IT in Manufacturing


Comprehensive protection of the network against attacks

May 2024 IT in Manufacturing

In recent years, the generation of data to create ever better transparency and control of production has become a decisive competitive factor. IIoT has also contributed to more manufacturing systems being connected to IT or cloud systems. This places higher demands on access security, which Phoenix Contact meets with the Secure Edge Box.


The solutions used for data acquisition usually have different interfaces, and support different communication protocols. In addition, exceptions must be set in the rules of the IT firewalls so that each of the systems can reach the individual peers. This makes the systems confusing and difficult to administer. Furthermore, the risk of a cyberattack increases because there are too many uncontrolled and open access points to the company and its production area. In addition, the diversity of the solutions requires a high level of expertise from employees in order to parameterise and maintain the systems. For this task, it may be necessary to call on external help – be it from other company locations or from the application experts of the respective manufacturers. For this purpose, a standardised and secure remote connection to the peer must be set up. At best, a secure edge interface is established between manufacturing and other networks. To support users, Phoenix Contact offers a Secure Edge Box that solves the above challenges.

Signal light for checking VPN connections

Protecting production against attacks and sabotage should be a top priority in every company. Controlling incoming and outgoing data traffic and dividing the network into small areas (network segmentation) can prevent, or at least make it more difficult for malware to infect and spread. This task is performed by the Secure Edge Box. An industrial firewall router – the mGuard firewall – separates the lower-level network from the rest of manufacturing. In addition, incoming and outgoing data traffic can be limited by firewall rules. The user can either enter the rules directly in the device via a web interface, or manage and transfer them centrally – even for several mGuard firewalls in groups – using the mGuard Device Manager tool.

All devices in the separate area can be accessed via a VPN connection if required. The establishment of the VPN connection is controlled and monitored directly via a switch on the Secure Edge Box. In this way, employees in production always have control over whether someone is connecting remotely to the area, machine or system. A signal light on the top of the box is also used for monitoring, which visually indicates the status of the VPN connection setting.

Additional security settings via a managed switch

There is a second switch on the front of the box that controls the DMZ (demilitarised zone) port of the firewall router. The service technician on site is granted access to certain devices in the area via this port. Only the devices to which the service technician must have access can be reached via the subnet of the DMZ port. Another digital input on the firewall router is used to query the door switch. If the control cabinet door is opened and there is a potential risk of tampering on site, the mGuard firewall can send an alert to a configurable receiver.

A managed switch with 16 ports from the powerful FL mGuard 2000 series is used for networking in this area. Additional security settings can be made when configuring the switches. These range from user administration, with adjustable password complexity and detailed port access configurations, to authentication on a RADIUS (Remote Authentication Dial-In User Service) or LDAP (Lightweight Directory Access Protocol) server. Adding up to three more switches to the control cabinet creates additional connection options. The connections for the power supply are already preinstalled.


Edge PC for data acquisition and forwarding to a cloud

The edge PC with PLCnext Runtime that is installed in the Secure Edge Box can be upgraded via the PLCnext Store or remotely via Proficloud, and can take on many tasks. The PLCnext Store is the digital marketplace of the PLCnext Technology open ecosystem, from which users can download apps and function blocks onto their PLCnext Control. Two approaches can be realised by using the edge PC. First, it is possible to implement purely local data acquisition with visualisation and anomaly detection. In this way, for example, energy data or analogue sensor data is transmitted to the edge PC via MQTT or OPC UA. The user can then store the data in a database and use the open source application, Grafana, to display it in a clear, hierarchical and target group-oriented manner.

With the second approach, the data is forwarded to an online hosted cloud. In this case, the edge PC normalises the data, compresses it, and stores it temporarily if the online connection is not available. By using the graphical development tool Node-Red, the user can also access numerous open source libraries to process the data between these steps. This means that communication can be implemented with almost all systems, as their adaptation in Node-Red ensures the necessary compatibility.

To increase the availability of the data, both approaches can be used in parallel so that the user can access the data even if there is no online connection. Additional apps for detecting data anomalies can be installed on the edge PC via the PLCnext Store. Learned signal sequences are monitored by the software, and corresponding messages are generated. Regulatory intervention in the process is also possible.

