Embed Size (px)
Citation preview
Industrialized IoT – Driving Digital Future at the Edge
Kevin Kleinmann, IoT Manager, Solution Sales
3/5/2019
• 25 years in IT, Manufacturing, and OT
• Key Cross-functional Leader in Factory Transformation Efforts
• Lead IOT US Services Sales for Cisco USPS
• Extensive experience helping Manufacturing customers in driving data-driven IoT plant networks and solutions
• Born and raised in WI
• Marquette University Grad
• SIM Board Member
Kevin Kleinmann
Disruption is happening everywhere
To get ahead in the era of digitaldisruption, manufacturers need to:
•
•
•
•
•
•
•
•
•
IoT Industrial Challenges & Cisco Solutions
Siloed Networks
Data Overload
Need to automate extraction of insights and resulting
actions
Complex Integration
Expanded Security Vulnerability
Time
Bu
sin
ess V
alu
e
Top Floor to
Shop Floor Arch
Manage Data
from Edge to Cloud
End-to-End Security
Unified Connectivity
Distributed
Compute
Purpose-built, Intent-
based network
Network as an Enforcer
Kinetic for Extraction and
Brokering to Destination
Edge and Fog Processing
where needed
Cisco Validated Designs
for Industry
Pillars of IOT
Dashboards(Data
Visualization)
Industrial Networking
OTSecurity
IOT Solutions & Services
Cisco IoT Portfolio Overview
Security
Public Networks (Cellular)
Network
Network Fabric: Enterprise
NetworkingIOT Data Fabric
Visibility - ISE for IOT
Network Portfolio HQ/DC/Branch
IoT Networking
Identity-based Policy &
SegmentationThreat Protection
Automation across IT & OT
Private Networks
Sensors
&
Endpoints
DNA Center™
Cloud-Based Applications
Local Servers/ Applications
Any cloud
Industrial Networking
Challenge - Ethernet Growing Pains
• Ethernet networks continue to grow:
• Each machine adds another 5 - 50 EtherNet/IP enabled devices
• Every line adds another 250 - 1,000 EtherNet/IP enabled devices
How do I connect all these machines into a plant
network to gain the advantages?
Power of the factory network
Converged, unified plant-to-business network
Validated design and tested architectures for IACS
Secure remote access
Support for standardindustrial ethernet
IT recognized and easily supported hardware- foundation
Predictive maintenance to reduce equipment downtime
Easier access to disparate data sources for analysis and optimization
Simplification for reduced network maintenance costs
Reliable plant connectivity to enable collaboration, and full process visibility
DUAL
MEDIA
CONSOLE
COM
IN2
REF
IN1
EXPRESS
SETUP
-
DC-A
+
!+ 12-54V
3.4-3.0A
-
DC-B
+
OUT
IN2
IN1
SYS
EXP
USB
ALA
RM S
D C
AR
D
SP
EE
D
DU
PLE
X
PoE
SY
NC
E
HS
R/P
RP
DISPLAY
MODE
1
2
3
4
2
3
1
4
9
10
11
12
13
14
15
16
X PoE
6
7
5
8
DUAL
MEDIA
CONSOLE
COM
IN2
REF
IN1
EXPRESS
SETUP
-
DC-A
+
!+ 12-54V
3.4-3.0A
-
DC-B
+
OUT
IN2
IN1
SYS
EXP
USB
ALA
RM S
D C
AR
D
SP
EE
D
DU
PLE
X
PoE
SY
NC
E
HS
R/P
RP
DISPLAY
MODE
1
2
3
4
2
3
1
4
9
10
11
12
13
14
15
16
X PoE
6
7
5
8
CO
NS
OL
E
COM
IN2
REF
IN1
!
+ 1
2-4
8
2.5
-0.6
5A
SD
CA
RD
IN1
-
+
3
DC
-AD
C-B
-
+
IN2 OUT
ALARM
4
43
21
1
2
MG
MT
EN
ET
MGMT
RESET
CO
NS
OL
E
SYS
CON
CO
NS
OL
E
COM
IN2
REF
IN1
!
