Picture a factory floor. The air hangs heavy, thick with the metallic tang of machinery and the oil that keeps it all turning. Every square foot seems to be utilized. Rows of hulking machines dominate the space. Between them are narrow pathways that workers and machines must navigate.
These are the conditions for which E80 Group, an Italian multinational, based in Viano, Italy, builds its autonomous and laser guided vehicles (AGVs and LGVs) that can move around a facility, transport materials, and interact with other machines and systems in warehouses, distribution centers, and manufacturing plants. E80 Group has equipped more than 450 integrated factories in various parts of the world installing over 2,800 robotic systems, more than 9,000 AGVs and LGVs, and several high-density automatic warehouses. Every day, E80 solutions handle more than 1 billion€ of products worldwide.
Modern AGVs utilize sophisticated technologies like laser scanners, vision cameras, and LiDAR that allows for dynamic path planning, obstacle detection, and safe operation in complex environments. Modern AGVs are also networked – communicating with other AGVs, robots, and central control systems, which enables better coordination and fleet management. They are a key enabler of smart manufacturing, and a component of Industry 4.0, making possible more automated, data-driven, and optimized manufacturing processes, by delivering the right thing to the right place at the right time.
But extensive connectivity can also increase the threat of cyberattacks. “The increased reliance on technology and connectivity in modern AGVs introduces new cybersecurity challenges that manufacturers and distributors need to address,” says Fabio Oleari, Manager of OT cybersecurity at E80 Group, “In addition to data theft, malware attacks, etc., malicious actors could potentially hack into the AGV’s control system, hijack its movement, or disrupt its operations.”
Bringing together industrial security, mobility, and networking
E80 Group is committed to making their AGVs as secure as possible. For that purpose, they rely on Cisco’s unified industrial security and networking architecture. This architecture embeds security within industrial networking equipment such as Catalyst Industrial Ethernet Switches and Catalyst Industrial Routers, and serves to eliminate point security products, simplify the architecture, and make deployments easier to scale.
“At E80 Group we use Catalyst IE3400 Rugged Series switches with expansion modules in our AGVs to connect the PLC, sensors, and other equipment in the vehicle,” said Oleari, “The IE3400 switches host Cisco Cyber Vision sensors that provide us with visibility into all connected equipment and the network traffic.” This depth of visibility lets E80 Group detect any unauthorized equipment or any unusual traffic that might indicate presence of a threat.
“We use ISE [Cisco Identity Services Engine] to authenticate connected equipment, Cyber Vision to logically group equipment on each AGV, and ISE to set segmentation policies. Segmenting the network restricts traffic in and out of the AGV and helps prevent malware or any malicious activity from entering or propagating within the system,” remarked Oleari. Thanks to Cisco’s converged OT cybersecurity and networking architecture, E80 Group can accomplish all this without deploying additional equipment.
The diagram below shows the simple three step process that allows E80 Group to secure their AGVs. Device and traffic details gathered by Cyber Vision sensors are sent to Cyber Vision Center for visualization and formulating segmentation policies that are defined in Cisco ISE, which communicates these policies to the Catalyst IE3400 for enforcement.
Making it easy to automate, deploy, and monitor
E80 Group delivers hundreds of AGVs to a customer. Configuring and monitoring switches and Cyber Vision on these many vehicles manually is not only time consuming but can also lead to inaccuracies. To automate such tasks and reduce time to deploy, E80 Group teamed up with Italtel, a system integrator and Cisco Gold Partner. Founded in 1921 and headquartered in Milan, Italy, Italtel has a storied past and has long been a pioneer in telecommunications, software defined networking, 5G, and industrial IoT, with specialization in areas of smart manufacturing and OT cybersecurity.
“We designed a system for E80 Group that allows them to provision and configure Catalyst IE3400 switches and Cyber Vision in hundreds of AGVs at their customer locations”, said Simone Ogadri, Cyber Security Engineering Manager at Italtel. This system allows E80 Group to provide managed services to ensure security of their AGVs deployed in customer sites.
“We used the APIs available in Catalyst IE3400’s IOS XE operating system, Cyber Vision, and ISE to build this dashboard,” explained Ogadri, “By using open-source tools for IT automation such as Ansible, we are able to provision switches, configure Cyber Vision, and update software automatically.”
Using these tools, E80 Group can remotely activate their AGVs at customer sites. “Once provisioned, we use Cyber Vision and ISE to group connected assets in each AGV, create segmentation policies, and instruct the Catalyst IE3400 to enforce these policies, with point-and-click simplicity”, explained Oleari. Using Cyber Vision, they can now continuously monitor each AGV.
The diagram below shows connected components and associated traffic within an AGV as visualized in Cyber Vision.
Driving smart manufacturing
As the momentum towards the evolution to Industry 4.0 accelerates, analyst data shows a steady growth in adoption of AGVs, AMRs, mobile handheld tooling, etc. Left unaddressed, the resulting increase in the threat surface can have several negative consequences that could impact productivity, lead to financial losses, and even threaten worker safety. By taking proactive measures to secure mobile devices, organizations can mitigate these risks and ensure safe, efficient, and reliable operations.
With comprehensive security built into the networking equipment, Cisco makes it easy for machine builders to connect, protect, and deploy their industrial solutions, and offer managed services to their customers.
Learn more about Cisco Industrial Threat Defense, our manufacturing solutions, or schedule a free, no obligation, consultation with one of our industrial experts.
Share: