3 Ways SD-WAN Can Benefit Industrial Control System Environments

Jun 12, 2020
5 minutes

As communication technology has advanced, businesses have gained more options for connecting satellite facilities, resulting in a culture shift around how things get done. Modern business models are in the midst of another change, driven by another technology beneficial to enterprises' IT and operational technology (OT) networks alike: software-defined wide-area networks (SD-WAN). This solution meets a primary driver for the OT business with its proven ability to reduce operational costs. SD-WAN is also attracting OT attention because of the various options that strengthen connectivity, user experience and security – gains particularly favorable in remote OT locations.


Innovations in ICS and SCADA Systems

Until recently, few people knew about industrial control systems (ICS) and supervisory control and data acquisition (SCADA) networks – and even fewer understood them. Thanks to the technology revolution and the need for data from these systems, many more people now know about industrial automation and control systems – and how vulnerable they may be to malicious nation-state attacks.

Advancements in processor miniaturization, battery technology and communications have allowed industries including mining, manufacturing and utilities to expand their organizational footprints into the most remote regions of the world. Innovations have made it possible for industries with ICS/SCADA systems to operate and maintain geo-diverse process control networks (PCN) as well as lower their cost of operations, especially in the field of communications, both in infrastructure build-out and recurring operating expenditure costs. For example, in exceptionally rural regions, the monthly cost of a leased communication line can easily reach tens of thousands per month for only the minimum bandwidth. This is definitely not the type of connection you would want when running a modern-day processing plant or remote office.

SD-WAN also enables IT/OT security teams by offering greater visibility and more precise control over plant processes, improving a company's overall cybersecurity posture. Consulting firm IDC asserts that current wide-area networking (WAN) technologies, such as multiprotocol label switching (MPLS), are "not meeting the needs of today's modern digital business, especially as it relates to supporting SaaS apps and multi- and hybrid-cloud usage." These are technologies that ICS and SCADA networks would typically not leverage, though the business systems that may be in place at remote locations would. However, because most remote sites require specific IT services – some of which are cloud-based – a little forethought and design can make more bandwidth available for what is genuinely crucial to OT, which is connectivity back to the centralized control center.


Benefits of SD-WAN at Remote Locations

1. Improved User Experience

Unlike current conventional WAN technologies like MPLS, SD-WAN doesn’t need to backhaul to a data center, so it allows remote offices to connect more easily to the internet, which translates to better performance, lower latency and higher performing connectivity. Products like Microsoft Office 365® and LMS training videos can be accessed via the web, freeing up bandwidth on the MPLS circuit for ICS and SCADA traffic.

2. Simplified Operations

In the forecast linked above, IDC says one of the critical factors behind SD-WAN market growth is that "enterprises are interested in easier management of multiple connection types across their WAN to improve application performance and end-user experience." SD-WAN lets enterprises utilize a variety of transport services, including MPLS, VPN, LTE and satellites, using routing policies. Being able to leverage these many options means the OT group does not have to reconfigure devices to adapt to this new technology.

SD-WAN’s ability to bundle together different communication technologies while continuously monitoring them is highly beneficial to a controls network. SD-WAN also allows administrators to assign traffic to a specific link as a preferred path with failover redundancy on one of the others.

SD-WAN also leverages automation to simplify connectivity while offering centralized control through a scalable SD-WAN hub. This feature makes it easier to onboard new users and remote facilities. Plus, with the right solution, OT teams can add SD-WAN at their own pace, using various combinations of deployment models so they don't have to “rip and replace” what's already there.

3. Stronger cybersecurity

An important reason for the popularity of SD-WAN is that it enables significant improvements in cybersecurity while reducing costs. With the implementation of SD-WAN security, the teams and personnel responsible for the care and maintenance of process networks gain holistic visibility and granular control over connectivity into and out of the facility.

Connectivity is still a key driver for OT operations, but moving forward, security is equally important – and the capabilities of SD-WAN make it an ideal solution. From its ease of installation to its ability to merge several communication technologies and direct traffic down a preferred path (such as ensuring that SCADA traffic always traverses the satellite link), the technology has specific practical uses for both IT and SCADA. Most importantly, with the big push for the convergence of IT and SCADA, security is now a paramount concern.


Learn more about how Palo Alto Networks SD-WAN technology can help to secure both your IT and OT infrastructures. Here you will find answers on how to easily build secure wide area networks on Zero Trust principles.

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.