How to securely share manufacturing data from OT to enterprise IT in any factory using IDMZ
The current trend in Industrial Automation and Control System (IACS) networking is the convergence of Operational Technology (OT) with Information Technology (IT) with the use of standard Ethernet and Internet Protocol (IP) technology. This convergence helps to enable the Industrial Internet of Things (IIoT).By default, a converged IACS network is generally open. While the openness facilitates both technology coexistence and IACS device interoperability, it also makes it vulnerable for security threats. A well-defined security policy and implementation becomes critical before bridging the OT and IT. Business practices, corporate standards, security policies, application requirements, industry security standards, regulatory compliance, risk management policies and overall tolerance to risk are key factors in determining the appropriate security stance. An Industrial Demilitarized Zone (IDMZ is a recommend layer to segment business system networks from plant-wide networks. The IDMZ exists as a separate network located in a level between the Industrial and Enterprise Zones, commonly referred to as Level 3.5. An IDMZ environment consists of numerous infrastructure devices, including firewalls, virtual private network (VPN) servers, IACS application mirrors, remote gateway services and reverse proxy servers, in addition to network infrastructure devices such as routers, switches and virtualized services. Protection of IACS assets requires a defense-in-depth security approach, which addresses internal and external security threats. This approach uses multiple layers of defense (administrative, technical and physical), utilizing diverse technologies, at separate IACS levels that address different types of threats. The approach is aligned to industrial security standards such as IEC-62443 and NIST 800-82.
Designing and implementing a comprehensive IACS network security framework should serve as a natural extension of the IACS. Network security should not be implemented as an afterthought. No single product, technology or methodology can fully secure IACS applications. The industrial network security framework should be pervasive and core to the IACS. However, for existing IACS deployments, the same defense-in-depth layers can be applied incrementally to help improve the security stance of the IACS.
This presentation will detail the proven design considerations to help with the successful design and implementation of an IDMZ to securely share IACS data across the IDMZ to enterprise IT.
Kai is the CEO of KioTek Digi Networks – a fast growing technology company in the IIOT industry in USA and India. Kai has about 33 years of proven experience in PLC, HMI, Servo, vision and industrial networks based manufacturing automation systems. His experience extends over an entire gamut of the design, engineering, marketing, system integration, commissioning, configuration, maintenance, trouble shooting and technology upgrade of process controls and automation systems. He has extensive experience across various industries that include pharmaceuticals, chemicals, pulp & paper, sugar, tea, automobile, health care, personal care, food and beverage. He invented a vision based online cocked cap detection & rejection system and implemented a proto type in one of the Coca Cola plants. This concept is being replicated in most of the Coca Cola plants throughout USA and Canada. He implemented remote diagnostics systems in a Coca Cola plant that has helped to maintain, and trouble shoot automation systems from anywhere in the world using an internet browser. Also, he implemented innovative cloud computing concepts that helped the plant to reduce downtime of production lines due to automation related breakdowns. In the past, he had presented a paper on ‘Remote diagnostics of industrial controls system’ in the Automation World conference at Chicago, USA that attracted wide media coverage. He had presented a paper on cloud computing concepts in Melbourne, Australia. He coined the term ‘cloutomation’ for the first time during his presentation of application of cloud technologies in industrial automation in the Automation World conference in Chicago. He has traveled widely on business in USA, Germany, Netherlands and India. He has a bachelor degree in Instrumentation and controls from the highly reputed Madras Institute of Technology, Anna University, India and an MBA as well. He was awarded certificates in leadership and business communication from Opus school of business, St Thomas University, USA and University of Minnesota, USA.
End-User, Enterprise, Small / Medium Enterprise, OEM
Industrial Automation and Control System, IACS, Operational Technology, OT, Information Technology, IT, Ethernet and Internet Protocol, TCP/IP, Industrial Demilitarized Zone, IDMZ, Level 3.5, industrial security standards, IEC-62443, NIST 800-82
CxO, VP / Director, Middle Management, Technical, Business Line Management, Operations
Expert, Advanced, Intermediate
Manufacturing, Industrials, Pharmaceutical / BioTech, Automotive
© IoT Community’s IoT Slam Live 2019 Internet of Things Conference
Join the IoT Community at https://iotslam.com/community