nexttech.be
en
The knowledge platform for technology, innovation and digital transformation
Transferring data from the machine to the cloud requires an internet connection. However, this will also expose you machine to possible cyber attacks. Therefore, machines with cloud connectivity need special protection. This is why B&R has introduced its Site manager. It takes care of all tasks related to cyber security so that your data can be safely transferred to the cloud.
Before the Industrial Internet of Things (IIoT) existed, controllers only needed to communicate with each other or with superordinate systems within the corporate network. A direct connection to the internet was extremely rare. “But that is now changing,” explains Andreas Hager. He is B&R's product manager for control systems. IIoT solutions use industrial PCs and other hardware as edge devices with a direct connection to the internet. This makes them potential targets for hackers. They can shut down controllers and thus entire machines by overwhelming them with traffic, for example. These so-called DDoS attacks (Distributed Denial of Service) summon hundreds to thousands of computers, smartphones and tablets to bombard the controller with simultaneous requests. It cannot handle the load and the machine comes to a halt.
Hager: “The SiteManager ensures that all data transferred between the machine and applications outside the company are protected against unauthorised access and cyber attacks.”
To send data to the cloud, ports must be opened on the controller. “As long as the communication channel between the controller and the cloud gateway is open, these ports represent an open access for hackers,” Hager clarifies. But that is not the only problem. Devices in direct connection with the internet should also be updated on a regular basis to plug newly discovered security holes. “Many machines, however, run for weeks or even months full time,” Hager notes. Updates can only be installed in downtime, and an update may even require application modification. Fortunately, there is a simpler solution: isolating the control and communication functionalities. That way, a DDoS attack can never penetrate deep enough to hit the machine controls. “In the worst case, you lose communication with the cloud, but the machine itself can continue to operate,” Hager stresses.
The B&R SiteManager is available in three variants depending on the Internet connection: LAN, WLAN or with mobile network.
This is why B&R has developed the SiteManager. This device has an integrated firewall and performs all the tasks needed to keep your application cyber-secure. That includes keeping cloud certificates up-to-date or installing patches to eliminate security vulnerabilities. If the controller wants to take its data to the cloud, it connects to the SiteManager via OPC UA. During configuration, the user determines what data can be sent. Configuration actually amounts to ticking boxes in the web-based user interface in the SiteManager. The operator does not have to worry about certificate or patch updates. The SiteManager downloads and installs all updates without affecting the operation of the machine. Thus, the security recommendations of cloud providers can always be strictly followed and potential security breaches are quickly closed.
By isolating the control and communication functionalities, a DDoS attack can never penetrate deep enough to hit the machine control.
“As the security requirements for remote maintenance are similar, the SiteManager can also take on this task perfectly,” Hager said. The device allows technicians to connect to the machine control via a secure VPN connection and search for faults. A user management system ensures clear and secure demarcation of what technicians can access. “With a technician in the field, one can then work on a highly focused troubleshooting process,” Hager says. “The SiteManager ensures that all data transferred between the machine and applications outside the company is protected against unauthorised access and cyber attacks.”
Three variants
The B&R SiteManager is available in three variants depending on the Internet connection: LAN, WLAN or with mobile network. Each is equipped with an integrated firewall. To avoid conflicts with firewalls within your company, communication with the internet is done via firewall-compatible encrypted web protocols.
There is also a software version that allows the machine controller and SiteManager to be combined in one device. Via B&R Hypervisor, two control systems can be installed on an industrial PC.
A real-time operating system for controlling the machine and a Linux or Window system for the SiteManager. They then both operate independently of each other. Even if the SiteManager were to be blocked by an attack or if the general operating system were to crash, the control of the machine can continue working undisturbed.
