Industrial Network Security Architecture – Introduction
The ubiquitous advance of communication technologies of the last two decades has been re-shaping the world as we know it impacts all aspects of our daily lives including the world of industrial automation. One of these advances was the adaptation of the Ethernet as the universal communication standard, making the previous RS232/485 serial communication system obsolete. There have been a few very good reasons for this to occur. For once, it has proven to be able to secure the availability and real-time prerequisites of the communication between the Industrial Control Systems (ICS) and all the other devices on the network. Furthermore, Industrial Ethernet networks can facilitate transparent connection with external networks at speeds several times bigger than that of communication systems used before.
This advantage in connectivity availability, speed, and quality comes with a price. Security is the price, especially for connections established to systems outside the production operational area i.e., the internet or other third-party networks. This fact has a substantial impact on the way the industrial network is designed, designed with the view to help protect the network assets from attackers by introducing a range of security measures. It is essential to mention at this point that there is no such thing as a completely secure network. Ensuring security is an ongoing process of never-ending improvement of technologies, techniques, and processes aimed at preventing and eliminating the increasingly present threat of malicious actors active online.
The Industrial Network Security Architecture follows the guidelines of international industry security regulations and standards such as NIST and ISA/IEC-62443. These standards pertain to the idea of creating multiple layers designed to detect and prevent threats that may put at risk critical information, the integrity of data, or goods to be produced. To achieve a secure operational technology environment a multi-layered, holistic approach must be introduced where a number of security solutions complement each other. These solutions are:
1. Network segmentation & protection
Segmenting the industrial network in to individual zones with adequate protection limits a potential compromise to a particular network zone preventing or impeding a malicious actor from lateral movement across the network. To achieve this IT and OT specialists must work together to deliver a zone-based architecture that caters for both cybersecurity and production needs. An inherent part of the segmentation process is defining communication relations between different zones of the operational technology’s network, implementation of zones’ firewall policies, real-time traffic monitoring, anomaly detection, and incident reporting.
2. Asset management
To successfully protect the assets in the operational environment, all assets must be accounted for. The best solution for this instance is a Network Management System (NMS) capable of automatically detecting active devices on the network producing a comprehensive asset list with additional information such as firmware version. Consecutive to compiling such a list is the hardening of the assets by such means as updating firmware and changing default credentials to user-defined ones.
3. Secure remote access management
Access from outside the plant is necessary for maintenance, updates, or diagnostics by authorised parties. Usually, such access occurs via the internet or from other untrusted areas. These connections must be secure. This can be achieved by secured remote access and user rights management solutions integrated with the corporate access policy tool.
4. Training and awareness
Recent research shows, that the human factor contributes to over 95% of security breaches recorded in operational technology networks. This is in most cases due to the lack of knowledge and information amongst the staff about the current development of the cyber threat landscape. Regular training aimed at informing staff about plant-specific security measures, company cyber-security policy is absolutely necessary to prevent from occurring of cyber-security breaches.