Streamlining IT/OT systems has become a key strategy for helping industrial operators drive performance gains and secure a competitive advantage. However, increased security risks accompany IT/OT convergence, especially with networked field devices. Primarily, industrial systems are vulnerable to cyberattacks because of insecure legacy devices (e.g., those with insecure default settings or legacy protocols), poor field device visibility, and unsegmented OT networks. Given the circumstances, robust cyber-resilience is crucial for industrial organizations to mitigate security risks and reap the rewards of IT/OT convergence. To better understand how to enhance network security within converged IT/OT systems, read this article.

Recognizing the importance of cybersecurity, governments are implementing stricter regulations to counter the growing number of cyberattacks on key infrastructure. These regulations mandate that industrial organizations implement cybersecurity measures to reduce the impact of a single security incident on national security. For example, the EU’s NIS2 Directive requires operators of critical infrastructure and essential services to implement appropriate security measures and report any incidents to the relevant authorities¹. The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) in the U.S. requires critical infrastructure entities to report major cyberincidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA)². By enhancing cyber-resilience, industrial operators can be assured that IT/OT system integration is safe, while also helping their organizations adapt to dynamic environments and meet government regulations.

Three Networking Considerations to Enhance Cyber-resilience

Quick response and recovery from unexpected disruptions, as well as safeguarding daily operations and brand image, define business resilience. To strengthen business resilience, robust cyber-resilience is crucial for swift recovery from cyberattacks. People, policy, and technology are all aspects of cyber-resilience. From a network planning perspective, consider these three points to enhance cyber-resilience in your organization.

Consideration One: Minimize the Attack Surface as Much as Possible

Reducing the attack surface of industrial networks is crucial for minimizing system downtime and enabling quicker recovery from threats. By limiting vulnerabilities to fewer devices, organizations can better protect their systems. A popular strategy for achieving this is defense-in-depth. To implement this strategy effectively, we suggest using secure-by-design networking devices and developing a layered network protection approach. Industrial operators should select networking devices that reference cybersecurity standards, such as IEC 62443 and NIST CSF. Essential security guidelines for critical assets, systems, and components are outlined in these standards, offering asset owners a solid foundation for secure network infrastructures.

While it's clear that having multiple layers of network protection is beneficial, many industrial organizations struggle with budget constraints that make such an approach challenging. To kick-start your industrial network’s layered protection plan, we recommend following a simple three-step process.

1. Field Device Protection: Networked critical assets are vulnerable targets for cyberattacks unless properly protected. Deploying an industrial intrusion prevention system (IPS) in front of your critical assets can effectively block known malicious activity in time. Additionally, these IPS devices provide virtual patching for legacy devices that are unpatchable, strengthening field device security.

2. Layer 2 and 3 Segmentation: Dividing your networks into smaller groups of networking devices and enabling their access control limits the risk of unauthorized access. VLANs and subnetting let you manage network access and traffic flow by groups, ensuring trusted communication.

3. Perimeter Protection: IT/OT convergence eliminates air-gapped industrial networks. Therefore, protecting the network perimeter between different networks is crucial. Deploying industrial firewalls at the perimeter creates secure network segmentation between LAN and WAN, OT and IT networks. They can micro-segment applications within your industrial network, depending on your security needs and network size.  

This three-step approach gives you a good start to create layered network protection. Depending on the accessible surface area of your industrial applications, additional network security methods could be implemented. For example, a VPN creating a secure tunnel for remote access minimizes potential attack points when engineers remotely access on-site machines via your industrial applications.

Consideration Two: Detect Security Incidents Faster

Hackers are constantly trying to find ways to bypass your layered defenses, and it’s difficult to block every single attack. Hence, network administrators must gain full visibility of their entire network, from networking devices' status to network traffic flow. To quickly identify the security breaches, employ network management tools that visualize network status, monitor network devices and traffic flow, and alert you to any anomalies.

You can also deploy other advanced network security solutions, like intrusion detection systems (IDSs), in front of critical assets. They detect abnormal activities and notify industrial operators without disrupting ongoing network operations. This way, network operations can continue, allowing industrial operators alone to determine whether a specific abnormal activity warrants attention.

Consideration Three: Resume Operations Faster After an Attack

The NIS2 Directive lists business continuity as a key cybersecurity risk-management measure³. During an attack, the priority is mitigating the damage to maintain operations. To quickly respond to and recover from cyberattacks, you need a mechanism for incident reporting and recovery planning. Backups of your network devices’ configurations are crucial for efficient network recovery after attacks, minimizing reconfiguration work. Moreover, you must continuously monitor network security events and apply security updates to all network devices to prevent recurrence of similar attacks. Some network management tools feature centralized configuration backups, mass firmware deployments, and the creation of dashboards to monitor network security events, significantly reducing network recovery time for administrators. Choosing the tools wisely drastically cuts recovery time, resuming network operations in no time.

Strengthen Network Resilience With Moxa’s Secure Networking Solutions

Industrial organizations must deploy secure industrial networks to bolster their cyber-resilience. However, simplifying secure network deployment for OT operators without disrupting existing operations is critical. Moxa’s comprehensive, secure networking solutions enhance industrial network security, ensuring futureproof performance and industrial reliability. We are among the pioneering companies to have secured IEC 62443-4-1 certification for our secure development life-cycle (SDL), solidifying our global leadership through the attainment of IEC 62443-4-2 certification for multiple networking products. Our proven success shows our dedication to helping customers improve their network device security.

Fortifying network security, our Ethernet switches offer security features and an IEC 62443-4-2 SL2 certified portfolio to protect devices and the network. Our secure routers and industrial firewalls use advanced security features, such as IPS, IDS, DPI, VPN, etc., to create a layered network security system protecting your critical assets, network infrastructure, and perimeter. Visualizing network status, our software displays device status, sends real-time alerts regarding anomalies, and supports a dashboard for tracking security events.

Visit our microsite to learn more about our secure networking solutions.

1 NIS2 Directive: new rules on cybersecurity of network and information systems

2 Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)

3 DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022