+ 1
2-4
8
2.5
-0.6
5A
SD
CA
RD
IN1
-
+
3
DC
-AD
C-B
-
+
IN2 OUT
ALARM
4
43
21
1
2
MG
MT
EN
ET
MGMT
RESET
CO
NS
OL
E
SYS
CON
EXPR ESSSET UP
ALARM
TIM
EC
D
RE
DU
N
DU
PL
X2
OU
T 2
SP
EE
D
GP
S
SD
US
B
SY
S
PSUALARMS
L
+
N
-
~
Hi
PSU1
100 -250 V , 2 A
100 -240 V ~, 50 -60 Hz , 2A
+ -Lo
24 -60 V , 10 A
!
L
+
N
-
~
Hi
100 -250 V , 2 A
100 -240 V~, 50 -60 Hz , 2 A
+ -Lo
24 -60 V , 10 A
PSU2
CONSOLE
TOD!
13 16
1 4
17 20
5 8
21 24
9 12
25 28
10/100/1000 PoE+
100/1000 SFP 1000/10G SFP+
IN
OUT
IN
OUT
GPS ANT. DIG. TIMECODE ANA. TIMECODE
1
4 13 SY
NC
E
Po
E
MODE
CONSOLE
POW
ER
ALA
RM
BOOT
ACTIV
E
VPN
HD
MGMT
7
6
5
4
3
2
1
0
SPD LNK LNK SPD LNK SPD LNK SPD LNK SPD
100-240 V~, 4.85A MAX , 50/60Hz
INDISEStealth Watch
AMP
Cisco Validated Design for Manufacturing Aligns with Industry Standards
Converged Plantwide Ethernet (CPwE)
• Tested, validated and documented reference architectures• Developed from use cases - customer and application
• Tested for performance, availability, repeatability, scalability and security
• Comprised of Cisco® and Rockwell Automation® Validated Designs
• Built on technology and industry standards• “Future-ready” network design
• Content relevant to both OT and IT Engineers
• Deliverables• Recommendations, best practices, design and
implementation guidance, documented test results and configuration settings
• Simplified design, quicker deployment, reduced risk in deploying new technology
Challenge
Solution
Results
• Improve efficiency and uptime in
all their factories
• Reduce production costs;
drive productivity
• Plant-wide connectivity
Connected Factory Network and Factory Wireless—with extended teams of IT and OT working together
• Reduced production errors
• Improved networked connectivity
throughout plant and reduced dead-
zones
• Improved IT security for connected
systems and devices
Transforming plant opsat Can Manufacturer
Case Study
Industrial Security
Significant Impacts
IT view of Industrial SecurityIndustrial IoT Systems as Attack Surface
Some industrial automation vendors still ship updates on
EOL Windows platforms
Vulnerabilities found in industrial automation and
control systems rose 2400% from 2009 to 2015
The most common industrial Ethernet protocol lacked authentication till Fall of 2015
Yet industrial Ethernet in manufacturing grew 96% the three years before
Power of factory security
Layered, simple securityapproach
Identity services
Industrial DMZs
Mobile video plant floorcollaboration
Network as a sensor
Reduced risk and exposureto IP theft or Production disruptions
Protect Brand value andphysical assets
Speedy detection of breaches and threat resolution
Increase and scale remoteuser access safely
Detect suspicious trafficflows, policy violations, and compromised devices
DUAL
MEDIA
CONSOLE
COM
IN2
REF
IN1
EXPRESS
SETUP
-
DC-A
+
!+ 12-54V
3.4-3.0A
-
DC-B
+
OUT
IN2
IN1
SYS
EXP
USB
ALA
RM S
D C
AR
D
SP
EE
D
DU
PLE
X
PoE
SY
NC
E
HS
R/P
RP
DISPLAY
MODE
1
2
3
4
2
3
1
4
9
10
11
12
13
14
15
16
X PoE
6
7
5
8
DUAL
MEDIA
CONSOLE
COM
IN2
REF
IN1
EXPRESS
SETUP
-
DC-A
+
!+ 12-54V
3.4-3.0A
-
DC-B
+
OUT
IN2
IN1
SYS
EXP
USB
ALA
RM S
D C
AR
D
SP
EE
D
DU
PLE
X
PoE
SY
NC
E
HS
R/P
RP
DISPLAY
MODE
1
2
3
4
2
3
1
4
9
10
11
12
13
14
15
16
X PoE
6
7
5
8
CO
NS
OL
E
COM
IN2
REF
IN1
!
