Factory Automation – Preventing cyber attack
Cyber security is a major concern when designing automation networks, and the approaches to achieving this vary. The traditional method of simply not plugging anything into the machine and leaving it isolated from the outside world is a reliable, but outdated strategy.
At some point you’re going to connect the machines to a plant network, which allows you to link the production systems together. The obvious next step is to make reports from this data, and this requires a PC which will be connected to the outside world.
When applying security to the network, it is easy to add a firewall at the junction of the plant and office networks. The IT department responsible for the computer probably insisted on having one. By restricting the data into and out of the plant network, the risk to the plant automation system is slightly increased over leaving it isolated. With the plant network forming a protected subsection of a conventionally protected office network, this risk of attack from external threats is effectively mitigated.
This however ignores some major advantages from modern industrial network components such as the Siemens SCALANCE S615, or Allen Bradley 1783-NATR.
The SCALANCE S615 is not only capable of acting as a firewall, preventing attacks from external sources, it is also capable of Network Address Translation, and secure remote access. One S615 at the head of each production line allows the PLCs and HMIs to communicate to the plant network and the software engineer to dial in from the other side of the world, or from their bed. All this is achieved while providing direct protection to the production line.
Senior Project Engineer
Feed4ward Control Ltd