Backstory: Implementing secure IT systems in production environments

May 31, 2019 – The first step when starting any Industry 4.0 initiative or digital transformation within a manufacturing environment is to define the common goals and consistent use of terms.

One goal should be to achieve real-time processing of measured values through the use of more information technology (IT) and additional sensors. This will enable innovative applications, such as machine learning, process optimization and predictive maintenance, which can only be done via big data analysis. Deviations can be recognized very quickly, increasing the reliability of these environments.

Find a secure location for the IT systems
A consideration is where to put any IT systems (such as an edge computing system) within a production environment. This requires input from a range of different departments: facility management, fire prevention and safety managers, production managers, IT managers and other specialists in network technology and production planning.

Project managers should therefore start planning with the relevant departmental managers at an early stage to identify any issues. It may mean finding an alternative space or even building a whole new facility to house the additional IT systems, but it’s just as likely that a business will be able to retrofit IT systems in the manufacturing hall.

In one recent application, the necessary IT for automated production was added to the second floor of the production hall, and special security rooms were used for the IT racks. It worked extremely well, however, because this arrangement used a water-based IT cooling system, it carried the risk of a leak onto the manufacturing facilities located below. To prevent this happening, leak detectors were installed in the IT racks and throughout the building to alert the facility management team of any problems at an early stage, increasing operational reliability.

In general, companies should select the best possible locations for IT systems from a technical security perspective as well as to support well thought-out network cabling. Ensuring there is sufficient distance to the manufacturing devices will protect IT systems from heat, dirt and vibrations.

Increase safety with monitoring
Small and medium-sized companies often find that the IT systems can send detailed alarm messages to control centres within the company, but not outside of it, as these alerts are blocked by the firewall.

The process of monitoring IT systems and sending an alert to relevant technicians also needs to be addressed collectively by all of the project participants, starting with a review of the existing organization-wide IT security strategy.

For example, a manufacturing company recently upgraded the IT cooling systems in its production hall to lower energy costs and increase the reliability of the IT system. Modern cooling systems are now able to send status messages directly to the manufacturer. In this instance, the firewalls had to be configured according to the data protocols used, otherwise the message would not have got through and the cooling systems would not be able to function in accordance with the designated levels of safety and efficiency.

Secure monitoring software
Monitoring software (DCIM) used to oversee production-related IT systems should be subject to special protection. Such a solution has a large number of interfaces and supports a variety of protocols, so it can be vulnerable to cyber-attacks.

To make the whole installation more robust, including the server platform, manufacturers can use software to conduct a security analysis. So-called network vulnerability tests check the systems for known but still open security weaknesses.
Without this protection, in extreme cases, attackers could shut down the fans in intelligent cooling systems or turn off switchable power distribution units (PDUs).

Set up edge computing
If areas of a production plant cannot be shut down while work is in progress, then it may be advisable to install pre-configured IT containers which are equipped with the required active IT components. Companies can therefore expand their IT capacities to decentralised production sites quickly and safely using what are termed “edge” data centres.

_____

Paresh Kansara is product manager for industrial and outdoor enclosures at Rittal.

A condensed version of this article originally ran in the May 2019 issue of Manufacturing AUTOMATION.