JohnCalderwood
Member
All, we have been given a proposed plan, but would be interested to know your views on potential security issues or otherwise.
There are 2 production sites, side by side. Site A is the Main producer and is a customer of Site B (Site B provides raw materials for Site A)
Each has its own Industrial Ethernet Network all with Rockwell ControlLogix PLCs.
Currently Site A gets a daily email update from Site B of raw materials delivered the previous day to use as comparison data for consumption.
Site A management wishes to get live data from Site B as to tank levels and flows between the sites, rather than wait on the daily email.
Proposal put forward is to add a new Ethernet Card to the main Site B CLX PLC, with an IP address from Site A's main Industrial Network, and cabled direct to a PLC on Site A's premises.
Site B will then give Site A a list of CLX Tags containing all the data they require and Site A intend to either read that using a MSG instruction from one of Site A's PLCs, or read directly from Site B's PLC using Site A's Rockwell Transaction Manager.
All clear as mud?
Are there any potential security issues in connecting the networks in this way, such as can Site A see all of Site B's PLCs or vice-versa?
Could Site A personnel connect to the Site B PLC and access/alter the PLC code therein, or could Site B people connect to any of Site A's PLCs and access/alter their PLC code?
If these are possible, is there a way of blocking such access capability?
Site A and Site B are different companies. Assume that there is capability of accessing the networks of both sites via external VPN links covered by firewall rules and involving corporate IT...
I would be interested in your viewpoints here.
Also if there are possible alternative ways of gathering the same information?
Thanks in advance
There are 2 production sites, side by side. Site A is the Main producer and is a customer of Site B (Site B provides raw materials for Site A)
Each has its own Industrial Ethernet Network all with Rockwell ControlLogix PLCs.
Currently Site A gets a daily email update from Site B of raw materials delivered the previous day to use as comparison data for consumption.
Site A management wishes to get live data from Site B as to tank levels and flows between the sites, rather than wait on the daily email.
Proposal put forward is to add a new Ethernet Card to the main Site B CLX PLC, with an IP address from Site A's main Industrial Network, and cabled direct to a PLC on Site A's premises.
Site B will then give Site A a list of CLX Tags containing all the data they require and Site A intend to either read that using a MSG instruction from one of Site A's PLCs, or read directly from Site B's PLC using Site A's Rockwell Transaction Manager.
All clear as mud?
Are there any potential security issues in connecting the networks in this way, such as can Site A see all of Site B's PLCs or vice-versa?
Could Site A personnel connect to the Site B PLC and access/alter the PLC code therein, or could Site B people connect to any of Site A's PLCs and access/alter their PLC code?
If these are possible, is there a way of blocking such access capability?
Site A and Site B are different companies. Assume that there is capability of accessing the networks of both sites via external VPN links covered by firewall rules and involving corporate IT...
I would be interested in your viewpoints here.
Also if there are possible alternative ways of gathering the same information?
Thanks in advance
Last edited: