Across manufacturing operations, the physical and the digital are converging. Everywhere from factory floors to global supply networks, the growing volumes of data generated by physical hardware – the next generation of ‘smart’ devices – are in constant flow, allowing for micro and macro views of processes that would previously have been impossible to achieve. When it comes to developing more efficient, cost-effective, and intelligently integrated operations, the possibilities are truly immense.
Secure by Design
But as the sector explores how these new models can be used to bring new innovations to life, it is important that the ongoing challenge of security is not neglected. A recent report revealed that almost half of UK manufacturers had experienced a cyber security breach, with more than 25% of respondents experiencing financial loss as a result. As smart technologies and the IoT continue to establish themselves, a range of new attack vectors will be created across manufacturing operations – all of which bad actors will be ready and waiting to take advantage of.
While all manufacturers will already have both physical and cyber security systems in place, it is time to consider how these can evolve to best serve the new operational models emerging across the sector…
Don’t discount the Purdue Model!
Introduced in 1992 by Theodore J. Williams and the Purdue University Consortium, the Purdue Model has long formed the basis of OT security ecosystems for manufacturing operations by providing a robust model for the associated digital workflows. It accomplishes this by dividing the underlying architecture in six distinct ‘zones’:
- Level 4/5: Enterprise zone
The primary network functions that help orchestrate manufacturing operations. - Level 3.5: Demilitarised zone
Firewalls, proxies, and other security systems designed to protect against lateral moving threats. - Level 3: Manufacturing Operations Systems Zone
The OT systems responsible for production workflows, i.e. day-to-day operations on the shop floor. - Level 2: Control Systems Zone
The systems that control and monitor physical processes and manage the data generated. - Level 1: Intelligent Devices Zone
The instruments that control the devices at level 0. - Level 0: Physical Process Zone
The devices that execute a range of physical actions throughout the production process, which may be connected to monitoring systems in the Cloud.
This model has proven its worth for more than thirty years now, supporting the design and delivery of security ecosystems that encompass both IT and OT. However, with the rise of the IoT and smart devices, as well as the increasing speed of Cloud transformation, the different zones can frequently become blurred, which has led some to question whether it is still applicable to modern manufacturing.
We would argue that although data may now frequently travel between several zones at once, the Purdue Model’s segmentation still provides a helpful way of understanding the different ways in which data flows across manufacturing operations and – critically –the potential attack vectors that are created as it does so. The new breed of cyber security for manufacturing must build on this well-established approach, along with considering emerging standards like IEC 62443, the zero-trust model, and the NIS-Directive due to come into force in October of this year, in order to ensure the integrity of these complex dataflows.
Agile security for agile operations
Establishing this new model of cyber security will be very much a journey rather than an event – one that requires close collaboration between manufacturers and trusted technology partners who cannot just demonstrate substantial experience within the sector, but also around the successful integration of IT and OT. Vysiion has been a long-time supporter of the manufacturing sector in this regard, working closely with industry leaders to ensure their security ecosystems remain fit for purpose and support the ongoing innovation for which the sector is renowned.
To explore how to optimise the security of your own manufacturing operations, while simultaneously embracing the opportunities opened up by the convergence of IT and OT, do not hesitate to contact us.
Recent Comments