Monitoring OT Infrastructure
When people discuss Industry 4.0 and the concept of Information Technology/Operational Technology (IT/OT) integration, they often neglect to consider how to manage and monitor all of the OT infrastructure.
IT infrastructure is usually managed by the IT department. IT touches everything you need to run a business in today’s world. This includes mobile devices, laptops, servers, user accounts, software licenses, even security systems and the HVAC system keeping your building at a comfortable temperature. In many instances, OT infrastructure falls under the operations team who has had little exposure to the IT crowd. This situation is somewhat related to the security through obscurity mindset commonly adopted in manufacturing, and the other issue is that much of the hardware in plants may not be able to interact with modern networks—so IT doesn’t have any visibility. However, as control systems and PLC hardware is modernized in conjunction with enterprise level data integrations, it is important to consider how this hardware will fit into your overall IT infrastructure planning.
PLC and SCADA Management
PLCs and SCADA systems are some of the first places to start with OT infrastructure. SCADA systems are low hanging fruit from an IT perspective. SCADA platforms such as Ignition, Aveva, and FactoryTalk View all run on servers or other computers that IT already works with. They might even be already monitoring them if they are accessible from the IT network.
PLC hardware is a different story. Assuming you have PLCs capable of ethernet communication, and/or they can be integrated with a SCADA system with a connection to the IT network, it will be relatively easy to get their status information. Assuming the PLCs can connect to your SCADA system, you can track if they are connected via the SCADA system itself. This information can then be connected to a higher level monitoring system. If they have ethernet communication and an IP address, they can be pinged through the network and their status easily monitored that way too.
From there, it is a matter of building in alerts to trigger a notification if the PLC goes offline for any reason. Usually this alert would first go to an OT team like the Maintenance Department, and then it can escalate to IT from there if necessary. Just because we are bringing IT and OT together, doesn’t mean we can ignore who has expertise about which systems.
If you have a large number of devices, and want to get into backup management, version control (or both) you might also be interested in a tool like AssetCentre for monitoring and managing your controls infrastructure. We will detail that approach in a future post.
Network Asset Inventory
Moving beyond PLCs and SCADA systems, we can consider the overall OT network and begin to integrate all the devices into an overall network management tool. On the IT side, this is commonly referred to as an Asset Inventory.
An Asset Inventory tracks which devices are on the network along with information about each device such as its IP address, network status, and meta data. Taking it a step further, an Asset Inventory can automatically generat and update a map of your network. If you are using managed switches, many companies have this information available through the switches. You can then parse the data from the switches to automatically build out your network map.
An Asset Inventory will also help you with overall planning for system expansion by showing you which IP addresses are currently in use, which are still available, and where you can slot in new equipment.
Asset Inventories are useful across many devices. A few examples of devices you can monitor are network switches, communication protocol converters, PCs, PLCs, servers, robot systems, CNC machines, cameras, some instruments, and even complex equipment like AGVs and mobile devices if they are connected to your network.
Cybersecurity Considerations
Expanding your OT Infrastructure footprint does come with some additional risks from a cybersecurity perspective. Depending on which SCADA platform you are using, utilities like antivirus software can cause a lot of issues. You will also need to be diligent about your network traffic, which ports are open to what devices, and how you access the network from the outside world.
Luckily, you can leverage the shared body of knowledge from the IT world on your OT network. The same tools that the IT team already uses (firewalls, SSL certificates, and user authentication) are directly applicable to modern OT solutions and hardware.
The biggest hurdle is usually cultural when moving away from the “security through obscurity” mindset. Your engineers may not have administrator access to every machine under your roof anymore, and they will need to work with IT to get equipment set up. These relatively minor inconveniences are far outweighed by the value of a secure system much less vulnerable to attack or disruption.
As you expand your organization’s OT footprint, bring IT into the discussion as early as possible, so that many of these risks can be mitigated before they ever become a problem.
Traffic Monitoring
Another powerful tool in your OT Infrastructure management strategy is traffic monitoring. PLCs are notorious for flooding networks with all kinds of packets if they are not configured correctly. Monitoring your network can help address these types of issues before joining your OT and IT networks together. You might not realize any issues exist if you only have a small number of PLCs …until you hook them up to many more network devices and start to see lots of traffic flooding everything on the network. Using basic traffic monitoring tools you can find these issues and fix them very easily.
Traffic monitoring tools can also find unauthorized devices on your network or whcih may even be nefarious. By monitoring traffic, you can help alleviate cybersecurity threats and understand if someone is poking around the network looking for an older, potentially unsecure device they can use to compromise your entire system. Using modern traffic monitoring tools, you can easily ferret out these bad actors and shut them down before they cause any lasting damage.
Wrapping Up
As you consider expanding your automation footprint to realize the advantages of Industry 4.0 solutions, planning how you will leverage your existing IT infrastructure with your OT equipment will go a long way towards getting the best performance out of your system.
Corso Systems has helped many companies expand their OT Infrastructure monitoring capabilities. We have a number of tools in our toolbox to rapidly deploy in any OT environment. If you have questions about how you can better monitor your OT Infrastructure or would like to get access to some of our well-tested solutions, please reach out and let us know!
