Industrial Cybersecurity Pulse
  • SUBSCRIBE
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
SUBSCRIBE
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
Industrial Cybersecurity Pulse
Subscribe
Industrial Cybersecurity Pulse
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Strategies

Five levels of cybersecurity in an automated network

  • Aaron Block
  • November 8, 2021
Wires plugged into a network
Image courtesy: Brett Sayles
Total
0
Shares
0
0
0
0

As manufacturers continue to adopt Industry 4.0 and IIoT technology, cybersecurity is becoming more and more critical with each passing day. Successfully protecting a network requires not only constant vigilance but strategies for securing an organization at every level. However, even with the best preparation, there is always a chance of attack. Consider the three laws of supervisory control and data acquisition (SCADA) security:

  1. Nothing is 100% secure.
  2. All software can be hacked.
  3. Every piece of information can be an attack.

Sounds scary, right? Well, driving a car would be scary too if people only focused on what could go wrong. That’s why there are seatbelts, airbags and insurance. Similarly, the goal of network security is to mitigate risk, not eliminate it. With that in mind, here are five best practices users can implement to better secure their network.

1. Enterprise security

When considering cybersecurity at the enterprise level, simplicity is the best policy. Complex solutions will not improve security when applied this broadly. However, in-depth knowledge of the environment — machine models and access, their software versions, normal traffic levels on the network — will help someone gain a better understanding of their system and allow them to quickly recognize any abnormal activity.

2. SCADA network security

For the scope of a SCADA network, make sure to secure each connection, whether it’s a programmable logic controller (PLC) to server, database to server, client to database or cloud to client (the list goes on). It is vital that every connection is protected. This can be accomplished in a number of ways, but they all center around authentication and authorization. Most commonly, authentication comes in the form of usernames and passwords. Additional solutions, such as two-factor authentication, including biometrics, public key infrastructure (PKI), key cards and USB tokens offer yet another layer of protection. Once a user has verified who they are through authentication, authorization determines the privileges they should have in a system. This can be role-based, network-based or a hybrid of both.

3. Network security

The best method for keeping a network protected is using TLS (sometimes called SSL), which encrypts all data over HTTP to prevent session hijacking by securing databases and the gateway. It also encrypts OPC UA and message queuing telemetry transport (MQTT) communication to ensure private data transfer. Auditing is another powerful tool for maintaining security. By running periodic audits, someone can track who did what from where, creating logs, trails and profiles to make sure that whatever happens on the network, it is recorded.

4. Device security

Device security can be split into two categories: protecting workstation computers and servers and protecting PLCs. For computers and servers, this consists of removing unnecessary programs, keeping software up-to-date, setting up firewalls on redundant servers, using only necessary ports and disabling remote access. If remote access is required, make sure to use a virtual private network (VPN) for multi-factor authentication. As far as PLCs are concerned, it is best to use network segmentation — keeping operational technology (OT) data on a separate, private network — using a virtual local area network (VLAN) with encryption and setting up an edge-of-network gateway as a bridge. Another option is implementing unidirectional gateways (AKA data diodes), which allow information to pass from the SCADA network to the information technology (IT) network in only one direction, guaranteeing isolation while maintaining the flow of data.

5. Physical security

It may sound counterintuitive, but physical security is an integral part of cybersecurity. One of the most common forms of attack is to physically hijack a server or workstation. To combat this, people can implement company-wide solutions like guards, badges and video monitoring as well as device control for laptops, phones and USB keys. Beyond that, having effective policies and training will go a long way towards keeping networks safe from bad actors and honest mistakes alike.

-This originally appeared on Inductive Automation’s website. Inductive Automation is a CFE Media content partner.

Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.

Aaron Block

Aaron Block is a marketing content writer for Inductive Automation.

Related Topics
  • CFE Content
  • Featured
Previous Article
Low-temperature freezers like this one at University of Michigan Hospital in Ann Arbor, Michigan, are used to keep vaccines and other medicines super-cold.
  • Education

Five ways to keep vaccine cold storage sensors safe from hackers

  • Gabe Cherry
  • November 4, 2021
Read More
Next Article
Matt Leipnik, lead industrial cybersecurity specialist for Nexus Controls.
  • Strategies

Building a Culture of Cybersecurity: Expert Interview Series, Matt Leipnik, Nexus Controls

  • Gary Cohen
  • November 9, 2021
Read More
You May Also Like
Courtesy of CFE Media and Technology
Read More

Three risks to consider before taking your business’s accounting to the cloud

Courtesy: Brett Sayles
Read More

Technique offers faster security for non-volatile memory tech

Read More

How industrial control systems can be secure in the cloud

Image of IT/OT convergence on a control panel
Read More

New concepts to reduce the risk of ransomware in IIoT environments

Courtesy: CFE Media and Technology
Read More

How to mitigate cloud security threats

Read More

IoT security: The threat before us

Courtesy: EU Automation
Read More

Is your IoT network putting you at risk of cyberattack?

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.
Read More

Securing cloud data is a challenge for many companies

SUBSCRIBE

GET ON THE BEAT

Keep your finger on the pulse of top industry news

SUBSCRIBE TODAY!
VULNERABILITY PULSE
  • Berkeley Internet Name Domain (BIND) - May 19, 2022
  • Mitsubishi Electric - May 19, 2022
  • Apache - May 16, 2022
  • CISA - May 16, 2022
  • Joint Cybersecurity Advisory - May 17, 2022

RECENT NEWS

  • Will CISA recommend securing industrial control systems?
  • How to implement layered industrial cybersecurity in volatile times
  • Throwback Attack: DDoS attacks are born in the Big Ten
  • Improve two-factor authentication system security
  • A rise in ransomware leaves businesses looking for answers

EDUCATION BEAT

Introduction to Cybersecurity within Cyber-Physical Systems

Cyber-physical systems serve as the foundation and the invention base of the modern society making them critical to both government and business.

REGISTER NOW!
HACKS & ATTACKS
  • Ron Brash Interview: Expert advice on finding the root of the ransomware problem
  • Throwback Attack: How the modest Bowman Avenue Dam became the target of Iranian hackers
  • Minimizing the REvil impact delivered via Kaseya servers
  • Key takeaways from 2020 ICS-CERT vulnerabilities
Industrial Cybersecurity Pulse

Copyright 2022 CFE Media and Technology.
All rights reserved.


BETA

Version 1.0

  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions

Input your search keywords and press Enter.

By using this website, you agree to our use of cookies. This may include personalization of content and ads, and traffic analytics. Review our Privacy Policy for more information. ACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT