The increasing digitization of manufacturing brings with it new risks, and as cybercrime pervades every system everywhere, manufacturing IT professionals have a vested interest in preventing the access of networks with robust, powerful cybersecurity technology that does not hinder intended users from taking advantage of all that data. Unfortunately, too many manufacturers have turned to cybersecurity solutions that involve so-called “black boxes,” or systems that remain completely opaque to the user.
This approach can be criticized as a form of “security through obscurity,” a concept that has been widely known among security experts since the late 1800s, when cryptographer Auguste Kerckhoffs developed what became known as Kerckhoffs’ principle: A properly designed security system – no matter whether it involves cryptography, locksmithing, or cybersecurity – should remain secure even if everything but the key itself is public knowledge. No secret can remain safe forever, and the moment these black boxes are opened, they inevitably become worthless for securing data – which means robust security is only truly possible by removing black boxes from machine connectivity hardware altogether.
In addition to the security flaws created with black-box systems, this approach also closes systems to any improvements after deployment. Not only does a black box hide the mechanism by which it outputs data, it prevents the user from changing or improving the mechanism. After all, if one opens the box to change anything inside, the box loses its ability to provide security. Given that manufacturers frequently discover new use cases for their data – such as new methods for machine monitoring or preventive maintenance – this level of inflexibility severely hampers efforts to further improve and optimize processes.
To overcome these challenges and deliver a truly robust cybersecurity launch platform, Mazak Corporation designed its Mazak SmartBox to operate with open-source software and protocols at the same time it offers virtually limitless scalability. Featuring a Cisco® Industrial Ethernet 4000 Series Switch and designed to operate with a full-featured implementation of the MTConnect® standard communications protocol, the Mazak SmartBox provides connectivity for machines and devices, which enhances monitoring and analytical capabilities as it provides a far greater level of cybersecurity without the use of black boxes.
With several standard input ports and connection ports, SmartBox quickly and easily connects any standard off-the-shelf sensors to the system for machine-data gathering and condition monitoring. One SmartBox installed on a nearby I-beam or a Mazak-supplied stand can serve several machine tools, along with other associated manufacturing equipment, depending on the application and cybersecurity needs.
The SmartBox offers network isolation, which prevents unauthorized access from both directions – to and from the machines and equipment on a network – through a virtual local area network (VLAN). With this, as well as its implementation of MTConnect, the SmartBox satisfies the critical security concerns of IT departments when connecting new and legacy equipment alike to a plant’s main network for the purpose of gathering manufacturing data.
A core component of the Mazak iSMART Factory™ paradigm, the SmartBox enables complete digital integration of Mazak’s advanced manufacturing cells and systems to achieve free-flow data sharing in terms of process control and analytics. As a result, Mazak has increased utilization for monitored machines by double-digit percentages, a capacity windfall that has reduced operator overtime by 100 hours per month and brought 400 hours per month of previously outsourced work back in house.
However, as the global economy centers itself increasingly on the big data that underpin all industries, protecting that data becomes vital. This is especially true for manufacturers, many of whom do sensitive work that requires security clearances, Department of Defense (DOD) oversight or, in some cases, Host Intrusion Prevention System (HIPS) certification from the National Security Agency (NSA).
This high level of trust requires complete transparency from manufacturers – including their security systems. To help manufacturers meet these stringent security requirements is the reason Mazak removed any black boxes from its SmartBox’s system architecture. Not only does this qualify the device for the most demanding security applications, but it gives manufacturers and their IT departments complete ownership of their data, a commodity in and of itself.
With a SmartBox-powered network, IT professionals collect and store the data themselves. If the data must be shared, IT departments can now audit it and send only what a partner or vendor needs to accomplish their task. This is a massive paradigm shift, one that empowers manufacturers to realize the advantages of data stewardship.
With the help of their operational technology (OT) colleagues, IT professionals also can use this data as a guide to expand upon the SmartBox’s existing feature set. As an IT solution, the SmartBox requires active management by IT professionals, who can interact with SmartBoxes on an individual basis or use software like the Cisco Fog Detector to manage an installation with numerous SmartBoxes.
But, because each SmartBox is built around a Linux PC, the microapplication possibilities are virtually endless; if a sensor exists to measure data in a machine, it can be incorporated into the SmartBox data collection routine.
The Mazak SmartBox represents a major step forward for manufacturers in terms of balancing cybersecurity needs with the utilization of data leveraged toward improving OEE. By eschewing security through obscurity and empowering IT professionals to collaborate with their OT colleagues with computing at the edge, Mazak has ensured that real-time manufacturing data continues to play a vital role in manufacturers’ efforts to improve productivity, efficiency and responsiveness to customers and market changes.
