In 2018, the U.S. Cybersecurity & Infrastructure Security Agency released a report (Alert-TA18074A) describing a Russian hacking campaign to infiltrate U.S.’s critical infrastructure, including power plants, nuclear generators, and water facilities. Hackers could have disrupted or shut down power plants or other critical U.S. infrastructure, but they didn’t take it that far.
According to UtilityDive, Jennifer Granholm, the DOE Secretary of the United States, sophisticated hackers out there can bring down the U.S. power grid, but they are not after sabotaging; they want money. Granholm also discussed with President Joe Biden to push for improvements in the utility sector, which currently faces a massive wave of ransomware attacks to the Operational Technology (O.T.).
OT is inevitably converging with IT. Although this brings fantastic benefits, it also introduces new challenges, especially when it comes to cybersecurity. Securing the sensitive industrial 4.0 infrastructure domain is key. In this post, we’ll go through the requirements for securing the IT, OT, and IIoT domains with an industrial firewall and the reasons why a rugged industrial IoT gateway is the right fit.
The benefits and risks of bridging the gap between IT and OT.
The Industrial IoT (IIoT) concept covers the technology that results from the intersection between two disparate and unrelated domains found in all modern industries. The spot where IT (Information Technology) and OT (Operational Technology) domains converge is considered IIoT.
An IIoT implementation can turn a simple facility into a fully-connected production infrastructure where devices like PLCs and microcontrollers are interconnected to improve cost-efficiency and productivity.
An example of IIoT is a fully automated “smart” factory that leverages cloud-based analytics and devices like sensors, cameras, and robotics. Many industries, including manufacturing, power, construction, healthcare, utilities, etc., are already also taking advantage of IIoT.
Converging IT and OT can also be risky.
All industrial IoT devices need a reliable and available connection to the Internet. They can provide benefits like remote management and control, cloud-based analytics, and automation with an Internet connection. However, an Internet connection also exposes mission-critical OT, IT, and IIoT devices to potential external attacks and intrusions.
Securing Industry 4.0 Network Infrastructure.
The Cyber-Physical Systems, which are the foundational elements of Industry 4.0, use sophisticated control systems, are built-in with special software, and come with IP technology to make them addressable across the Internet. Although it seems logical to protect this critical Industry 4.0 networking infrastructure with a standard IT cybersecurity device like a firewall or DPI, there are many unfavorable circumstances in industrial environments for a standard IT device.
An alternative is an ICS cybersecurity Industrial IoT gateway with industrial firewall capabilities. First, the IIoT gateway can protect the communication between OT and IT domains. These converged IT and OT networks can be secured with an IIoT security-aligned architecture so that the traffic flowing through both domains can be monitored and filtered. Second, the Industry IoT gateway can also protect private from public networks. And, third, the industrial IoT gateway is rugged and can withstand a difficult
Below are five requirements for an integrated IIoT security platform. Industrial IoT gateways must be able to withstand rugged environments and wide-operating temperatures. It must be reliable and with access to wireless and wired media. An industrial IoT gateway must also be tailor-built with processing performance for cybersecurity workloads.
- Rugged certifications and standards. Deploying a standard IT firewall in a rugged and harsh environment would be nearly impossible. Ruggedness-certified equipment will guarantee protection from harsh external environmental impacts, such as humidity, electrical surges, and more. Examples IEC-61850-3 & IEEE 1613 Certifications.
- Wide operating temperatures. Industrial environments like plants, manufacturing floors, or factories can be subject to varying temperatures. The industrial IoT gateway must also operate at wide temperatures, whether in external or internal deployments.
- Fault-tolerance. Lower network infrastructure access makes the standard cybersecurity systems more unreliable and unavailable. If a failure occurs, an industrial IoT gateway must bypass traffic using a fault tolerance design. Advanced LAN bypass is an essential feature.
- Wireless networks. Again, lower access to networks on industrial sites makes wireless accessibility a must. The IIoT gateway can introduce asset tracking, visibility, real-time SCADA monitoring, threat intelligence, and management into the industrial domain with reliable and variable network connectivity.
- Cybersecurity workloads enhanced. The TPM (Trusted Platform Module) technology is designed to provide security functions at the hardware level. The hardware integrated with TPM can deliver security features, including cryptographic key generation, data encryption, and hardware-rooted protection. In addition, the CPU should be capable of performing Deep Packet Inspection (DPI).
The Rugged Industrial IoT Gateway: LEC-6041.
The LEC-6041 is a rugged industrial IoT gateway. It is certified with IEC 61850-3, an international standard that defines communication protocols for intelligent electronic devices at electrical substations. LEC-6041 is also certified with IEEE-1613, which deals with the environmental and testing requirements for network devices in electric power substations. The LEC-6041 can also operate at wide temperatures (-40°C to 70°C) and withstand a (non-condensing) humidity level (5% to 95%). In addition, LEC-6041 also provides 1.5 KV magnetic isolation protection for LAN ports and 15KV ESD protection for its I/O ports.
This level of protection ensures that the industrial IoT gateway is highly reliable to operate under hazardous and harsh surroundings often found in OT environments.
The LEC-6041 is powered by Intel Atom® x7-E3950 or x5-E3930 CPU for high-performance processing and low power consumption. With the CPU’s high performance and the open architecture SoC (System on Chip), the industrial IoT gateway can perform DPI (Deep Packet Inspection) and whitelisting to protect OT and IT. The appliance also comes with TPM support to accelerate security functions at the hardware level.
Other key features.
- 5 x GbE LAN with one pair bypass, 2 x GbE SFP
- HDMI display output
- Mini PCIe with SIM card slot for 4G-LTE support
- 2 x USB 3.0 and 2 x Isolated RS232
- 15KV ESD Surge Protection for I/O ports
A rugged industrial IoT gateway for ICS/OT like LEC-6041 will ensure safety convergence between IT and OT networks at the foundational level. Industrial organizations can deploy the rugged Industrial IoT gateway in critical infrastructure under harsh environments and improve visibility and control. They can continuously monitor cyber threats, log using advanced intelligence, and mitigate attacks on their 4.0 industry infrastructure.
With an additional software solution, the rugged industrial IoT gateway can monitor, manage, and even control the systems deployed in SCADA, PLC, and ICS environments to ultimately prevent cyber threats and risks.
Photo by Lukáš Lehotský on Unsplash