Factory Floor Networks
Designing robust industrial Ethernet, safety systems, wireless networks, and segmented architectures for manufacturing cells, machines, and mobile equipment.
Manufacturing Cybersecurity & Network Resilience
Production networks must balance accessibility for optimization with protection from threats, achieving cybersecurity without compromising operational continuity – a challenge where network design directly determines security effectiveness and resilience.
Protecting Production While Enabling Connectivity
Why Traditional IT Security Approaches Fail in Operational Technology
Information Technology (IT) security prioritizes confidentiality, often at the expense of availability – an approach that directly conflicts with Operational Technology (OT) requirements where continuous production is paramount.
Manufacturing control systems – Programmable Logic Controllers (PLCs), Distributed Control Systems (DCS), Human-Machine Interfaces (HMIs) – operate on different principles than enterprise IT. Security measures that interrupt communication, reboot systems for patches, or introduce latency can stop production lines, damage equipment, or create safety hazards. The convergence of OT and IT networks exposes previously isolated control systems to threats from corporate networks and the internet, while simultaneously requiring data exchange for production optimization and maintenance.
Effective manufacturing cybersecurity starts with understanding the operational reality: some systems cannot be patched during production runs, some protocols lack encryption, and some downtime costs thousands per minute. Network design must therefore implement security that accommodates these constraints – segmentation that contains threats without disrupting valid traffic, monitoring that detects anomalies without false positives that halt production, and remote access that enables support without creating attack vectors.
OT/IT Segmentation in Factory Networks
Segmentation separates manufacturing control networks from enterprise systems, containing threats while enabling necessary data exchange through controlled conduits.
Network segmentation creates security zones with controlled gateways, preventing threats from propagating between systems with different risk profiles and security postures.
The Purdue Model provides a reference architecture for industrial network segmentation, defining Levels 0–5 from physical processes to enterprise systems. Modern implementations adapt this model to specific manufacturing environments: Level 0–2 for field devices and control, Level 3 for manufacturing operations, Level 3.5 for an Industrial Demilitarized Zone (IDMZ), and Level 4–5 for enterprise. Each zone has defined security policies governing what traffic can cross boundaries.
Segmentation implementation uses Virtual Local Area Networks (VLANs), firewalls, and access control lists. Firewalls at zone boundaries perform deep packet inspection for industrial protocols – not just port blocking. The IDMZ contains data historians, protocol translators, and mirror servers that facilitate one-way or carefully controlled bidirectional data flow. This architecture ensures that a compromise in the corporate network doesn't automatically become a compromise in control systems, while still allowing production data to reach business systems.
Zero-Trust Remote Access for Manufacturing
Remote access for OEM support, maintenance, and troubleshooting must provide secure connectivity without creating persistent vulnerabilities in production networks.
Traditional Virtual Private Network (VPN) solutions grant broad network access once authenticated, creating risk if credentials are compromised. Zero-trust remote access applies the principle of least privilege: each session is authenticated, authorized, and encrypted for specific devices or applications only. Solutions like those from Secomea implement this through secure gateways that never expose control system ports directly to the internet, instead brokering connections through cloud or on-premise management servers.
Implementation considerations include session recording for audit trails, time-limited access that expires automatically, and multi-factor authentication. For critical systems, requiring local operator approval for each remote connection adds a human verification layer. Network design must accommodate these security gateways without creating single points of failure – redundant gateways with automatic failover ensure remote support remains available during production issues. The balance is security that doesn't prevent legitimate access when urgently needed for troubleshooting.
Intrusion Detection for Production Networks
Industrial Intrusion Detection Systems (IDS) monitor network traffic for malicious activity or policy violations, tailored to recognize industrial protocol anomalies rather than just IT threats.
Manufacturing networks use protocols like PROFINET, EtherNet/IP, Modbus TCP, and OPC UA that have different characteristics than HTTP, SMTP, or other IT protocols. An industrial IDS understands these protocols enough to detect anomalies: unexpected function codes in Modbus, abnormal cycle times in PROFINET, or OPC UA connections from unauthorized endpoints. It establishes baselines of normal traffic during commissioning, then alerts on deviations.
Placement of IDS sensors is critical: at zone boundaries to monitor cross-segment traffic, within control zones to detect lateral movement, and at remote access entry points. Sensors must be passive (not inline) to avoid affecting network performance or creating single points of failure. Integration with Security Information and Event Management (SIEM) systems consolidates alerts, but manufacturing operations often require dedicated OT security monitoring with personnel who understand both network security and production processes.
Compliance with IEC 62443 in Manufacturing
The IEC 62443 series provides a risk-based framework for securing industrial automation and control systems through technical requirements, processes, and procedures.
The International Electrotechnical Commission (IEC) 62443 series provides standards for securing Industrial Automation and Control Systems (IACS), offering a structured approach to manufacturing cybersecurity.
IEC 62443 takes a zone-and-conduit approach similar to network segmentation but expands it to include security levels (SL 1–4) based on risk assessment. Each zone – a grouping of assets with similar security requirements – receives a target security level. Conduits between zones have requirements to maintain security across boundaries. The standards cover both technical security (network segmentation, access control) and process security (patch management, incident response).
Implementing IEC 62443 starts with asset inventory and risk assessment: which systems could cause safety incidents, environmental damage, production loss, or quality issues if compromised. Network design then implements appropriate technical controls: SL 2 might require basic segmentation and authentication, while SL 4 for safety systems might require physical separation and diverse redundancy. Documentation and ongoing maintenance are equally important – cybersecurity isn't a one-time implementation but a continuous process.
