Industry 4.0 initiatives require laser focus on industrial IT infrastructure as the foundation. Your operations technology (OT) and IT teams face challenges with designing, maintaining, and securing your industrial assets.
We’ve identified three key ingredients to them achieving success:
- Full visibility into all the points of connection between devices and infrastructure, so your OT personnel can confidently manage the access layer of the network.
- The ability to map and manage all the traffic patterns between those devices, so you can identify and address security vulnerabilities and threats.
- A way to pull all that information together, along with other system health information to fill in the gaps—all on a single pane of glass—so you can get on top of the data, anticipate the problems, and achieve the productivity you’re aiming for.
Let’s examine each key ingredient.
Full visibility into all connected points on the industrial network can be obtained by using tools such as Cisco’s Industrial Network Director (IND). IND non-intrusively scans the entire industrial network, then generates topology maps that reveal the interconnectivity of the network infrastructure and its endpoints. IND features an intuitive and easy-to-use GUI interface for management, configuration, and zero-touch commissioning of Cisco Industrial Ethernet and Allen-Bradley Stratix switches, eliminating the need for command line interface knowledge. This means your OT personnel can manage the access layer of the network closest to the equipment they’re responsible for, liberating their IT counterparts from getting involved in routine OT network tasks, such as adds, moves, and changes. With IND, your OT team can also have the confidence and ability to undertake the replacement of unmanaged switches—which are prevalent in legacy OT environments—so they can achieve greater network visibility, performance, and reliability.
Traffic mapping and management
OT security, network visibility, operational insights, and threat detection are must haves. An example platform that can deliver a powerful array of cybersecurity features to protect your OT network from security threats is Cisco’s Cyber Vision. Whereas IND discovers and visualizes the connectivity of your industrial network devices, Cyber Vision maps and visualizes the traffic patterns between those devices (including the processing of native OT protocols). System baselines define normal network behavior and configuration and, when a deviation occurs, alerts are generated immediately, allowing quick mitigation of potential threats. Cyber Vision allows OT personnel to group assets, providing the foundation of OT network segmentation. It also shares industrial asset context with other Cisco security solutions, giving your IT team visibility into the OT environment. Cyber Vision provides insights into your OT security posture, risk scoring, device vulnerabilities, signature-based intrusion detection systems, and operational activities like configuration changes and control system events. Cyber Vision deep packet inspection sensors are built into industrial-compute-capable Cisco switches, routers, and other network elements, lowering total cost of ownership.
Effectively displaying the network’s health and integrity data is critical to analysis and timely action. A platform that delivers the vital signs of critical industrial infrastructure, endpoints, and applications with intuitive and visual dashboards, all on a single pane of glass is Frontedge OT Vitals. IND and Cyber Vision serve specific purposes on the network itself, but there is so much more in the industrial IT and control system environment to keep tabs on. OT Vitals fills in the gaps. Drawing from IND’s device inventory as a starting point, OT Vitals provides an array of infrastructure and endpoint health metrics, including the display of vulnerabilities and risk scoring from Cyber Vision. If thresholds are crossed or critical diagnostic events are detected, alerts are pushed to Webex Teams, enabling your OT and IT personnel to collaborate quickly and efficiently. They can even push comments and acknowledgements back to OT Vitals. OT Vitals also enables integration of custom data sources for unique customer applications and devices.
System integrators can play a vital role in helping clients secure and managing their industrial networks. Their plan should include: a preliminary asset visibility study; an industrial network advisory report identifying connected devices, security issues, and risks; a remediation plan; and commissioning-converged IT/OT infrastructure solutions. The role of the integrator is to assist with implementing a solid foundation for your IoT and control system devices so you can then gain the full value of your investment through digital initiatives that drive business outcomes.
Daniel C. Malyszko is director of operations and digital transformation lead at Malisko Engineering Inc, a certified member of the Control System Integrators Association (CSIA). For more information about Malisko Engineering, visit its profile on the Industrial Automation Exchange.