Beydoun 的观点是，完全交换的网络消除了冲突并改善了 EtherNet/IP 等网络的确定性行为。根据 ISA/IEC 62443 安全标准添加安全区域和管道提供了一种在控制网络中对子系统进行分段和分区的方法。区域可以由具有相似功能和安全要求的节点组定义。类似安全要求的示例包括所有位于相同功能区域（例如包装）、包含知识产权、支持运动或控制环境敏感材料的设备。安全管道是不同安全区域的互连。

他补充说，确保区域之间的通信路径受到访问控制、能够抵抗拒绝服务攻击以及确保它们不会让受损区域传播到更广泛的网络至关重要。VLAN 是一种提高安全性并包含广播消息作为实施安全区域和管道的一部分的方法。网络配置，例如实施服务质量 (QoS) 流量优先级以确保时间关键的控制流量不会被阻塞，使用 IGMP 侦听来控制多播消息以减少网络拥塞有助于优化正确分段的网络。

网络解决方案

“鉴于 IIoT 连接为离散、混合和流程行业提供质量改进、减少浪费和吞吐量加速机会，通过网络交换机实施安全区域和管道的网络概念广泛适用于自动化领域，”Beydoun 说。“然而，某些应用对细分特别重要，例如工人靠近的运动设备，例如协作机器人或分区安全应用，当工人接近时，光幕会阻止潜在危险机械的运动。”

其他需要保护的重要领域包括可能泄露机密配方、制造过程或其他有价值信息的操作，这些信息可提供竞争优势。涉及腐蚀性化学品或极稀土金属的工艺也需要进行特殊细分，以保护环境和管理财务风险。

一旦这些更敏感的区域被识别和分割，就可以实施额外的安全措施，例如设备级别的 CIP 安全，以实现基于策略的访问控制。遵循 ISA/IEC 62443 纵深防御以及安全区域和管道方法有助于阻止不良行为者试图渗透和攻击设施。

应对工程挑战

“在工厂和工厂内启用 IIoT 和工业 4.0 应用程序，通过预测故障检测、自动备件重新订购、通过数字双胞胎的新产品开发反馈循环等，创造了一个全新的可能性世界，”Beydoun 总结道。“单对以太网解决方案，例如过程中的 Ethernet-APL 和离散和过程中的 EtherNet/IP 资源受限设备连接，正在帮助将更多智能设备添加到网络中，从而为云连接和分析打开这些数据。”



以下是我司【主营产品】，有需要可以发来帮您对比下价格哦!

主营：世界品牌的PLC 、DCS 系统备件 模块

①Allen-Bradley(美国AB)系列产品》

②Schneider(施耐德电气)系列产品》

③General electric(通用电气)系列产品》

④Westinghouse(美国西屋)系列产品》

⑤SIEMENS(西门子系列产品)》

⑥销售ABB Robots. FANUC Robots、YASKAWA Robots、KUKA Robots、Mitsubishi Robots、OTC Robots、Panasonic Robots、MOTOMAN Robots。

⑦estinghouse(西屋)： OVATION系统、WDPF系统、MAX0系统备件。

⑧Invensys Foxboro(福克斯波罗)：I/A Series系统，FBM(现场输入/输出模块)顺序控制、梯形逻辑控制、事故追忆处理、数模转换、输入/输出信号处理、数据通信及处理等。Invensys Triconex: 冗余容错控制系统、基于三重模件冗余(TMR)结构的现代化的容错控制器。

⑨Siemens(西门子)：Siemens MOORE， Siemens Simatic C1，Siemens数控系统等。

⑩Bosch Rexroth(博世力士乐)：Indramat，I/O模块,PLC控制器,驱动模块等。

◆Motorola(摩托)：MVME 162、MVME 167、MVME1772、MVME177等系列。

PLC模块，可编程控制器，CPU模块，IO模块，DO模块，AI模块，DI模块，网通信模块，

以太网模块，运动控制模块，模拟量输入模块，模拟量输出模块，数字输入模块，数字输出

模块，冗余模块，电源模块，继电器输出模块，继电器输入模块，处理器模块。

 

Beydoun’s view is that a fully switched network eliminates collisions and improves deterministic behavior of networks such as EtherNet/IP. The addition of secure zones and conduits per the ISA/IEC 62443 security standards provides a way to segment and zone sub-systems in a control network. Zones can be defined by groups of nodes that have similar functional and security requirements. Examples of a similar security requirements include devices that are all in the same functional area (e.g. packaging), contain intellectual property, enable motion, or control environmentally sensitive materials. A secure conduit is the interlinking of the different security zones.

He added that it’s critical to ensure that the communication paths between zones are access controlled, are resistant to denial-of-service attacks, and can ensure that they don’t allow a compromised zone spread to the broader network. VLANs are a way to improve security and contain broadcast messaging as a part of implementing secure zones and conduits. Network configuration such as implementing Quality of Service (QoS) traffic prioritization to ensure time critical control traffic isn’t held up and use of IGMP snooping to control multicast messages to reduce network congestion can help to optimize properly segmented networks.

Networking solutions

“Implementing the networking concept of secure zones and conduits via network switches is broadly applicable in the automation space given that IIoT connectivity offers quality improvement, waste reduction, and throughput acceleration opportunities across both discrete, hybrid and process industries,” Beydoun said. “However, certain applications are particularly important to segment such as motion equipment that workers are in near proximity to such as collaborative robotics or zoned safety applications where light curtains stop the movement of potentially dangerous machinery when a worker gets to close.”

Other vital areas to protect include operations that could reveal confidential recipes, manufacturing processes, or other valuable information that provides for a competitive advantage. Processes that involve corrosive chemicals or extremely rare earth metals are also in need of special segmentation to both protect the environment and to manage financial risk.

Once these more sensitive zones are identified and segmented, additional security measures can be implemented such as CIP Security at the device level for policy-based access control. Following the ISA/IEC 62443 defense in depth and secure zone and conduit approach can help to deter bad actors from attempting to infiltrate and attack a facility.

Addressing engineering challenges

“Enabling IIoT and Industry 4.0 applications within plants and factories allows for a whole new world of possibilities through prognostic failure detection, automatic spare reordering, new product development feedback loops via digital twins and so forth,” Beydoun concluded. “Single Pair Ethernet solutions such as Ethernet-APL in process and EtherNet/IP Resource-Constrained Device connectivity in both discrete and process are helping to add more intelligent devices to the network thereby opening up this data for cloud connectivity and analysis.”