Today, a business’s shop floor network, its operational technology (OT) network, faces essentially the same security threats as their general business network, or information technology (IT) network. Fortunately, the same technologies are available to protect both network environments. So, why is it harder to deploy cybersecurity implementations in the OT environment, and why does it generally take significantly longer to complete these implementations?
There are three basic differences in the OT network environment that make defining and deploying a security solution different from the IT environment: equipment, manufacturing practices, and network responsiveness.
The individuals tasked with extending a business’s network onto the manufacturing shop floor almost exclusively come from the IT world. They have had little or no exposure to the unique requirements of the OT environment. This disconnect often leads to significant tension between those network professionals and the manufacturing teams tasked with keeping production running smoothly.
Many of the methods and procedures utilized to deploy security technologies for an IT network cannot be reasonably deployed in the OT environment. For example: In the IT environment, an older PC that cannot support the latest security technologies is commonly updated with a newer unit. In manufacturing, replacing or upgrading a piece of production equipment typically is not practical due to cost (potentially tens or hundreds of thousands of dollars) and the impact on production (a replacement is typically measured in days, weeks, and/or months). Other differences in practice include how people are assigned to pieces of equipment, how software upgrades and updates can be deployed without interruption to production, and how these security processes impact the interaction between pieces of equipment where high-speed coordination is required.
With the growing demand for deployment of digital manufacturing technologies, it is critical that companies include appropriate network security measures as part of these deployments. It takes a coordinated effort between a company’s IT and manufacturing teams to develop a plan for implementing an effective network security strategy. There is no “cookie-cutter” standard solution to fit every factory environment due to the unique combination of equipment and operating requirements of each facility. Developing this network strategy takes time, good communications between the teams, and compromise (trade-offs between the traditional IT security solutions and the reality of the manufacturing shop floor).
The more successful OT network implementations start with planning – a lot of planning. A growing trend is the development of OT professionals – IT professionals who are tightly integrated into the manufacturing team and develop a deep understanding of manufacturing operations. AMT is doing its part by identifying the issues and challenges associated with deploying network security solutions in the OT environment. This effort includes fostering discussions between manufacturing companies and the suppliers of shop floor equipment in order to address how manufacturing equipment and systems can more readily support the network security strategies required by the digital manufacturing architectures of the future.
Stay tuned for additional articles digging deeper into some of the unique challenges in deploying network security measures for the manufacturing shop floor.