Editor's Choice
Analytical Instrumentation & Environmental Monitoring
Data Acquisition & Telemetry
Electrical Power & Protection
Enclosures, Cabling & Connectors
Fieldbus & Industrial Networking
Flow Measurement & Control
Industrial Computer Hardware
Industrial Wireless
IS & Ex
IT in Manufacturing
Level Measurement & Control
Maintenance, Test & Measurement, Calibration
Mass Measurement
Motion Control & Drives
News
Operator Interfaces, Switches & Relays
PLCs, DCSs & Controllers
Pneumatics & Hydraulics
Pressure Measurement & Control
SAIMC
SCADA/HMI
Sensors & Transducers
Smart Home Automation
System Integration & Control Systems Design
Temperature Measurement
Training & Education
Valves, Actuators & Pump Control


IT in Manufacturing



Print this page printer friendly version

Security architectures for protection against cyberattacks

May 2023 IT in Manufacturing

As the trend in OT/IT convergence continues to grow, almost every industrial organisation has started reinforcing its network security and taking cybersecurity precautions to protect its operations. One of the main reasons for this is that critical infrastructure and manufacturing facilities are more likely to be targeted by cyberattacks. In addition to incurring financial losses when a company is hit by a cyberattack, if it makes the news, it will often lead to reputational damage as well. More companies are being targeted by ransomware attacks, and even some of the biggest players in the industry, who have already taken precautionary measures, are being targeted. These attacks demonstrate the high risk of an interconnected world, and that no organisation is immune from cyberattacks.

How to effectively implement cybersecurity measures without disrupting industrial operations OT environments is a complicated issue. There are many approaches and architectures that must be carefully considered before a decision can be made. In this article, we will explore two of the most common security architectures used now and share some tips to help industrial organisations implement them in unique OT environments.

The initial focus of zero trust architecture, as stated in the NIST Special Publication 800-207, is to grant only the minimum access privileges to those who need to operate on the network. This will prevent the situation when someone has a legitimate reason to access the network, but they are unnecessarily given unrestricted access to parts of the network that they do not require access to, which increases the chances of a cybersecurity breach occurring.

We will now consider the defence-in-depth approach, which contains multiple layers of security protection to reinforce network security for industrial operations. The rationale behind this is that you will have a second chance to protect zones and conduits if the first layer of protection fails. According to the IEC 62443 cybersecurity standard, it is necessary to start this process by partitioning areas based on the levels of protection required. Each partition is called a zone, and all the communication devices within it share the same security level, which means they all have the same level of protection. If you want to enhance security even further, it is possible to place a zone inside another zone with additional security measures.

By combining the two approaches that we have just considered, you can build well-defended industrial operations with layers of protection as the foundation, and then add further protection by adding the zero trust mechanism to ensure access is restricted to only those who need to access certain areas of the network. After considering these two approaches, it is clear there is no silver bullet for cybersecurity, and there are multiple angles that must be considered to ensure your network is secure.

One unfortunate scenario that is often seen on industrial networks is when user credentials are compromised. For networks that do not utilise the zero trust principle, a user’s credentials might be all a malicious actor needs to gain access to the network. However, for a network that utilises zero trust architecture, a malicious actor requires not only device access control, but also user authentication and authorisation. On top of that, it is also suggested to utilise trust lists for granular control of your network.

Device access control: By using trust lists, rate control and failure logout, network devices allow access only from trusted devices that are equipped with the secure boot function and prevent excessive attempts such as brute-force attacks.

User authentication and authorisation: By verifying the user’s credentials when logging on to devices, network devices will log all user access attempts and provide the lowest level of privileges based on the role of the user.

Trust lists: If organisations hope to reinforce security, trust lists can be a good way to control network traffic. One common practice is to create a trust list for IP addresses and service ports, and to leverage deep packet inspection technology to granularly control the network with features such as read or write privileges.

As a leader in industrial networking for 35 years, Moxa is committed to developing secure and reliable networking solutions that proactively identify and mitigate cyberthreats in OT environments. To realise this commitment, Moxa strictly follows secure-by-design practises to develop network devices with security features based on the IEC 62443-4-2 cybersecurity standard. The practical security features can help organisations realise zero trust networks. Moxa also utilises distributed OT intrusion prevention system capabilities, and industrial secure routers with OT deep packet inspection, to perfect defence in depth of industrial networks.


Credit(s)

Tel: +27 11 781 0777
Email: [email protected]
www: www.rjconnect.co.za
Articles: More information and articles about RJ Connect


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Looking into the future of machine vision
Omron Electronics IT in Manufacturing
Artificial intelligence (AI) is driving a significant transformation in all areas of industrial automation, and machine vision is no exception. Omron’s AI-powered machine vision systems seamlessly integrate state-of-the-art algorithms, enabling machines to analyse and interpret visual data meticulously.

Read more...
Driving digital transformation in the truck industry
Siemens South Africa IT in Manufacturing
Tatra Trucks, a leading truck manufacturer in Czechia, has adopted the Siemens Xcelerator portfolio of industry software including Teamcenter software for product lifecycle management and the Mendix low code platform to help increase production volume and strengthen its ability to manufacture vehicles that meet specific customer requirements.

Read more...
Opinion piece: Digital twins in manufacturing – design, optimise and expand
Schneider Electric South Africa IT in Manufacturing
Digital twin technology can help create better products, fast. It can also transform the work of product development. This strong statement from McKinsey reinforces how far digital twins have come in manufacturing.

Read more...
Asset tracking is key to driving operational excellence and sustainable growth
Schneider Electric South Africa IT in Manufacturing
Asset tracking plays a critical role in the success of industrial businesses. By effectively managing and monitoring assets, companies can optimise their operations, ensuring that resources are used efficiently. This leads to improved productivity and reduced costs.

Read more...
Siemens democratises AI-driven PCB design for small and medium electronics teams
Siemens South Africa IT in Manufacturing
Siemens Digital Industries Software is making its AI-enhanced electronic systems design technology more accessible to small and mid-sized businesses with PADS Pro Essentials software and Xpedition Standard software.

Read more...
Predicting and preventing cyber-attacks with AI and generative AI
IT in Manufacturing
The speed at which cyber threats are evolving is unprecedented. As a result, companies need to implement state-of-the-art technology to protect their data and systems.

Read more...
Real-world lessons in digital transformation
IT in Manufacturing
Synthesis has helped businesses across multiple industries with their digital transformation by solving their unique integration challenges.

Read more...
Enhancing cyber security for industrial drives
Siemens South Africa IT in Manufacturing
The growing connection between production networks and office networks as part of IT/OT integration and the utilisation of IoT have many benefits for industrial companies. At the same time, they also increase the risk of cyber threats. Siemens ensures that your know-how and plants are protected at all times.

Read more...
Immersion cooling systems for data centres
IT in Manufacturing
The demand for data centres in Africa is growing. The related need for increasing rack densities brings with it escalating cooling requirements.

Read more...
Transforming pulp and paper with automation and digitalisation
ABB South Africa IT in Manufacturing
The pulp and paper industry in South Africa is undergoing a significant transformation from traditional manual processes to embracing automation technologies. Automation in pulp and paper mills aims to improve various production stages, from raw material preparation to final product creation.

Read more...











Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  Hi-Tech Security Solutions
»  Hi-Tech Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd | All Rights Reserved