+ 1
2-4
8
2.5
-0.6
5A
SD
CA
RD
IN1
-
+
3
DC
-AD
C-B
-
+
IN2 OUT
ALARM
4
43
21
1
2
MG
MT
EN
ET
MGMT
RESET
CO
NS
OL
E
SYS
CON
CO
NS
OL
E
COM
IN2
REF
IN1
!
+ 1
2-4
8
2.5
-0.6
5A
SD
CA
RD
IN1
-
+
3
DC
-AD
C-B
-
+
IN2 OUT
ALARM
4
43
21
1
2
MG
MT
EN
ET
MGMT
RESET
CO
NS
OL
E
SYS
CON
EXPR ESSSET UP
ALARM
TIM
EC
D
RE
DU
N
DU
PL
X2
OU
T 2
SP
EE
D
GP
S
SD
US
B
SY
S
PSUALARMS
L
+
N
-
~
Hi
PSU1
100 -250 V , 2 A
100 -240 V ~, 50 -60 Hz , 2A
+ -Lo
24 -60 V , 10 A
!
L
+
N
-
~
Hi
100 -250 V , 2 A
100 -240 V~, 50 -60 Hz , 2 A
+ -Lo
24 -60 V , 10 A
PSU2
CONSOLE
TOD!
13 16
1 4
17 20
5 8
21 24
9 12
25 28
10/100/1000 PoE+
100/1000 SFP 1000/10G SFP+
IN
OUT
IN
OUT
GPS ANT. DIG. TIMECODE ANA. TIMECODE
1
4 13 SY
NC
E
Po
E
MODE
CONSOLE
POW
ER
ALA
RM
BOOT
ACTIV
E
VPN
HD
MGMT
7
6
5
4
3
2
1
0
SPD LNK LNK SPD LNK SPD LNK SPD LNK SPD
100-240 V~, 4.85A MAX , 50/60Hz
INDISEStealth Watch
AMP
Cisco Validated Design for Manufacturing Aligns with Industry Standards
Security Platform Use CasesVisibility Malware Detection
Secure Access Patch & AV Compliance
Make
ModelSerial No.
Firmware
provides ICS device
visibilityAllows comparison against list
of known vulnerable devices
(CVEs)
Monitors ICS traffic
• Reports status of site-based platforms - Microsoft WSUS, McAfee ePO, Symantec LUA
Servers
• Reports AV and patching status of individual ICS workstations and servers (Purdue Levels 2
to 3.5)
Advisory (CVE-2012-6437)
Improper authentication for
firmware upload
ICS
Controller
ICS
Controller
ICS
ControllerICS
Controller
Looks for anomalous
behaviour to detect the effects
of malware moving through an
ICS
Secure
Centre
Secure
Site
Secure
Site
Secure
Site
Provides Managers and Operators with
‘traffic light’ Compliance Status for all
sites
Secure
Centre
Secure
Site
Secure
Site
Secure
Site
• Minimizes attack vectors by proving single entry
point to all sites
• Principle of ‘Least Privilege’ so access is given
only to those systems where need exists
• Timed access reduces window for remote
access attacks
• Session recorded as video for audit trails etc.
