Author : admin | Tuesday, 17 September 2019
Like the majority of technologies in the industrial automation sphere, networking technologies are normally installed for the long haul. Put another way, if it ain’t broke, don’t fix it.
But with the advance of Industry 4.0 and Industrial Internet of Things initiatives bringing IT and OT (operational technologies) closer together, a move toward more regular upgrades of industrial network technologies seems to be underway - at least in some verticals.
According to Schaffer, the frequency of network upgrades across industries does, of course, have the tendency to be different - due to “the nature of the work in a particular vertical and the amount of capex involved. On the low end, it tends to be every five years, but typically ranges from 10-20 years. In the IT space, where I’ve spent much of my career, the standard is to upgrade every 3-5 years to keep up with technology changes.”
Looking at upgrade practices in certain industry verticals, Schaffer said the water/wastewater and electric power industries tend to have longest intervals between upgrades cycles. In these industries, going “20 years between upgrades is not uncommon due to specialized network design” and the prevailing attitude around NTAR, i.e., never touch a running system.
On the flip side, the oil and gas industry refreshes a great deal more regularly, primarily over the past many years with the upsurge in this industry’s profits. “They’re also embracing a much more data centric model of operation,” said Schaffer. “To get access to that data, they need to upgrade more frequently. They’ve also seen crippling effects of cybersecurity attacks - like the one impacting Saudi Aramco (in 2012), which is making them much more proactive. On the discrete side of industry, automotive is leading the charge because they’ve been actively embedding IT into their OT ranks. So, they have more of that three- to five-year upgrade mentality.”
Beyond the technological benefits, Schaffer said one of the biggest business advantages of a network upgrade is that it provides the perfect excuse to update, validate, and clean up documentation. “Too many times I’ve been in plants asking about what devices are connected to the network and what they’re connected to on the network only to find that the documentation is out of date. No one knows the answer—so it’s difficult to manage the network from an operational and cybersecurity vantage point. I’m a big believer in knowing your network. Whenever you do an update, it gives you the perfect opportunity to re-acquaint yourself with the infrastructure that makes your plant tick.”
The biggest impacts to be achieved from a network upgrade will take place on the higher end, where IT and OT meet, said Schaffer. “The closer you are to the high end of network - where data is going to edge or cloud - that’s where you see a change in the mindset in the past couple of years. If you want to take advantage of these new capabilities, you need to upgrade regularly here.”
Schaffer also recommends taking security into account as part of your network upgrade. He advises three best practices here:
· Follow the principle of least privilege (or least authority). A device should only be allowed to communicate with what it needs to communicate with. Give it the connections and access rights it needs and nothing more.
· Proactive defense in depth.Layer your defenses with different and various techniques and technologies. Having just one firewall with no defenses behind it is not ideal.
· Know your network. Logging, auditing, monitoring, performing baselines, and understanding what your network should look like normally is a huge benefit when something goes wrong. For example, if your network normally sees 7 mbps traffic levels and you see it spike to 27 mpbs, you can focus on the devices generating the extra traffic.
With regards to answering the reader question about how often industrial networks should be upgraded, Schaffer noted that, “while mileage may vary, I suggest patching once per year at least, with once per quarter being best, and doing a full technology refresh every 5-7 years.”