IT in Manufacturing


Comprehensive protection of the network against attacks

May 2024 IT in Manufacturing

In recent years, the generation of data to create ever better transparency and control of production has become a decisive competitive factor. IIoT has also contributed to more manufacturing systems being connected to IT or cloud systems. This places higher demands on access security, which Phoenix Contact meets with the Secure Edge Box.


The solutions used for data acquisition usually have different interfaces, and support different communication protocols. In addition, exceptions must be set in the rules of the IT firewalls so that each of the systems can reach the individual peers. This makes the systems confusing and difficult to administer. Furthermore, the risk of a cyberattack increases because there are too many uncontrolled and open access points to the company and its production area. In addition, the diversity of the solutions requires a high level of expertise from employees in order to parameterise and maintain the systems. For this task, it may be necessary to call on external help – be it from other company locations or from the application experts of the respective manufacturers. For this purpose, a standardised and secure remote connection to the peer must be set up. At best, a secure edge interface is established between manufacturing and other networks. To support users, Phoenix Contact offers a Secure Edge Box that solves the above challenges.

Signal light for checking VPN connections

Protecting production against attacks and sabotage should be a top priority in every company. Controlling incoming and outgoing data traffic and dividing the network into small areas (network segmentation) can prevent, or at least make it more difficult for malware to infect and spread. This task is performed by the Secure Edge Box. An industrial firewall router – the mGuard firewall – separates the lower-level network from the rest of manufacturing. In addition, incoming and outgoing data traffic can be limited by firewall rules. The user can either enter the rules directly in the device via a web interface, or manage and transfer them centrally – even for several mGuard firewalls in groups – using the mGuard Device Manager tool.

All devices in the separate area can be accessed via a VPN connection if required. The establishment of the VPN connection is controlled and monitored directly via a switch on the Secure Edge Box. In this way, employees in production always have control over whether someone is connecting remotely to the area, machine or system. A signal light on the top of the box is also used for monitoring, which visually indicates the status of the VPN connection setting.

Additional security settings via a managed switch

There is a second switch on the front of the box that controls the DMZ (demilitarised zone) port of the firewall router. The service technician on site is granted access to certain devices in the area via this port. Only the devices to which the service technician must have access can be reached via the subnet of the DMZ port. Another digital input on the firewall router is used to query the door switch. If the control cabinet door is opened and there is a potential risk of tampering on site, the mGuard firewall can send an alert to a configurable receiver.

A managed switch with 16 ports from the powerful FL mGuard 2000 series is used for networking in this area. Additional security settings can be made when configuring the switches. These range from user administration, with adjustable password complexity and detailed port access configurations, to authentication on a RADIUS (Remote Authentication Dial-In User Service) or LDAP (Lightweight Directory Access Protocol) server. Adding up to three more switches to the control cabinet creates additional connection options. The connections for the power supply are already preinstalled.


Edge PC for data acquisition and forwarding to a cloud

The edge PC with PLCnext Runtime that is installed in the Secure Edge Box can be upgraded via the PLCnext Store or remotely via Proficloud, and can take on many tasks. The PLCnext Store is the digital marketplace of the PLCnext Technology open ecosystem, from which users can download apps and function blocks onto their PLCnext Control. Two approaches can be realised by using the edge PC. First, it is possible to implement purely local data acquisition with visualisation and anomaly detection. In this way, for example, energy data or analogue sensor data is transmitted to the edge PC via MQTT or OPC UA. The user can then store the data in a database and use the open source application, Grafana, to display it in a clear, hierarchical and target group-oriented manner.

With the second approach, the data is forwarded to an online hosted cloud. In this case, the edge PC normalises the data, compresses it, and stores it temporarily if the online connection is not available. By using the graphical development tool Node-Red, the user can also access numerous open source libraries to process the data between these steps. This means that communication can be implemented with almost all systems, as their adaptation in Node-Red ensures the necessary compatibility.

To increase the availability of the data, both approaches can be used in parallel so that the user can access the data even if there is no online connection. Additional apps for detecting data anomalies can be installed on the edge PC via the PLCnext Store. Learned signal sequences are monitored by the software, and corresponding messages are generated. Regulatory intervention in the process is also possible.

