VICOM's Secure Industry 4.0
Functional Components Description
Intelligent production line
It is intended to deploy several small production lines that include the necessary machines and devices to simulate real production factories. This line would have several stations, including both the manufacturing and verification stages. The components of this line would communicate with the MES and the product to perform the action that corresponds according to the needs of the client. The components will communicate following the OPC-UA protocol.
The production line includes hardware, software and communication elements. The following are also included:
MES software which controls the production process at a high level, indicating what has to be produced. It is contemplated using it with an Open Source MES as well as the possibility of incorporating a commercial MES from the surrounding environment in order to validate potential cases that may occur in companies. It is a Software element that must be integrated in a PC within the perimeter of the OT network.
ERP Software system that allows centralizing the corporate management, including the production planning, cost control, raw material inventories and traceability.
Gatherer logs agents: These are lightweight software elements installed in various points of the IT and OT networks in order to collect information on the operational, communication or security applications launched in them. In principle, the use of Open Source Agents is considered since the commercial is not necessary.
Intrusion detection and prevention systems (IDS / IPS): Software elements that allow the detection of unusual traffic patterns by setting standards, blocking them or generating alarms. Additionally, the use of Host IDS (HIDS) will be evaluated, which allows monitoring the status of a specific host and detecting threats within it.
SIEM System is a software system for the collection, centralization and correlation of the information and events collected in the different logs by the agents. This allows the real-time analysis of information in order to launch alerts or detect threats. Both Open Source and commercial solutions will be contemplated.
Industrial firewall is a Hardware Firewall focused on the specific needs of production environments, in which traditional networks (IT) coexist with those of production (OT). It is a specific Security Hardware. This element will also allow the monitoring of the OT network’s traffic internally and its interconnection with the OT network.
Firewall IT: This firewall focuses on the general needs of an organization to protect from threats originated through Internet access. It is a commercial product to ensure an analogous environment to that of any company. It is a specific security hardware which will also allow to monitor the traffic entering and leaving the internet.
Platform of Historization and Analytics
The generated data will be stored complying with the necessary security measures (encryption, anonymization, transformation…). This data will be processed in a cloud-like platform, thus avoiding the installation and maintenance of IT infrastructure in the plant.
Support platform for R + D + i projects
This platform will be used to develop R+D+i projects with a cooperative approach. Participants may use their own nodes, both individually or with third parties, in order to carry out other R+D+I projects of a different nature in relevant conditions. These projects should be mainly conducted by researchers and in a one-off case private projects may be developed. In the latter case, pay-per-use models may be contemplated for using the testbed for the aim of financing the projects amortization or maintenance.
Benchmarking, evaluation and / or certification of products and / or services
The testbed may be used to support benchmarking, evaluation or certification of goods and services. For instance, provided that Basque authorities issued a certificate, the evaluation of the products or services could be conducted on the testbed.
The asset may be used as a platform for offering and developing a wide-range of training activities, as for instance, cyber-ranges. In other words, enabling access to the testbed to end users, companies offering cybersecurity training or researchers, so they can prepare and provide training or sophisticated simulation environments.
Support for awareness actions or generation of cybersecurity culture
In the event that public-private partnerships are encouraged, the testbed will enable conducting activities in order to support international events, to create scenarios for attracting talent or to promote the local companies as leaders in industrial cybersecurity.
Cybersecurity, Smart and Connected Machines, Big Data Analytics, Flexible Robotics
Support platform for R + D + i projects: This platform will be used to develop R+D+i projects with a cooperative approach. Participants may use their own nodes, both individually or with third parties, in order to carry out other R+D+I projects of a different nature in relevant conditions.
Benchmarking, evaluation and / or certification of products and / or services: The testbed may be used to support benchmarking, evaluation or certification of goods and services.
Training: The asset may be used as a platform for offering and developing a wide-range of training activities, as for instance, cyber-ranges. In other words, enabling access to the testbed to end users, companies offering cybersecurity training or researchers, so they can prepare and provide training or sophisticated simulation environments.
Support for awareness actions or generation of cybersecurity culture: the testbed will enable conducting activities in order to support international events, to create scenarios for attracting talent or to promote the local companies as leaders in industrial cybersecurity.
