FOR IMMEDIATE RELEASE
July 27, 2021

For more information please contact:
Zenagui Brahim
President
zenaguib@nhmep.org

 

“Information is the oil of the 21st century, and analytics is the combustion engine.”
– Peter Sondergaard, Senior Vice President, Gartner Research

 

Digital transformation (DX) promises increased competitiveness, optimized processes and profitability through big data, along with improved employee and customer relations. Gathering data is essential in the 21st century data-oriented environment and requires flexible, interconnected components. Businesses will need people with the specialized skills to implement and optimize all of this. Beyond that, each firm will have to work with its unique DX plans and existing IT environment.

Legacy Components Can Limit DX Efforts

DX efforts are typically divided into three phases: digitization (transitioning from analog to digital data), digitalization (processing and analyzing digital data), and digital transformation (building on digitalization to optimize the business).

The first phase, digitization, can be impacted by dependence on legacy components, particularly within industrial control system (ICS) environments. The need to digitize information to move forward with DX efforts can create numerous challenges between IT and operational technology (OT) assets. For example:

  • Organizations may not be able to find individuals with the expertise to maintain or modify legacy system components.
  • Integration with cloud services and other systems may be difficult with legacy components that don’t support the latest communication technologies like Transport Layer Security (TLS) version 1.3 or Simple Message Block (SMB) version 3.
  • Deploying smart devices, also referred to as the Internet of Things (IOT) or Industrial Internet of Things (IIOT), may be limited by legacy network segmentation (e.g. the Purdue Model of Computer Integrated Manufacturing shown in Figure 1) to isolate ICS components from the corporate environment and internet to reduce the risks posed by viruses and malicious actors.

The Reality of DX With Legacy Systems

 

Why isn’t everyone upgrading all their devices to realize the benefits of DX? Many reasons. It’s hard to find practical guidance for planning and making DX decisions. Also, financial resources and the personnel to support upgraded components may be lacking. Within ICS environments, it’s difficult validating the safety of upgraded devices, so another barrier is matching the level of trust people have for legacy components.

Trying to meet a firm’s DX priorities using legacy components can result in hybrid implementations that impact safety, availability and cybersecurity. For example, creating a bridged or multi-homed system that connects legacy components to the data collection infrastructures or cloud services might solve connectivity and data sharing issues (see Figure 2). However, this may negate the protections established by the network isolation and communication controls for protecting the legacy components.

 

Connecting legacy components to support DX data collection without impacting operational capabilities or safety requires careful planning. In some cases, a hybrid approach might work where devices send data to on-premises systems that reside in levels 2 and 3 of the Purdue Model, for example a data historian or edge system.

This can allow access to approved data streams without connecting directly to sensitive OT components or networks. Overall, finding the safest method to achieve DX goals while also protecting people, processes and technology is not easy and requires a collaborative effort between the IT and OT staff members.

Cybersecurity Considerations for DX

Changes to the environment must consider both cybersecurity and DX objectives to minimize organizational risks. NIST SP 800-37 Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy provides guidance for establishing a risk management approach for organizations. A key aspect is having a cybersecurity program. One misconception I often hear is that cybersecurity is an IT issue or that it is a technology issue. While we would like this to be true, the reality is that cybersecurity spans the entire organization. The NIST Framework for Improving Critical Infrastructure Cybersecurity and the NISTIR 8183 Rev. 1, Cybersecurity Framework Version 1.1 Manufacturing Profile, are guides that can assist organizations with approaching the challenges or defining and implementing a cybersecurity program in a methodical and consistent way. With a cybersecurity and risk management program in place, organizations can evaluate changes to the environment to verify that they meet their DX goals while also minimizing the cybersecurity risks. While there will always risk, the key is for organizations to find the balance that minimizes risks while also achieving the organizational, regulatory and cybersecurity requirements.

As previously mentioned, legacy components can add complexity to implementing DX and cybersecurity. Careful planning and testing whenever possible is strongly recommended. Building on the NISTIR 8183, NIST also published the Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide to provide a more quantitative approach to determining the performance impact on ICS environments when implementing common cybersecurity controls based on the guidance and recommendations in NIST SP 800-82 Rev. 2, Guide to Industrial Control Systems (ICS) Security.

