Industrial Edge
The price of network transparency Convergence of information technologies (IT) and operational technologies (OT) has led to new cybersecurity challenges. Integrating IT and OT to achieve greater flexibility and visibility on the shop floor has turned proven cybersecurity strategies on their head, leaving major security vulnerabilities. SOURCE: ISTOCK
CYBER DEFENSES LIKE NETWORK ISOLATION, a strategy to keep OT systems physically and electronically separated, and security through obscurity (STO), which enforces secrecy and confidentiality within IT systems, are losing their defensive foothold against cyberattacks.
Current security challenges
Securing devices and infrastructure after they’ve already been implemented is an arduous and costly undertaking, impeding the adoption of better security measures. And, because the IT/OT convergence is exposing network vulnerabilities, increased isolation and obscurity will not solve the problem at its source. Anyone, even an employee, could inadvertently install compromised devices and USB sticks with malware to make it past firewalls. Additionally, although field devices that bridge on-premises networks and machinery to the cloud are beneficial, they also carry cyberattack risks. In short, new network security countermeasures are required to meet the growing threat of cyberattacks while still maintaining the openness of IT/OT integration.
Current regulatory efforts
To regulate cybersecurity for field devices, the International Electrotechnical Commission (IEC) developed the IEC 62443 standard, which has 14 components and considers the entire automation system supply chain. Many plant operators now require their suppliers to adhere to IEC 62443 when developing and manufacturing their field devices.
New network security countermeasures are required to meet the growing threat of cyberattacks while still maintaining the openness of IT/OT integration. Hardware and software solutions can alleviate these security growing pains with modern security already in place. Manufacturers that adopt IEC 62443 early and incorporate IEC 62443-compliant features into their devices will be ahead of the curve as the rest of the industry catches up.
Security hardware/software
Installing devices with built-in security functions will make IT/OT integration easier and safer, and facilitate the addition of more advanced security functions later on. Look for security-hardened solutions with advanced features like a system on a chip (SoC) with
Secure Boot to verify firmware integrity before completely booting up. Implement protocol firmware such as Ethernet/IP with CIP Security or PROFINET Security to ensure secure communications at the field level. And, proven technologies like Transport Layer Security (TLS) offer device and user authentication data integrity as well as IO-data encryption. The flexibility and power to future-proof your infrastructure in this way will be an invaluable advantage. Technology report by Hilscher. Visit Website
Future-proof your secure networks Hilscher says that the netX 90 is the smallest industrial communication chip on the market with advanced, out-of-the-box security features like CIP Security as protocol stack firmware and Secure Boot functionality. This system on a chip (SoC) provides industrial real-time Ethernet to connected devices, while its state-of-the-art crypto core enables complex cryptographic algorithms without sacrificing performance. A robust controller, the netX 90 is compatible with many protocols like PROFINET, EtherNet/IP, EtherCAT, Modbus TCP, CC-Link IE FB and Sercos III. It is also ideal for reliably transferring process data between devices and their controllers, without the risk of third-party manipulation.
14
in d u s t r ial et h er ne t b o o k
08.2022
