BRKARC-2032 – Designing for Secure Convergence of Enterprise and PCNs

BRKARC-2032 – Designing for Secure Convergence of Enterprise and Process Control Networks

Presenter: Chuck Stickney, Cisco SE

Handful of OT folks in the room; majority IT.

Convergence Benefits

  • Simplification (common protocols)
  • Reduced Cost
  • Pervasive enablement of features and services

PCN vs Enterprise

  • PCN: peer-to-peer, publish/subscribe model; application defines communication parameters; strict time sync
  • Enterprise: three-tier architecture; session oriented; many-to-one (centralized apps)
  • PCN: short, high-volume messages; localized traffic; delay/jitter sensitive; unreliable transmission; no out of order messages, no retransissions; similar to voice/video (these are problems that IT has solved for years)
  • Enterprise: large messages; remote traffic; delay tolerant; reliable, connection oriented; retransmission, re-ordering

“Layer 2, Layer 3” are not terms that OT folks understand. IT folks: speak a language your OT folks can understand.

PCN Characteristics

  • Proprietary protocols (Modbus, Profibus, DeviceNet)
  • Incompatibility between systems (connectors, cabling, signals) (think: Ethernet vs Token Ring)
  • Industrial Ethernet: a common data link layer using standard 802.3 components (EtherNet/IP, Modbus/TCP, Profinet)
  • Ethernet/IP: Rockwell; uses Common Industrial Protocol (CIP); implicit, real-time (UDP, mcast port 2222); explicit, non-time critical (tcp port 44818)
  • Profinet: Siemens; IO and non-realtime; IO is Layer 2 only where app layer directly interfaces with MAC layer bypassing layers 3 – 6; non-real time traffic uses the IP stack; Profinet IO and real-time uses proprietary PHY

Real time apps:

  • Cycle times, polling times, and timeout times are very tight. 10s of milliseconds on the high side. Very tight requirements for the network.
  • Loss, delay, jitter also very tight. See slides for matrix of numbers.

REP is nice and fast, sure. But it’s still 100ms reconvergence. That’s not enough when it comes to motion sensors that require 4ms.

Presentation hinted at using Rsilient Ethernet Protocol (REP) and port channels at the same time. Interesting design. Hadn’t thought of that before.

PCN and Enterprise Security Requirements

  • Enterprise: CIA; PCN: AIC
  • PCN Availability: compartmentalization to reduce failure domains; simple designs focusing on component swapping; dual/triple redundant systems
  • Enterprise Availability: HA applicaton architectures; load balances and clusters; dual-homed stations; redundant paths; far move complexity here than PCN Availability

Purdue levels do not implicitly indicate a Layer 3 boundary (!). The industrial protocols being used define host adjacency requirements (ie, some protocols require that devices in Level 2 and 3 must be L2 adjacent). 

QoS in PCN:

  1. PTP IEEE 1588
  2. Motion control
  3. Safety I/O
  4. Voice
  5. General I/O

For referene vs enterprise where voice/control plane traffic is top dog.

Leave a Reply

Your email address will not be published. Required fields are marked *

Would you like to subscribe to email notification of new comments? You can also subscribe without commenting.