For most organizations, network modernization involves bringing together IT and operations technology (OT) systems into a converged network architecture. This creates a common, connected and standardized infrastructure in which people, processes and technologies can be seamlessly connected.
No modernization project will be the same. However, keep in mind some general considerations to help optimize your network design and proactively address risks.
Collaborate Upfront.
Modernizing a network infrastructure shouldn’t be a go-it-alone venture for IT or OT. Rather, it needs to be a collaborative effort that involves functional teams from across organizations.
Early and open dialogue can help minimize any cultural differences by getting buy-in from all stakeholders. Most importantly, however, upfront collaboration is crucial to identifying potential risks and addressing them before they develop into problems.
Some areas where collaboration is key include:
Determining what connections are needed between the manufacturing execution system (MES) and enterprise business systems so everyone has access to the information they need.
Designing the network such that maintenance can be done without disrupting production.
Coordinating safety and security efforts to help identify and mitigate potential risks that could arise from security or safety incidents.
Use Design and Deployment Resources.
Industry guidance and resources are invaluable during your network modernization project.
Introduces the concepts and technologies you need to make the transition, while also providing tips on system design, configuration, implementation and troubleshooting.
Choose the Right Protocol
One of the most critical decisions you will make in designing your network infrastructure is selecting the right industrial Ethernet protocol.
Today, manufacturing and industrial companies are seeking to capitalize on the proliferation of connected smart devices that make up the Industrial Internet of Things (IIoT). IIoT devices use the internet protocol (IP), which provides the common language for different devices to coexist and interoperate on the same network.
Adoption of IIoT technologies will be a defining characteristic of the industrial sector for the next several years. Research firm Gartner, Inc. forecasts that the number of connected things worldwide will reach 20.8 billion by 2020. The technologies are expected to help manufacturers generate nearly $3.9 trillion in value through increased revenues and lower costs in the coming years.
One such IIoT technology is EtherNet/IP™, an industrial automation protocol that harnesses the power of IP, allowing for the harmonious coexistence of all IP-connected devices. This includes devices designed for industrial and commercial use. Proprietary networking technologies with multiple isolated networks can’t support this cross-device connectivity, unless you make additional investments in gateways, protocol converters or proprietary switching.
Use a Holistic Security Approach
According to a recent report from BDO USA, 92% of manufacturers cited cybersecurity concerns in their 2016 SEC disclosures this year. What’s more, the U.S. Department of Homeland Security has reported that basic cybersecurity practices in many industrial organizations are “an afterthought or significantly less than needed.”
Industrial organizations cannot ignore the fact that more connection points in a modern industrial IP network architecture also bring greater security risks.
No single security product, technology or methodology can be expected to contain today’s massive threat landscape on its own. A security-through-obscurity approach is no longer sufficient. Instead, you need a holistic security approach to help protect your people, operations, intellectual property and other assets.
Your industrial security program should start with a security assessment to identify risk areas and potential threats. From there, plan to deploy a defense-in-depth (DiD) security approach that establishes multiple layers of defense.
Plan for the Future
The infrastructure life cycle in the industrial automation space is typically between 15 and 20 years. However, can you imagine in 20 years what your operations will look like or how you will be using information given all the innovation that’s occurring today?
This is why it’s important that your industrial network infrastructure addresses your current needs while also anticipating those of tomorrow.
You may someday decide to adopt virtualization, for example, which can cut the cost of acquiring, deploying and maintaining servers. But it also increases the amount and type of traffic on an industrial network. As a result, your network infrastructure should be segmented into different virtual LANs to create smaller zones. You also will need an industrial demilitarized zone (IDMZ) with servers that can access the industrial zone.
Likewise, incorporating remote access into your operations will require that your network architecture support video and other collaboration tools. Integrating mobile devices will require that the network supports tablet authentication and encryption.
Workforce changes also should be considered. A modern industrial IP network infrastructure combined with a smart production approach will have a significant impact on your workers. It will require IT and OT professionals to have a full understanding of the converged environment, and will reshape roles for those responsible for developing and overseeing it.