• Over-the-shoulder monitoring
• Kill Switch to terminate sessions if suspicious or
risky activity noticed
Detects cyber
attacks such as
Man-in-the-Middle
and Port Scans
Open Valve #1
Close Valve #1
Open Valve #1
Close Valve #1
Open Valve #2Open Valve #1
Close Valve #1
Problems We Address:• Inherently cyber-vulnerable industrial assets and networks
• Inaccurate, incomplete or nonexistent asset inventories
• Insecure or nonexistent remote access into facilities and assets
• Limited visibility into industrial operations across multiple geographies
• Inability to gain business intelligence from operational data
Outcomes We Enable:• Gain comprehensive asset inventories and configuration data baselines
• Quantify the security vulnerability exposure of critical assets
• Gain monitoring for malicious activity including hacking and malware
• Gain secured, authenticated remote access for users and third-parties
• Gain a unified view into isolated industrial operations and facilities
• Correlate and analyze data to support unique use cases or events
• Continually improve the operational reliability of industrial environments
Value Proposition What we deliver
Extensible OT-centered Platform Interface:• Visualization of industrial process and security events by region, site and asset
• Designed for quick issue analysis and resolution
• Tailored to operations roles and responsibilities
• Remote access user provisioning and session control
• On demand report generation
• Data export to external platforms
• Visualization of operational and asset metrics
Solution Overview
Challenge
Solution
Results
• Providing a secure way to allow
Vendor remote access to systems
• Reduce security attack plane
• Allow individual plant control for
maintenance / retain global system
control
Implemented OT Insights Secure Remote Access solution
• Global system control of Remote Access
• Session recording of all activity
• Improved IT security for remote access
• Local plants control their own access
Secure Remote Accessat large Auto Manufacturer
Case Study
Edge Compute
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What Is Edge Computing?Data Center Cloud
Private
Network
Public
Network
IoT
ApplicationsData Analytic
SystemsManagement
Business
Application Billing
Compute@
data source
Unreliable
Links
Latency
Bandwith
Cost
The need of distributed edge computing in IIoT
of large enterprises will be integrating edge computing into their 2021 projects
40%
of workload deployment has latency & BW requirements
of large enterprises will use edge locations by 2021 driven by interactive UI
30%
Oil and GasMany drilling platforms
Low BW uplink (satellite)Need tiered data evaluation
RoadwayThousands of road signs
Widely distributedNeed local data evaluation
FactoriesLegacy systems and protocols
High data volume collected from machinesSecurity and data privacy
OT data analysis & policy at factory levelNeed local data normalization, storage, & processing
30%* Source Gartner
Challenges with IoT data management in Mfg. • No ability to leverage information for production
improvement
• Decisions not occurring in near real-time
• Inability to determine what is valuable insight or
monetizable, and not store everything
• Exposure to potential intellectual property theft, and
non-compliance with data privacy standards
• Inadequate measures to protect data integrity and poor
allocation of resources
Edge Compute use cases
Compute Data Move DataExtract Data
Cisco Kinetic IoT data management platform
Intent-Based Network
Networking
Data Management Platform
Digital Opportunity: Predictive Health
Predictive Maintenance
Ball Screw ATC
High Failure Component
Spindle
Tool Seat
Gripper Failure
Adjustment
Intelligent Monitoring
Failure Modes
Condition Detection
Root Cause Analysis
High Value FailureLong Service Downtime
Repair vs. Replace
Alignment
Operator Response
Preventative Maintenance
Machine Historical DashboardAsset Management // Machine Productivity // Daily Production Rollup
Spindle cycle time trigger For EAM solution dynamic spindle maintenance tracking (Maximo)
Daily rollup for production statistics, as well as historical analysis for comparison
Machine productivity, NC Program, Part count, total machine time.. Etc. Also a Maintenance trigger.
Historical Dashboard
Real Time Dashboard
Engineering Troubleshooting
Dashboard for Autoclave Monitoring
Connected Machines Solution – Process Enablement
PLC Protocol TranslationEquipment Devices & Sensors
• Allen-Bradley
• Siemens
• General Electric
• Honeywell
• Others
• CNCs
• Auto Clave
• Additive Machines
• Fanuc Robot
• Misc./Specialty Equip.
• Semi/SMT
• DAQ / Bar Code
• Power Monitoring
• Thermal Imaging
• Camera
• OPC UA & DA
• XML
• Log files
• SECS/GEM
Challenge
Solution
Results
• Real-time process improvements to
increase visibility into “green light”
time operations
• Reduce the amount of defects and
product waste
• Automate the collection of historical
data from machines
Implement Connected Machines solution based on Kinetic IoT platform
• Automated collection of data from
machines
• Tracked “green light” time for
improved scheduling
• Reduced loss and scrap
• Improved maintenance scheduling
Producing business insights to reduce defects at Plane Manufacturer
Case Study
