This guest post is authored by Jim Flagg, systems architect for Polytron. 

Manufacturing facilities increasingly are becoming reliant on network connectivity to improve operational efficiency.  Getting an internet connection on the plant floor without running it through the enterprise IT department is quick and it gets the job done – as long as the network is only connected when your equipment or software vendor is providing remote support.  Everything should be OK, right?  Not quite.  When you prioritize connectivity without considering security, facilities are taking a serious risk.

We know that hackers are going after industrial equipment, but breaches are often underreported in an effort to minimize a manufacturer’s exposure.  Due to the increasing likelihood of network intrusions from both internal and external sources, manufacturing plant managers are beginning to realize they need to balance connectivity with security from the start.

Connecting with Security

When companies invest in secure connectivity, the two primary goals are to provide:

• Enterprise network connectivity so managers can collect critical data from the plant floor. This enables companies to easily analyze data to assess production levels, procurement needs, downtime and whether manufacturing goals were met.
• Internet connectivity that enables authorized employees to connect to the plant floor through a VPN for remote support, updates and diagnostics resulting in a significant reduction of support costs.

Due to the critical nature of manufacturing, secure barriers must be established between enterprise networks and manufacturing networks.  A large part of the security implementation is in the physical setup of the connections.  For example, a tiered network is much more secure than a flat one.  Software needs to be programmed to specify which users and data should be allowed through to control these data flows.  Finally, multiple firewalls can be installed to monitor connectivity and ensure compliance at the various intersections of enterprise and manufacturing networks.

Lax information security policies and practices can be a serious issue when your IT infrastructure converges with your plant floor.  Most businesses use firewalls to prevent outsiders from infiltrating their systems, but many breaches actually come from INSIDE the company.  Security isn’t just an add-on − it should be baked into your IT at every level.  A tiered infrastructure with varying degrees of access and security provides the highest levels of protection and will help prevent the worst of disasters.

The good news is that these security measures don’t have to be overly intrusive.  With proper planning, you can improve your plant’s security while maintaining connectivity for better operational efficiency.

Planning for Security

One of the hardest parts of properly implementing connections between a plant floor and the enterprise is getting everyone to work together efficiently.  I often see gaps between plant engineering and the enterprise IT department, so getting a third party involved to consult with the entire organization helps bridge the gap for an optimal solution.

A thorough plan is required to establish a secure manufacturing execution system (MES) that will allow a company’s enterprise operations to obtain the appropriate data from the plant floor for the management of resources, global procurement and other elements of the production process.  To create a plan, assess the needs of the enterprise IT department and the engineering team.  This will help you determine what is currently in place versus what you may need to incorporate into your manufacturing operations.  To ensure a smooth transition, test the solutions prior to the final rollout.

Finding the Right Solutions

The key to implementing an optimal, balanced solution is to focus on designing plant connectivity with a high level of security from the ground up.  It is important to assess your entire system for vulnerable points and close any security gaps quickly.  Then, as network upgrades are made − whether equipment components or systems configuration − security should be one of the top priorities in decision-making for design, platform and software.  Involving key managers from both the enterprise IT department and plant engineering helps ensure all user data needs are addressed as security is applied at the appropriate levels.

Have you assessed your network security?  How are you addressing security today?

About the Author
Jim Flagg, MCP, PMP, is a systems architect for Polytron with 30 years of experience working on automation and manufacturing intelligence projects.  A graduate of Georgia Tech, Jim has worked on everything from PLC and drives through HMIs and MES/MI systems.  Since 2004, Jim has been the lead technical engineer for Polytron’s MI projects.  In this position he has consulted with multiple clients to develop their overall software and hardware architecture for providing plant data to company personnel.  Most of these projects include developing a URS (user requirement specification) that will meet their current and future data collection, reporting and ERP interface needs.