Improve the security of your industrial network to strengthen IT/OT convergence

Post-pandemic, the past two years have been synonymous with a rapidly changing global environment. More than ever, businesses are facing uncertainties, such as material shortages and supply chain disruptions, forcing business owners to build operational resilience to stay competitive. For many industries, IT/OT convergence is the way forward to build resilience. To ensure successful convergence, it is essential to develop a reliable and secure network infrastructure.

According to IDC Technology Spotlight, the key to successful IT/OT convergence is to combine the disciplines and capabilities of network and cybersecurity. However, the merging of IT and OT is also making industrial networks more complex. An increasing number of field devices now need to be connected to the network. Therefore, building network capacity is essential to be able to reliably and accurately handle large and growing amounts of data. In addition, security issues should not be overlooked. As the number of connected devices increases, the potential gateways for intruders to gain access to your network also increase. Implementing security principles should be the first step towards building a solid foundation for your network infrastructure. However, adopting cybersecurity in the OT realm can be challenging because networking and cybersecurity requirements for industrial applications are often very different. In this article, we focus on how you can improve industrial network security to build a solid network foundation for successful IT/OT convergence.

Security of industrial networks: a few things to consider

OT operations have zero tolerance for interrupts. Any system shutdown could lead to huge losses. However, cybersecurity practices generally encourage operators to constantly update their systems to improve network protection against ever-evolving cyber threats. This makes OT operators hesitant to implement cybersecurity measures, as each system update means they have to shut down parts of their operations, reducing production efficiency. To balance the need for uninterrupted operations and improved cybersecurity measures, we recommend a two-step approach to improving your network security. Start by identifying and building a layered defense for critical operations to protect against cyber threats, then build secure networks that meet your operational requirements. The following sections explain this in more detail.

Take a defense-in-depth approach to your industrial operations

The idea of ​​defense in depth is to provide multi-layered protection by implementing cybersecurity measures at all levels to minimize security risks. In the event of an intrusion, you have a better chance of detecting and mitigating the threat quickly, minimizing the damage it can cause. Building a strong defense starts with a thorough security assessment of your organization. Based on the assessment report, you can implement multi-layered protection and deploy cybersecurity measures for every aspect of your industrial organization, including physical security, ICS networks, and device security. To help you more easily implement the concept of defense in depth, you can refer to international safety standards designed for industrial automation and control systems. IEC 62443, in particular, provides comprehensive guidelines for adopting defense-in-depth security in industrial operations to create a solid security foundation.

Build a secure network infrastructure that meets your operational requirements

When developing a secure network infrastructure, especially for converged IT/OT networks, your network connections to the OT field site must be both secure and reliable. In the following paragraphs, we want to highlight some areas to consider when improving network security for your OT network infrastructure.

Select secure devices to harden your network edge

In the past, OT system security often relied on air spacing. In some cases, security has been completely ignored. Once your field devices are connected, your network devices not only require industrial-grade reliability to prevent unplanned downtime, but also basic security features to combat cyber threats. Security features such as user authentication mechanisms can help control user access to the network. Another important security feature, Secure Boot, helps ensure the integrity of your network devices. Creating a security checklist to verify that your network devices are protected is essential to maintaining a secure network environment. You can also check if network devices are certified for internationally recognized safety standards such as IEC 62443. For example, compliance with this standard means that these devices are developed based on the development lifecycle guidelines of IEC 62443-4-1 secure products and are equipped with security features to protect network devices and improve overall network security.

Protect your network with various security capabilities

For optimal OT network protection, you need a layered defense to ensure that if one layer of protection fails, the next layer is still active. Segmenting your OT networks into multiple zones helps improve network security and prevents threats from affecting other systems. Features such as VLAN and firewalls enhance security by dividing your network into isolated zones and filtering out malicious or unauthorized traffic. For more proactive measures, industrial intrusion detection/protection systems (IDS/IPS) identify and contain threats in a specific area if a network node is compromised. Adding access control is another good way to increase network security. By leveraging authentication protocols such as IEEE 802.1X, you can verify users accessing your OT networks. There are also other access control features available to allow authorized users, defined by MAC address or other forms of identification, to access parts of the network through specific ports based on role. assigned to them.

Improve network health visibility and streamline management

The more field devices are connected, the more difficult it becomes to efficiently configure, monitor and maintain the network. Providing OT users with tools to quickly configure security settings for multiple devices reduces the complexity of network management. Additionally, you also need a way to easily monitor and maintain the security level of each network device for day-to-day operations. When choosing devices for your industrial networks, look for easy-to-use, user-friendly network management tools that can save you time managing security settings and monitoring the security status of your network devices.

Leverage OT networking and security purpose-built for your network infrastructure

When building a secure network infrastructure, choosing the right devices as the building blocks of your network is essential. Moxa’s EDS-4000/G4000 series is a family of IEC 62443-4-2 certified Ethernet switches designed to simultaneously help you enhance your industrial network security and meet various networking demands. The design of the EDS-4000/G4000 series follows strict IEC 62443 security guidelines to create a versatile and secure network solution that passes our customers’ most stringent cybersecurity assessments across different industries, including critical infrastructure.

Courtesy of MOXA

Kevin M. Risinger