What is an Engineering Network?
The Engineering Network is a specific segment within an industrial OT architecture used for management, configuration and programming of automation systems. It connects Engineering Stations with systems such as PLCs, HMIs, SCADA and Industrial Firewalls for maintenance and updates.
The Engineering Network is essential for developing, testing and deploying automation logic, but must be properly protected against unauthorised access and errors.
🧠 How does the Engineering Network work?
- Connection to automation hardware
- Engineering Stations communicate via tools such as TIA Portal, STEP 7, or Unity Pro with PLCs and HMIs
- Use of protocols such as S7 Comm Plus, Modbus, OPC UA or proprietary Ethernet
- Project-based access
- Often used during commissioning, software updates or troubleshooting
- Temporary or permanent connection to the Control Network
- Managed access
- Only authorised engineers gain access via Access Control, Jump Server or VPN
Engineering Networks can be physically separated, logically separated (via VLAN), or accessed virtually.
🏭 Application in OT environments
- Updating PLC programs in production installations
- Configuring HMI screens and SCADA projects
- Setting up Industrial Firewall, Switch, Drives, IO modules
- Diagnosing faults or performing remote maintenance
- Part of OTAP streets (Development, Test, Acceptance, Production)
Typical components:
- Engineering laptops or fixed Engineering Stations
- Asset Management tools
- Version Control systems (e.g. Git, Versiondog)
🔐 Security aspects
- Restrict access to specific users and time slots
- Use Jump Servers or Remote Access with MFA
- Segmentation via the Zone and Conduits model or Industrial Firewall
- Monitor all engineering sessions via SIEM, Audit or Security Monitoring
- Verify firmware and software before rollout (Change Management)
The Engineering Network is a critical attack surface – through a compromised engineering system, the entire production environment can be affected.
🔍 Engineering Network vs. Supervisory & Control Network
| Network layer | Function | Access |
|---|---|---|
| Engineering | Configuration, programming | Authorised personnel only |
| Supervisory | Monitoring, logging, operator interaction | Operators, IT, engineering |
| Control | Real-time control and process control | Machines only |
Best practice: no direct engineering access from IT or internet networks without additional security layers.
📌 In summary
The Engineering Network is the nerve centre for management and configuration of industrial automation systems. By implementing strict access controls, network segmentation and Logging, misuse and human error can be prevented.