By guest blogger Chris Roberts
This discussion will be about security of your industrial controls network. This is a constantly changing area of technology as new vulnerabilities are exposed and new hacking techniques are learned. I will discuss some specific security topics as they relate to Industrial IT.
There are many layers used to secure a network in Industrial IT, such as physical security, logical security, and virtual security.
Physical security can be separated into building/site security and employee responsibility security. To secure your site/building use of key card access systems, cameras, and security alarm systems can prevent unauthorized physical access. Training is the best way to keep your employees from creating physical security issues, such as bringing in a USB drive from home and plugging it into a company computer or browsing malware/virus infected websites.
Logical security is how users/devices on your network access data/applications. These are secured using user assignments/roles/permissions in applications and with ACLs (Access Control List) for accessing data directly, such as file shares and network documents.
Virtual security is how data is secured using layer 2(switches), layer 3(routers) and network firewall devices. Using routing rules and policies, data can flow only to specific sites and devices. Other methods include using switching VLANs for traffic segmentation across various floors or local buildings, using firewalls for NAT (Network Address Translator) to hide your trusted LAN from the Internet, and using ACLs for access inside and outside your network.
The best practice for securing an Industrial IT Network is a proper secure design and continuous training of employees in proper security practices (keep an eye out for a future post on employee related threats and counter measures).