk out of one manufacturer having delivery issues. Globally open industrial protocols allow this to be achieved with little to no incremental cost to the machine or its designers.”

Expense of backward compatibility

“Availability of machines that support the latest technologies, but also maintain backward compatibility with legacy systems, is a goal I think all organizations strive for, but in the end is rarely achieved,” says Dave Boldt, product manager lead of factory automation at Pepperl+Fuchs. “The reason is that designing new devices with backward-compatible protocols and physical interface capabilities comes at the price of significant complexity and cost adders—a price that in the end is too steep to bear.”

Addressing schema

“Network switches are typically set up with network address translation (NAT), which makes the machinery easier to connect and maintain, as the network addresses inside the cabinet are consistent,” says Joe Biondo, strategic marketing manager for OEMs and machine builders at Rockwell Automation. “Any I/O needed to interconnect the machinery should be consistent, as well; the equipment designer should allocate a given number of I/O to machine interconnectivity, using the same physical addressing schema.”

Ease of total ownership

“Rather than focusing on ease of installation, teams should focus on ease of total ownership,” says Aaron Crews, global director of modernization solutions at Emerson. “The more complex the integration, the deeper, more expert skillset it will be necessary to have to maintain automation technologies and troubleshoot problems. A seamlessly integrated control system is built to be maintained easily, with redundancy that allows teams to perform online patches, fixes and upgrades. A system of systems is significantly harder to maintain. Teams have many different systems they must log into and maintain separately, which dramatically increases the workload for maintenance.”

Related article: Open industrial networks are here to stay