Professional Services for Industrial Networking

In contrast to standard IT, operating times around the clock (24/7) are demanded in industrial IT. The life cycles of industrial plants are much longer, i.e., updates may no longer be available for some components or may not be readily implemented in an accepted/released system. For example, a plant builder no longer provides a warranty or a safety certification would have to be renewed. As a rule, there are no defined time windows to perform maintenance work, changes may have to be made during operation. The automation process dictates the operating processes and not a single user.

It is common practice to design industrial network concepts based on the specific requirements of the respective application. In addition to safety, security and data availability concepts are also already included at an early stage of the network planning. Even though existing comparable network concepts can serve as the basis, individual application-specific characteristics are the compelling reason why no overarching standard architectures can be used.

In addition to dealing with a lack of space, it is crucial to enable the fastest possible exchange of defective components. To quickly put systems and plants into operation again, it makes sense to also place the aggregation networks – such as  the industrial backbone – directly at the plant, thus keeping the service path short and the response time low. 

The environmental conditions in a production plant, a distribution station or a filling/refilling system differ greatly from the climatic conditions in a data center or office. The fact that robust components should be used here, for which there are replacements even after many years, goes without saying.

A clear, physical separation of the two worlds makes sense and is nowadays also practiced, since the requirements differ greatly. In industrial applications, high availability, robust devices and fast switchover times are essential. Accordingly, the protocols used in the industrial automation environment have developed differently from those run in the office environment. This is one of the reasons why it is useful to decouple and separate the industrial network from the rest of the enterprise network through layer 3.

A threat to industrial networks that should not be neglected stems from the use of open communication technologies, e.g. Ethernet and OPC. These make previously proprietary, closed systems considerably more vulnerable to threats from the outside. No technology has increased the risk as much as Microsoft Windows, which is used as the de facto operating system in many industry sectors. While this trend brings many benefits to the plant operation, such as when it comes to the development effort as well as deployment and training costs, it at the same time exposes the control systems to all the risks and threats of the IT world.

Another threat exists due to the long life cycles of assets in industrial environments. In fact, many control systems have been in operation for more than 20 years. Instead of investing and migrating to modern systems – a very costly and potentially cumbersome process – many automation users have maintained legacy systems and merely improved their connectivity to retrieve more information from them. The consequence: Formerly closed systems are suddenly – and without preparation – connected to open enterprise networks and the Internet. As already mentioned, they are thus exposed to all common threats of modern communication.

Ignoring cyber threats to industrial IT systems can have far-reaching consequences for any plant operator – from environmental damage to image damage to financial loss. Other possible consequences include:

• Declining plant availability all the way to a plant stoppage
• Loss of data, recipes, intellectual property and confidential data 
• Sabotage/manipulation of the industrial plant 
• Changes in the production process and thus faulty products and services due to manipulated data
• Declining or lost competitiveness 
• Penalties for security incidents due to non-compliance with legal requirements

In order to support you in the implementation of a comprehensive security concept, Siemens not only offers an extensive industrial security portfolio of products and services, but also several operational guidelines that make basic recommendations for organizational and technical measures. In the form of Industrial Security Services, Siemens furthermore offers comprehensive services to support the planning and implementation of suitable action catalogs that precisely meet your requirements. The defense-in-depth security concept used by Siemens is primarily based on the international standard IEC 62443 / ISA99, which has proven itself in the industrial environments of automation. It is aimed at plant operators, integrators as well as component manufacturers, and thus covers all security-relevant aspects of industrial security.

The use of so-called whitelisting software is a good alternative to virus scanners. Such systems work with so-called positive lists, in which the user specifies the processes or programs that may be executed on the computer. If a user or malware attempts to install a new program that is not stored in the lists, the software automatically stops this and prevents damage. Unlike virus scanners, whitelisting software manages without regular updates of the signatures.

As a provider of industrial software, Siemens supports the user in this respect by testing its own software for compatibility with virus scanners and whitelisting software.

Fundamentally, no security concept or measure can provide 100% protection. For an adequate protective concept, users must therefore weigh the costs of the security against the benefits of an integrated network as well as the likelihood and impact of a security breach. This may result in varying protective goals for the various areas of the production, which in turn can be protected with different measures. By taking a holistic view of the production, Siemens can also help in defining suitable protective goals.

The safety-related segmentation of the plant network into individual protected automation cells serves to increase the security, in addition to the general risk minimization, and is a fundamental component of a security concept. 

Here, the segmentation of the network into cells and the assignment of the devices take place according to the communication and protection needs. Therefore, the implementation of a security concept often begins with the segmentation of the plant into logical security cells – according to the physical and functional layout of the network architecture. A security cell can again consist of several smaller segments, but in the case of disconnection, must ultimately be able to work autonomously for a certain period of time without a connection to other plant or functional units.

Since this is very much dependent on the application (high-bay warehouse, crane system, monorail overhead conveyor, driverless transportation systems), a site survey to determine the correct positioning of the WLAN components and the proper antenna selection is imperative.

By carefully selecting the frequency band and based on that, the proper channel planning. Interference can also be caused by reflections, which can be minimized through appropriate antenna selection and positioning. An organizational solution is also recommended – restrict the use of WLAN-enabled devices in industrial environments.

Depending on the application, several solution possibilities are feasible. If real-time processing is required, a deterministic communication can be achieved via the Industrial Point Coordinated Function (iPCF), e.g., for PROFINET. Environmental conditions in near-industrial surroundings already may make the use of industrial WLAN components indispensable.

There are no general recommendations, but IT and OT should definitely be decoupled in terms of frequencies. The preference, however, is clearly leaning toward 5 GHz for industrial use, since the 2.4 GHz frequency band is generally strongly utilized for WLAN as well as other radio technologies.

In today's companies, this is organizationally solved in many different ways. The recommendation by Siemens is that the automation-relevant network infrastructure is the responsibility of the maintenance personnel or an automation-related IT department – already simply because of the necessary operating times. The central firewall as the point of transfer between IT and automation is usually run by the office IT department, but the coordination of the guidelines has to be done by mutual agreement.

For a professional automation operation, it is recommended to employ a central management system that monitors the states of the network in real-time as well as allows parameters to be set, configurations to be backed up and software updates to be rolled out. It should be flexible enough so that it can be integrated into an existing control room as well as into a higher-level monitoring system. For analysis purposes, functions such as port mirroring or so-called TAPs (BANY) are useful, whose network recordings are evaluated using suitable analysis tools. Especially in the case of a fault, a remote access solution can prove to be very beneficial – diagnostics can then be started quickly without travel time.

The responsibility within the company strongly depends on the operational concept. In a situation as described above, the operational responsibility would be organized in automation-related departments. Maintenance is performed on-site at the plant; the automation-related IT department usually provides its services remotely.