Making Secure Connections

May 1, 2014
Internet-enabled technology, industrial Ethernet, the cloud, big data and the Internet of Things are supporting the Connected Enterprise that offers so much potential for your operations. As a result, it’s crucial to protect the industrial control and information systems that comprise your infrastructure.

The proliferation of Internet-enabled devices and deployment of standard EtherNet/IP across control systems have the potential for delivering tremendous benefits to those taking advantage, and great competitive risks for those not preparing a strategic response. Enter the Connected Enterprise. It allows tremendous collaboration among people, plant-floor systems and enterprise applications to improve productivity and sustainability.

Of course, establishing a truly Connected Enterprise is more complex than simply connecting disparate systems. It means having access to real-time and historical data, wherever it’s being produced, and all of the business and transactional data that will affect different plants and their operations.

It involves seamlessly and securely connecting all control and information levels of an organization. Making secure connections is imperative. As the historic disconnect between enterprise and plant-floor networks is bridged, industrial firms need to better understand potential — and very real — security risks. Whether it’s your network, assets or intellectual property, operations need to be secure from potential threats — whether they’re accidental or intentional, internal or external.

"When we speak to our customers about moving a Connected Enterprise forward, it's not unusual for them to raise two concerns: cost and security," explains John Nesi, Rockwell Automation vice president of global market development. "So as we discuss this, we have to realize that the vision of the Connected Enterprise includes value creation."

"By letting people know what's really happening in the enterprise, the Connected Enterprise creates real customer value by turning data into information into knowledge and ultimately into wisdom," says Keith Nosbusch, chairman and CEO, Rockwell Automation. This requires a common, secure Ethernet infrastructure to integrate control and information.

“That value opportunity comes directly from the technology opportunity. Having the technology and the knowledge to distill all of the business and transactional data into information that provides true innovative value is the next frontier,” Nesi says.

Technology is Transforming Everything

"We're in the middle of an amazing technology transition that has a big impact on business," explains Rob Soderbery, senior vice president and general manager of the Enterprise Networking Group at Cisco, a Rockwell Automation Strategic Alliance Partner. He oversees the strategy, engineering and marketing direction of the company's networking technology for the enterprise, and his organization is responsible for the core technologies critical to business customers.

Three macro trends are influencing that transition, Soderbery says:

  • The economics of the growth of emerging vs. developed countries.
  • Energy consumption and what the demands and sources will be in the future.
  • Social demographics of hyper growth in emerging markets, and declining workforce and aging population in developed countries.

Productivity, he adds, will be at the heart of solutions dealing with these issues. "The next wave of productivity will come out of the Internet of Things, or IoT." By 2020, we'll have 50 billion connected things connected to the Internet, Soderbery notes.

In fact, Cisco says there's $14.4 trillion in increased value to be realized in the private sector over the next 10 years in the IoT. "That value will come from benefits in innovation expansion, enhanced customer experiences, asset utilization, employee productivity, and supply chain and logistics improvements," Soderbery says.

He adds that about $3.7 trillion of that $14.4 trillion will come in the manufacturing sector.

"But the big impact, the stunning opportunity here, is in industry,” he says. “When you can connect things, processes and data in the cloud, you can create new real-world applications in logistics, in segments that are upstream in the supply chain."

The cloud offers remote access to devices and information, massive storage and the computing power needed for complex analytics. Mobility is not only about devices, but also providing people with the ability to access information on the go, making security a high priority. Big data and analytics empower collaboration, and "manufacturing generates more big data than any other sector," says Nosbusch.

Security at the Forefront

Clearly, many challenges exist, from converging and merging disparate networks, to harvesting distributed intelligence by pushing analytics out to the data sources, to ease of use. However, the one that trumps them all, Soderbery says, is security. Unless you address those concerns, you can't get started.

So why is IoT security different? One of the reasons is the “attack surface.”

"Those are places where an attack can be initiated," Soderbery explains. "The attack surface of a factory is large and complex. Remediation also is different. What do you do if you're under attack in the process industry? Shutting down is not a practical or easy response."

He presents a few simple building block ideas for IoT security. "Access control is more than a firewall. You have to be aware of the content on the network through tools like deep-packet-inspection engines. A second thing is the context. What's the device, what data does it produce, is it where it says it is? You can draw some conclusions through the combination of content and context."

All this contributes to improved threat awareness and an understanding of the threat landscape, Soderbery says. Who are the bad guys, what are they trying to do, and what actions have they taken or are they taking now?

Mike Assante is advisor and director for the National Board of Information Security Examiners. He is the SANS Institute project lead for industrial control system (ICS) and supervisory control and data acquisition (SCADA) security. He says that the desire for analytics isn't just restricted to the manufacturer and its supply chain.

"Companies such as the equipment and machine builders themselves want access to the equipment they sold you, and want to better understand the operating envelopes of those machines to help optimize those machines and perform more safely," he explains.

Expanding on Soderbery's security remarks, Assante notes that threats to industry are becoming more targeted and structured. "We aren't the only ones investing," Assante says. "The cyber underground has been doing it for years, some say to the tune of several billion dollars."

Assante reports that up to 94% of those targeted attacks aren't discovered by the victim until they learn about it through a third party, or learn that some of their information was found on someone else's server. The mean time before a threat is discovered is about 416 days — what Assante calls “free time” for intruders to travel around through that business system.

