Protection in the event of cyber threats without loss of effectiveness
Historically, industrial production systems were isolated from the test of the systems in the company. That allowed the use of industrial communication protocols that not implemented any security directive. Today, in the era of digital production, the plant needs to be shielded against cyber threats, starting from its communication architecture.
Is it possible to establish a secure network without an adverse impact on communications?
“I am confident that adding security to my communications, their availability and speed will be impacted.” These statements are commonplace in the industry: since OT (Operation Technologies) systems were until recently isolated from IT (Information Technologies) systems, security was not a must. Today, with both environments increasingly connected, there is a general agreement on the growing need of protection, but network effectiveness must not be affected.
Earlier, if security was to be added to an industrial protocol, it should be as an additional layer, that is, increasing the load. However, there are protocols today which have been designed from the start thinking of a native security, without adding complexity to an existing system and providing new protection levels:
- Confidentiality. The information interchanged between two points must be known only to those two points. It is achieved through the combination of: Authentication (each point must prove its identity) and cryptography (information coded so only these two points are able to decode it.)
- Integrity. No intermediate elements must have the capacity to modify the shared information between two points, since it could lead the recipient not being able to receive it or to misunderstand it.
- Availability. A correct operation of the system requires all the elements to have the necessary information to operate.
From Industrial Communications by Logitek, we can help you to raise your network security increasing availability and confidentiality.
Deployment of redundant architectures in Profibus and control networks
The key issue in OT (Operation Technologies) networks for productivity is availability. Not having the suitable information can lead to an incorrect decision making.
At Industrial Communications by Logitek we have the experience and the tools to implement redundant communication architectures in order to increase the system availability. Redundant communication architecture ensures the system availability, even when one of the paths is not accessible.
Security standards included for communication of control devices
While in the IT world the focus on security is around confidentiality, for the industrial environment it relies on availability, since it is a must for the information to be accessible by the processes so the production can go on. Today there are multiple protocols covering this requirement and ensuring total protection and effectiveness to the red operation.
OPC-UA: Protocol resulting from the evolution of the classic OPC, but designed from its foundation to cover the security requirements needed for information interchange. It uses only one TCP port and the connection can use open networks with information cryptography, thus ensuring privacy. This is called an OPC Tunnel.
Secure DNP3: The DNP3 protocol is design for information interchange in environments where the connectivity is intermittent, where sometimes communications are cut due to a lack of coverage or simply if data consumption is due to be reduced. This usually happens in geographically distributed systems, such as power, gas, oil or water supply networks. In these cases, open networks are used, so a secure data interchange is a must. Secure DNP3 offers message cryptography and a regular key refresh, so nobody can get hold of them or, if this occurs, can’t use them for a long time.
SNMP: A legacy protocol from the IT environment, it is used mostly for the network electronic management, i.e. to manage a switch, an UPS, a printer, etc. Currently, many of these elements are part of OT systems so the SNMP protocol has become commonplace in OT networks. The ‘v3’ version, which implements diverse security features such as authentication and AES cryptography, enables the equipment management with higher confidentiality assurance.
For this technology, care should be paid so the devices can support this version, and also the manager must be able to understand it.