Edge computing has moved to the forefront of discussions around digital manufacturing and the Industrial Internet of Things over the past few years because of its ability to bring the data storage and analysis capabilities of the cloud into the facility. In many cases, edge computing devices can be co-located with the equipment whose data it is responsible for managing.
Beyond the location convenience and reduced bandwidth requirements of edge computing, some technology providers are also touting its security advantages. Cisco, for example, points to its industrial switching and routing products and accompanying management applications, such as its IOx application environment for lifecycle management) as examples of how edge computing can boost industrial cybersecurity efforts.
“By moving compute resources closer to end devices, there is an opportunity for organizations to leverage those resources to bolster their security posture,” says Dan Behrens, technical marketing engineer, IoT connectivity, at Cisco. “More specifically edge and fog computing (clusters of edge computing devices deployed where multiple computing resources are required) could be used to reduce the reach of insecure protocols, reduce the number of workstations needed in the environment, reduce or eliminate the need for out-of-band resources for passive network monitoring and remove identifying information prior to sending to upstream applications such as cloud solutions.”
Behrens says that, with IOx for example, users can run workstations on the networking equipment the devices are already connected to, thereby reducing the need for workstations. This is a key aspect to improving industrial cybersecurity because “reducing the number of workstations can simplify patch management, OS updates and remove physical entry points,” he adds.
Providing an example of how this works in industrial applications, Behrens notes that users can run Telit Devicewise inside IOx on Cisco’s 829 routers and IE4000 switches. He adds that OSISoft is developing software connectors for IOx and that Cisco and Amazon Web Services have enabled the AWS Greengrass core in a secure container hosted in a Cisco IoT gateway. “When these gateways are enabled with the Cisco Kinetic IoT platform they can provide secure, zero-touch deployment and simplified cloud management of IoT gateways, and enforcement of data distribution policies on the network,” he says.
From a security perspective, “anytime we can remove plant floor workstations, we are reducing the scope of devices we need to protect and reducing one of the possible vectors that a threat could be brought in on, such as via USB ports,” adds Behrens.
IOx also allows for passive monitoring to be conducted on the network without adding hardware and networking equipment to eliminate the impact of replicating traffic or deploying TAPs (test access ports). “With the ability to run software sensors, directly on the networking equipment the traffic is already passing through, an organization can deploy a passive security monitoring solution without adding additional hardware or complexity to the network,” says Behrens. “Software sensors receive the replicated traffic internal to the routers and switches, and send only the required information to an application.”