You can secure your plant, or you can access your production data—but not both. At least, that was the conventional wisdom for decades. Now Industrie 4.0 and competitive pressures are pushing companies to find a way to access production data securely. The good news is, it can be done.
Some options are better than others, though. For example, VPNs are not a safe bet. VPNs effectively extend the security perimeter beyond the plant network to include the IT network. A security breach on the VPN exposes all systems on both networks to attack.
Another option is to combine OPC and MQTT for in-plant and plant-to-cloud security. This approach draws on the strengths of both protocols but falls short when it comes to NIS 2 recommendations to isolate networks using a DMZ. The OPC UA protocol is too complex to reproduce through a DMZ, and the QoS guarantees in MQTT cannot propagate well through a DMZ, making data at the user end unreliable. A secure tunnel/mirror implementation, on the other hand, can support connections across a DMZ because it can mirror the full data set at each node. It provides access to that data, both for qualified clients as well as the next node in the chain. Good tunnel/mirror software can guarantee consistency, so that the data for any client or intermediate point in the chain will be consistent with the original source.
For secure access to your production data, keeping all inbound firewall ports closed and isolating networks with a DMZ, the best approach is tunnel/mirroring. DataHub Tunneller software from Skkynet offers a secure way to connect OT and IT systems for real-time data flow without compromising on cybersecurity, enabling companies to remain competitive without sacrificing security.
For more information, please click here