Industrial network security has become a hot topic, and rightfully so, in the wake of the Stuxnet virus and concerns about attacks on all types of Internet sites that could create major damage for industrial networks and machinery. Concerns about the security of machine control networks specifically are a key issue in the convergence of industrial automation technology with information technology.
A new whitepaper co-authored by Rockwell Automation and Cisco provides some good in-depth reading on this topic, along with suggestions on how to manage this difficult problem. The two companies have collaborated to develop converged plantwide Ethernet (CPwE) reference architectures "to help design and deploy a holistic defense-in-depth industrial security policies to help secure networked IACS assets," according to the whitepaper. "This comes in the form of design considerations, guidance, recommendations, best practices, solutions and services."
Two concepts jump out as very important for developing an industrial security strategy. The first is an industrial security policy, which includes risk assessment and "a roadmap for applying security technologies and best practices to protect IACS assets, while avoiding unnecessary expenses and excessive restrictive access." The second is development of a perimeter network, which the paper calls an "Industrial Demilitarized Zone" (IDMZ). It adds a buffer layer of security when a trusted network is exposed to an untrusted one.
This buffer zone provides a barrier between the Industrial and Enterprise Zones, but allows for data and services to be shared securely," the paper says. "All network traffic from either side of the IDMZ terminates in the IDMZ. No traffic directly traverses the IDMZ," which provides "the only path between Industrial and Enterprise Zones." Another key design aspect from a security standpoint: "EtherNet/IP traffic does not enter the IDMZ, it remains in the Industrial Zone."
Even though very few of us understand the details of network security, it's interesting to see how reference network architectures like this can provide a conceptual approach to implementing sound security practices. The other obvious conclusion is that this problem demands a holistic view and a series of "defense-in-depth layers," including these.
Policies, Procedures, and Awareness – Plan of action around procedures and education to protect company assets (risk management) and provide rules for controlling human interactions in IACS systems.
Physical Security – Operational and procedural controls to manage physical access to cells/areas, control panels, devices, cabling, the control room, and other locations...
Network Security – Industrial network security framework... is made up of network infrastructure hardware and software designed to block communication paths and services that are not explicitly authorized...
Computer Hardening – Patch management policy,... Anti-X (e.g. virus, spyware, malware) detection software, [etc.]...
Application Security – Implement change management and accounting... as well as authentication and authorization... to track both access and changes by users.
Device Hardening – Restrict physical access to authorized personnel only, disable remote programming capabilities, encrypt communications,... restrict network connectivity through authentication, restrict access to internal resources... using authentication and authorization.
The whitepaper concludes:
No single product, technology or methodology can fully secure Industrial Automation and Control System (IACS) applications. Securing an IACS network infrastructure requires a defense-in-depth industrial network security framework to address both internal and external security threats. A balanced industrial network security framework must address both technical (electronic technology) and non-technical (e.g. physical, policy, procedural) elements. This industrial network security framework should be based on a well-defined set of security policies and procedures, leveraging established IT processes, while balancing the functional requirements of the IACS application itself.
I recommend reading the complete whitepaper. It's definitely a good read and worth the time of engineers concerned about designing secure machine control networks.