Servers & Storage
CELVIN NAS QR1006 8x6 TB NA (Quantity:2)
RX2540 M4 server with storage (Quantity:2)
PGRA CP NVIDIA Tesla M10 (Quantity:2)
Dell Pc OptiPlex 3040 SF,i3-4160,4Gb,500Gb,DRW,W10,1 year, DVD±RW (Quantity:4)
Dell Memory 4GB Certified Memory Module - 1RX16 UDIMM 2400Mhz (Quantity:4)
Dell Warranty for Optiplex 3xxx (1 year/s NBD to 5 year/s NBD) (Quantity:4)
Dell Monitor Professional P2417H,23,8",3 years. (Quantity:4)
Monitor Warranty Extension 5 years (Quantity:4)
Software licenses (3 years)
WINSVR 2016 STD 16Core ROK (Quantity:5)
WINSVR 2016 STD AddLic 4Core ROK (Quantity:5)
Veeam Backup Essentials Standard 2 socket bundle for Vmware (Quantity:1)
2 additional years of Basic maintenance prepaid for Veeam Backup Essentials Standard 2 socket bundle for Vmware (Quantity:1)
VMware vSphere 6 Essentials Kit for 3 hosts (Max 2 processors per host) (Quantity:1)
Subscription only for VMware vSphere 6 Essentials Kit for 3 years (Quantity:1)
SQLSvrStd 2017 SNGL OLP NL Academic (Quantity:1)
SQLCAL 2017 SNGL OLP NL Acdmc UsrCAL (Quantity:10)
AlianVault Solution (3 years license) (Quantity:1)
Fabrik-Simulation 24V FISCHERTECNIK (Quantity:1)
SAI8031: IPC-201C Mix station for analog variable control: pressure, level, temperature and flow (Quantity:1)
Industrial Control System
PLC SIEMENS, with HMI, tp900 8" (Quantity:1)
PLC BECKHOFF, Basic CPU module CX2040, intput/output module (Quantity:1)
PLC Phoenix Contact, CPU AXIOLINE 1050, SD card, Modbus module, Backnet module (Quantity:1)
eWON distributed periphery (Quantity:1)
Relyum SPPS Plan Platform (Quantity:3)
MS Windows Embedded Standard 7 P 64 bit (BeckHoff PLC) (Quantity:1)
TwinCAT 3 runtime (BeckHoff PLC) (Quantity:1)
OPC server (Quantity:1)
LAB VIEW SIMULATION PLAN (3 year license) (Quantity:1)
Plant Simulation Siemens 3 years, Academic Version (Quantity:1)
ODOO (ERP and MES) (Quantity:1)
Rack & ups
APC Smart-UPS SRT 6000VA RM 230V (Warranty: 3 years) (Quantity:1)
NetShelter SV 42U 800mm Wide x 1060mm Deep Enclosure with Sides Black (Quantity:1)
Rack PDU, Basic, 1U, 16A, 208/230V, (12) C13 (Quantity:2)
CISCO SYSTEMS Nexus 3524x - 24 10G Ports (Quantity:1)
CISCO SYSTEMS N2K/3K 400W AC Power Supply -Std airflow (Port side exhaust) (Quantity:1)
CISCO SYSTEMS Nexus 3524 Layer 3 LAN Enterprise License (Quantity:1)
CISCO SYSTEMS 10GBASE-SR SFP Module (Quantity:6)
CISCO SYSTEMS 1000BASE-SX SFP transceiver module - MMF - 850nm - DOM (Quantity:6)
CISCO SYSTEMS SG300-28 28-port Gigabit Managed Switch (Quantity:2)
CISCO SYSTEMS Gigabit Ethernet SX Mini-GBIC SFP Transceiver (Quantity:4)
FIREWALL PaloAlto PA-820; all modules license. (support for 3 years). (Quantity:1)
FIREWALL PaloAlto PA-220 Basic (support for 3 years) (Quantity:2)
Fortigate 101E Basic (support for 3 years) (Quantity:1)
CheckPoint 750 Basic (support for 3 years) (Quantity:1)
Rack & ups
Rack unit (Quantity:2)
Industrial Switch Siemens RX1400 (Quantity:1)
Fortigate 90D Ruggedized Basic (support for 3 years) (Quantity:1)
Non-profit (NDA and/or acknowledgement required)