Best Practices for Your Network Upgrade

Industrial networking technologies and the cyber attacks they face have evolved dramatically over the past several years. As a result, greater attention to network upgrade best practices is becoming increasingly critical to all industry verticals—not just critical infrastructure.

Like most technologies in the industrial automation sphere, networking technologies are typically installed for the long haul. In other words, if it ain’t broke, don’t fix it.

But with the advance of Industry 4.0 and Industrial Internet of Things initiatives bringing IT and operational technologies (OT) closer together, a move toward more frequent upgrades of industrial network technologies seems to be underway—at least in some verticals.

To learn more about this for the “Automation World Gets Your Questions Answered” podcast series, we connected with Dan Schaffer of Phoenix Contact. Access the podcast here.

According to Schaffer, the frequency of network upgrades across industries does, of course, tend to vary due to the nature of the work in a particular vertical and the amount of capex involved. "On the low end, it tends to be every five years but typically ranges from 10-20 years," said Schaffer. "In the IT space, where I’ve spent much of my career, the standard is to upgrade every 3-5 years to keep up with technology changes.”

Looking at upgrade practices in specific industry verticals, Schaffer said the water/wastewater and electric power industries tend to have the longest intervals between upgrade cycles. In these industries, going 20 years between upgrades is not uncommon due to specialized network design and the prevailing "never touch a running system" attitude.

In contrast, the oil and gas industry refreshes much more frequently, especially over the past several years with the upsurge in that industry’s profits. “They’re also embracing a much more data-centric model of operation,” said Schaffer. “To get access to that data, they need to upgrade more frequently. They’ve also seen the crippling effects of cybersecurity attacks—like the one impacting Saudi Aramco [in 2012], which is making them much more proactive. On the discrete side of industry, automotive is leading the charge because they’ve been actively embedding IT into their OT ranks. So, they have more of that three- to five-year upgrade mentality.”

Beyond the technological benefits, Schaffer said one of the biggest business advantages of a network upgrade is that it provides the perfect excuse to update, validate, and clean up documentation. “Too many times I’ve been in plants asking about what devices are connected to the network and what they’re connected to on the network only to find that the documentation is out of date. No one knows the answer—so it’s difficult to manage the network from an operational and cybersecurity vantage point. I’m a big believer in knowing your network. Whenever you do an update, it gives you the perfect opportunity to re-acquaint yourself with the infrastructure that makes your plant tick.”

The biggest impacts to be gained from a network upgrade will take place on the higher end, where IT and OT meet, said Schaffer. “The closer you are to the high end the of network—where data is going to edge or cloud—that’s where you see a change in the mindset in the past couple of years. If you want to take advantage of these new capabilities, you need to upgrade regularly here.”

Schaffer also advises taking security into account as part of your network upgrade with three best practices:

  • Follow the principle of least privilege (or least authority). A device should only be allowed to communicate with what it needs to communicate with. Give it the connections and access rights it needs and nothing more.
  • Proactive defense in depth. Layer your defenses with different and various techniques and technologies. Having just one firewall with no defenses behind it is not ideal.
  • Know your network. Logging, auditing, monitoring, performing baselines, and understanding what your network should look like normally is a huge benefit when something goes wrong. For example, if your network normally sees 7 mbps traffic levels and you see it spike to 27 mpbs, you can focus on the devices generating the extra traffic.

As for answering the reader question about how often industrial networks should be upgraded, Schaffer said, “While mileage may vary, I suggest patching once per year at least, with once per quarter being best, and doing a full technology refresh every 5-7 years.”

To hear this podcast episode, "How Often Should You Upgrade Your Network," visit the “Automation World Gets Your Questions Answered” podcast site. Our podcasts are also accessible on iTunes, Spotify, and other major podcast platforms. To find them, search for “Automation World Gets Your Questions Answered” and be sure to subscribe to be notified when new episodes are posted.

Companies in this article
More in Networks