IT in Manufacturing


Security architectures for protection against cyberattacks

May 2023 IT in Manufacturing

As the trend in OT/IT convergence continues to grow, almost every industrial organisation has started reinforcing its network security and taking cybersecurity precautions to protect its operations. One of the main reasons for this is that critical infrastructure and manufacturing facilities are more likely to be targeted by cyberattacks. In addition to incurring financial losses when a company is hit by a cyberattack, if it makes the news, it will often lead to reputational damage as well. More companies are being targeted by ransomware attacks, and even some of the biggest players in the industry, who have already taken precautionary measures, are being targeted. These attacks demonstrate the high risk of an interconnected world, and that no organisation is immune from cyberattacks.

How to effectively implement cybersecurity measures without disrupting industrial operations OT environments is a complicated issue. There are many approaches and architectures that must be carefully considered before a decision can be made. In this article, we will explore two of the most common security architectures used now and share some tips to help industrial organisations implement them in unique OT environments.

The initial focus of zero trust architecture, as stated in the NIST Special Publication 800-207, is to grant only the minimum access privileges to those who need to operate on the network. This will prevent the situation when someone has a legitimate reason to access the network, but they are unnecessarily given unrestricted access to parts of the network that they do not require access to, which increases the chances of a cybersecurity breach occurring.

We will now consider the defence-in-depth approach, which contains multiple layers of security protection to reinforce network security for industrial operations. The rationale behind this is that you will have a second chance to protect zones and conduits if the first layer of protection fails. According to the IEC 62443 cybersecurity standard, it is necessary to start this process by partitioning areas based on the levels of protection required. Each partition is called a zone, and all the communication devices within it share the same security level, which means they all have the same level of protection. If you want to enhance security even further, it is possible to place a zone inside another zone with additional security measures.

By combining the two approaches that we have just considered, you can build well-defended industrial operations with layers of protection as the foundation, and then add further protection by adding the zero trust mechanism to ensure access is restricted to only those who need to access certain areas of the network. After considering these two approaches, it is clear there is no silver bullet for cybersecurity, and there are multiple angles that must be considered to ensure your network is secure.

One unfortunate scenario that is often seen on industrial networks is when user credentials are compromised. For networks that do not utilise the zero trust principle, a user’s credentials might be all a malicious actor needs to gain access to the network. However, for a network that utilises zero trust architecture, a malicious actor requires not only device access control, but also user authentication and authorisation. On top of that, it is also suggested to utilise trust lists for granular control of your network.

Device access control: By using trust lists, rate control and failure logout, network devices allow access only from trusted devices that are equipped with the secure boot function and prevent excessive attempts such as brute-force attacks.

User authentication and authorisation: By verifying the user’s credentials when logging on to devices, network devices will log all user access attempts and provide the lowest level of privileges based on the role of the user.

Trust lists: If organisations hope to reinforce security, trust lists can be a good way to control network traffic. One common practice is to create a trust list for IP addresses and service ports, and to leverage deep packet inspection technology to granularly control the network with features such as read or write privileges.

As a leader in industrial networking for 35 years, Moxa is committed to developing secure and reliable networking solutions that proactively identify and mitigate cyberthreats in OT environments. To realise this commitment, Moxa strictly follows secure-by-design practises to develop network devices with security features based on the IEC 62443-4-2 cybersecurity standard. The practical security features can help organisations realise zero trust networks. Moxa also utilises distributed OT intrusion prevention system capabilities, and industrial secure routers with OT deep packet inspection, to perfect defence in depth of industrial networks.


Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Bringing brownfield plants back to life
Schneider Electric South Africa IT in Manufacturing
Today’s brownfield plants are typically characterised by outdated equipment and processes, and face challenges ranging from inefficient operations to safety hazards. However, all is not lost, as these plants stand to gain a lot from digitalisation and automation.

Read more...
The magnificent seven of industrial software development
Schneider Electric South Africa IT in Manufacturing
There’s fast paced, and there’s supersonic, and the latter certainly applies to the evolution of software or, more specifically, industrial software. The last year has seen the industrial software step to the fore to take over the mundane, repetitive and sometime dangerous, allowing us to focus once again on what makes us uniquely human.

Read more...
Transforming the electromechanical landscape
ACTOM Electrical Machines IT in Manufacturing
The electromechanical industry is fundamentally being transformed by Industry 4.0, which is ushering in an era of more efficient and innovative practices. Increasingly, companies are integrating automation and AI to optimise manufacturing processes, enhance productivity, and deliver better solutions to clients.

Read more...
Automated machine health monitoring
SKF South Africa IT in Manufacturing
Coupled with rapidly advancing technologies, the growing global population is propelling an ever-increasing demand for essentially anything that consumers require, from infrastructure to food. By switching from a manual to an automated machine monitoring system and data collection process, operators will increase the availability of their rotating equipment, and subsequently optimise their operations.

Read more...
Five emerging trends and advancements in process automation
IT in Manufacturing
Staying competitive requires companies to continually seek new ways to optimise their operations, reduce costs, and enhance productivity. In this article, we explore some emerging trends and advancements in process automation that are shaping the way businesses operate in the 21st century.

Read more...
Predictive maintenance in artificial lift monitoring systems
RJ Connect Industrial Wireless
With the trend in oil field digitisation gaining momentum, telematics can be tremendously useful in understanding equipment status, to facilitate predictive maintenance and avoid downtime.

Read more...
Bringing brownfield plants back to life
Schneider Electric South Africa IT in Manufacturing
Today’s brownfield plants are typically characterised by outdated equipment and processes, and face challenges ranging from inefficient operations to safety hazards. However, all is not lost as these plants stand to gain a lot from digitalisation.

Read more...
Testing next-generation automotive e-drives
Siemens South Africa IT in Manufacturing
Emotors, an independent e-drive manufacturer, has taken advantage of test solutions from the Siemens Xcelerator portfolio of industry software to aid in the development and constant improvement of its e-drive systems for hybrids, plug-ins and full electric vehicles.

Read more...
Simplifying AI training
Beckhoff Automation IT in Manufacturing
The TwinCAT Machine Learning Creator from Beckhoff is aimed at automation and process experts and adds the automated creation of AI models to the TwinCAT 3 workflow.

Read more...
Exploring the role of AI in digitisation
IT in Manufacturing
Artificial Intelligence (AI) is providing companies with the advanced technology necessary to navigate their digitisation journeys more easily. But more than that, AI is transforming IT infrastructure, enhancing business operations, and reshaping job roles, all while decision makers stay cognisant of the ethical considerations. By understanding the opportunities and challenges presented by AI in digitisation, we can harness its power to help organisations move towards a more agile, intelligent, and competitive future.

Read more...