Professional Documents
Culture Documents
Industrial Networks
Shaping the industrial
towards a new era of
digital transformation
Telecom Engineering Centre of Excellence (TEE)
Introduction 3
The importance of industrial connectivity 4
Industrial Networks and operational technology 6
Industrial networks’ role in Industry 4.0 and IIoT use cases 8
The key challenges ahead and how to overcome them 9
Industrial Networks maturity model 10
Deloitte experience 13
Lessons learned and key success factors 14
Our Offer 15
The Future of Industrial Networks
Introduction
Industry 4.0 (I4.0) and Traditional industrial networks were the challenges of these use cases, it will
designed to support the connection require Industrial organizations to work
Industrial Internet between industrial assets and enable across several technological capabilities,
the monitoring and control of every aligned with an appropriate governance
of Things (IIoT) device and systems within the industrial model.
transformation is environment. Therefore, these networks,
also known as Operational Technology This paper intends to provide a view of
increasing the need for (OT) networks, focus on workers & the Industrial networks importance for
connectivity between customer safety and network availability, the main use cases of Industry 4.0 and
which differs from Information Technology Industrial IoT and provides a maturity
industrial assets. (IT) networks priorities (i.e., data integrity model that will help organizations to
and protection). As the need of full understand their current maturity level
Industrial businesses are evolving connection between devices and systems and to design a tailored roadmap, that will
and becoming more digital and cloud- becomes more relevant, IT and OT will accelerate the transition to the long-term
oriented, therefore, organizations need to need to progressively converge. network maturity ambition.
evolve their network infrastructure and
connectivity between industrial assets, Predictive maintenance & analytics,
local, central applications and systems. As remote asset control and process
they move forward in this digital journey, monitoring & improvement are examples
it will require to face challenges across of core Industry 4.0 and IIoT use cases,
multiple domains, such as health & safety, that rely on the successful implementation
network security, performance and of OT networks. To achieve the network
governance. ambition and target state, and overcome
3
The Future of Industrial Networks
The importance
of industrial
connectivity
Industry 4.0 and IIoT transformation is While companies invest in technological
increasing the need for companies to invest solutions to improve productivity and
in industrial networks in order to improve performance, such as process automation,
communication of operational data. monitoring of sensors-based data and
remoted controlled machinery, there is
Digital transformation is creating a major an increasing need to connect industrial
impact in Manufacturing and industrial assets and devices. According to Bosch
companies. Across different industries, Connected World Blog, it is expected
there is an increasing focus on growth there to be 14 billion connected devices
leveraged by the implementation of I4.0 worldwide by the end of year 2022 and,
solutions, as well as Industrial Internet of although the manufacturing sector
Things (IIoT) use cases. These disruptive only represents a small part of this, it is
technologies are transforming companies, foreseen a major positive impact in uptime
specially after COVID-19 pandemic, that increase and productivity improvement as
forced to implement remote access a result of the implementation of solutions
solutions, among others. to connect industrial devices.
14 billion
Work
Everywhere
Cyber
Security
connected
Smart
Systems
devices1
Forecasted for 2022 will be
concentrated in 4 industries:
Intelligent buildings;
Wireless Automotive;
Sensors Always Smart Devices
Connected Healthcare;
Utilities.
4
The Future of Industrial Networks
6.000
CAGR: +11%
5.000
4.000
3.000
2.000
1.000
0
2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029
5
The Future of Industrial Networks
Industrial Networks
Industrial networks are the mean to connect all the operational technology
available in an organization, supporting the data exchange between the different
devices and systems in place.
Systems Approach Standalone applications As the need of full connection between all devices and
systems becomes more relevant, IT and OT will progressively
Architectural Model Close and proprietary converge in all aspects and become interconnected.
6
The Future of Industrial Networks
7
The Future of Industrial Networks
Companies are applying Artificial Intelligence Remote asset control is becoming crucial to Applying machine-learning technologies to
and advanced analytics to better understand enable skilled workers flexibility while process historical performance and failure
the production processes and identify drivers drastically improving health and safety. In data enables companies to forecast and plan
of lower performance and operational addition, response times are also improved, maintenance in advance, reducing impacts of
inefficiencies. allowing for cost reduction. equipment failures.
To enable process monitoring, sensors must A strong network with connected devices to Companies must install connected machine
be in place and connected with central central and external systems is crucial to sensors in order to collect data and make
systems to maximize process efficiency implement remote access. data-driven decisions.
and product quality.
