OT and IT Coexist in a Secure IIoT World


OT and IT Coexist in a Secure IIoT World

By 2020, Gartner predicts that there will be 26 billion connected devices. IBM estimates over 100 billion Internet of Things (IoT) devices in the next 20 years. With the rise in connected devices, enterprises are faced with a daunting challenge: how will they extract the value promised by IoT digital solutions without creating even greater security risks for critical infrastructure and machine assets?

The popularity of strategic Industrial Internet of Things (IIoT) initiatives is evident: Digital Oilfield, Smart Grid, and even Digital Factory are just a few examples seeking the transformation of machine data into bottom line value. Universally, these initiatives will depend on the ability to access and extract high fidelity machine data from remote and mobile sources beyond the “four-walls” of traditional data center infrastructure.

Existing industrial M2M solutions all share a common dependence on embedded control system hardware and related systems for access to machine-generated data. These legacy industrial control systems (ICS) are primarily focused on operations associated with critical service levels. Modern, IT-like requirements for dynamic software provisioning, broad IT system accessibility, and robust data exploration capabilities were simply not conceived in the design and implementation of this infrastructure. Yet, these missing requirements are critical to the development of value-driven digital IIoT solutions.

Broadly, industrial OEMs and operators are being challenged with a requirement to embrace a more open network to systems that are tightly integrated with, or even control, critical infrastructure. Traditionally, the ICS infrastructure maintained an “air-gap” policy that effectively restricted connectivity with modern IT/Internet systems. By contrast, IIoT digital initiatives demand data acquisition and access strategies more similar to modern IT systems – bringing wide area networks, the Internet, and Cloud-hosted third party platforms that fundamentally diverge from ICS mandates. For this reason, data acquisition and security challenges are tightly coupled requirements for the development of IIoT digital initiatives. A successful IIoT data acquisition strategy must simultaneously protect legacy ICS infrastructure and enable modern IT security policy and standards.

Exara addresses this challenge by providing edge-based data acquisition services that are isolated from existing ICS infrastructure – providing for high fidelity IIoT machine data acquisition without breaking existing ICS policy. Exara Chronicle software installs to new ruggedized edge servers as a remote data platform tailored to machine data acquisition for high-value industrial assets.

Deployed on Intel IDP 2.0/3.0 Gateway devices, the Exara Chronicle software provides the first edge-based data platform design to merge industrial machine data acquisition with modern IT network and access and management. Along with Intel’s embedded security features, Exara adds robust, secure abstraction between machine connections and user data access paths:

• Read-Only by default – no direct access to machines in the data path.

• Process level isolation for all machine protocol drivers.

• Direct API integration for existing IT rights and access management.

Digital IIoT initiatives will demand improved machine data acquisition and accessibility. This signals a shift for IT like data management beyond the four walls of enterprise data centers. This evolution will transform the remote and mobile deployed assets “at-the-edge” into the center of IIoT data management and execution. Exara provides a practical approach to security for core Industrial IoT data acquisition needs by eliminating the conflict between legacy OT infrastructure and modern digital security demands.

San Juan Capistrano, CA