Background
Previously, OT (Operational Technology) and IT (Information Technology) though related were separate environments where OT industrial automation and control systems and IT enterprise digital networks were not connected. With the advent of IoT, it has become an agent for the integration of OT and IT.
As of 2020, IDC research indicates that a current principle objective of IT/OT convergence is to increase operational safety and performance while reducing capital expenditures and improving quality. Additionally, their research indicates that nearly half of IT and OT managers think that the primary barrier to IT/OT convergence are safety concerns. As enterprises transition OT to Industry 4.0 and IIoT (Industrial Internet of Things), cybersecurity for Industrial Control Systems (ICS) is a fundamental necessity in improving operational performance and productivity.
These concerns also apply to the operational structures of national infrastructures, as cyber attacks increase in frequency and intensity. The recent SolarWinds cyber attack is a prime example of attacks that can impact both supply chains and critical national infrastructure.
Requirements
A global industrial cybersecurity enterprise approached Lanner to source an IEC 61850-3 certified hardware appliance solution. Their requirements dictated the appliance meet the following specifications:
- Certified as substation standard IEC 61850-3 and IEEE 1613 compliant – The critical infrastructure environment can be harsh, with unexpected ambient temperatures or other external threats. As such, deployments in such environments require IEC-61850-3 and IEEE 1613 certification to demonstrate they can withstand extreme external environmental impacts.
- A -40°~70°C Wide Operating Temperature range and robust fanless design – Given the possible extreme temperatures in the critical infrastructure environment, the appliance must be able to operate in such an extended temperature range.
- Networking I/O port support with five RJ45, and two SFP fiber connections.
- Wireless connectivity options including a Mini PCIe slot and a SIM card slot for 4G-LTE support – Network connectivity plays a fundamental role in the development of an IIoT security platform. With a wireless network, asset visibility and threat management are available to Industrial IT management, while real-time SCADA monitoring enables a quicker response to detected anomalies.
- An onboard TPM chip and HDMI display output – A TPM-integrated hardware platform includes security features such as generating cryptographic keys, data encryption and hardware-based protection. Since TPM 2.0 is a hardware-rooted technology, cryptographic processes are accelerated in comparison to software-only technologies.
Solution
Lanner’s LEC-6041 is designed to protect communications in both IT and OT domains. The LEC-6041 series is powered by an Intel Atom® x7-E3950 or x5-E3930 SoC CPU platform for both low power consumption and high processing performance. As a rugged firewall deployed in challenging environments, the LEC-6041 has both IEC 61850-3 and IEEE 1613 certification, as well as 1.5KV magnetic isolation protection for the LAN ports and 15KV ESD Protection for the I/O ports. The system can operate in a wide operating temperature range from -40°C to 70°C. The entire hardware design assures that the LEC-6041 security gateway is protected from downtime while operating in any hazardous conditions of the OT environment.