Designing Secure Machine Control Networks

Industrial network security has become a hot topic, and rightfully so, in the wake of the Stuxnet virus and concerns about attacks on all types of Internet sites that could create major damage for industrial networks and machinery. Concerns about the security of machine control networks specifically are a key issue in the convergence of industrial automation technology with information technology.

A new whitepaper co-authored by Rockwell Automation and Cisco provides some good in-depth reading on this topic, along with suggestions on how to manage this difficult problem. The two companies have collaborated to develop converged plantwide Ethernet (CPwE) reference architectures "to help design and deploy a holistic defense-in-depth industrial security policies to help secure networked IACS assets," according to the whitepaper. "This comes in the form of design considerations, guidance, recommendations, best practices, solutions and services."

Two concepts jump out as very important for developing an industrial security strategy. The first is an industrial security policy, which includes risk assessment and "a roadmap for applying security technologies and best practices to protect IACS assets, while avoiding unnecessary expenses and excessive restrictive access." The second is development of a perimeter network, which the paper calls an "Industrial Demilitarized Zone" (IDMZ). It adds a buffer layer of security when a trusted network is exposed to an untrusted one.

This buffer zone provides a barrier between the Industrial and Enterprise Zones, but allows for data and services to be shared securely," the paper says. "All network traffic from either side of the IDMZ terminates in the IDMZ. No traffic directly traverses the IDMZ," which provides "the only path between Industrial and Enterprise Zones." Another key design aspect from a security standpoint: "EtherNet/IP traffic does not enter the IDMZ, it remains in the Industrial Zone."

Even though very few of us understand the details of network security, it's interesting to see how reference network architectures like this can provide a conceptual approach to implementing sound security practices. The other obvious conclusion is that this problem demands a holistic view and a series of "defense-in-depth layers," including these.

  • Policies, Procedures, and Awareness - Plan of action around procedures and education to protect company assets (risk management) and provide rules for controlling human interactions in IACS systems.
  • Physical Security - Operational and procedural controls to manage physical access to cells/areas, control panels, devices, cabling, the control room, and other locations...
  • Network Security - Industrial network security framework... is made up of network infrastructure hardware and software designed to block communication paths and services that are not explicitly authorized...
  • Computer Hardening - Patch management policy,... Anti-X (e.g. virus, spyware, malware) detection software,
  • [etc.]...
  • Application Security - Implement change management and accounting... as well as authentication and authorization... to track both access and changes by users.
  • Device Hardening - Restrict physical access to authorized personnel only, disable remote programming capabilities, encrypt communications,... restrict network connectivity through authentication, restrict access to internal resources... using authentication and authorization.
  • The whitepaper concludes:

    No single product, technology or methodology can fully secure Industrial Automation and Control System (IACS) applications. Securing an IACS

    Add new comment

    By submitting this form, you accept the Mollom privacy policy.