When the topic of cloud computing is raised among process control engineers, red flags pop up all over the place about security. Manufacturing and control systems often support high-value production lines, where any interference or foul play could cost thousands or millions of dollars. Although recently some shop floors have begun to make their process data available to the rest of the company on corporate LANs, there is strong resistance to opening ports in plant firewalls to allow incoming connections from the Internet.
However, cloud systems generally do require Internet access, typically using a web browser HMI or other kind of client to connect to a server on the process side. This means that a port must be opened in the corporate firewall to allow the web browser to connect. And this is a security risk that few plant engineers are willing to take.
A better approach would be to reverse the client/server relationship. If the data source (the process) could act as a client, and the cloud service act as the server, you could reverse the direction of how the connection is made. The process control system would send an outbound connection request to the server in the cloud, and there would be no need to open any ports in the firewall. This approach would solve the problem.
It sounds simple enough, but the practical reality is that all existing industrial protocols, like OPC, Modbus and others, expect the server to be the authoritative holder of the data set. Since the data is being generated at the process, and used elsewhere, it makes sense to have outside users be the clients, and have them request data from the process, the server. A client is naturally expected to connect to the server, query the data set, and subscribe to the data that it requires.
If we could somehow change the role of client and server for our cloud system, and make the process the client, we would have an unusual case where the client becomes the authoritative holder of the data set. The client would connect to the cloud server and configure that server with its current data set. Updates to the data set would then pass from the client at the process side to the server in the cloud, and then onwards to the client representing the user of the data.
Although not typically seen, there is no fundamental, architectural reason why the client/server relationship in a process control system cannot be reversed. We are not aware of any industrial protocol that natively supports such a configuration, but there are ways to achieve it through special-purpose industrial middleware. Doing so will allow a cloud server to connect to process data without opening a single port in the plant firewall.
Maintaining a tight firewall in this way provides a good measure of security, but it isn’t always sufficient for a truly robust system. With data going out to the cloud, the question of redundancy is sure to come up as well. That’s next week’s topic.