Today most Industrial companies have many sites; each having deployed PLCs, robots and other
Logic/control systems in order to manage industrial processes on the shop floor.
In most cases, the programs and data have been configured once for a while, or only data is being updated through a manual process (such as USB key). Such a manual process, requires to visit each location, opening racks, sometimes moving equipment around to access… In brief this is painful.
It looks odd… yes, but this is the reality, yes many of those systems have Ethernet ports. But for historical and now mostly security reasons, those Ethernet ports have never been connected to a network enabling a remote update. In some cases they have been connected but the Ethernet Industrial network isn’t going beyond the Industrial rack.
The opportunity? Offer a service to provide remote OS, program, data update in a very safe way; or capture data collected by those shop floor systems (such as incident data, failure times, etc… for predictive maintenance)
Such a service has been designed, in the past. But was used only for very critical installations (eg in nuclear domain). This service can be put in place whether by a PLC vendor, a SCADA ISV, a system integrator to its client base.
The ingredients for building such a service and making it ultra-reliable are the following:
-ensuring a 0-day network protection. Vulnerabilities are discovered almost every day for software network layers, and this type of service needs to be always ON, always READY
-being capable of being deployed once for ever, and not requiring updates for itself
-preventing the access to other nodes on the network, other than the systems to be updated or systems where to extract information from
-finally ensuring that the content being sent, once verified in terms of malware, is the right one arriving to the right destination
Thanks to those ingredients, a new generation of information update services is possible, reliable, safe and with a predictable behaviour in case of attacks whether on the content or the network part.
We found the core technology to enabling this, it is from Seclab Security based in Montpellier France. It’s Neutralizer product provides a deterministic security service, hardware-based, to isolate 2 networks and define between those 2 networks who can be seen or communicating with whom on the other side, and how. The advantage? That product can’t be compromised totally and will always ensure, by design, to stop any network attack from one side toreach the other side of the product.
Contacts us for more!