Multi-Layer Collaborative Gateways Help Realize IT/OT Converged Security

Background

Cyber-Physical System (CPS) has emerged as the new paradigm converging the physical and cyber technologies, and has served as the cornerstone to realize IoT (Internet of Things) and IIoT (Industrial Internet of Things). Today, CPS has been embedded in critical infrastructures to converge computational domain and physical sensors and actuators to assure mission-critical application serviceability and performance. The embedded CPS allows precise and real-time interactions between computing devices and physical environments, and thus becomes a phenomenon in manufacturing, utility plants, chemical engineering, transportations and medical.

However, CPS and IIoT are encountered with increased cyber security risks as the attack surface has changed. The reason is, the cyber and the physical worlds that were separated, have been connected and interacted. A malicious attack or a man-made misconduct, could now penetrate both IT (Information Technology) and OT (Operational Technology) worlds one after another. For instance, ransomware “WannaCry” had caused catastrophe to major corporations around the world, while an unintentional misconduct of assembly line in TSMC (Taiwan Semiconductor Manufacturing Company) caused millions of losses. Therefore, CPS security issues must be prevented as a failure in CPS can devastate the well-being of the population it serves.

Requirements

An ICS (Industrial Control System) expert dedicated in protecting critical infrastructure and government network systems from cyber threats and malicious attacks came to Lanner to jointly develop industrial cyber-security solution that can converge OT world, including SCADA, remote thermal unit, PLCs, sensors and actuators, with IT infrastructures in real time. The joint solution from both parties will protect CPS assets with visibility, security and traffic control.

The joint solution is required to include the following:

• High-availability (HA)

High-availability is a must for IT firewall to ensure undisrupted service and operation.

• Failover Design

Failover is a recovery mechanism for networking operations, based on redundancy design, and the joint solutions must provide additional computing, storage and network resources to continue the ongoing applications.

• All-in-one Turnkey Solution

To realize IT/OT convergence, CPS, ICS and IIoT infrastructures must be deployed with all-in-one turnkey platforms to protect both cyber and physical worlds.

• Rugged Fanless Hardware

Rugged fanless hardware designs are optimal for the OT world, to reduce maintenance efforts and device failure.

• Wide Operating Temperature

CPS is mostly deployed in harsh environments where extreme temperatures can be experienced from time to time. Thus, the joint solution must be able to endure wide range of ambient temperature.

• Multiple Form Factors

IT and OT worlds require different factors due to environmental confines. For instance, rackmount servers are ideal for IT infrastructures, whereas fanless Box PC are better in OT side.

Lanner Solutions

To meet the requests for this collaboration, Lanner provided wide range, all-in-one hardware solutions for industry cyber security deployments. In fact, Lanner has rich features to secure both IT and OT worlds with RPS high availability, advanced LAN Bypass, multiple form factors (rackmount/wall mount/DIN Rail mount), and wide operating temperature.

For the OT world, Lanner has a wide range of Box PCs designed for industrial cyber security to address the security in critical infrastructures. The hardware platforms by Lanner are rugged and capable of harsh environments where extreme temperatures may be encountered. For instance, LEC-6041, powered by Intel® Atom™ SoC, supports -40°C to 75°C operating temperature and is compliant with IEC 61850-3 and IEEE 1613 standards. As an industrial cyber security gateway, LEC-6041 comes with 5 Gigabit LAN ports with 1 pair of LAN bypass to execute deep packet inspection, traffic filtering and white-listing for critical infrastructures.

Regarding the IT domain, Lanner offers all-in-one turnkey appliances with high-performance, flexibility, scalability and HA redundancy. For example, NCA-4012 is powered by Intel® Xeon® D-1500 8~16 Cores Processor, DDR4 memory, 300W redundant power supply with 2 cooling fans, multiple RJ-45 and SFP LAN ports accompanied with LAN Bypass, and also NIC module slot for expansion. With the hardware design, NCA-4012 is capable of IT security instructions.

Multi-Layer Collaborative Gateways Help Realize IT/OT Converged Security was last modified: July 15th, 2020 by Jorge Peregrina