Operations technology (OT) folks may be hesitant to embrace cybersecurity, but it is happening anyway. Security folks are familiar with Nozomi Networks. Nozomi partnered with Mitsubishi in March 2024 for the purpose of providing OT security solutions. In July, Mitsubishi and Nozomi collaborated to add Argonaut reduced instruction set computer (RISC) Core (ARC) embedded system processors to the
programmable-logic-controller (PLC) world by embedding them in the MELSEC IQ-r family of PLCs. Essentially, ARC puts the security at the chip level. This is an Internet of Things and Industry 4.0 advance.
What does it mean for automation? It means the PLC may become smarter, from a network perspective. Nozomi claims that real-time security, artificial intelligence-based protection and innovative device visibility is gained.
Real-time protection means that if an unexpected “node” gets on the network, the system may tell. AI-powered protection means learning the network architecture and responding faster to unknown vulnerabilities. Device visibility means checking out the backplane and understanding health and status, communications patterns and configuration parameters and changes.
One might ask, why do we need this? Old-school plants can barely keep up with the ControlLogix and still are egging PLC-5s along. Well, industries that want fast motion, that have critical processes like nuclear or pharmaceutical or whose processes are expensive and who want to have traceability to the cloud and the local level may want the PLC to play a bigger network role.
Picture having repeatability in batch processes and the ability to tell if the application has changed. Picture being able to go to idle, automatically, if an offender accesses PLC data without the right validation. We can do those things without being ARC-embedded. Picture someone changing that data—you never know—and product escapes or there is a traceability issue or, in the case of Stuxnet, analog control values are changed causing a process fault.
Much of the blog and influencer chatter is dismissive of this advancement, but the fact that Mitsubishi is doing it shows that understanding what is on your network at the physical and intelligent-device level is critical for OT security.
The sale point is that using ARC allows 24x7 monitoring with expected feedback so that changes can be detected in the network. ARC embedded eliminates the means for a remote connector, and the switch can automatically identify the PLC on the network. It also allows OT data to be gathered via Vantage or Guardian and decisions made on the spot based on what the threat is.
It tends to lead to more questions for OT security, because are you going to shut down a line based on a security threat? The short answer is yes, but the long answer is based on company policy, type of threat and a long list of other parameters. For instance, it won’t be a quick stop.
Manufacturing considers materials, flammable issues, machine states and personnel safety. Protocols would have to be set up on how to respond. For instance, a policy might isolate the PLC offender from the rest of the PLC network so that a problem does not take down a whole process center and perhaps only a sub-process.
Thus, the anomaly detection that ARC brings is welcome. However, the technology is still moving faster than people putting it into process. Where this seems like it would be well applied is remote services in water, power and resource distribution.
How Mitsubishi customers will utilize it will be interesting to see. Kudos to Mitsubishi for taking the step. Many times, we wait in manufacturing to fix problems after they occur. With OT security, after a breach, it may be too late.