1660240104529 Bacidore

Where IT and OT converge

March 28, 2017
Recommendations for building an IIoT-ready manufacturing network.

The promise of innovation is beneficial to customers and suppliers alike. And innovation is spilling over in the business environment that is cultivating and nurturing the Industrial Internet of Things (IIoT). The more enticing IIoT business outcomes include smart devices, smart machines and smart manufacturing, in which information technology (IT) and operations technology (OT) are able to leverage the intelligence that results from these evolutionary improvements.

“Right now, there are differences between OT and IT network infrastructures,” warned Gregory Wilcox, global technology & business development manager, Rockwell Automation, who spoke at the 2017 ODVA Industry Conference in Palm Harbor, Florida. “But, over time, you’ll see more similarities and fewer differences.”

Standard network technology and security services still differ considerably between IT and OT. Network services for IT—simple network management protocol (SNMP) and low-latency data transfer (LLDT)—are pretty consistent. “If you look at the OT side, standards like SNMP or LLDT are sporadically or inconsistently deployed,” said Wilcox. “In the IT world, security is pervasive. Their focus is the confidentiality piece. In our world, it’s about productivity. EtherNet/IP is open by default.”

For those looking to create cloud gateways, there are many companies around the world that still have islands of automation. “The technology of choice is cellular,” said Wilcox. “You see that more and more around the world. Some companies have a fully blended IT and OT network. Or there’s connectivity by data diodes—one-way communication from the OT network up to the enterprise. Industrial demilitarized zones for industrial control are network-secure practices.”

Best practices for an industrial control system address key requirements for network infrastructure that includes scalability, reliability, safety, security and future-readiness. An application may be in place for decades.

The architecture can be used to create smaller connected LANs, which restore natural boundaries. The architecture should include key tenets such as smart endpoints, segmentation/zoning, managed infrastructure, resiliency, time-critical data, wireless mobility, holistic defense-in-depth security and convergence-ready solutions.

“We organize levels into functional zones,” said Wilcox. “Level 0 includes actuators, sensors, drives and robots. Level 1 is controllers, and Lever 2 is area supervisory control. Level 3 represents the highest level of the industrial automation and control system. The systems and applications that exist at this level manage plantwide functions. Levels 0 through 3 are considered critical to site operations and control. Levels 4 and 5 are data centers and enterprise networks.”

Zoning is based on the application environment. “In this concept of zoning, CIP security comes in,” explained Wilcox. “I’m creating smaller, Level 2 domains. It’s a great way to segment my domains into smaller levels of trust.” It also eliminates collisions if you have different vendor technologies.

“One size does not fit all,” warned Wilcox. “What’s sufficient for one customer may be insufficient for another. What are the application requirements? It comes down to the topologies—switch-level topologies, such as redundant star, ring and star/bus linear; and device-level topologies.”

Network address translation (NAT) enables controls engineers to reuse Internet protocol (IP) addresses and build system applications to integrate into a plantwide architecture, which requires unique IP addressing. NAT can be configured to translate only specific IP addresses from inside the application to the architecture, which also hides the inside IP addressing schema.

“OEMs like to clone their IP addressing,” said Wilcox. “Network address translation enables the reuse of IP addressing without introducing a duplicate IP address error. What do they have to do to make sure their solution is ready to be integrated? We recommend early and open dialogue on the OT and IT side.”

As deployment of wireless solutions continues to grow, equipment may roam across the industrial zone and associate to multiple access points. “There are lots of great use cases for wireless—static machines with moving parts; skids that are nomadic; continuous roaming capabilities such as AGVs; workforce mobility devices like tablets and smart phones,” said Wilcox. “We thought wired was the IT-OT battleground, but that was nothing compared to wireless. You have to worry about frequency spectrums.”

No single product, technology or methodology can fully secure control-system applications. “It requires multiple layers,” explained Wilcox. “Who are the characters? Controls engineers? IT personnel? How do I make sure I have tools in place to support the framework? I can do things physically for port security. There are things I can do electronically to disable a port.”

About the author

Mike Bacidore is the editor in chief for Control Design magazine. He is an award-winning columnist, earning a Gold Regional Award and a Silver National Award from the American Society of Business Publication Editors. Email him at [email protected].

About the Author

Mike Bacidore | Editor in Chief

Mike Bacidore is chief editor of Control Design and has been an integral part of the Endeavor Business Media editorial team since 2007. Previously, he was editorial director at Hughes Communications and a portfolio manager of the human resources and labor law areas at Wolters Kluwer. Bacidore holds a BA from the University of Illinois and an MBA from Lake Forest Graduate School of Management. He is an award-winning columnist, earning multiple regional and national awards from the American Society of Business Publication Editors. He may be reached at [email protected] 

Sponsored Recommendations

High Sensitivity Accelerometers to Monitor Traffic and Railroad Vibration for Semiconductor Manufacturing

This paper examines highly sensitive piezoelectric sensors for precise vibration measurement which is critical in semiconductor production to prevent quality and yield issues....

Simulation for Automation Guide

How digital twin solutions are expanding the capabilities of plant engineers.

Enhancing HMI Security and Accessibility with Cloud VPN Solutions

Enhance HMI security and remote access with Beijer’s cloud VPN solution. Enjoy advanced encryption, easy setup, and secure access via laptops, smartphones, or tablets. Cut costs...

Motor Encoders: What They Are and How They Work

Motor encoders are rotary encoders adapted to provide information about an electric motor shaft's speed and/or position. Like rotary encoders, motor encoders are most commonly...