Ready-made, functionally extendable control cabinet solution

The Secure Edge Box can be ordered as a ready-made control cabinet solution. In addition to CE marking, it complies with the UL 508A standard. Due to the space available, the box can be functionally extended, for example with additional switches or other components. The user simply specifies the devices when placing the order. The main switch and the operating elements for controlling the VPN tunnel and the DMZ port are located on the front of the box. The signal tower, which indicates an active VPN connection, is mounted on the top of the control cabinet. Up to 60 cables can be fed into the box from the bottom using a cable entry system. The user only needs to supply them with power and a network on site. Then the solution is ready for use.

The Secure Edge Box can be used to secure a network area in order to protect production against cyberattacks. To this end, incoming and outgoing data traffic is controlled and restricted. The integrated edge functionality allows data to be received, processed and forwarded – both locally and in the cloud.


Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Africa on the edge of a digital future
Schneider Electric South Africa IT in Manufacturing
Edge computing promises lower latency, stronger reliability and real-time responsiveness across Africa, yet its rollout keeps colliding with one stubborn obstacle, power. Steven Santini explores how renewable microgrids, smart energy management and the right partnerships could turn the continent’s energy gap into its biggest edge opportunity.

Read more...
3D electrical systems design workflow for electromechanical innovation
Siemens South Africa Fieldbus & Industrial Networking IT in Manufacturing
Siemens has announced new 3D electrical design capabilities within its Capital software, enabling electrical and mechanical engineers to work concurrently in a shared 3D environment to reduce late-stage design changes and accelerate time to market for complex electromechanical products.

Read more...
Optimising energy reliability for African manufacturing
Electrical Power & Protection IT in Manufacturing
Unreliable power can cost African manufacturers as much as 31% in sales. Behind-the-meter power offers manufacturers in sub-Saharan Africa control, visibility and resilience in their energy provisioning.

Read more...
ISO 42001 helps organisations prepare for the realities of AI governance
IT in Manufacturing
A security specialist at Galix explains how a new international standard helps organisations build structured governance around their use of artificial intelligence.

Read more...
The digital twin advantage for infrastructure development
Schneider Electric South Africa IT in Manufacturing
Schneider Electric’s Johan Potgieter explains how digital twin technology and virtual commissioning can reduce the cost and risk of large infrastructure projects.

Read more...
Haddy scales AI-enabled adaptive microfactories with Siemens Xcelerator
IT in Manufacturing
Additive manufacturing company Haddy has deployed the Siemens Xcelerator platform across its network of AI-enabled microfactories, connecting design, planning and robotic production through a consistent digital thread to support local, circular manufacturing at scale.

Read more...
Vertiv Rack Extreme targets high-density data centre deployments
IT in Manufacturing
Vertiv has announced the Vertiv Rack Extreme, a next-generation rack platform designed for high-performance computing and artificial intelligence applications.

Read more...
Real-time monitoring and predictive maintenance in African data centres
ACTOM Electrical Machines IT in Manufacturing
Running a data centre in Africa brings many challenges. Traditional maintenance strategies struggle to keep up with these realities. Predictive maintenance offers a different approach.

Read more...
Yokogawa digital plant to accelerate green hydrogen revolution
Yokogawa South Africa Editor's Choice Electrical Power & Protection IT in Manufacturing
Yokogawa explains how a digital plant approach and autonomous operations can integrate the full green hydrogen value chain, from renewable power generation to end-use applications, and why digitalisation and system integration are central to making green hydrogen viable in South Africa.

Read more...
How integrated EMS platforms are redefining risk management in mining
Adroit Technologies IT in Manufacturing
As mining operations become deeper, more mechanised and increasingly data-driven, the role of technology in safeguarding workers has never been more critical. For Adroit Technologies, this shift has driven the evolution of its environmental management and safety system into a fully integrated, enterprise-level platform that supports both real-time safety and long-term occupational health.

Read more...









While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd | All Rights Reserved