The MEP National Network™ Can Help You Plan and Implement DX

More interconnections supporting rapid and accurate data gathering are needed to achieve DX objectives and each company’s approach will depend on the types of legacy components within the environment. While upgrading legacy components would be ideal, the reality is that many firms need to support DX with their existing technology. When planning, organizations should carefully balance how to integrate with their existing processes and devices while also protecting their people, data and devices.

Implementing DX can be a daunting task, but is manageable with careful planning, collaboration among company IT and OT staff and the use of valuable resources such as NIST publications and the MEP National Network.

The MEP National Network can help companies find the right balance through strategic planning and offer guidance for DX investments. Contact NHMEP today for more information on how our services can help your manufacturing organization.

 

Original article posted 7/20/2021 on NIST.gov

Learn more about NH MEP Cybersecurity Webinars and Programs

ABOUT THE AUTHOR

michael pease

Michael Pease

Michael Pease joined the Engineering Lab at the National Institute of Standards and Technology (NIST) in 2018 with more than 25 years of experience in both the public and private sector supporting…

About NH MEP
The NH MEP is an affiliate of the National Institute of Standards and Technology (NIST) under the U.S. Department of Commerce. The national MEP system is a network of manufacturing extension centers that provide business and technical assistance to smaller manufacturers in all 50 states, the District of Columbia and Puerto Rico. Through MEP, manufacturers have access to more than 2,000 manufacturing and business “coaches” whose job is to help firms make changes that lead to greater productivity, increased profits and enhanced global competitiveness. For more information please visit www.nhmep.org or call 603-226-3200.

 

About NH MEP

New Hampshire Manufacturing Extension Partnership
172 Pembroke Road
Concord, NH  03301

Phone: 603-226-3200

The New Hampshire Manufacturing Extension Partnership does not discriminate on the basis of race, color, creed, national or ethnic origin, gender, disability, age, political affiliation or belief. This nondiscrimination policy encompasses the operation of all educational and training programs and activities. It also encompasses the employment of personnel and contracting for goods and services.

Press Releases

Greater Rochester Manufacturers Discuss Workforce Challenges and Seek Solutions from the State

FOR IMMEDIATE RELEASE Thursday, May 26, 2022 For more information please contact: Zenagui Brahim President zenaguib@nhmep.org By Cara Tracy, NH MEP | May 17, 2022 | Updated May 26, 2022 Rochester, NH – On two occasions this month, May 16 and May 25, Rochester’s Mayor,...

Building the Pipeline: A Discussion on the Manufacturing Workforce in the Monadnock Region

FOR IMMEDIATE RELEASE Tuesday, March 15, 2022 For more information please contact: Zenagui Brahim President zenaguib@nhmep.org Keene, NH – On Tuesday, March 15, NH MEP President, Zenagui Brahim helped facilitate discussion among Keene area manufacturers. The event...

Key Takeaways from the 19th Annual Governor’s Advanced Manufacturing and High Technology Summit

The 19th Annual Governor’s Advanced Manufacturing and High Technology Summit was held virtually on Friday, October 22 with 156 attendees. Mike Mastergeorge, VP of Brazonics, opened the event and introduced Governor Chris Sununu’s video address highlighting the importance of the manufacturing sector to New Hampshire’s economy.

Manufacturing Month Kicks off at Jewell Instruments

October 1, 2021 – NH MEP kicked off Manufacturing Month at Jewell Instruments – 850 Perimeter Rd in Manchester NH. Tim Dining, VP and General Manager of Jewell Instruments welcomed the visitors and talked about the importance manufacturing plays in the economy and the importance to raise awareness of careers in manufacturing.

MEP National Network by the Numbers: Industry Highlights

The MEP National Network has assisted over 26,800 unique manufacturing clients in every U.S. state and Puerto Rico and has completed over 71,600 projects with a total impact value of over $96 billion while creating or retaining nearly 530,000 jobs in the last five fiscal years.1