It is well understood and equally well documented that IT (Information Technology), and OT (Operational Technology) must work together for success of Industry 4.0 initiatives. This scope of this collaboration typically extends to network management and security, as IT has perfected these tools over the years, and it is argued that this expertise can be applied to operations network equally well. It is a fair argument and intuitively appears to be legitimate, but one fact is sometimes glossed over.
The success of this collaboration hinges on a couple of conditions–the operational network must have the security and manageability capabilities of IT run networks, and IT tools, in turn, must adapt to the operational networks' unique industrial features.
Historically, network devices used in operations have lacked such features, mainly because their connectivity needs have been modest. While enterprise networks were expanding at breakneck speeds and dealing with more users, more devices, more applications, more mobility, and more threats, industrial networks were not compelled by the same factors. Moreover, operations personnel were reluctant to change. Why change anything when it is working?
Rapid digitization needs are now forcing operations to rethink their networks. They realize that networks hold the key to bringing more intelligence into their processes to deal with things like agility, scale, supply chain issues, sustainability mandates, and the ever-increasing cyber security threats.
In this context, IT and OT collaboration is becoming more vital than ever and it is the network devices that help facilitate it. I have identified five necessary enterprise-grade capabilities in these devices to make such collaboration effective.
1. Performance at scale
As you move your operations towards digitization and increased deployment of industrial IoT (Internet of Things), you will need to adopt a network that can perform up to expectations. Enterprise networks solved this problem with high-performance hardware. For example, network vendors use specially developed ASICs (Application Specific Integrated Circuit), purpose-built for ultra-fast packet switching.
Industrial switches work at a disadvantage because they are built to operate not in air-conditioned closets but on factory floors, in remote locations, and where heat, humidity and vibration are considerations. They do not have moving parts such as cooling fans to reduce potential points of failure, and hence cannot utilize high-performance hardware. However, with advances in passive cooling technology, these same enterprise ASICs, are now being used in industrial switches. In addition to switching functions, these purpose-built processors can power advanced operations that enterprises take for granted, like running applications, dealing with complex configurations, creating virtual networks, as well as those specifically required by industrial use cases such as providing higher port density through stacking, running industrial protocols, delivering on precise timing synchronization needs, etc.
Enterprise networks have developed the ability to use the network to identify connected endpoints and applications that are using the network. Enterprise switches use specialized visibility applications, sometimes built into the switch, which perform deep packet inspection of transiting traffic. These applications use algorithms to determine the identity of connected endpoints and create an inventory of assets. They can also identify network traffic and automatically assign QoS priorities. These switches may also use NetFlow and telemetry to monitor the network itself, helping to proactively avoid potential issues.
As industrial networks grow, this visibility is also critical for their effective functioning. Visibility applications for the enterprise were not sufficient because they lacked industrial asset and protocol recognition. Therefore, new specialized applications have been developed. The best of these run within industrial equipment themselves. Others require spanning the traffic from access switches and run on a separate compute platform. Both can collect and analyze network traffic to increase operational visibility. By automatically identifying connected assets, any unauthorized endpoint can quickly be identified. Applications and interactions between endpoints can be baselined and variations can be detected and flagged. Such variations can help detect any potential security issues quickly. Quicker resolution of network issues can help avoid costly downtime.
Buffeted by the ever-present and increasingly sophisticated cyber security threats, enterprise networks have developed zero-trust security for the workplace. Zero-trust relies on creating a detailed inventory of endpoints, classifying them, and segmenting the network so that endpoints that have no business need to communicate with each other are placed in different segments by appropriately tagging packets and then enforcing rules for tagged packet delivery. All endpoints are then continuously monitored to catch any abnormal behavior that may point to a security breach. Specialized identity management applications help define and create access policies for segmentation.
The exponential increase in IoT devices in industrial networks expands the threat surface. These networks can benefit from the same zero-trust principles. Industrial network equipment must have the capability to not only provide the required visibility but also to be able to segment the network by tagging outgoing packets appropriately and policing transiting traffic. Such segmentation creates multiple virtual networks on the same physical network infrastructure. In this way, you can reduce the scope of any malware spread by limiting the traffic flow. Like enterprise networks, industrial networks must be able to work with identity applications to help define and enforce access policies.
As networks become more complex, proper tools are required to manage the complications that can arise, for example, from the needs for deploying, scaling, debugging, and relentless modifications. Enterprise networks have built highly capable management platforms that provide intelligent control, extensive automation, analytics aided by AI/ML, and machine reasoning algorithms to keep the network, and hence the business, running as intended.
Management concerns increase as industrial networks grow larger. You need a management platform that is easy to use, proven in IT circles, and well known so that the expertise to run it is not hard to find. The tool must be able to scale and reconfigure the operational network dynamically as per requirements, be able to gather and provide insights, and keep the devices’ software images updated. Keeping the network agile is particularly important since in recent times, some industrial companies have had to deal with ongoing disruptions and redesign their processes quickly in response. Other companies are using network flexibility to cut development and production times to bring new products to the market faster. All of them benefit from quicker existing and potential issue identification and resolution cutting or eliminating production downtime.
Operational network equipment, in turn, must support the programmatic interfaces needed for automation and be able to collect and send relevant network data to the network manager for correlation and insights. The most advanced industrial devices can be managed by the same management platforms as the enterprise. This commonality further helps unify enterprise and operational networks.
5. Edge compute
Enterprises use edge compute resources for processing data as close to the source as possible, to reduce latency and provide real-time response where needed. Leading enterprise switches and routers provide mechanisms to develop, and an environment to run such applications. Being close to the location where data is generated and where real-time processing is needed helps in quicker reaction to events.
In industrial networks, in addition to real-time response, applications in the edge compute facility can extract, transform, govern, and deliver critical operating data to higher-level applications in the data center or cloud. This data is key to gaining a better understanding of industrial processes. You can use this data to keep check on product quality, improve processes, and even modify and correct processes in real-time.
Networks are vital to industrial digitization. In addition to the hardware qualities of ruggedness and ability to operate under extreme conditions, industrial network devices need enterprise-grade features for the much-needed scalability, agility, performance, visibility, security, and access to data much needed for the next generation of manufacturing.
Cisco has developed specialized products for nearly every industry vertical backed by comprehensive verified design guides to help in the industrial digitization journey. To read more about how Cisco is committed to providing a seamless networking experience from the enterprise to the industrial edge, please visit Cisco IoT Solutions.