Patch Management in OT Environments
Applying security updates to control systems requires balancing vulnerability remediation with production stability, often requiring specialized approaches for manufacturing environments.
Many industrial control devices have long lifecycles (15–20 years), run specialized real-time operating systems, and cannot be patched without potentially affecting control logic or certifications. Manufacturers may delay or avoid patches that haven't been specifically tested with their control applications. Network design can compensate for this through defensive layers: segmenting unpatched systems, restricting their communication, and monitoring for exploitation attempts.
A structured patch management process for OT includes: maintaining an accurate asset inventory with patch status; risk-assessing vulnerabilities based on exploit likelihood and potential impact; testing patches in offline environments before deployment; scheduling updates during planned maintenance windows; and having rollback procedures. For systems that cannot be patched, additional network controls – such as application firewalls that filter malicious inputs – may be necessary. The goal is reducing risk to acceptable levels, not necessarily achieving perfect patch compliance.
Supply Chain Security for Industrial Components
Industrial network equipment from untrusted sources can introduce backdoors or vulnerabilities, requiring verification of component integrity throughout the supply chain.
Manufacturing networks incorporate switches, routers, gateways, and other components from various suppliers. Counterfeit or tampered devices may contain malicious firmware, hidden remote access capabilities, or vulnerabilities intentionally introduced. Supply chain security involves verifying component authenticity, checking firmware integrity, and monitoring for anomalous behavior post-installation.
Network design can mitigate supply chain risks through diversity – using different vendors for different network layers, so a compromise in one vendor's equipment doesn't affect the entire network. Secure boot processes verify firmware signatures before execution. Network segmentation limits the damage from compromised components. Partners like Westermo and ATOP Technologies provide transparency in their supply chains and implement security measures in their industrial networking products. Regular firmware updates from trusted sources help address vulnerabilities discovered after deployment.
Cybersecurity strengthens rather than restricts manufacturing operations
when designed with operational realities in mind.
Throughput Technologies advises on manufacturing cybersecurity and network resilience that protects production assets while maintaining operational continuity, through segmentation, secure remote access, intrusion detection, and compliance with industrial security standards.
Talk with a Solutions Specialist to assess your manufacturing network security and resilience.
Answered – Some Frequently Asked Questions
Segmentation doesn't necessarily mean complete isolation. Create zones based on function and risk: all machines in a production line might be in one zone if they have similar security requirements. Between zones, implement controlled conduits – firewalls with specific rules allowing only necessary communications. For example, a packaging machine might need to receive signals from an upstream filler but doesn't need to initiate connections to it. Document these data flows during design, implement firewall rules accordingly, and monitor the conduits for unusual traffic. The goal is limiting attack propagation while allowing legitimate production communication.
IT Intrusion Detection Systems (IDS) focus on internet protocols (HTTP, SMTP, DNS) and common IT attack patterns. OT IDS understands industrial protocols (PROFINET, EtherNet/IP, Modbus, DNP3) and recognizes anomalies specific to control systems – like a PLC receiving a command outside normal parameters, or communication occurring at unusual times in a production cycle. OT IDS also considers operational impact: an alert might trigger based on whether traffic could cause equipment damage or safety issues, not just whether it matches a known attack signature. Many organizations deploy both, with OT-focused sensors in control networks and IT-focused sensors at the enterprise boundary.
Isolate, monitor, and compensate. Place legacy systems in their own security zones with strict inbound and outbound rules. Use protocol gateways – like those from ProSoft Technology – to translate between legacy protocols and modern secured communications. Implement network monitoring specifically for these systems to detect anomalous behavior. Consider out-of-band monitoring methods: for example, monitoring power consumption or network traffic patterns as indicators of compromise. Where possible, schedule replacement of legacy systems with secure modern equivalents, but until then, defense-in-depth around them reduces risk to acceptable levels.
Continuously monitor, quarterly review, annually test. Continuous monitoring through security information and event management (SIEM) or OT-specific monitoring tools. Quarterly reviews of firewall rules, user access, and vulnerability status. Annual penetration testing or red team exercises focused on OT environments. Additionally, review after any significant network change, new system integration, or security incident. The frequency should match your risk profile – higher risk environments (chemicals, pharmaceuticals) require more frequent testing. Documentation is critical: maintain network diagrams, asset inventories, and security policies that are updated with each review.
Layered redundancy with automatic failover. At the physical layer: redundant fiber paths in ring or mesh topologies using protocols like Media Redundancy Protocol (MRP) or Parallel Redundancy Protocol (PRP). For critical network equipment: redundant switches with hot standby. At the control layer: redundant controllers with synchronized programs. For uplinks: diverse internet service providers. Test failover regularly – untested redundancy often fails when needed. Consider geography: for critical operations, redundant control centers at separate locations. The specific approach depends on risk assessment: what production losses are acceptable, for how long, and at what cost for redundancy measures.
You May Also Be Interested In ...
Industrial Automation & PLC Systems
Networking for deterministic control, motion coordination, legacy fieldbus integration, and redundancy in continuous manufacturing processes.
Machine-to-Machine Connectivity
Enabling industrial IoT communication between machines, edge computing for data processing, and integration with enterprise systems for predictive maintenance and production optimization.