Industry Perspectives: The Convergence of IT and OT Enhances Security for the Industrial Internet of Things
by VPNHaus | 01/17/2019
Traditionally, information technology (IT) and operational technology (OT) have played separate roles within organizations. Now, with the emergence of the Industrial Internet of Things and the integration of complex physical machinery with networked sensors and software, the worlds of IT and OT are converging. According to Gartner, a shared set of standards and platforms across IT and OT can reduce malware intrusion, internal errors, and costs in many areas of software management.
To ensure secure communications, leading providers of remote access security solutions, NCP engineering and MB connect line, are tackling IIoT security from both ends of the spectrum. NCP provides secure communications from an IT approach, while the foundation of MB connect line’s security solutions lies in OT systems.
IIoT Security from NCP engineering
The digitalization within industrial organizations means networking more devices, systems, and equipment than ever before and integrating office IT such as ERP systems and mobile devices into production networks. For optimal IT security, all communications between networked components must be encrypted and protected with advanced authentication. NCP has developed several software components for secure data communication in IIoT scenarios. At different points throughout the infrastructure, NCP’s software brings back control to system operators and provides secure data encryption.
The NCP IIoT Remote Gateway ensures secure communications between plants, machinery and systems. It can also function as a virtual adapter to receive data from other devices (sensors, cameras, etc.) and encrypt that data, if it is not encrypted already. The NCP Central IIoT Gateway receives the encrypted data from the IIoT Remote Gateway, then transmits it to other systems where big data and artificial intelligence come into play.
The NCP Management System provides full administration and monitoring of existing infrastructures and features a multi-client capability which links several production sites or divisions via a common platform. This way, administrators only have access to the production sites they need to manage and cannot access external data or protected areas. For advanced authentication in remote access and IIoT networks, NCP offers support for certificates, tokens, pre-shared keys, smartcards, pins, and biometrics. The NCP Management System can also be used for remote access VPN in office networks.
IIoT Security from MB Connect Line
To mitigate cybercrime on safety instrumented systems (SIS) and the engineered sets of hardware and software controls, users must follow standard and documented security practices. It’s important to conduct a thorough site assessment and develop a cybersecurity plan that includes segmenting and protecting OT-networks with a strong industrial firewall.
As an industrial firewall for automation users, MB connect line’s mbNETFIX provides protection against attacks by using the industrial firewall to segment the production network into manageable and logically separated units. To ensure a seamless and secure flow of data flow, mbNETFIX filters all communications and eliminates any chance of threats spreading from a HMI, USB, or PC to factory floors.
Next, one of the major challenges of legacy systems is that they were never developed with a security framework in mind. One example of how security by design can be achieved by an IIoT product is with the Edge Gateway of MB Connect Line. An essential factor of the Edge Gateway is that it can be integrated into existing plants, as well as new installations, without changing any configuration of the control system or PLC. Users can then securely connect individual machines to access important data such as function, productivity, and utilization.
Working Together for Secure Remote Access
Overall, administrators must implement a sophisticated network that encrypts all communications, authenticates connected devices, monitors data and manages the entire IIoT environment including updates and patches. A centrally managed virtual private network (VPN) is vital to protect remote access security and to minimize the risk of cyber-criminal activity. VPNs can secure the IP-connection of every IIoT device so that data traffic is encrypted as it passes between individual devices and the remote central management point over the Internet. When combined with remote access controls and certified authentication measures, VPNs form an effective barrier that shields company confidential data from the unwanted attention of unauthorized parties.
To further protect IIoT communications, organizations must implement industrial firewalls that are user-friendly and designed for automation users. As Industry 4.0 is all about the seamless flow of data, automation firewalls are necessary to filter authorized and unauthorized traffic and to protect machines from Internet attacks. When it comes to security for the Industrial Internet of Things, IT and OT solutions can work together to provide secure remote access to plants, machines, and sensors.
Interested in learning more about security for the Industrial Internet of Things? Download our white paper here.