In the era of the Industrial Internet of Things (IIoT), industries have now more opportunities to become more productive, more efficient, and more dynamic. For example, the IIoT provides businesses with new capabilities such as dashboards that show device status and data in real-time as well as the on-demand production of customized products. However, many applications still have to overcome several networking challenges before they can really reap the benefits of the IIoT. A successful IIoT strategy is driven by a number of key factors related to connectivity. In this article, we take an in-depth look at three of these key points.
1. Interoperability with your Existing and New Machines
Within the automation industry, companies typically purchase equipment that they will use for decades. When new trends evolve, such as the IIoT, business owners do not want to replace their existing equipment, but rather want solutions that allow them to incorporate their unconnected legacy devices into modern solutions.
Broadly speaking, two options are available to them:
Protocol Gateways for Multilanguage Connectivity
Industrial protocol gateways convert and connect legacy equipment with one unified communication protocol before transporting data to IT systems, for example, converting different proprietary industrial protocols used by legacy devices into one more common protocol, such as Modbus/TCP, Ethernet/IP, or PROFINET. This simplifies OT engineers’ efforts when they need to extract data from multiple sensors and machines that use different communication protocols.
OPC UA to Future Proof Your Network Design
When it comes to newly purchased devices, supporting OPC Unified Architecture (UA) protocols is essential. OPC UA is platform independent and ensures a seamless flow of information among devices from multiple vendors. Originally, OPC UA worked on a client-server model, but when dealing with hundreds or thousands of devices that all need to be interconnected across multiple sites, a more scalable solution was needed. This led to the adoption of the publisher-subscriber model (PubSub), which allows for more streamlined communication that offers improved scalability and resilience. Furthermore, PubSub also extends the OPC UA protocol to cloud-based communication in the automation industry.
2. Facilitating Communication between the OT and IT Worlds with IIoT Gateways
Close cooperation between IT and OT professionals is fundamental to leverage any smart application’s IIoT platform. To be successful, both domains need access to industrial data. IT departments, which oversee Enterprise Resource Planning (ERP) and sometimes MES, need to review this data to form the bigger picture and then develop solutions for each of the issues that hamper an operation’s reliability. OT professionals are more closely involved with the physical operations on the factory floor and have to figure out how to make all the divergent systems, fitted mostly with proprietary technologies, work together. Business owners must find a suitable solution to allow these two groups of people and two different sets of protocols to work together.
IIoT gateways are frequently used to bring the OT and IT worlds together. They will continue to play an important role in IIoT networks in the foreseeable future because these networks do not currently use a set of universal protocols. Direct transmission of vast amounts of data across these networks can lead to network latency, and IT personnel have to put in a lot of extra effort to identify useful data, resulting in delayed data analytics. To deal with this, there are some features that gateways should support to make the process more effective.
Smart Processing Capabilities: As gateways are deployed across many different applications, each gateway should have specific rules so that only the information useful to that application is passed to the cloud where the data will be analyzed. As the data is filtered before it is transmitted to IT applications, the transmission times are shortened and the operators only have the relevant data, which allows them to perform more accurate data analysis.
Secure Remote Communication: In order to prevent data stored on the gateway from being tampered with, it should be secured with a file protection system such as Trust Platform Modules (TPM). For remote connections, a Virtual Private Network (VPN) should be used to connect the control center and the gateway.
3. Ensuring Network Security from LAN-Centric to LAN/WAN Convergence
With multiple devices connected on the same network, all entry points to the network can be vulnerable to unauthorized access if proper security measures are not taken. This problem is exacerbated by the fact that many industrial protocols were not designed with cybersecurity in mind. As devices now frequently connect to the Internet, they can be open to remote access over that network because legacy protocols rarely support encryption or user authentication. The problem business owners need to overcome is how to ensure that their networks are protected now and into the future as networks continue to evolve.
Many system operators have stated that the best way to secure a network against cyberattacks is to use the defense-in-depth security architecture, which is designed to protect individual zones and cells. Any communication that needs to take place across these zones or cells must be done through a firewall or VPN. Deploying this type of architecture reduces the chance that the whole network will fail due to an attack, because each layer is able to address a different security threat. It also reduces the risk to the entire network. If a problem occurs in one part of the network, there is a higher chance that the problem can be contained within that layer and will not spread to the other layers.
After the network has been secured, the next step to consider is how to ensure that users cannot adversely change settings by accident or on purpose. This problem can arise from users who operate and manage the network, third-party system integrators, and contractors that are required to perform maintenance on the network. The best way to secure against this threat is to enhance the network devices’ cybersecurity to ensure that they cannot have their settings altered in a way that puts the devices or the network at risk. Many cybersecurity experts view the IEC 62443 standard as the most relevant publication for how to secure devices on industrial networks. This standard includes a series of guidelines, reports, and other relevant documentation that define procedures for implementing electronically secure IACS (Industrial Automation & Control Systems) networks.
Moxa’s commitment to flexible IIoT connectivity solutions from edge to the cloud combines innovative communication and computing technology that help system integrators deploy IIoT applications in an easy, fast, and intelligent manner.
For more detailed information about Moxa’s IIoT solutions, visit www.moxa.com/IIoT or download our solution flyer here.