The recent move to smart factories, Industrie 4.0, Internet of Things (IoT) and digitalization has accelerated the demand for process data throughout the enterprise. Operations technology (OT) systems are getting connected to in-house and cloud-based IT systems like never before. The question is, how to secure your OT network, yet still provide the data?
A free Skkynet/Cogent webinar, Secure Networking: OT to IT and the Cloud, has some answers for you. Here you will find out how to securely network, aggregate and publish your production data to the cloud, or any central location. You’ll see how to make outbound connections from the plant keeping all firewall ports closed, through a DMZ or using a proxy, if necessary. We will also look at some use cases.
Secure networking using a DMZ is recommended by high-level agencies across Europe and North America. Guidelines from the European Commission and the White House both specify NIST document SP-800-82 that says, “The most secure, manageable, and scalable control network and corporate network segregation architectures are typically based on a system with at least three zones, incorporating one or more DMZs.”
These three zones are the control zone (OT), the corporate zone (IT), and the DMZ itself. Firewalls are used to separate these zones, to ensure that only the correct data passes from one to the other. Using a DMZ eliminates any direct link between corporate networks and control networks, and allows only known and authenticated users to enter the system at all.
How does this work? Using OPC UA provides good in-plant security, and MQTT can connect securely to the cloud. But these protocols were not designed for passing data through a DMZ, which leaves gaps in the implementation. Something else is needed.
A better approach is to use secure, real-time middleware to make outbound connections from the plant to the DMZ, and then from the DMZ to the IT department or cloud. Data gets pushed to the DMZ, and then passed along to its proper destination, all in real time. It is even possible to send control commands from IT back to OT. Our free webinar Secure Networking: OT to IT and the Cloud shows how it works, and how to do it.