Digital manufacturing stresses factory networks in ways their designers never dreamed of. You’ve got more devices that need more bandwidth and wider access. You might be pulling ahead of competitors using cloud applications like predictive maintenance or “digital twins” that simulate the effects of changes. Meanwhile, cyber-attacks are increasing. By some accounts, manufacturing was the most attacked industry in 2021.

To meet these new demands, legacy production networks need a major facelift. Fortunately, operational technology (OT) teams don’t need to reinvent the wheel. OT has a tradition of looking to IT for inspiration, as when IT charted a course to deploy common operating systems and standard networking some 20 years ago. Today, OT can borrow IT’s tools and techniques to modernize production networks. Here are five lessons from enterprise networks.

1. Use managed switches

If you’re still using unmanaged switches, it’s time for an upgrade. Unmanaged switches move information between devices—but that’s it. No monitoring. No ability to prioritize critical traffic. No security protections. Unmanaged switches are typically used for isolated networks, which the controller bridges when needed. But unmanaged switches and isolated networks can’t meet the demands of smart manufacturing. Follow IT’s lead and replace legacy switches with managed switches, which provide more bandwidth, quality of service (QoS), and built-in security protections. Managed switches can also act like sensors, giving you early warning about cyberattacks and looming production problems.

2. Automate deployment and monitoring

Many OT teams are still manually configuring and updating their network infrastructure. Manual configuration is time-consuming and prone to error. Typos can cause performance problems or security vulnerabilities. To save time and effort and avoid risk, IT teams automate network infrastructure configuration with software-defined network management tools like Cisco DNA Center. You can, too. Collaborate with IT to enter the switch configuration once into templates or workflows. After that, you can apply the configuration to any or all switches with a click. Cisco DNA Center can also help you keep all network-device firmware current with recommended security updates. Everything is consistent. From the same dashboard you can see network performance problems and step-by-step instructions for remediation.

3. Gain visibility into production assets and communications flows

Can you confidently say that you know every asset connected to the production network? Most OT teams can’t. IT teams use automated discovery tools to see all connected devices and their communications patterns. But discovery is trickier in manufacturing environments because of the wide variety of devices and industrial protocols. We built Cisco Cyber Vision specifically for industrial networks. It automatically takes an inventory of every connected device, understands most industrial protocols, and reports details on the connected devices and communications flows. Just as IT does, you can use that information to find opportunities to increase operational efficiency, spot security vulnerabilities that need patching, and establish security policies. What can you discover? Vulnerabilities in your industrial automation and control system. Inappropriate communications, like traffic flowing between industrial systems that don’t need to communicate. Old, unpatched applications that are insecure. A high-definition camera that someone forgot to turn off that’s clogging the network and slowing down production applications. For more ways to improve operational efficiency with Cisco Cyber Vision, read this blog.

4. Enforce security policies

Like enterprise networks, production networks typically have a firewall that blocks unwanted traffic from the outside. But some threats will inevitably sneak through and IT teams limit their spread using a technique called segmentation. It’s a key tenet of zero-trust security. The idea is to limit device-to-device communication to what’s absolutely necessary. Machines on different lines typically don’t need to communicate, for example, and keeping them in different segments prevents an infection on one line from spreading to the other. Use Cisco Cyber Vision to understand necessary communications flows and define groups. Then, work with your IT team to use Cisco Identity Services Engine (ISE) to create and deploy security policies. Managed switches (see point 1) enforce these policies.

5. Use the cloud where it makes sense

Manufacturers are improving operational efficiency with cloud services like predictive maintenance, energy management, and digital twins that simulate how manufacturing processes and assets will perform under different conditions. A Google study found that 83% of manufacturers have a cloud strategy in place. Cloud services depend on a myriad of network connections, applications, and data flows to perform. They are becoming critical to production uptime and product quality, so it’s critical to find out about any performance problems right away. Troubleshooting takes too long when the source of the problem might be your own network, the internet, a failed application, the cloud provider’s network, or the cloud application itself. Enterprise IT teams monitor these complex systems using tools for full-stack observability (FSO). OT can do the same. Use Cisco AppDynamics, Cisco ThousandEyes Internet Insights, and Cisco Intersight Workload Optimizer to see network performance all the way from your industrial devices through the network to the cloud applications.

Learn more

OT pros are experts in industrial processes and machines. Fortunately, you don’t need to also become a networking expert to move forward with digital manufacturing. Instead, borrow tried-and-true practices from IT teams to keep the network high performing, available, and secure.


Paul Didier

Solution Architect

Manufacturing Industry