Emerson: Plantweb Looks to Secure IIoT

Wednesday, October 26, 2016 @ 01:10 PM gHale


By Gregory Hale
For Plantweb it is truly back to the future as the process control and safety network is now gearing up to take on the heavy challenge of the Industrial Internet of Things (IIoT).

It is no secret that cybersecurity will play a major role in the evolution. It is also no secret IT and OT have to work together to ensure a more cohesive working enterprise.

RELATED STORIES
Emerson: A Connected Future
Strengthening Energy Security Posture
New Approach to Secure Networks
ICS Security: Threats, Visibility, Convergence

“How do we ensure the right people get the right data,” said Claudio Fayad, vice president process systems and solutions at Emerson Automation Solutions during his Tuesday presentation at the Emerson Global Users Exchange in Austin, TX. “(Plantweb) connects OT data to IT and optimizes the data in the cloud.”

The goal of this newly updated Plantweb is to allow connections between the plant floor and the enterprise and the Internet on top of that. A true IIoT experience.

Gathering information from the plant floor through an increase in sensors capability and then transferring that data throughout the enterprise is what IIoT is all about, but there are security risks.

That is where what Fayad called securing the first mile comes into play.

Architectural designs connect data from operational systems to the IT environment. Part of the security design calls for using servers, firewalls, gateways, data diodes, along with user management, data encryption, key management, code signing, and data flow control.

Fayad went on to explain part of the security posture using the Purdue model where there is the traditional plant floor levels 0 through 3, then the IT levels 4 through 5. What they are saying the secure first mile exists between level 3 and 4, what they are saying is level 3.5.

The Purdue model, Fayad said, uses conventional layered security through firewalls and user management. It requires multiple levels of software to move data from one layer to another. It also involves multiple stakeholders. Network penetration could be difficult, but not impossible. It would be effective, but complex to maintain, he said.

A much simpler method, he said, would be to use a data diode, or a one-way communication, to protect against inbound communications.

“There would be no physical connection to allow data into the plant,” Fayad said.

In this model, the field gateway collects data from the OT systems and converts OT protocols into protocols that support unidirectional data flow. The data diode physically disables the inbound path and creates an “air gap” for inbound communications, Fayad said. The edge gateway converts the incoming protocols into IoT protocols and it provides secure data transfer to the IT systems.



Leave a Reply

You must be logged in to post a comment.