"In all these reported cases, the companies were up-to-date with their antivirus solutions in place and used industry security practices, but still were compromised," Assante notes. "It tells us that our conventional security approach isn't working for that type of threat."

It's time to adapt, he proposes. "We're at an inflection point in the effectiveness of traditional defenses."

He says we have to secure our people first. "Automation engineers have to work with cyber-security personnel and vice-versa to cross-educate their strengths and needs. We don't want to turn automation engineers into security professionals, but this can lead to new approaches to better security. We're setting up guidelines to help do that."

Bringing the Cloud Down to Earth

Some wonder how the cloud and the IoT will affect their daily work lives in the industrial plan. Is it just high-level theory? The answer is no. The cloud, big data and the IoT are real, and they’re already working in industrial settings.

"To us, big data means all the information running on plant floors, so our mission is to help our customers find the best ways to make sense of it all," says Keith McPherson, market development director, Rockwell Software. "So we help users connect to their information, organize it, put it into the right context, set up dashboards and distribute it to the right individuals who can make better and more profitable decisions."

“Over a decade ago, we made a decision to base Integrated Architecture on standard, unmodified Ethernet," he adds. "That's what's making it easier for us to implement the virtual computing and cloud-based services so many users are asking for now."

John Lohmann, director, Integrated Architecture at Rockwell Automation, adds, "Besides dealing with the strain of aging workforces, many users are still working with assets that must perform in harsh and difficult environments, so our ability to leverage open networks and the cloud can help users with all their logistics issues and people challenges."

For instance, McPherson reports that M.G. Bryan Equipment Co. in Grand Prairie, Texas, is implementing Rockwell Automation cloud-based solutions and Microsoft's Azure platform for its fracking trucks. The platform provides generic Internet connections for tablet PCs and smart phones, so Bryan's users can secure production data from the trucks and their drill sites. For example, this enables the trucks to alert operators when their air filters need to be changed, which can be as often as every eight hours.

"Basically, sensors and other field-based devices provide data via real-time production models to our FactoryTalk VantagePoint software, which builds reports and displays," McPherson says. "But now, M.G. Bryan's users can use iPads and Gmail to log in to their trucks, check actual data dashboards with real-time parameters and even initiate immediate orders for service or supplies."

In addition, Rockwell Software now offers its FactoryTalk® VantagePoint Mobile App in the Windows Store, which is based on the FactoryTalk VantagePoint enterprise manufacturing intelligence (EMI) software, Version 5.0 ( Featuring Windows 8-style on-screen tiles, this new app can provide any KPIs users need right at their fingertips, McPherson says.

To help support all these apps, big data and cloud-based projects with some heavy-duty virtualization hardware, Rockwell Automation offers its Industrial Data Center, a pre-engineered, scalable infrastructure that lets users run multiple operating systems and applications on virtualized servers.It includes an enclosure and temperature controls by Strategic Alliance Partner Panduit, and Unified Computing System (UCS Servers and Catalyst switches from Strategic Alliance Partner Cisco. It has the ability to run a virtualized PlantPAxTM system and a variety of FactoryTalk and other third-party software packages on a user's private cloud.

More Demand, More Attention Needed

As the global population accelerates toward 8 billion, millions of people are exiting poverty, and an expanding middle class will demand more food, housing and transportation — goods that will have to be manufactured and distributed. This will increase demands on manufacturers and on infrastructure, water supply and raw materials. Increasing demand for scarce resources will drive inefficiencies out of manufacturing, leading to a need to spend an estimated $1 trillion on resource productivity, Nosbusch says.

"We believe that we are at an inflection point drawn by the integration of the Internet of Things and the Connected Enterprise," he says.

That makes attention to security even more vital as the Connected Enterprise and technology that supports it enables the collaboration among people, plant-floor systems and enterprise for seamless, secure, productive operations.

What is a Connected Enterprise?

A truly Connected Enterprise connects the plant floor with enterprise systems, including disparate systems, in a seamless and secure way by using enabling technologies such as mobile devices, the cloud and big data. The Connected Enterprise can bring greater productivity, better utilization of assets, faster problem solving, and improved decision-making to industrial companies. It offers ease of use, lower total cost of ownership and improved operations.

Case Study: Connected Enterprise Transforms Paint Booth

Photo: Ritu Manoj Jethani/

The PEMSA plant in Saltillo, Mexico, which supplies Chrysler with painted Ram pickup truck boxes, was challenged in 2013 to go from painting two versions of boxes in seven colors to more than 1,200 part numbers representing multiple versions of boxes in 22 colors. The new level of complexity promised to overwhelm its already-taxed management and control systems, which used manual inventory and scheduling and rigid PLC controls with no visibility.

The plant installed a recipe-based production control system based on Rockwell Automation FactoryTalk® VantagePoint, with hooks to automated inventories and the SAP ERP system. "Now we can see when a box is received, when to paint it and when to deliver it," says Jose Luis Diaz Ceballos, maintenance manager at the PEMSA facility. "We can see where a box is and its status anytime, anywhere in the plant."

The system is designed to be administered, configured and modified by on-site personnel. "Sorry," Ceballos says. "Now we don't need our system integrators."

Time required to process a typical box has dropped from 24 to 9 hours. Direct communication with the customer, automated processing and information collection have improved production efficiency 70%. Also, problems such as robot crashes and unpainted boxes, each which used to shut down the line for 30 to 60 minutes, have vanished.

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!