Amid continuing disruption to the global supply chain, industrial organisations are seeking ways to stabilise their operations in order to preserve their competitive advantage. One of the most efficient ways to achieve resilient industrial operations is to embrace new technologies. To capture, transmit and ultimately transform data into meaningful insights, organisations are implementing innovative networking technologies to speed up their digitalisation journey. However, connected equipment also poses new cybersecurity risks to business owners and therefore requires security features at the component level to mitigate these risks. According to IDC’s Worldwide IT/OT Convergence 2022 Predictions, 30% of G2000 manufacturers will embed connected technologies into their products by 2025 to increase reliability. The operational insights that can be gained by doing this will increase uptime and support an optimised maintenance supply chain.
As this trend sees new technologies being embedded in products and more assets being connected, networking components are playing an increasingly important role. Therefore, components must be developed to meet these new requirements. As a result, discrete manufacturing companies are taking responsibility to ensure that connectivity remains reliable and secure. Industrial organisations that want to capitalise on the amount of services they can access by connecting more devices must ensure they are connecting devices securely and in accordance with regulations and standards to ensure data accessibility, integrity and security.
There are many standards that outline the security framework for industrial control systems. One of the most prevalent and frequently adopted by industrial organisations is the IEC 62443 standard. The IEC 62443 includes guidelines that define procedures for implementing electronically secure industrial automation and control systems (IACS) for different parts of a network. In addition, the standard includes guidelines for those who perform automation control and different responsibilities on the network. Nowadays, system integrators (SI) often require component suppliers to comply with the subsection of the IEC 62443 standard that pertains to their devices.
Industrial organisations should base their security profiles and security management systems on a risk assessment. The assessment should be able to identify dependencies, determine what the critical risks are to the operation and safety of these processes, and formulate responses to these risks. After confirming the policies and security management system, it is important to deploy visualisation software to help asset owners access the latest information about their security position.
A defence-in-depth framework suggests partitioning systems into zones and conduits as it helps mitigate risk to the level a company can accept. Each zone and conduit will be assigned a security level depending on its importance, and the network operators must ensure that this is adhered to. The defence-in-depth approach can be achieved with either physical or logical segregation by using industrial secure routers, VPNs and remote access solutions tailored for industrial automation. In addition, some of the networking functions, such as access control lists (ACL), can also help segment the networks to achieve certain security levels. If asset owners or system integrators hope to mitigate risk, industrial intrusion detection/prevention systems (IDS/IPS) can also be feasible, especially to protect critical infrastructure from malicious attacks.
The built-in security features for network devices echo back to the defence-in-depth framework and the security management system. The building blocks that feature built-in security are very helpful for asset owners and SIs to ensure that their systems achieve the desired security levels.
The IEC 62443 standard contains several subsections that relate to people with different responsibilities. As SIs are increasingly demanding compliance with the IEC 62443-4-2 subsection, which issues guidelines for component suppliers, this subsection is becoming ever more important. The component requirements are derived from foundational requirements, including account, identifier and authenticator management, password-based authentication, public key authentication, use control, data integrity and confidentiality, as well as backup for resource availability.
If component suppliers follow the set of guidelines that are defined in the IEC 62443-4-2 subsection, they will equip network operators with the best chance of protecting their networks against cyberattacks.
Adherence to every guideline set out under the IEC 62443-4-2 subsection will typically result in several positive outcomes that will go a long way to enhancing network security. Choosing not to follow the guidelines could have negative consequences, which will make the network less secure and leave it vulnerable to attack.
Moxa’s Solutions
To enhance component-level security, Moxa has introduced one of the world’s first IEC 62443-4-2 certified Ethernet switches, the EDS-4000/G4000 Series, which was developed by following the IEC 62443-4-1 software development lifecycle guidelines. Moxa has a large product portfolio of industrial networking devices that allows customers to deploy the correct device to enhance their network security.
| Tel: | +27 11 781 0777 |
| Email: | info@rjconnect.co.za |
| www: | www.rjconnect.co.za |
| Articles: | More information and articles about RJ Connect |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version