OPSWAT Announces FileScan.IO Asset Acquisition. Read More

Secure and Reliable Cloud Historian Connectivity Using OPSWAT’s NetWall Security Gateway

Historian Overview

Data Historians are widely deployed in industrial control environments to record the operational state of the environment. Historians are a time-series database that record the data values of all plant control systems. The recorded information is used to perform analysis of industrial operations to improve efficiency or to help diagnose an issue that occurred. With a historian, plant operators can see the exact state of every control system at any given time. The data captured by historians are used to answer production performance and efficiency-related questions. If a production failure occurs, the state of every element can be viewed just before and just after the incident.

Analog elements such as hydraulic values, temperature sensors, pressure sensors, etc. are controlled by Programmable Logic Controllers (PLCs). PLC registers representing each analog element are used by the controller for command and control. Historians will periodically read the PLC registers over standard protocols such as Modbus, add a time stamp and store the values along with attributes used to define the element. A set of data representing an element is referred to as a data point.

Points are the basic building blocks of a Historian system. Points (sometimes referred to as tags) are created for every element that the Historian System needs to track, representing the status of an analog element performing a function in an industrial environment at an instance in time. Thus, as the name implies, historians provide a historical view of the status of every operational element being tracked.

Market Trends

As industrial operations continue to strive for greater efficiency, there will be greater dependence on industrial visibility across multiple plants to drive business decisions and reduce costs. Historians will play a major role, moving from being a historical archive to supporting near-real-time analysis, enabling more efficient industrial management.

The resulting demand for greater volumes of readily available data is being met by historian vendors through the implementation of secure, cloud-based historians. Benefits of a cloud-based solution include lowering server hardware and software resource costs, greater system availability, and greater scalability and performance. Moving to the cloud also serves to increase data sharing and collaboration across departments and with third-party vendors and service providers.

The demand for transferring greater volumes of OT data to a cloud-based historian requires the adherence to cybersecurity best practices, including the implementation of Security Gateways to enforce an electronic security perimeter around industrial control assets.

Reliable and Secure Data Transfers Using NetWall USG and BSG

As illustrated in the following diagram, cloud-based historians can aggregate data from multiple distributed industrial control systems, providing a consolidated view of all assets. The data can then be shared across departments and with third parties such as partners or vendors. ICS assets need to be secured from network-borne outside threats by deploying a security gateway at the network perimeter. OPSWAT’s NetWall security gateway is highly scalable. It can be deployed to protect remote ICS assets or deployed to enforce a plant-wide security perimeter and can be configured to transfer a wide range of data types. NetWall Bilateral Security Gateway (BSG) supports replicating data from a local historian to the cloud-based corporate historian or can transfer OPC data directly to the cloud historian. NetWall can also connect remote IIoT assets to a cloud historian, transferring OT data over MQTT or OPC.

NetWall BSG supports native historian replication services from major historian vendors without requiring special interface software, eliminating the complex deployment and support overhead required by other gateways and diodes in the market.

OPSWAT's NetWall BSG was architected to transfer high volumes of data unidirectionally over a non-routable protocol. Through its patent-pending assured delivery architecture, data is reliably transmitted to the destination without requiring retransmission or frequent data backfill operation used by other Gateways and Data Diodes. NetWall also supports data throttling, meaning data is reliably delivered even if there are intermittent network issues. This makes NetWall an ideal solution for securely connecting OT data to cloud-based resources.

After it’s configured, NetWall runs headless, further enhancing its security profile. OPSWAT designed NetWall to meet the growing demands of OT/IT convergence, providing more security than a firewall and more reliability and cost-effectiveness than a data diode.

RELATED LINKS

Contact one of our critical infrastructure cybersecurity experts for more information and assistance.

Sign up for Blog updates!
Get information and insight from the leader in advanced threat prevention.