Securing Industry 4.0 Network Infrastructure with Industrial Firewall

Background

The manufacturing sector has undergone a rapid evolution since the introduction of advanced, intelligent and connected industrial control systems and factory automations, due to the challenges from globalized competition, frequent changes in raw material costs and newly emerging market demands. Today, it is common to see that major manufacturing plants have adopted a great number of IT and OT technologies, which not only optimize their productiveness, but also enable them with 24/7 real-time visibility and management of their manufacturing environments. In general, this is the generation often referred as Industrial 4.0.

However, the widespread connectedness of OT technologies and ICS (industrial control systems) has exposed manufacturing infrastructures to potential cyber attacks. First, the connected instruments come with IP addresses, and hackers could take advantage of such loophole to penetrate the protection of the factory. Secondly, most of the production plants are protected by commercial off-the-shelf IT technologies. As evident from a number of recent cyber attack incidents on utility plants, these generic IT solutions lack the specific instructions and dedicated protection to secure the connected devices in the manufacturing site. Therefore, the ICS and OT technologies require an integrated, purpose-built solution that secures the access to the devices and instruments in factories.

Requirements

Since IT security technologies are fundamentally different from the OT side, the IT-based protection lacks the capability of detecting malicious intrusions through the OT protocols. Thus, today’s manufacturing sites require a specific, dedicated Firewall to protect access to critical, connected devices or instruments, such as PLCs. The required gateway shall be able to detect any abnormality over the OT protocols, while offering 24/7 remote monitoring. Therefore, the following technological requirements must be met:

Versatile I/O Configuration

The required Firewall must connect with various manufacturing-related devices and instruments through multiple communication interface options, including multiple copper, fiber LAN ports, serial COM connectors and USB ports.

ESD/Surge protection

Abnormal electrical conditions such as ESD and surge may occur in the production floor, and therefore, the critical I/O such as COM and LAN ports must come with ESD, surge and magnetic isolation protection.

Rugged design and wide temperature operating

Extreme ambient temperature may occur in production site. Thus, the capability of withstanding and thriving in harsh conditions with extreme temperatures from as low as -40°C to as high as 70°C is highly critical.

LAN Bypass

Fault tolerance design for LAN connection is necessary in harsh environment. Thus, the Firewall must be designed with advanced LAN bypass functionality which allows uninterrupted network traffic by providing low latency recovery.

Open Architecture

For compatibility and interoperability considerations, the Firewall shall be built with Intel x86 open architecture so that it can be compatible with security instructions and policies. On the other hand, in a harsh environment, the Firewall is preferred to have a low-power, high-performance processor inside.

Maintenance Logging

As mentioned, it is preferred that the industrial firewall shall be based on open architecture to support maintenance logging software that can monitor and record all activities performed during maintenance sessions with preconfigured policies.

Deep Packet Inspection

Driven by high-performance, low power open architecture SoC, the industrial firewall can perform DPI (deep packet inspection) and whitelisting between the corporate network and the production floor, once relevant security instructions and policies are implemented.

Anomaly Detection

The Intel x86 based industrial firewall supports instructions to detect anomaly activities such as changes in the PLC’s sequence and abnormal data access.

Lanner’s Solution

Lanner, as the leader hardware solution provider for industrial network security, offers the Intel x86 based, customizable LEC-6032 series hardware solution, designed to protect the communication protocols in both IT and OT domains for production floors.

LEC-6032 series is empowered by Intel® Atom™ E3845 SoC for low power consumption and capable processing performance. The series offers various LAN configurations of 5 RJ-45 LAN ports for model B and D, 5 RJ-45 LAN ports plus 2 SFP GbE ports for model C, and 3 RJ-45 LAN ports plus 4 SFP GbE ports for model F. Regardless of the model type selected, the system is programmed with Lanner’s latest LAN bypass technology.

As an industrial Firewall, LEC-6032 series is designed with ESD and surge protection, as well as magnetic isolation protection. The system can operate in a wide range of operating temperature from -40°C to 70°C. LEC-6032 series can be mounted with industrial instruments through DIN Rail.

Securing Industry 4.0 Network Infrastructure with Industrial Firewall was last modified: July 15th, 2020 by Jorge Peregrina