Security Via the Edge

Feb. 1, 2018
The cybersecurity advantages offered by edge computing are increasing with the development of new technologies and industry partnerships aimed at reducing network entry points and adding security capabilities.

Edge computing has moved to the forefront of discussions around digital manufacturing and the Industrial Internet of Things over the past few years because of its ability to bring the data storage and analysis capabilities of the cloud into the facility. In many cases, edge computing devices can be co-located with the equipment whose data it is responsible for managing.

Beyond the location convenience and reduced bandwidth requirements of edge computing, some technology providers are also touting its security advantages. Cisco, for example, points to its industrial switching and routing products and accompanying management applications, such as its IOx application environment for lifecycle management) as examples of how edge computing can boost industrial cybersecurity efforts.

“By moving compute resources closer to end devices, there is an opportunity for organizations to leverage those resources to bolster their security posture,” says Dan Behrens, technical marketing engineer, IoT connectivity, at Cisco. “More specifically edge and fog computing (clusters of edge computing devices deployed where multiple computing resources are required) could be used to reduce the reach of insecure protocols, reduce the number of workstations needed in the environment, reduce or eliminate the need for out-of-band resources for passive network monitoring and remove identifying information prior to sending to upstream applications such as cloud solutions.”

Behrens says that, with IOx for example, users can run workstations on the networking equipment the devices are already connected to, thereby reducing the need for workstations. This is a key aspect to improving industrial cybersecurity because “reducing the number of workstations can simplify patch management, OS updates and remove physical entry points,” he adds.

Providing an example of how this works in industrial applications, Behrens notes that users can run Telit Devicewise inside IOx on Cisco’s 829 routers and IE4000 switches. He adds that OSISoft is developing software connectors for IOx and that Cisco and Amazon Web Services have enabled the AWS Greengrass core in a secure container hosted in a Cisco IoT gateway. “When these gateways are enabled with the Cisco Kinetic IoT platform they can provide secure, zero-touch deployment and simplified cloud management of IoT gateways, and enforcement of data distribution policies on the network,” he says.

From a security perspective, “anytime we can remove plant floor workstations, we are reducing the scope of devices we need to protect and reducing one of the possible vectors that a threat could be brought in on, such as via USB ports,” adds Behrens.

IOx also allows for passive monitoring to be conducted on the network without adding hardware and networking equipment to eliminate the impact of replicating traffic or deploying TAPs (test access ports). “With the ability to run software sensors, directly on the networking equipment the traffic is already passing through, an organization can deploy a passive security monitoring solution without adding additional hardware or complexity to the network,” says Behrens. “Software sensors receive the replicated traffic internal to the routers and switches, and send only the required information to an application.”

About the Author

David Greenfield, editor in chief | Editor in Chief

David Greenfield joined Automation World in June 2011. Bringing a wealth of industry knowledge and media experience to his position, David’s contributions can be found in AW’s print and online editions and custom projects. Earlier in his career, David was Editorial Director of Design News at UBM Electronics, and prior to joining UBM, he was Editorial Director of Control Engineering at Reed Business Information, where he also worked on Manufacturing Business Technology as Publisher. 

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...