Although there are enormous advantages from IIoT applications, it’s crucial to be aware of the
network challenges that come ahead
It is clear that there is a big potential in the evolution of industrial networks to address the
challenges described and bring several benefits to manufacturing companies
Sources: [1] Fortinet [2] National Safety Council (NSC); [3] Claroty; [4] IndustryWeek; [5] Fortinet; [6] IIoT World
9
The Future of Industrial Networks
Industrial Networks
maturity model
Industrial organizations Deloitte’s view on Industrial network
development encompasses 4 stages
need to understand their of maturity. Pursuing an evolution of
current network maturity the network does not assume that the
company will need to always start from
level and work across the 1st stage (Traditional), as there
The evolution and transformation to a network maturity optimal stage involves much more than an
architecture transformation or the implementation of a standard solution.
There are several capabilities that need to be developed and improved, and therefore organizations need to
analyse their status and define a clear strategy to achieve the optimal stage.
10
The Future of Industrial Networks
Industrial Network
Maturity Model
Traditional Essentials Advanced Optimal
Reduced Network & Security Network & Security expertise IT & OT teams integrated and IT & OT network and security
People expertise in OT environments increase in OT environments, aligned with roles and teams aligned and centralized
SOC for OT networks responsibilities defined SOC created
Minimal processes defined for Network Infrastructure Change Processes defined and regularly
Vulnerability Management and
Processes Network Management and Management processes
Incident Response plans created
updated for Network
Maintenance defined Management and Maintenance
Segmentation Flat & Open Network Segmentation Between IT & OT Segmentation for Levels 3 and 2 Micro Segmentation for all Levels
Security Static and basic Firewall DDOS and SSL inspection Cloud sandboxing and
ruleset controls NGFWs, IDS/IPS and Anti-bot of all traffic Identity awareness
Controls
Remote VPNs for critical VPNs for all Industrial Zero Trust based remote
Applications only Cloud based SWG & CASB
Access Applications remote access access model
Technology
Roles and Responsibilities Roles and Responsibilities Privileged Access Management Identity and Access Mgmt.
IAM defined but without proper defined and reviewed for OT solution for main users and OT mechanisms implemented for
privilege distribution Network Environment systems all users and OT systems
Reduced Visibility over OT Network Visibility & Monitoring Network Visibility & Monitoring Network Tools fully integrated
Visibility, Control network Assets and reduced tools deployed and patching tools optimized and patching for end-to-end assets visibility,
& Hardening patching for critical assets for all network devices Control and Patching
LAN Legacy wired based Wired, Wi-Fi based WLAN, Industrial Ethernet, Wi-Fi + Industrial Ethernet, Wi-Fi 6 + 5G
Connectivity connections POCs for SD-LAN Mobile based WLAN, SD-LAN based WLAN, SD-LAN
WAN Hybrid WAN (MPLS + Internet), Hybrid WAN (MPLS + Internet), Internet + 5G based WAN,
MPLS based WAN POCs for SD-WAN SD-WAN SD-WAN
Connectivity
11
The Future of Industrial Networks
To better deploy the capabilities identified between IT and OT networks. In this Deloitte identified three different scenarios
in the previous section, Industrial situation, once an attacker penetrates the and several services/ technologies that are
organizations need to understand which security perimeter, it is extremely difficult commonly used in Industrial environments,
network scenario its currently deployed to ensure that the OT network environment and the distinct characteristics that better
across their OT network. The typical is not compromised. It is important for describe each scenario.
scenario relies on traditional network Industrial organizations to clearly define
security strategies, with a complex the scenario and technologies/ services
governance model and no segmentation that better fit their business needs.
