Industrial network security is not a luxury option, it is a necessity. A spate of recent cyberattacks targeting critical infrastructure has underlined the need for industrial organisations to prioritise cybersecurity. No matter which industry you are in, potential threats are everywhere. Recent incidents include hackers shutting down a fuel pipeline in the USA and demanding millions of dollars in ransom payments, and a ransomware attack taking the self-service ticketing machines of a UK railway company offline. Needless to say, these types of cyberattacks lead to tremendous cost and inconvenience to industrial operators and their end users. To make matters worse, predicting where the next cyberattack is going to strike is almost impossible, meaning that anyone or anything connected to a network can be a target.
To enhance network security, you can replace your equipment with newer models that feature embedded security functionality. However, replacing your equipment will be costly and involve tremendous effort in deployment and installation. Besides, your legacy equipment is most probably still in good working condition. A more realistic option is to update the security patches of your existing equipment. Unfortunately, some legacy equipment uses legacy operating systems that do not support the latest security patches anymore − Windows XP is one such example. In this article, we will discuss the challenges industrial operators face and the solutions that enhance cybersecurity with minimal efforts.
Challenges to secure your edge networks
To improve operational efficiency, industrial operators must take advantage of the capabilities of today’s networks to realise real-time remote monitoring. However, it also means that your field devices can’t be air-gapped any longer. Your first challenge is connecting your legacy equipment, which uses RS-232/422/485 communications, to your local area network (LAN) or the internet, which uses Ethernet communications. Serial-to-Ethernet devices such as serial device servers or protocol gateways can connect your serial-based equipment to Ethernet-based networks. Once your legacy devices are connected, security concerns unfortunately raise their ugly head, especially if your connection doesn’t have proper protection. Therefore, it is essential to find a secure serial-to-Ethernet device that ensures secure connectivity without replacing your existing serial devices.
How to choose a secure serial-to-Ethernet device
Nowadays, security standards such as IEC 62443 and NERC CIP are available to help you secure your network infrastructure. These security standards include guidelines that help you verify qualified networking devices and component suppliers. Thus, it is easy to find a secure serial-to-Ethernet device that complies with industry security standards. Moxa is an IEC 62443-4-1 certified networking solution provider and the security design of our serial-to-Ethernet devices is based on the IEC 62443-4-2. With security embedded functions, our serial-to-Ethernet devices enhance network security and reduce the chances of unwanted actors accessing your serial equipment through our devices.
Real-world examples: Enhancing cybersecurity with Moxa’s solutions
Our secure serial device servers and protocol gateways have helped our customers ramp up their connectivity security in a variety of industrial applications. To show you how we have helped our customers enhance cybersecurity, we provide you with two real-world examples, showcasing how our NPort 6150 serial devices servers and MGate MB3000 protocol gateways strengthen cybersecurity in the energy industry.
Ramping up connectivity security for hundreds of gas stations
A customer owning over 600 gas stations in the USA required real-time monitoring of the levels in their oil tanks with automatic tank gauge (ATG), usually with serial interfaces, to schedule inventory replenishments as needed at remote sites. They also needed data from POS terminals at gas pumps to be sent back to the store for transaction processing and records. These connectivity requirements were security sensitive. Information regarding the tank levels needed to be well secured so that it could not be manipulated, and the POS data contained confidential information about consumers, which required protection. To enhance connectivity security, the connection between the gas station and the in-store IT room needed to be protected. In addition, to ensure the connected devices were operating at accepted security levels, IT personnel were required to execute vulnerability scans periodically to update firmware and security patches, keeping the communication systems safe.
Our NPort 6150 serial device servers feature basic security functions such as user authentication and accessible IP list to ramp up device security with device access control. During operations, our products support a data-encryption function to enhance transmission security when sending serial data over Ethernet. To make the daily maintenance easy for IT personnel, our NPort 6150 serial device servers support tools to make the configuration and management of many devices easy.
Enhancing cybersecurity for data centres
A data centre service provider and its data centres have been frequent targets of cyberintruders, resulting in data losses and significant penalties over the past five years. To reduce the chances of being hacked, cybersecurity has become a corporate-level initiative for them. Its security risk assessment does not focus solely on vulnerabilities in the server rooms but also extends to all network entry points, including the power sources that supply the server rooms.
To monitor power usage and quality the power supply equipment, including switchgears, PDUs and UPSs, connect to networks so that operators can receive real-time information. Our MGate MB3000 protocol gateways bridge communication between serial-based Modbus RTU devices such as power meters used inside power supply equipment, and Ethernet-based scada systems in the control centre. When corporate IT personnel are required to perform a vulnerability scan they must scan thousands of MGate MB3000 protocol gateways so that they can take immediate action if they identify a vulnerability.
To make IT personnel’s work easier, Moxa also performs vulnerability scans periodically and, if needed, takes necessary action such as updating security patches and firmware to reduce potential threats. In addition, our MGate MB3000 protocol gateways feature an easy-to-use configuration tool in both GUI and CLI format helping OT and IT users easily handle mass firmware updates. Our MGate MB3000 protocol gateways not only allow our customers to monitor power usage in their serial-based devices but also ease their security concerns and daily operation efforts at the same time.
With over 30 years of experiences in developing serial connectivity solutions, RJ Connect and Moxa are committed to providing secure serial-to-Ethernet solutions to fulfil your future demands in a variety of industrial applications.
For more information contact RJ Connect,
| Tel: | +27 11 781 0777 |
| Email: | info@rjconnect.co.za |
| www: | www.rjconnect.co.za |
| Articles: | More information and articles about RJ Connect |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version