VEC Solution Presentation
Industry 4.1 J Architecture Concept for More Security and Flexibility to the Factory
I am going to talk about our ICS study project called “Industry 4.1J”
Agenda is these.
- What we are aiming.
- Architecture of “Industry 4.1J”
- Study from Study
What we are aiming.
If we use the Cloud for IoT System, we have the Cyber Security Risk and have to use the DMZ (DeMilitarized Zone) for each Plant.
NIST (National Institute of Standards and Technology) published “Guide to Industry Control System Security” in February 2015.
It use the DMZ (DMZ is High Cost) for each Plant.
“Private Cloud, is able to be a replacement of DMZ”
Scope was so clear, just to validate “Safe, Reliable and Flexible Plant/Factory” by using “Private Cloud”.
We established a project named “Industry 4.1J”.
Architecture of “Industry 4.1J”
I can’t explain all details of Industry 4.1J.
It’s a long story.
20 min is too short to tell.
But, I would like to talk about key part of Industry 4.1J.
Industry 4.1J brings “Security” and “Flexibility” to the Plant/Factory.
Security means Cyber Security.
I will explain it later.
But one important thing is this is a logical closed network.
You know, private cloud has no direct internet connection.
Then each Plant/Factory can share the operational management system by using Cloud with less security risks.
Another key part is “Flexibility”.
It gives Plant/Factory high resiliency.
What I mean “high resiliency” is ”Plant/Factory operational system is recovering quickly after stop it”.
It’s a BCP (Business Continuity Plan) issue.
Plant/Factory people want to make downtime short as much as possible all the time.
Because of money.
Also to protect brand, to keep good reputation.
Industry 4.1J is aiming to bring both capabilities into the Plant/Factory.
And we did a study project.
So, what are the items to be verified?
Protecting Plant/Factory against cyber attack is one big challenge.
Also some part of SCADA systems must be running at Cloud data center.
Data transmission must be stable.
Transmission speed must be high enough.
And no data loss.
It must be less effort to implement.
Must be less cost to implement.
Like an add-on layer on top of the Plant/Factory system.
So it should be adoptable and realistic approach for the Plant/Factory.
Industry 4.0, an original concept is too complicated.
And cost too much to make a big change on the existing Plant/Factory system.
Big company can make big change, but many factories want to have more low risk low cost plan like Industry 4.1J.
This picture is showing our basic concept.
Red square line is highlighting project scope.
Cloud service is Arcstar Universal One, NTT Communications service.
It’s available in over 190 countries.
Study from Study
Ok, we had a long list of TESTS.
But I just tell you about 2 major parts.
Results from our tests, all are completed successfully.
Let’s look into these 2 tests.
This is a network chart of actually we had run the TESTS.
All software and hardware components are installed onto NTT Communications Data Center in Tokyo.
And it has demo Plant/Factory and remote site.
How much transmission speed is required?
It’s really depends on system.
There is no standard speed.
But we tested data transmission speed from demo Plant/Factory to private Cloud.
The result is 10K events per second.
It is good enough for average Plant/Factory system.
Also another test with database.
Replication speed is over average.
It’s good enough.
It marked 48K events per second.
And it’s stable.
Speed and Stability is very very important for Plant/Factory.
TEST 3: Monitoring and detecting mal-activity
- Mal-activities are expecting to happen and detected in both Plant/Factory network and Private Cloud, but attacker’s approach should be restricted by this closed network architecture.
- As many industry people aware about “Stuxnet” approach, it’s infecting by USB and other in-direct route like 3rd vendor who maintain ICS in the Plant/Factory by updating and checking device health with their PC or other device set bringing into the Plant/Factory.
- we constructed two tiers protection mechanisms integrating SIEM, Security Switch, Cyber security applications and HMI from different vendors.
Main part of Industry 4.1 J ability is ”Security”.
I mentioned earlier.
And the important aspect is “Just monitoring and detecting security event”.
Running anti virus and stopping ICS applications is worst scenario.
It must be monitored and detected only.
Sometime, removing mal-application stops ICS application.
It’s an un-willing situation.
You must think about it.
But we must detect mal-events in both segments Plant/Factory and Cloud.
This is closed network.
There is no internet connection.
However, human is able to bring malware into Plant/Factory without internet connection.
Stuxnet made it without direct internet connection from Plant/Factory.
So, we must treat it to protect business.
Then, Monitoring and Detecting mal-activity is implemented into two different segments.
And Plant/Factory network.
This is a flow diagram of detecting and blocking mal-activity in Plant/Factory network.
SIEM (Security Information and Event Management) is detecting intrusion from Plant/Factory network and identify the device by IP address.
Then SIEM send a request to Security Switch to block infected device.
It’s a quarantine.
Also SIEM can receive other mal-events from endpoints.
This is extra integration work.
You can see mal-events on HMI like this.
SIEM send request to HMI when security breach is detected.
Operator is usually dealing with HMI, not SIEM.
Such kind of integration is easy to recognize security breach is happening by Plant/Factory operator.
- “Industry 4.1J” concept is possible to extend existing ICS system and Monitoring mechanisms with mixed vendor protection products is working well.
- We will run this on top of real Plant/Factory to evaluate performance and risks/costs of migration.
- If you have any questions, please contact
So, we successfully validated Industry 4.1J concept with multiple vendors support.
So many ICS applications and security tools are working together.
Performance is good enough.
Security tool chain is working good.
So the next step of this project is now under the discussion.