Remote
MPLS/ SD-WAN MPLS/ SD-WAN MPLS/
User
User
Internet overlay Internet overlay Internet
Local Plant Local Plant Data Centre/ Cloud/ Plant Local Plant
Corporate
Corporate
Corporate
Lvl 5-4 Lvl 5-4 Lvl 5-4 Lvl 5-4
IT Users
IT Users
IT Users
Enterprise IT Enterprise IT Enterprise IT Enterprise IT
Advanced Security Controls
Lvl 3 Security Zone Lvl 3.5 Central IDMZ Lvl 3.5 Lvl 3.5
Central IDMZ Local IDMZ
OT & IT alignment
Central OT & IT
alignment
Improved
Manufacturer
OT Users
Lvl 2-0 Security Zone Lvl 2-0 Security Zone Lvl 2 Security Zone
SCADA
SCADA HMI
HMI HMI SCADA HMI
Sensors/ Sensors/
Lvl 1-0 Security Zone
Actuators Actuators
Sensors/ Sensors/ Sensors/
PLC/RTU PLC/RTU Actuators PLC/RTU
Actuators Actuators
• Complex governance model for • Governance model defined and aligned • IT & OT teams integrated
IT with IT & OT needs
• Centralized IDMZ and segmentation
• Flat and open network without • IDMZ and IT & OT network segmentation for lower levels
FEATURES
MAIN
network segmentation
• Security and remote access standardized • IAM, data and services redundancy
• No standard security and services
remote access solutions • OT services standardization and
• SD-WAN connectivity automation
• MPLS/ Internet enterprise
• Firewall security controls • Advanced firewall security controls
• Limited firewall security controls
12
The Future of Industrial Networks
Deloitte
expertise
Our team as a proven Deloitte has a proven track record
supporting different clients across
The initiatives Deloitte supports can start
with strategy definition (e.g.: IT/ OT network
track record supporting several industries and geographies over a convergence strategy), perform a technical
multitude of Industrial
network initiatives
Key experience
Legend: Network security architecture definition Enhanced network visibility and technical assessments IT/OT networks convergence strategy
Business cases and operational models design Software Defined Networks and threat detection & protection implementation
13
The Future of Industrial Networks
1 Align the benefits with site workforce and communicate key changes
1
2 3 2 Minimize the impact in operation and downtimes
14
The Future of Industrial Networks
Our Offer
Deloitte proven experience
results in a holistic OT IT
Level 5-4
networks offer that
covers all stages
of project lifecycle, OT - Centralized systems
Level 3
from assessment and
strategy definition, to SCADA
Historian
solution implementation Server
HMI
and operations and
maintenance.
In addition, Deloitte is capable of helping
clients on transformation journeys that OT - Local systems and devices
involve not only all OT environment Level 2-0
levels but also the integration with IT
infrastructure and networks.
RTUs
Finally, one of the crucial factors that allow PLCs
Deloitte to leverage strategic partnerships Sensors,
detectors and
with key players is the consistency of
actuators
our offer across all the domains of a
business infrastructure:
• Site to site and plant to plant • Datacentre infrastructure, • IT & OT governance model and • Network Planning and
connectivity, leveraging software including consolidation, disaster network segmentation, including Engineering, including
defined WAN (SD-WAN) solutions recovery, migration and zoning, Industrial DMZ, configuration and policy
based on connectivity models decommissioning of DCs micro-segmentation, lateral automation and capacity
(MPLS and Internet) movement security, among management in Industrial
• Next generation DC solutions,
others environments
• On-site and on-plant connectivity, leveraging software defined
levering software defined LAN networking datacentre (SDN-DC) • Network security controls,
• Network and Service operations,
(SD-LAN) solutions for both wired and hyperconvergence including next-gen security
including NOC automation,
and wireless access networks features
• Micro-segmentation solutions, predictive network maintenance
• Remote access solutions, including focusing on on-premise • Hardening IT and OT network and self-healing solutions
next generation VPN services and connectivity, hybrid cloud and devices, including firewall and
software defined Perimeter (SDP) multi cloud implementations router patch management, • Network orchestration to
technologies vulnerability management, automate security and workflows
• Cloud connectivity models and
intelligent rule design, etc. for repeatable network and
• Network performance containerization, within the
enhancements, including organization network (plants, • Risk assessment and compliance security operations tasks in
redundancy and scalability, branches, warehouses, Data based on audit-ready reports for heterogeneous OT Networks
bandwidth, latency and SLAs Centre) all major regulations (e.g.: PCI and
HIPAA) and industrial and
• 4G/ 5G Mobile Private Networks, • Enterprise/ Industrial edge
network security standards (e.g.
including network design, planning, computing strategy definition,
NERC, ANSI, ISA, IEC, NIST)
and sizing including sensors and servers
connectivity, and cloud
integration
15
The Future of Industrial Networks
Contacts
Acknowledgements
16
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte
organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot
obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of
each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.
Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms
and related entities in more than 150 countries and territories (collectively, the “Deloitte organization”) serves four out of five Fortune Global 500® companies. Learn
how Deloitte’s approximately 330,000 people make an impact that matters at www.deloitte.com.
This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms or their related
entities (collectively, the “Deloitte organization”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking
any action that may affect your finances or your business, you should consult a qualified professional adviser. No representations, warranties or undertakings (express
or implied) are given as to the accuracy or completeness of the information in this communication, and none of DTTL, its member firms, related entities, employees or
agents shall be liable or responsible for any loss or damage whatsoever arising directly or indirectly in connection with any person relying on this communication. DTTL
and each of its member firms, and their related entities, are legally separate and independent entities.