In many processing plants, the network architecture is identified as follows:
- Level 1: Field controllers and Sensors used to measure the process operating parameters are on level 1. Communication on this level used to be hard-wired (only), but more and more IoT devices are added for non-critical functions.
- Level 2: The process control network (PCN) supports the primary control of the processing plant. The distributed control system (DCS) primarily resides on this level and operators typically control the plant through a human-machine interface (HMI) on this layer.
- Level 3: Real-time applications, like historians and third-party applications, reside on this layer. These applications typically communicate with level 2 through a network switch. Advanced process control (APC) applications reside on this layer and have read-write access to the DCS via object linking and embedding for process control (OPC) through a firewall.
- Level 3.5: The demilitarized zone (DMZ) is an additional security layer that protects the internal network from external threats. DMZ will be further elaborated on in the blog.
- Level 4: The business network. This layer is connected to the internet and is separated by a firewall from the process control network, making it impossible to access the process control network from the business local area network (BLAN).
A typical network architecture is shown in the image below:
Figure 1 Typical Network Architecture.
APC’s traditional place
Third-party applications like APC software are placed on level 3 (also known as the PCN). For cyber security reasons, the APC server should not be connected to the OPC server directly. This connection should be via a firewall and only designated ports need to be open in the network switch.
Figure 2 Network Architecture with APC in place.
Why APC on DMZ?
A demilitarized zone (DMZ) is a buffer between the process control network (PCN) and the business local area network (BLAN). It protects an organization’s internal process control network from the internet-connected business network. APC on the DMZ is configured so that an APC’s performance can be monitored from the corporate network. Management can view the APC controllers through the DMZ and monitor the performance of these controllers. The intermediate server on the DMZ also supports the APC dashboards in the BLAN. The APC web server configured on the DMZ, as shown in the image below, ensures that management and process control teams can monitor the APC applications without any fear of exposing the process control network to data breach threats from outside the network. The DMZ level is also known as the level 3.5 and it is usually configured between the PCN and the business network.
A data diode is a safest and most advanced mechanism to transfer information from an intermediate server on the DMZ to the BLAN users. The data diode functionality enables the intermediate server to send data to BLAN users. However, the data flow from BLAN users to the intermediate server is disabled.
Figure 3 Network Architecture with DMZ.
APC on the Cloud
With the rise of digitalization and Industry 4.0, companies are moving more applications to the cloud.
Like other third-party applications, APC systems can be transferred to the cloud. However, updating setpoints and modes for the APC controller from a web server in the cloud might be very challenging. By allowing the APC on the cloud, there is a direct communication link between the cloud and the DCS. This will leave the DCS network susceptible to cyberattacks. Also, sensitive plant data are at risk of exposure, which may happen due to cloud breaches. This type of implementations must be done only by professionals with extensive knowledge in the field and many projects under their belts.
If you want to know the safest way to monitor the performance of the APC controllers, contact IPCOS.
