foremost future requirements because
in most of today’s applications, the
automation device and the edge device
operate completely separately, mostly
with their own, dedicated sensors.
This is not an ideal solution, as both
devices have their valid advantages.
But their use is not only based on
co-existence; their cooperation is
crucial. Otherwise, it comes down
to a fight that only an edge device
with integrated automation control
- meaning an all-rounder – can win.
But these jack-of-all-trades solutions
have already proven, more often
than not, to be lame ducks. Therefore
the preference remains for reliance
on fast edge devices, which provide
the requisite ability for the system or
machine to learn over its entire life
cycle.
In addition, implementing IIoT at an
organisational level adds new network
and operational security challenges to a
computing environment, by introducing
network and cloud connectivity at the
shop floor level. Unfortunately, unlike
IT networks which can look back on 25
years of security there are significant
challenges with very few specific
instructions about how to implement
IIoT securely at the device, network and
system levels.
With the MICA from HARTING,
thought has already been given into
how it can be securely integrated
into manufacturing and production
environments. MICA (Modular Industry
Computing Architecture) is an open-
source, edge computing device which
can be customised with custom
hardware, software and interfaces
to suit individual requirements. As
a result, it provides a quick and easy
solution to implement digitisation
projects directly at facilities and
machines.
The key to securely rolling out
IIoT is taking a thorough look at the
environment and identifying and
mitigating potential threat vectors. A
useful way of tackling this is to identify
thread boundaries, usually contact
or handoff points between different
systems, and securing them and zones
between the boundaries. In the case of
IIoT, you can identify the threat zones as
being between the machine and MICA
and the backend, e.g. the Cloud, and
between the backend and remote users.EDGE COMPUTING
The backend area is usually the
normal corporate network, public
internet or private and public clouds.
Security in this zone is covered by
standard IT security practices. You
should consider how best to secure the
data coming from and going to the
MICA. Examples of possible solutions
include firewalls, traffic monitors, and
in some cases, even intrusive methods
such as deep packet inspection (DPI).
Conversely, you may also want to tunnel
data from the MICA through portions of
the backend zone using techniques such
as virtual private networks, SSH tunnels
or other forms of encryption.
In many applications, such as
condition monitoring, the traffic from
the machine zone to the MICA is largely
unidirectional or the sensors might be
limited enough that no thread emerges.
But keep in mind that PLCs and sensors
are getting more sophisticated so care
does need to be taken by container
developers to safeguard against sneak
attacks from compromised machines or
sensors.!Gavin Stoppel is product manager
at HARTING.