For many industries, IT/OT convergence is the way forward to build resilience. To ensure successful convergence, it is essential to develop a reliable and secure network infrastructure.
More than ever, businesses are facing uncertainties, such as material shortages and supply chain disruptions, forcing business owners to build operational resilience to stay competitive. For many industries, IT/OT convergence is the way forward to build resilience. To ensure successful convergence, it is essential to develop a reliable and secure network infrastructure.
According to IDC Technology Spotlight, the key to successful IT/OT convergence is to combine the disciplines and capabilities of network and cybersecurity. However, the merging of IT and OT is also making industrial networks more complex with an increasing number of field devices now needing to be connected to the network. Therefore, building network capacity is essential to be able to reliably and accurately handle large and growing amounts of data. In addition, security issues should not be overlooked.
As the number of connected devices increases, the potential gateways for intruders to gain access to the network also increase. Implementing security principles should be the first step towards building a solid foundation for a network infrastructure. Adopting cybersecurity in the OT realm can be challenging because networking and cybersecurity requirements for industrial applications are often very different. In this article, we focus on how you can improve industrial network security to build a solid network foundation for successful IT/OT convergence.
Some things to consider
OT operations have zero tolerance for interrupts. Any system shutdown could lead to huge losses. However, cybersecurity practices generally encourage operators to constantly update their systems to improve network protection against ever-evolving cyber threats. This makes OT operators hesitant to implement cybersecurity measures, as each system update means they have to shut down parts of their operations, reducing production efficiency.
To balance the need for uninterrupted operations and improved cybersecurity measures, we recommend a two-step approach to improving network security. Start by identifying and building a layered defense for critical operations to protect against cyber threats, then build secure networks that meet your operational requirements. The following sections explain this in more detail.
Take a defense-in-depth approach
The idea of defense in depth is to provide multi-layered protection by implementing cybersecurity measures at all levels. In the event of an intrusion, you have a better chance of detecting and mitigating the threat quickly, minimizing the damage it can cause.
Building a strong defense begins with a thorough organizational security assessment. Based on the assessment report, you can implement multi-layered protection and deploy cybersecurity measures for every aspect of the industrial organization, including physical security, ICS networks, and device security. To help implement the defense-in-depth concept, refer to international safety standards designed for industrial automation and control systems. IEC 62443, in particular, provides comprehensive guidelines for adopting defense-in-depth security in industrial operations to create a solid security foundation.
When developing a network infrastructure, especially for converged IT/OT networks, network connections to the OT field site must be both secure and reliable. In the following paragraphs, we want to highlight some areas to consider when improving network security for an OT network infrastructure.
Select secure devices to harden the network edge
In the past, OT system security often relied on air spacing. In some cases, security has been completely ignored. Once field devices are connected, network devices not only require industrial-grade reliability to prevent unexpected downtime, but also basic security features to combat cyber threats. Security features such as user authentication mechanisms can help control user access to the network.
Another important security feature, Secure Boot, helps ensure the integrity of network devices. Creating a security checklist to verify that network devices are protected is essential to maintaining a secure network environment. You can also check if network devices are certified for internationally recognized safety standards such as IEC 62443. For example, compliance with this standard means that these devices are developed based on the development lifecycle guidelines of IEC 62443-4-1 secure products and are equipped with security features to protect network devices and improve overall network security.
Protect the network with various security capabilities
For optimal OT network protection, you need a layered defense to ensure that if one layer of protection fails, the next layer is still active. Segmenting OT networks into multiple zones helps improve network security and prevents threats from affecting other systems. Features such as VLAN and firewalls enhance security by dividing the network into isolated zones and filtering out malicious or unauthorized traffic. For more proactive measures, industrial intrusion detection/protection systems (IDS/IPS) identify and contain threats in a specific area if a network node is compromised. Adding access control is another good way to increase network security. By leveraging authentication protocols such as IEEE 802.1X, you can verify users accessing OT networks. There are also other access control features available to allow authorized users, defined by MAC address or other forms of identification, to access parts of the network through specific ports based on role. assigned to them.
Improve network health visibility
The more field devices are connected, the more difficult it becomes to efficiently configure, monitor and maintain the network. Providing OT users with tools to quickly configure security settings for multiple devices reduces the complexity of network management. Additionally, you also need a way to easily monitor and maintain the security level of each network device for day-to-day operations. When choosing devices for industrial networks, look for OT-friendly network management tools that can save you time managing security settings and monitoring the security status of networking devices.
Take advantage of purpose-built OT networking and security
When building a secure network infrastructure, choosing the right devices as the building blocks of the network is essential. Moxa’s EDS-4000/G4000 series is a family of IEC 62443-4-2 certified Ethernet switches designed to simultaneously help increase the security of an industrial network and meet various networking demands. The design of the EDS-4000/G4000 series follows the strict security guidelines of IEC 62443 to create a versatile and secure network solution that passes the most stringent cybersecurity assessments in different sectors, including critical infrastructure. In addition to enhancing cybersecurity, the EDS-4000/G4000 series also provides powerful networking features to help build future-proof networks and accelerate IT/OT convergence with enhanced security.
Visit the microsite to learn more about the EDS-4000/G4000 Series Industrial Managed Ethernet Switches.
Did you enjoy this great article?
Check out our free e-newsletters to read other interesting articles.