Implementing Encrypted Communications and Centralized Administration across Multiple Networks

The Industrial Internet of Things (IIoT) focuses on enhancing the effectiveness and efficiency of industrial operations. However, this objective can only be realized when IIoT systems and applications are supported by dependable networks that can facilitate secure device-to-device and system-to-system communications and streamline network oversight across diverse networks. In situations involving extensive multi-location operations, industrial operators typically set up cellular network devices and technology that can accommodate the consolidation of multiple networks for efficient centralized administration and scalability. This article outlines four key factors to aid you in constructing a secure, resilient industrial network capable of enabling communication with remote sites using cellular technology.

Dependable Cellular Connectivity

IIoT applications necessitate highly reliable network connectivity due to their implementation in round-the-clock industrial operations. Any disruption in network connectivity could lead to productivity loss, erroneous process data, or malfunction in crucial operations resulting in potential loss of life and assets. It is recommended to deploy industrial cellular connectivity employing industrial-grade cellular devices that can support cutting-edge redundancy technology in your converged IIoT networks to allow continuous high-speed and stable remote communication across networks. Additional product features comprise:

• Backup cellular connection with dual-SIM and connection restoration to ensure continual cellular connections even in idle data transmission phases
• Power and RF isolation for safeguarding power source insulation
• Dual power inputs for power backup to ensure uninterrupted connectivity
• Wide operational temperature range (e.g., -30 to 70°C) for operation in harsh environments
• Sturdy hardware design well-suited for hazardous locations
• Adherence to industry certifications such as ATEX Zone 2/IECEx

Protected Remote Communication with OpenVPN

As various equipment, machinery, devices, and computers with diverse capabilities and distinct data communication requirements are networked, the expectation for network infrastructure capable of delivering audio, video, and data communication within a unified network has become standard in contemporary industrial applications. In industrial setups, numerous endpoints are geographically dispersed in remote or hard-to-access locations within manufacturing facilities, such as offshore rigs and marine vessels. In this distributed operational scenario, cellular connectivity coupled with VPN technology, specifically OpenVPN, is perceived as a viable solution facilitating secure, seamless connectivity across networks. Cellular networks and devices can deliver connectivity in any area with cellular reception, while OpenVPN ensures secure point-to-point and long-range site-to-site connections in routed and bridge configuration modes. If managing several networks in geographically distant locations from the central control center and desiring secure centralized network management and simple network expansion by incorporating additional sites, LTE cellular gateways with OpenVPN bridge mode can facilitate this objective efficiently. These high-performance LTE cellular gateways also enable efficient transmission of substantial data volumes between diverse field sites and the central control center.

For instance, consider a scenario of a vehicle sharing system where numerous bikes or rental vehicles are dispersed across a city. Sustaining site-to-site communication is crucial in monitoring these rental vehicles and relaying information to the control center. In the scenario below, if a bike travels from site A to site B, the computers at these sites need to exchange transport data and update transport records at the control center. Continuous monitoring of all bikes’ locations in the system and transmitting this information to the control center ensures prompt action if a bike goes missing from the system. Employing LTE cellular gateways with OpenVPN bridge mode ensures secure site-to-site and control-to-site communication, reducing the vulnerability to cyber-attacks in public network systems. The adoption of OpenVPN bridge mode allows networks in distinct locations to utilize the same subnet, thereby simplifying network management and expansion.

Industrial Network Protection

Cybersecurity poses a significant apprehension for industrial operators when opening their industrial networks as part of the IIoT to allow access from public networks. Global organizations are dedicating considerable time and resources to fortify security in IIoT products and solutions. Nevertheless, achieving an end-to-end security solution in the IIoT sector remains unresolved, compelling industrial operators to handle the increasing incidents of cyber attacks autonomously. Among the cyber-attack occurrences, abuse of access privileges, insecure data transmission, and insufficient event recording are frequently identified vulnerabilities in network devices. To avert system breaches and attacks, implementing a robust user access control mechanism that can identify, authenticate, and authorize users is imperative. Adhering to cybersecurity standards like IEC 62443-4-2 and instituting multiple layers of authentication according to established industry best practices can enhance the security of your IIoT applications. Enhancing device-side security through a stringent access control mechanism based on user account, password, and key authentication, coupled with improved management of the authentication interface, can bolster defenses against cyber attacks. Arranging devices into clusters and granting access privileges solely to specific users or user groups based on their roles is a prudent method to thwart unauthorized device access on your network.

The primary goal is to strike a harmonious balance between accessibility and security.

Intelligent Central Administration

Cellular networks, predominantly situated in remote challenging-to-reach locales dispersed across varied geographical regions, necessitate a smart cellular network device management tool for swift deployment, efficient monitoring, and effective remote device management. This tool should possess the following capabilities:

• Simultaneous configuration of devices for rapid deployment and remote firmware updates
• Streamlined troubleshooting through features like:
  • User-friendly dashboards for seamless monitoring
  • Historical RSSI data
  • Comprehensive system logs
  • RESTful APIs for versatile cross-platform monitoring
• Remote management functionalities such as SMS-controlled commands for remote rebooting, initiating data connections, and executing firmware upgrades.
• Network security administration:
  • Access control based on device groups and user account classification
  • Sophisticated network security attributes like IP blocking and backing for OpenVPN

In an industrial setting, even brief network outages can trigger irreversible operational repercussions. Hence, network administrators and operators must have the appropriate tools for promptly monitoring the status of their network components and making well-informed decisions promptly.

Effective Incident and Device Management

Industrial operators necessitate intelligent troubleshooting and network management tools to maximize the uptime of industrial networks. Furthermore, cellular devices integrated into the network should offer functionalities such as event alerts via SMS/emails or SNMP traps and remote device management to simplify troubleshooting and device management, notably for devices situated in remote challenging-to-reach locales. Network administrators can leverage data available in dashboards and event logs to supervise device statuses like power, interfaces, and IP and I/O connections, facilitating informed decisions that preempt connectivity issues. Remote device management functionalities like SMS-controlled commands for remotely rebooting a device, updating firmware, activating VPN connections, or retrieving device status empower network administrators dealing with time constraints to promptly respond to device and network challenges.

Moxa’s Resolution

The OnCell G3150A-LTE series of products are high-speed LTE cellular gateways offering the following additional functions to aid in establishing secure, dependable connections to serial and Ethernet networks from your cellular applications.

• Support for multiple bands
• VPN support encompassing NAT/ OpenVPN/ GRE/ IPSec functionality
• Adherence to cybersecurity standards for IACS Components: IEC 62443-4-2 Level 1
• Support for the OnCell Central Manager tool enabling centralized management, monitoring, and configuration of remote devices over the cellular network

Click here to delve deeper into the OnCell G3150A-LTE gateway.