Industrial networks – with its convergence of PLCs, industrial protocols, SCADA systems, HMI, MES, hubs, switches, routers, firewalls, etc. – are systems on which it is necessary to:
- Ensure the availability, integrity and confidentiality of equipment and communications.
- Consider specific latencies for each process, often including a real time management.
- Optimize recovery times in case of failure.
In order to achieve this, a set of best practices and specific technologies help to optimize, strengthen and increase security – availability, integrity and confidentiality – in these networks, including:
- Completion of network audits – non-invasive – which allow to analyze and to know the current traffic condition and the existing visibility between different network segments.
- Identification of specific vulnerabilities associated to real time systems.
- OT networks physical and logical segmentation and fortification by means of DPI (Deep Packet Inspection) firewalls in critical areas and/or standards compliance, e.g. IEC 62443/ISA99.
- Attack simulations – MitM, password cracking, injections to industrial protocols, service denials – in order to check the network behavior before a specific security incident – provided that it is a controlled environment or lab.
- Use of specific media and protocols – RSTP, MRP, VRRP, etc. – for the design of redundant network topologies.
- The inclusion of non-invasive intruder detection systems based on behavior of signatures – depending on the system criticality.
For the purpose of further extending this set of best practices and technologies, Logitek has designed a Hands-on Lab in order to increase the security and availability of industrial control with a combination of hands-on workshops, theory, and discussion sessions, and the following goals:
- Understanding the main challenges and vulnerabilities associated to industrial networks.
- Knowing and using the main tools which enable to diagnose the condition of an industrial network.
- In-depth insight about architectures to be deployed to achieve highly available and secure networks.
- Hands-on sessions with devices and technologies to increase the security of industrial networks.
- Outline recommendations to optimize, strengthen and increase customer industrial control security networks.