In the IIoT and smart manufacturing landscape, network security is no longer just about preventing hacking or data breaches – operational stability and productivity now depend on it. For operational technology (OT) networks, resilient defence and consistent uptime are crucial. They are the core tenets that underpin guarded uptime and resilient defence (GUARD).
Traditional network security primarily focuses on perimeter defence, such as firewalls, intrusion detection systems and anomaly monitoring. These defence mechanisms, essential for perimeter protection, may not fully address internal threats or device-level vulnerabilities.
Let’s take as an example a small to medium-sized water treatment plant responsible for providing clean water to a municipality. Because downtime affects public health, it must be avoided at all costs. The plant is also subject to regulatory compliance requirements that mandate cyber security measures, requiring a network security solution that guarantees continuous operation and meets stringent compliance standards; but it has limited resources for incident response and recovery and is mostly concerned with ensuring that the plant continues to operate.
For this scenario, the concept of Moxa’s GUARD is a perfect fit. GUARD goes beyond network boundary protection. It embeds security within every network node while ensuring seamless integration with existing OT devices. This inherent resilience enables the water treatment plant to recover without help and maintain operations with minimal disruption, even during a cyber attack.
Three important core strategies are:
• Guarded uptime: For industrial networks, uptime equals productivity and revenue. Significant losses result from any network downtime. Hence, the quick recovery of critical network devices from attacks or failures is paramount. Power redundancy, network redundancy protocols and fast restoration of the configuration are crucial in minimising production disruption.
• Resilience from within: Built-in intrinsic defence, unlike traditional add-on security architectures, embeds security into devices so that network infrastructure achieves security by design. This includes IEC 62443-4-1 certified secure development life cycle, ensuring products adhere to the highest security standards, from design to operation. It also includes IEC 62443-4-2 Security Level 2 hardened devices, covering everything from routers to Ethernet switches, with built-in multilayer network segmentation to block lateral movement of internal threats.
• Collaboration and futureproofing: GUARD focuses on safeguarding existing networks while integrating new devices and technologies. Here, every proprietary network redundancy innovation, such as Moxa’s Turbo Ring or Turbo Chain, is compatible with standardised technologies such as MRP or STP/RSTP. A network management system supports third-party device monitoring and management, enhancing overall network visibility and operational efficiency.
When weighing up intrinsic vs add-on security, it is important to ask:
• Is your goal to protect the entire network, not just its boundaries?
• Do you want to strengthen your network without the added complexity of external security overlays?
A ‘yes’ to both questions means you must look for intrinsic security. As the name suggests, the security is built directly into the network devices – routers, switches and serial device servers. This security-by-design approach, certified through IEC 62443-4-1, strengthens your network from the inside out making it more resilient to attacks. Think of it as building a fortress instead of just hiring guards.
It is also important to consider:
• What are the biggest challenges you face in maintaining the reliability and security of your industrial network?
• What is your current network redundancy strategy?
Although threat detection is vital, prioritising guarded uptime and quick recovery is key. Network redundancy protocols, rapid configuration recovery and secure device design work together to minimise the impact of any security event on your operations. To avoid revenue loss from downtime, focus on maintaining smoothly operating systems. Use the network topology to help resolve the network issues, if there are any.
Seamless integration of network security with your existing infrastructure and future technologies is also essential. Questions to ask are:
• Do you have a mix of legacy and modern equipment on your network?
• How do you handle patching and vulnerability management for your industrial devices?
Broader compatibility with existing network redundancy protocols and network management supporting third-party device monitoring provides enhanced visibility and control across your entire industrial network. It’s crucial to find a solution that enhances your operations without replacing your current investments.
The perfect combination of resilience and stability
GUARD is more than just another security solution, it represents a new mindset of ‘intrinsic resilience’. It breaks away from traditional perimeter-only protection frameworks by embedding security into every network node and tightly integrating uptime with resilient defence to achieve seamless operational continuity. To address the rising complexity and importance of IIoT and OT networks, Moxa seeks to strengthen industrial network security and operational stability, aiming to become a leading industry reference for network architecture.
| Tel: | +27 11 781 0777 |
| Email: | info@rjconnect.co.za |
| www: | www.rjconnect.co.za |
| Articles: | More information and articles about RJ Connect |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version