I recently took part in a webinar with my colleague Scot Wlodarczak about the convergence of operations technology (OT) and information technology (IT) in manufacturing. (If you were unable to attend, you can register for the replay here.)
We received a lot of good questions from webinar attendees. So many, in fact, that we couldn’t get to all of them in the time we had allocated. Here, we wanted to highlight some of the most interesting questions – and expand on the answers.
Q: For analytics & OEE, does Cisco recommend any off-the-shelf “comprehensive” platforms, or is it just as well to roll your own analytics targeting specific machines?
A: We’ve worked with several analytics vendors that have integrated their applications across Cisco platforms. Choosing a vendor really depends on the application and what you’re trying to measure.
However, I want to highlight a few case studies that showcase the combination of networking technology with analytics platforms. The first case integrated the Cisco Fog Computing platform with Mazak machinery and Memex around the concept of a “SmartBox.” The Memex application runs on Cisco’s Industrial Ethernet (IE) switch or Industrial Routers and pulls the manufacturing data from the Mazak machines to provide real-time visibility into what’s happening on the factory floor. (Read the full story here.)
Q: I have not been able to convince my business that Cisco is the best vendor to use for their industrial network. I was hoping to get Cisco vs Siemens info in this webinar.
A: Automation vendors tend to standardize on their own series of protocols for industrial networks. Rockwell Automation standardizes on EtherNet/IP. Siemens utilizes PROFINET. Mitsubishi uses CC-LINK. Cisco networking equipment supports all these protocols, and the reality is that most manufacturers will have a mix of vendors on their factory floor that all need network connectivity. Additionally, with the trends toward convergence, a company that understands both the IT and OT sides of the house becomes critical for security, network management, and the deployment of new protocols like Time Sensitive Networking (TSN).
Q: What is the best strategy for IT/OT network segmentation (VLAN, Firewall, etc)?
A: We recommend starting with a Defense in Depth strategy that provides a layered approach to security. As a part of that strategy and in line with validated architectures, an industrial demilitarized zone (DMZ) should be implemented as part of the design. The DMZ perimeter is the buffer that enforces data security policies between the enterprise and the manufacturing zone via firewalls. Within the manufacturing zone we recommend logical segmentation at the cell levels for better organizational control. This can be accomplished using two mechanisms in the cell/area network:
- Physical—Use of separate cabling and Layer 2 access switches to achieve segmentation
- VLAN —Use of the VLAN protocol to achieve a VLAN that can be implemented on the same physical infrastructure
The following functional areas are good candidates for segmentation:
- Industrial automation and control systems dedicated to particular functions in the factory floor (for example, a brewing control room)
- Security and network administration applications
We also recommend implementing industrial firewalls at the cell level for increased protection of operations controls and visibility within the DMZ infrastructure.
Q: Is there a certain segment of industry that seems to be the early adopters of the Industrial IoT technology?
A: We’re seeing a lot of adoption in business segments where reduced downtime is critical. Unplanned downtime can cost upwards of $20,000 a minute in the case of the automotive industry, so some companies are using the information from the factory floor to support predictive maintenance and improve overall equipment effectiveness (OEE).
Additionally, machine builders such as FANUC and Mazak are integrating this technology to enable new business models and support better implementations of security and compute technologies in their machinery. Oil and Gas companies are using a connected architecture to manage their field operations and reduce risk around safety and security.
Q: Does Cisco have a solution for a secure remote third-party access to my factory floor?
A: Cisco has number of solutions, including the TrustSec architecture utilizing the Identity Services Engine (ISE) and AnyConnect, which can help provide access policy and secured communications. This architecture works with our network and security infrastructure to enforce and enable policy. Firepower ensures trust and verification and notes what’s allowed and not allowed on the network.
Thanks to everyone who attended and submitted questions. If you’re interested in attending more webinars in the Factory of the Future series, please register here. Our next event is with MAPI and Deloitte on the topic of cyber risk within manufacturing. All webinars begin at 11 a.m. ET and will be available on demand. We’ll continue to add more topics throughout the year, so be on the lookout for additions to the series.