The first step in deploying an effective network of industrial connectivity is determining the nature of the network itself. In the session, Building an IIoT Roadmap for Your Factory, at the Atlantic Design and Manufacturing conference earlier this month, Benjamin Kiefer (photo), co-founder and systems engineer at MAJiK Systems, explained how to determine the details of the plant network. “Those who will get the most from their connectivity begin with a plan,” Kiefer told Design News. “To benefit from an automated system, you have to create a connectivity strategy. You need to start with a IIoT roadmap.”
The benefits to connectivity are numerous. Some come immediately, while others come as the culture of connectivity permeates plant management. Kiefer noted that immediate gains come from the reduction in the time and money spent on data collection and dissemination. After those first gains, short-run benefits include increased performance on measured metrics. In this stage, overall equipment effectiveness can be increased by as much as 20%. As for the long-run benefits, the system can provide detailed data for audits, forecasting, or capital equipment decisions. Plus, the plant can be managed based on metrics-oriented performance and decision making.
To begin the process, you have to choose the appropriate type of network for collecting, receiving, and disseminating data. “You have to determine your connectivity strategy,” said Kiefer. “There are three choices, a single network for facility, a plant and office network controlled by a mediator, or an air-gapped plant and office that does not connect to the outside world. The third one is common in nuclear facilities, where security is the primary objective.”
The Single Network for the Plant
When the plant is on a single network that is not intertwined with the office network or managed by a mediator, the system is managed by the plant for the plant. “The benefits of a single network for the facility is the easy communications between PCs, servers, and industrial equipment on the network,” said Kiefer. “It’s faster to set up networked applications, and there is no permission required from an IT departments before applications can be added.”
Yet the connections out to the office and provide problems if the office network is compromised. “It’s easier for your office network to affect your manufacturing. A malicious email attachment opened on an office PC could attack a PLC on the plant floor,” said Kiefer. “You need to have a strong VPN and IT policy in place to mitigate threat risks from individual devices on the network.”
Network Controlled by a Mediator
A network fully integrated with the office network and managed by a mediator can boost security and inadvertent exposure to malicious files. “It allows required communication between plant and office networks,” said Kiefer. “The industrial networks are secure from unauthorized intrusions as well as office network traffic. Plus, it limits application access to PLCs and equipment.”
The downside of combined plant and office network with a mediator, is that plant managers have to get permission before adding new devices or applications. “It requires a managed set of rules to maintain its firewall. People will ask for exceptions to these rules, and you have to determine who decides,” said Kiefer. “Direct connections between the plant and office network are allowed, but that means that if an office device on the network is compromised, the intruder can gain access to your entire plant network.”
The Air-Gapped Plant and Office Networks
Air-gapped networks do not connect to the outside world, which greatly reduces the likelihood of intrusive threats. “With air-gapped plant and office networks, the system is secure. There is no way to gain access to the plant network without being present at the plant,” said Kiefer. “The downside is that the security results in the inability to exchange information digitally between the office and the plant.”
Kiefer also notes that it is important for plant managers to create a recovery plan in the event of an attack. “How well you recover for an attack is directly related to how prepared you are for an attack,” said Kiefer. “Outlining your plan will add long-term value to your organization.”
Rob Spiegel has covered automation and control for 17 years, 15 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years, he was owner and publisher of the food magazine Chile Pepper.
Image by Design News