32 n COMMUNICATIONS AND SECURITY June 2023 www.drivesncontrols.com Increased cyber-security incidents have been crippling critical infrastructure and harming businesses. Some are targeted attacks, such as ransomware attacks, however, some are non-targeted incidents, such as contamination through malware that gains access to an unauthorised computer and spreads throughout the whole control network. Creating zone-based industrial network architectures can help to reduce the damage. Cyber-security experts are also proposing more proactive actions to protect industrial networks using industrial intrusion prevention systems (IPSs), which can counteract intrusions effectively and reduce their impacts. An IPS is a form of network security designed to detect and block identified threats by monitoring networks constantly, looking for possible malicious cyberincidents and logging information about them. It uses deep packet inspection (DPI) technologies, enhancing network security visibility, and helps to mitigate risks and protect networks from security threats. Although IPS technologies have worked well on IT networks for a while, it is difficult to deploy an IPS directly in an OT network because the first priority of OT networks is availability and performance, while the first priority of IT cybersecurity is confidentiality. Implementing an IPS in an OT network without considering the daily operations requirements of OT engineers can block control commands that are important to production, thus disrupting operations. To fulfil the OT cybersecurity requirements, it is essential to use OT-centric DPI technologies. These can identify multiple industrial protocols and allow or block specific functions, such as read or write access. Based on the identified protocol, an industrial IPS can then prevent any unauthorised protocols or functions. This ensures that the traffic on industrial networks is trusted and non-malicious. Whitelisting Whitelisting control is an approve-and-go mechanism implemented by restricting access to devices, services, protocol formats and control commands that have been authorised on a whitelist. It ensures that all network activity on industrial networks is authorised. Network operators can define granular access controls at different levels depending on operational requirements. For example, OT engineers can define a whitelist of devices and services or IP ports that are allowed to access all or part of the entire network. In addition, it is also possible to define the authorised protocol format to prevent unauthorised commands from passing through networks. What’s more, OT engineers can even define which control commands can pass through the network to reduce human error associated with sending a wrong control command. With whitelisting control, the likelihood of a DoS (denial-ofservice) attack by OT Trojans can be reduced significantly. There are to main scenarios for implementing industrial IPS: Blocking and containing malicious traffic An industrial IPS is designed to protect industrial networks by blocking malicious traffic from the network to edge devices, and by containing malicious traffic at edge Cyber-attacks on industrial control systems are on the rise. Roger Chen, manager of cybersecurity market development at the connectivity specialist Moxa, examines some techniques designed to minimise the risks. How to protect your industrial networks Industrial intrusion prevention systems can block malicious traffic from the network to edge devices Virtual patching can help OT engineers remedy the vulnerabilities of legacy devices rapidly
RkJQdWJsaXNoZXIy MjQ0NzM=