This month, we are reviewing a recent cybersecurity project at a manufacturing customer. The customer approached Patti Engineering saying that their IT department had identified a concern that their legacy factory floor network was deemed a red level (severe) threat because the PLCs and other floor-level devices were exposed to vulnerabilities in the current network architecture. These threats could infiltrate the corporate network where competitive information resides. The project’s goal was to improve network security while causing minimal downtime during installation.
The controls network consists of approximately 4000 devices, with roughly 100 PLCs on the plant floor. The pre-migration layout was a typical zone layout. To minimize downtime, the chosen solution was to insert Siemens SCALANCE S615 security modules. The new architecture allowed for the continued use of legacy devices that are unable to comply with the corporate security standards, isolating them on a separate network layer.
The S615s were installed over each PLC network. This allowed each PLC network to stay intact, and we did not have to change all of the IPs. Only NAT the IP Addresses that need to talk out, which requires only IPs on layer 1 for those devices, and included the PLCs, HMIs, and peripherals. We included firewall rules, which only allow our approved “whitelisted” traffic to pass through.
There were many benefits to choosing this implementation strategy to upgrade the network security. We were able to migrate the legacy network into the corporate network with zero downtime within the customer’s production schedule. During implementation, we greatly reduced the number of IPs used on Layer 1 of the corporate network, only requiring enough virtual IPs for devices that needed to talk out. Additional security was added by creating a bridge between the two separate networks, with the firewall in between only allowing “whitelisted” traffic between the networks. We were also able to keep unwanted IT traffic out of the controls network with the firewall.
Recently, a leading manufacturer of medical diagnostic devices had an issue with one of their production lines. An integral verification station was a general bottleneck...
Fair Oaks Ranch hired Patti Engineering to upgrade their servers from Windows 7 to Windows 10. With the Windows 10 upgrade, the SCADA system in...
A local automotive manufacturer purchased three leak test systems from an OEM. The systems follow a turn-key, plug-and-play methodology where the equipment is completely standalone...
Take the first step towards optimizing your business operations and staying ahead of the competition.