Enhancing Industrial Automation Network Security with Complete Solutions

 
Enhancing Industrial Automation Network Security with Complete Solutions

As Ethernet technology has become the mainstream communication solution for industrial automation, network security has surfaced as a major issue. In fact, recent government research has shown that industrial automation networks are vulnerable to cyber attacks, which can cause severe damage to a company’s resources and equipment.

For this reason, Internal Automation associations such as ISA (Internal Society of Automation), or even government departments, are now calling for higher standards for industrial automation networks. Security requirements include ISA-99 (Industrial Automation and Control System Security) and NERC-CIP (North American Electric Reliability Corporation, Critical Infrastructure Protection), which serves as a great market drive for industrial-grade network devices.

Compared to enterprise-grade network devices, industrial-grade network devices support specific features to target more critical operating environments. But before we further explore the IA network security issue, let’s compare the different requirements of industrial-grade and the enterprise-grade applications:

	Industrial-grade Applications	Enterprise-grade Applications
Protect Target	Critical devices in automation networks, such as RTUs, PLCs, and DCSs	Business Operation, such as Web, E-mail, MSN, Skype, etc. Virus Protection
Environment	Rugged and certified for harsh environments Fanless design Redundant power supply	Cooling by fan or air-conditioner Not suitable for automation environments Single power supply
Protocols	Industrial automation protocols, such as Modbus/TCP, Profinet, etc.	IT protocols, such as HTTP, FTP, etc.

What Are the Most Common IA Network Security Issues?

When deploying industrial automation applications, users encounter the following three major security issues:

How to create a secure LAN network for automation systems

How to protect automation devices, such as PLCs, RTUs, and DCSs

How to create secure communication for remote access

As a response to these problems, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) suggests that users "minimize network exposure for all control system devices, locate control system networks and devices behind firewalls, and isolate them from the business network. If remote access is required, employ secure methods, such as virtual private networks (VPNs)."

To fulfill these requirements, Moxa provides a seamless security solution for industrial automation network security.

How Seamless Security Benefits Users

A seamless security solution involves managed Ethernet switches, firewall constructions, and VPN connections for the remote access.

Managed Ethernet Switches for LAN Security

Managed Ethernet switches can enhance LAN network security by supporting (1) port access via port lock and authentication, (2) secure switch access from Telnet via SSH (Secure Shell) or from the Internet via SSL (Secure Socket Layer), and (3) secure remote maintenance via SNMPv3.

Protect Critical Infrastructures with a Firewall

When a firewall is installed, only authorized devices can access critical devices such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and Distributed Control Systems (DCSs). Using a firewall to limit access to a network is one of the best ways to secure a critical infrastructure.

Get Secure Remote Access with VPNs

Implementing a VPN is a great way to facilitate secure remote communication, which could include remote maintenance services, such as remote diagnosis and real-time maintenance.