FOR IMMEDIATE RELEASE
July 27, 2021

For more information please contact:
Zenagui Brahim
President
zenaguib@nhmep.org

 

“Information is the oil of the 21st century, and analytics is the combustion engine.”
– Peter Sondergaard, Senior Vice President, Gartner Research

 

Digital transformation (DX) promises increased competitiveness, optimized processes and profitability through big data, along with improved employee and customer relations. Gathering data is essential in the 21st century data-oriented environment and requires flexible, interconnected components. Businesses will need people with the specialized skills to implement and optimize all of this. Beyond that, each firm will have to work with its unique DX plans and existing IT environment.

Legacy Components Can Limit DX Efforts

DX efforts are typically divided into three phases: digitization (transitioning from analog to digital data), digitalization (processing and analyzing digital data), and digital transformation (building on digitalization to optimize the business).

The first phase, digitization, can be impacted by dependence on legacy components, particularly within industrial control system (ICS) environments. The need to digitize information to move forward with DX efforts can create numerous challenges between IT and operational technology (OT) assets. For example:

  • Organizations may not be able to find individuals with the expertise to maintain or modify legacy system components.
  • Integration with cloud services and other systems may be difficult with legacy components that don’t support the latest communication technologies like Transport Layer Security (TLS) version 1.3 or Simple Message Block (SMB) version 3.
  • Deploying smart devices, also referred to as the Internet of Things (IOT) or Industrial Internet of Things (IIOT), may be limited by legacy network segmentation (e.g. the Purdue Model of Computer Integrated Manufacturing shown in Figure 1) to isolate ICS components from the corporate environment and internet to reduce the risks posed by viruses and malicious actors.

The Reality of DX With Legacy Systems

 

Why isn’t everyone upgrading all their devices to realize the benefits of DX? Many reasons. It’s hard to find practical guidance for planning and making DX decisions. Also, financial resources and the personnel to support upgraded components may be lacking. Within ICS environments, it’s difficult validating the safety of upgraded devices, so another barrier is matching the level of trust people have for legacy components.

Trying to meet a firm’s DX priorities using legacy components can result in hybrid implementations that impact safety, availability and cybersecurity. For example, creating a bridged or multi-homed system that connects legacy components to the data collection infrastructures or cloud services might solve connectivity and data sharing issues (see Figure 2). However, this may negate the protections established by the network isolation and communication controls for protecting the legacy components.

 

Connecting legacy components to support DX data collection without impacting operational capabilities or safety requires careful planning. In some cases, a hybrid approach might work where devices send data to on-premises systems that reside in levels 2 and 3 of the Purdue Model, for example a data historian or edge system.

This can allow access to approved data streams without connecting directly to sensitive OT components or networks. Overall, finding the safest method to achieve DX goals while also protecting people, processes and technology is not easy and requires a collaborative effort between the IT and OT staff members.

Cybersecurity Considerations for DX

Changes to the environment must consider both cybersecurity and DX objectives to minimize organizational risks. NIST SP 800-37 Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy provides guidance for establishing a risk management approach for organizations. A key aspect is having a cybersecurity program. One misconception I often hear is that cybersecurity is an IT issue or that it is a technology issue. While we would like this to be true, the reality is that cybersecurity spans the entire organization. The NIST Framework for Improving Critical Infrastructure Cybersecurity and the NISTIR 8183 Rev. 1, Cybersecurity Framework Version 1.1 Manufacturing Profile, are guides that can assist organizations with approaching the challenges or defining and implementing a cybersecurity program in a methodical and consistent way. With a cybersecurity and risk management program in place, organizations can evaluate changes to the environment to verify that they meet their DX goals while also minimizing the cybersecurity risks. While there will always risk, the key is for organizations to find the balance that minimizes risks while also achieving the organizational, regulatory and cybersecurity requirements.

