65665b5b274358001e91e577 Ethernetblue

How hardened is industrial Ethernet?

Nov. 28, 2023
The evolution of IoT has challenged security issues, while keeping mission critical networks mobile and fast

Remember the term “industrially hardened”? What did that really mean? How does it apply to networking and Ethernet?

The questions just beget more questions. I remember the early days of networking—attached resource computer network (ARCNet), Digital Equipment Corporation network (DECnet), X.25 and then this thing called Ethernet. ARCNet used heavy-duty shielded coaxial cable with twist-on connectors. I have some, if anyone is in need.

Get your subscription to Control Design's print magazine, free to qualified individuals in North America.

The U.S. Department of Defense's Advanced Research Projects Agency network (DARPANET) was a closed system based on a model known as transport control protocol/Internet protocol (TCP/IP).

At trade shows, I remember so many industrial vendors using the phrase: “based on the seven-layer OSI model of networking.” OSI is open system interconnection. The TCP/IP model was the basis for the OSI model, which gained a bit of traction, but, as the Internet took over, the OSI model is or has been relegated to a reference model.

We have all set up our home computer, which uses the TCP/IP model of networking. It is called a protocol stack, which incorporates layers of communication that we really don’t care about. If you are developing a new stack like building automation and control networks (BACNet), you would need to know about it, but for users no one cares. Does it work? Full stop.

The original Ethernet programmable logic controller (PLC) from Rockwell Automation was the PLC-5, which had a Digital/Intel/Xerox (DIX) connector on the front. While I can never remember any network setup with DIX connectivity, there were converters that used RJ45 connectors and Cat. 4/5/6 cables for local area networking (LAN).

The connectivity used network hubs and a communication method called carrier sense multiple access with collision detection (CSMA/CD). It was very non-time-determinant, similar to a party phone line.

In fact, a device would try to talk at 10 MBaud, and, if the line was busy, then a timer was started to retry. It was not very efficient for sure, but effective.

It was so much faster than other available protocols such as DH+/DH-485/Profibus/RS-485 that everyone scrambled to employ. It was faster than ARCNet’s 2.5 Mbaud rate, so it quickly became the go-to communication method.

The CSMA/CD method created a problem due to the inherent latency in industrial real-time requirements. We always thought that at 10 Mbaud it won’t matter—it is fast enough. We were so wrong.

Remember that we were controls-engineering people, not information technology (IT) people, back then. Now we have to wear many hats, and being IT aware is one of them.

Hubs became switches. Ethernet in its communications uses the media access control (MAC) address of each device. It is a 12-character identification alphanumeric collection that names the device. The change to switches employed the Internet protocol (IP) address of the devices and allocated ports on the switch to a given IP address using the TCP/IP model. Now we’re talking.

The ability to use the TCP/IP model with switches made the network faster and more deterministic, which industry needed. I remember an application at a liquor distribution center in the 1980s which needed data transmission at a certain speed, and the PLC-3 at the time wasn’t fast enough using Ethernet due to the CSMA/CD methodology. They went with DECNet and a virtual address extension (VAX) mini-computer due to the DEC in-house-developed protocol stack and speed.

So now we use 1 GB Ethernet, Cat. 6/fiber cable, RJ45 connectors on every device, industrial switches/routers, and it makes everything easy and fast. Time-sensitive networking (TSN) is in its infancy to get better real-time performance from the network.

So commercial Ethernet/LAN/intranet/internet and industrial Ethernet are virtually the same. Why do we need/want industrial Ethernet? How do we harden it?

We use a standard Cisco product, yes? RuggedCom devices are industrial with conformal coating on the boards, filtering in the power supplies and noise shielding in the enclosures, which some applications demand. Cisco commercial products are designed for offices. D-Link products are to be avoided but are used. A D-link product is a standard approach for commercial uses but sometimes works in industry.

I asked an IT guy about hardening. He immediately went to security. The hardware needs to support reliability, as does the software, and in most cases we have that covered. But security?

The systems we use with Ethernet have to be secure inside and out because our main goal is 100% availability. It can’t go down like an email server. It’s mission-critical, if you will. Today, everything is Ethernet and TCP/IP.

The TCP/IP protocol/communication model gives us that mission-critical comfort in the fact that our message will reach the desired recipient in real time, or as Dick Morley always said: “real-time enough.”

We rely on IT for security and remote access. Mobility is a need, but how do we do that and keep our systems hardened?

Hardware can make Ethernet into industrial Ethernet. Software—good to go.

Security? We may need a relief pitcher to keep us safe.

Sponsored Recommendations

2024 State of Technology Report: Packaging Equipment

Special considerations and requirements make packaging equipment an interesting vertical market unto itself. This new State of Technology Report from the editors of ...

High Sensitivity Accelerometers to Monitor Traffic and Railroad Vibration for Semiconductor Manufacturing

This paper examines highly sensitive piezoelectric sensors for precise vibration measurement which is critical in semiconductor production to prevent quality and yield issues....

Simulation for Automation Guide

How digital twin solutions are expanding the capabilities of plant engineers.

Enhancing HMI Security and Accessibility with Cloud VPN Solutions

Enhance HMI security and remote access with Beijer’s cloud VPN solution. Enjoy advanced encryption, easy setup, and secure access via laptops, smartphones, or tablets. Cut costs...