Successful collaboration between IT and OT depends on a few conditions: the operational network must have the security and manageability capabilities of the networks managed by IT, and the IT tools, in turn, must adapt to the unique industrial characteristics of operational networks.
It is well understood and equally well documented that IT (information technology) and OT (operational technology) must work together for the success of Industry 4.0 initiatives. This scope of this collaboration typically extends to network management and security, as IT has honed these tools over the years, and it is argued that this expertise can also be applied to the operations network. It’s a fair argument and seems intuitively legitimate, but a fact is sometimes glossed over.
The success of this collaboration depends on a few conditions: the operational network must have the security and manageability capabilities of computer networks, and the computer tools, in turn, must adapt to the unique industrial characteristics of the operational networks.
Historically, network devices used in operations lacked such functionality, primarily because their connectivity requirements were modest. As enterprise networks grew at breakneck speeds and dealt with more users, more devices, more applications, more mobility, and more threats, industrial networks were not constrained by the same factors. In addition, the operating staff was reluctant to change. Why change anything when it works?
Rapid digitization needs are now forcing operations to rethink their networks. They realize that networks hold the key to bringing more intelligence into their processes to deal with things like agility, scale, supply chain issues, sustainability mandates and threats to ever-increasing cybersecurity.
In this environment, IT and OT collaboration becomes more vital than ever and it is network devices that help facilitate it. I have identified five business features needed in these devices to make such collaboration effective.
1. Large-scale performance
As you evolve your operations toward digitalization and increased deployment of Industrial IoT (Internet of Things), you will need to adopt a network that can deliver on expectations. Enterprise networks have solved this problem with high performance hardware. For example, network vendors use specially developed ASICs (Application Specific Integrated Circuits) specifically designed for ultra-fast packet switching.
Industrial switches are at a disadvantage because they are designed to operate not in air-conditioned closets, but in factories, in remote locations, and where heat, humidity, and vibration are considerations. They have no moving parts such as cooling fans to reduce potential points of failure and therefore cannot use high performance hardware. However, with advances in passive cooling technology, these same enterprise ASICs are now being used in industrial switches. In addition to switching functions, these purpose-built processors can power advanced operations that enterprises take for granted, such as running applications, managing complex configurations, creating virtual networks, as well as those specifically required by industrial use cases such as providing higher port density. through stacking, running industrial protocols, meeting precise time synchronization needs, and more.
Enterprise networks have developed the ability to use the network to identify connected devices and applications using the network. Enterprise switches use specialized visibility applications, sometimes built into the switch, that perform deep packet inspection of traffic in transit. These applications use algorithms to determine the identity of connected devices and create an asset inventory. They can also identify network traffic and automatically assign QoS priorities. These switches can also use NetFlow and telemetry to monitor the network itself, helping to proactively avoid potential issues.
As industrial networks grow, this visibility is also essential for them to function well. Visibility applications for the enterprise were not sufficient as they lacked recognition of industrial assets and protocols. Therefore, new specialized applications have been developed. The best of them work in the industrial equipment itself. Others require covering access switch traffic and running on a separate compute platform. Both can collect and analyze network traffic to increase operational visibility. By automatically identifying connected assets, any unauthorized terminal can be quickly identified. Applications and interactions between devices can be referenced and variations can be detected and reported. Such variations can help to quickly detect any potential security issues. Resolving network issues faster can help avoid costly downtime.
Shaken by pervasive and increasingly sophisticated cybersecurity threats, enterprise networks have developed zero-trust security for the workplace. Zero trust relies on creating a detailed endpoint inventory, classifying them, and segmenting the network so that endpoints that don’t need to communicate with each other are placed in different segments by properly labeling packets , then applying rules for delivery of labeled packets. All endpoints are then continuously monitored for abnormal behavior that may indicate a security breach. Specialized identity management applications help define and create access policies for segmentation.
The exponential increase of IoT devices in industrial networks is expanding the surface of threats. These networks can benefit from the same zero-trust principles. Industrial network equipment must have the ability to not only provide the required visibility, but also to be able to segment the network by labeling outgoing packets appropriately and monitoring traffic in transit. Such segmentation creates multiple virtual networks on the same physical network infrastructure. This way, you can reduce the scope of any malware spread by limiting the flow of traffic. Like corporate networks, industrial networks must be able to work with identity applications to help define and enforce access policies.
As networks become more complex, proper tools are needed to handle complications that may arise, for example, the needs for deployment, scaling, debugging, and relentless changes. Enterprise networks have built high-performance management platforms that provide intelligent control, extensive automation, AI/ML-assisted analytics and automatic reasoning algorithms so that the network, and therefore the enterprise , works as expected.
Management concerns increase as industrial networks expand. You need a management platform that’s easy to use, proven in IT circles, and well known so that the expertise to make it work isn’t hard to come by. The tool must be able to dynamically adapt and reconfigure the operational network as needed, collect and deliver information, and keep device software images up-to-date. Keeping the network nimble is especially important because lately some industrial companies have had to deal with ongoing disruptions and quickly redesign their processes in response. Other companies are using the flexibility of the network to reduce development and production times to bring new products to market faster. All benefit from faster identification and resolution of existing and potential problems, reducing or eliminating production downtime.
The operational network equipment, in turn, must support the programmatic interfaces necessary for automation and be able to collect and send relevant network data to the network manager for correlation and information. The most advanced industrial devices can be managed by the same management platforms as the enterprise. This commonality also helps unify corporate and operational networks.
5. Edge Computing
Companies use edge computing resources to process data as close to the source as possible to reduce latency and provide real-time response when needed. Major enterprise switches and routers provide development mechanisms and an environment to run such applications. Proximity to where data is generated and where real-time processing is needed allows for faster reaction to events.
In industrial networks, in addition to real-time response, applications in the edge compute facility can extract, transform, govern, and deliver critical operational data to higher-level applications in the data center or cloud. These data are essential to better understand industrial processes. You can use this data to control product quality, improve processes, and even modify and correct processes in real time.
Networks are essential to industrial digitization. In addition to the hardware qualities of ruggedness and ability to operate under extreme conditions, industrial network devices require enterprise-grade features for scalability, agility, performance, visibility, security, and access to essential data for the next generation of manufacturing.
Cisco has developed specialized products for nearly every vertical industry backed by comprehensive, vetted design guides to help you on the industrial digitalization journey. To learn more about how Cisco is committed to providing a seamless network experience from the enterprise to the industrial edge, please visit Cisco IoT Solutions.
Did you enjoy this great article?
Check out our free e-newsletters to read other interesting articles.