As previously mentioned, legacy components can add complexity to implementing DX and cybersecurity. Careful planning and testing whenever possible is strongly recommended. Building on the NISTIR 8183, NIST also published the Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide to provide a more quantitative approach to determining the performance impact on ICS environments when implementing common cybersecurity controls based on the guidance and recommendations in NIST SP 800-82 Rev. 2, Guide to Industrial Control Systems (ICS) Security.

The MEP National Network™ Can Help You Plan and Implement DX

More interconnections supporting rapid and accurate data gathering are needed to achieve DX objectives and each company’s approach will depend on the types of legacy components within the environment. While upgrading legacy components would be ideal, the reality is that many firms need to support DX with their existing technology. When planning, organizations should carefully balance how to integrate with their existing processes and devices while also protecting their people, data and devices.

Implementing DX can be a daunting task, but is manageable with careful planning, collaboration among company IT and OT staff and the use of valuable resources such as NIST publications and the MEP National Network.

The MEP National Network can help companies find the right balance through strategic planning and offer guidance for DX investments. Contact NHMEP today for more information on how our services can help your manufacturing organization.

 

Original article posted 7/20/2021 on NIST.gov

Learn more about NH MEP Cybersecurity Webinars and Programs

ABOUT THE AUTHOR

michael pease

Michael Pease

Michael Pease joined the Engineering Lab at the National Institute of Standards and Technology (NIST) in 2018 with more than 25 years of experience in both the public and private sector supporting…

About NH MEP
The NH MEP is an affiliate of the National Institute of Standards and Technology (NIST) under the U.S. Department of Commerce. The national MEP system is a network of manufacturing extension centers that provide business and technical assistance to smaller manufacturers in all 50 states, the District of Columbia and Puerto Rico. Through MEP, manufacturers have access to more than 2,000 manufacturing and business “coaches” whose job is to help firms make changes that lead to greater productivity, increased profits and enhanced global competitiveness. For more information please visit www.nhmep.org or call 603-226-3200.

 

About NH MEP

New Hampshire Manufacturing Extension Partnership
172 Pembroke Road
Concord, NH  03301

Phone: 603-226-3200

The New Hampshire Manufacturing Extension Partnership does not discriminate on the basis of race, color, creed, national or ethnic origin, gender, disability, age, political affiliation or belief. This nondiscrimination policy encompasses the operation of all educational and training programs and activities. It also encompasses the employment of personnel and contracting for goods and services.

Contact Us

Press Releases

MEP National Network by the Numbers: Industry Highlights

The MEP National Network has assisted over 26,800 unique manufacturing clients in every U.S. state and Puerto Rico and has completed over 71,600 projects with a total impact value of over $96 billion while creating or retaining nearly 530,000 jobs in the last five fiscal years.1

MEP Partners with Women in Manufacturing

The MEP National Network™ and Women in Manufacturing are pleased to announce that they have entered into a strategic partnership to actively recruit and retain more women in lucrative, rewarding manufacturing careers. With over two million new U.S. manufacturing workers needed, the whole manufacturing industry stands to gain from this collaboration.

Blast from the Past: Why Manufacturers Should Get More Involved in Registered Apprenticeships

FOR IMMEDIATE RELEASEAugust 5, 2021For more information please contact: Zenagui BrahimPresidentzenaguib@nhmep.org By: Matt Fieldman This blog is the fifth in a monthly series brought to you by the America Works initiative. As a part of the MEP National Network’s goal...

NH’s Supply Chain Challenges

Across industries, New Hampshire businesses have been navigating the burdens of skyrocketing prices and difficulties obtaining essential materials since the Covid-19 pandemic disrupted supply chains.

Department of Energy Awards $3.7 Million to Address U.S. Manufacturing Challenges

On Monday, the U.S. Department of Energy (DOE) awarded $3.7 million for high performance computing (HPC) projects that address key challenges in U.S. manufacturing and materials development. As part of DOE’s High Performance Computing for Energy Innovation (HPC4EI) initiative, the 13 selected teams will work with the Department’s national laboratories to apply advanced modeling, simulation, and data analysis to projects that improve manufacturing efficiency and explore new materials for energy application.

How can we help?

Feel free to ask a question or leave a comment.