Increased cybersecurity incidents have been crippling critical infrastructure and harming businesses. Some are targeted attacks, such as ransomware attacks; however, some are nontargeted incidents, such as contamination through malware that gains access to an unauthorized computer and spreads to the whole industrial control network.
Taking the approach of creating zone-basis industrial network architecture can reduce the damage. In the meantime, cybersecurity experts are also proposing more proactive actions to protect industrial networks. These actions can be realized by an industrial intrusion prevention system (IPS), which can effectively counteract intrusions and reduce their impacts on industrial systems.
What is an IPS?
An IPS is a form of network security designed to detect and block identified threats by constantly monitoring networks, looking for possible malicious cyber incidents and logging information about them. It features deep packet inspection (DPI) technology, enhancing network security visibility, and ultimately helps mitigate risks and protect industrial networks from security threats.
Industrial IPS Tailored for Industrial Networks
Although IPS technology has worked very well on IT networks for a while, it is difficult to directly deploy an IPS in OT networks because the first priority of OT networks is availability and performance, while the first priority of IT cybersecurity is confidentiality. Implementing an IPS in OT networks without considering the daily operations requirements of OT engineers could possibly block control commands that are important to production, consequently disrupting operations.
To fulfill the OT cybersecurity requirements, it is essential to empower OT-centric DPI technology. OT-centric DPI can identify multiple industrial protocols and allow or block specific functions, such as read or write access. Based on the identified protocol, an industrial IPS can then prevent any unauthorized protocols or functions. This ensures that the traffic on industrial networks is trusted and nonmalicious.
Whitelisting Control Defines Granular Access Control
Whitelisting control is an approve-and-go mechanism realized by only allowing access to authorized devices, services, protocol format, and control commands on a whitelist. The mechanism ensures that all network activity on industrial networks is authorized and network operators can define granular access controls at different levels depending on operational requirements.
For instance, OT engineers can define a whitelist of devices and services or IP ports that are allowed to access all or part of the entire network. In addition, it is also feasible to define the authorized protocol format to prevent unauthorized commands from passing through networks. What’s more, OT engineers can even define which control commands can pass through the network to reduce human error associated with sending a wrong control command. With whitelisting control, the likelihood of a DoS attack by OT Trojans can be significantly reduced.
Protection Scenarios of an Industrial IPS
1. Block and Contain Malicious Traffic
An industrial IPS is designed to protect industrial networks by blocking malicious traffic from the network to edge devices and by containing malicious traffic at edge devices. It can be placed in front of critical assets such as PLCs and HMIs to enhance network security and ensure network availability while protecting critical assets from being manipulated by malicious actors.
For instance, when there is a workstation infected with malware, the malware often would find its way to spread to as many devices and networks as possible. It could have probably spread to most of the devices on the networks by the time an OT engineer or network operator notice it.
Therefore, both proactive actions are important to mitigate the risks. One action is to block malicious traffic in the first place when the network is contaminated; the other is to contain it to a manageable degree if it unfortunately occurs.
2. Virtual Patching to Reduce a System’s Exposure to Cyberthreats
Frequent patching significantly reduces a system’s exposure to cyber threats. However, it continues to be a critical challenge in OT environments. Devices on industrial control systems are not always available for updates when vulnerabilities are identified. For instance, a production operation keeps up and running for a period of time before its next maintenance schedule.
Sometimes, updates are probably not feasible because devices on industrial control systems may have already passed their long life cycle and vendors are not providing updates anymore. Virtual patching technology can help complement existing patch management processes by shielding against vulnerabilities. Virtual patching acts as an agentless emergency security tool that OT administrators and operators can use to quickly remedy vulnerabilities in affected OT equipment.
In order to pursue operational efficiency and availability, it is always important to take cybersecurity into consideration. The thought that OT networks are isolated and secure has been cut down to size by several cybersecurity incidents in manufacturing plants.
Two different directions can be taken to enhance network security. One is to ensure that your industrial networks have a secure foundation–a secure network infrastructure, which allows authorized traffic to flow to the correct places. Alternatively, you can identify critical assets and give them layered, proactive protection such as an industrial IPS and whitelisting control.
Secure OT Networks with OT-IT Integrated Security
With an ongoing commitment to protecting the connectivity of industrial environments, Moxa has invested in developing security-hardened networking devices, including secure routers and Ethernet switches. In light of the increasing cyber threats facing industrial networks, Moxa has enhanced its network security portfolio with Moxa’s Industrial Cybersecurity Solution.
By effectively integrating OT and IT technologies, Moxa’s industrial IPS safeguards your critical assets from the latest cybersecurity threats and helps accelerate the transition of the industrial world to secure automation architectures.