Industrial firewalls protect production lines while making their data accessible.


Steel mills traditionally use Human-Machine Interfaces (HMIs) to monitor production line status. As Ethernet networks are installed to enable monitoring of all lines from a control center, it opens up devices to unexpected vulnerabilities. One of our customers experienced a major financial loss when a fan was inadvertently turned off for one production line, causing a fire in the plant. Since the production lines were all connected to the same network without segmentation, any device that was also connected to the network could have directly accessed that fan. The client realized that this was a security risk and wanted to take the necessary measures to avoid future incidents.

In order to protect their production lines, a number of items needed to be addressed:

  • Each production line needed to be connected to the control center but isolated from each other.
  • Direct access to each production line needed to be minimized as much as possible.
  • Data needed to be filtered between the different subnets that were established.
Steel Mill Network Topology



Above, you can see the network arrangement used by the steel mill. A firewall at each production line allowed secure communication to the control center while isolating traffic from other production lines. A firewall at the edge of the control center helped secure the entire area from other connected systems and users. Finally, a demilitarized zone was established for the monitoring data, allowing the control center to monitor the lines without requiring direct access to the control systems.

This basic topology is widely recognized as best practice for many applications. With this arrangement, the steel mill was able to monitor all production lines from their control center in a safe and secure manner. Network communication was carefully isolated for each production line so they are now protected from inadvertent or malicious access, whether it is from within the production area or from other areas of the network.



Have a question about this topic? We would love to hear from you. Please feel free to contact us and one of our representatives will reach out to you with more information.



Related Topics

Want more info like this?



 

White Paper:
Industrial Networking Security Best Practices

Case Study: Smarter Shop Floor with Cloud-Based MonitoringWhite Paper: Industrial Networking Security Best Practices