Ready-made, functionally extendable control cabinet solution

The Secure Edge Box can be ordered as a ready-made control cabinet solution. In addition to CE marking, it complies with the UL 508A standard. Due to the space available, the box can be functionally extended, for example with additional switches or other components. The user simply specifies the devices when placing the order. The main switch and the operating elements for controlling the VPN tunnel and the DMZ port are located on the front of the box. The signal tower, which indicates an active VPN connection, is mounted on the top of the control cabinet. Up to 60 cables can be fed into the box from the bottom using a cable entry system. The user only needs to supply them with power and a network on site. Then the solution is ready for use.

The Secure Edge Box can be used to secure a network area in order to protect production against cyberattacks. To this end, incoming and outgoing data traffic is controlled and restricted. The integrated edge functionality allows data to be received, processed and forwarded – both locally and in the cloud.


Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Bringing brownfield plants back to life
Schneider Electric South Africa IT in Manufacturing
Today’s brownfield plants are typically characterised by outdated equipment and processes, and face challenges ranging from inefficient operations to safety hazards. However, all is not lost, as these plants stand to gain a lot from digitalisation and automation.

Read more...
Bringing brownfield plants back to life
Schneider Electric South Africa IT in Manufacturing
Today’s brownfield plants are typically characterised by outdated equipment and processes, and face challenges ranging from inefficient operations to safety hazards. However, all is not lost as these plants stand to gain a lot from digitalisation.

Read more...
Testing next-generation automotive e-drives
Siemens South Africa IT in Manufacturing
Emotors, an independent e-drive manufacturer, has taken advantage of test solutions from the Siemens Xcelerator portfolio of industry software to aid in the development and constant improvement of its e-drive systems for hybrids, plug-ins and full electric vehicles.

Read more...
Simplifying AI training
Beckhoff Automation IT in Manufacturing
The TwinCAT Machine Learning Creator from Beckhoff is aimed at automation and process experts and adds the automated creation of AI models to the TwinCAT 3 workflow.

Read more...
Closed-loop production chain for metal additive manufacturing
Siemens South Africa IT in Manufacturing
AMAZEMET has adopted solutions from the Siemens Xcelerator portfolio of industry software to help build its etal additive manufacturing materials and supporting post-processing equipment.

Read more...
Exploring the role of AI in digitisation
IT in Manufacturing
Artificial Intelligence (AI) is providing companies with the advanced technology necessary to navigate their digitisation journeys more easily. But more than that, AI is transforming IT infrastructure, enhancing business operations, and reshaping job roles, all while decision makers stay cognisant of the ethical considerations. By understanding the opportunities and challenges presented by AI in digitisation, we can harness its power to help organisations move towards a more agile, intelligent, and competitive future.

Read more...
AI can speed up rollout of renewable energy solutions
IT in Manufacturing
Artificial Intelligence (AI) is taking over in every industry and sector, and has the potential to drive an efficiency and productivity revolution. In the renewable energy sector, AI modelling could assist with optimising power plant design, ensuring that various renewables sources are effectively integrated and load balanced, provide optimised and continuous monitoring, and much more.

Read more...
Control architecture leads to faster, easier product development for refrigeration
Opto Africa Automation Editor's Choice IT in Manufacturing
What’s the secret to providing superior service and staying competitive in a changing market? You might learn something from ALTA Refrigeration’s experience. Over ten years, it transformed itself from a custom engineering services company into a scalable industrial equipment manufacturer, using an edge-oriented control architecture to manage a growing installed base.

Read more...
Embracing security as a core component of your technology
IT in Manufacturing
ABI Research recently undertook a comprehensive study to learn more about the product security assurance landscape from the perspective of enterprise customers, surveying 302 enterprise customers, and conducting in-depth interviews to complement the qualitative survey.

Read more...
AI in manufacturing: a process engineer’s perspective
Editor's Choice IT in Manufacturing
The expert will tell you what to do, the philosopher will tell you why to do it, and the engineer will get on and actually do it. As the hype around AI intensifies, the number of ‘experts’ is increasing exponentially. In contrast, the number of engineers who actually know how to implement AI technology remains small.

Read more...