Industrial network security is not a luxury option anymore—it is a necessity. A spate of recent cyberattacks targeting critical infrastructure has underlined the need for industrial organizations to prioritize cybersecurity. No matter which industry you are in, potential threats are everywhere. Recent incidents include hackers shutting down a fuel pipeline in the USA1 and demanding millions of dollars in ransom payments, and a ransomware attack taking the self-service ticketing machines of a UK railway company 2 offline. Needless to say, these types of cyberattacks lead to tremendous cost and inconveniences to industrial operators and their end users. To make matters worse, predicting where the next cyberattack is going to strike is almost impossible, meaning that anyone or anything connected to a network can be a target.
To enhance network security, you can replace your equipment with newer models that feature embedded security functionality. However, replacing your equipment will be costly and involve tremendous efforts in deployment and installation. Besides, your legacy equipment is most probably still in a good working condition. A more realistic option is to update the security patches of your existing equipment. Unfortunately, some legacy equipment still uses legacy operating systems that do not support the latest security patches anymore—Windows XP is one such example. In this article, we will discuss the challenges industrial operators face and the solutions that enhance cybersecurity with minimal efforts.
Challenges to Secure Your Edge Networks
To improve operational efficiency, industrial operators must take advantage of the capabilities of today’s networks to realize real-time remote monitoring. However, it also means that your field devices can’t be air-gapped any longer. Your first challenge is connecting your legacy equipment, which uses RS-232/422/485 communications, to your local area network (LAN) or the Internet, which uses Ethernet communications. Serial-to-Ethernet devices, such as serial device servers or protocol gateways—depending on your application’s required transparent transmissions or protocol conversions—can connect your serial-based equipment to Ethernet-based networks. Once your legacy devices are connected, security concerns unfortunately raise their ugly head, especially if your connection doesn’t have proper protection. Therefore, it’s essential to find a secure serial-to-Ethernet device that ensures secure connectivity without replacing your existing serial devices.
How to Choose a Secure Serial-to-Ethernet Device
Nowadays, security standards such as IEC 62443 and NERC CIP are available to help you secure your network infrastructure. These security standards include guidelines that help you verify qualified networking devices and component suppliers. Thus, it’s an easy way to find a secure serial-to-Ethernet device that complies with industry security standards. Moxa is an IEC 62443-4-1 certified networking solution provider, and the security design of our serial-to-Ethernet devices is based on the IEC 62443-4-2. With security embedded functions, our serial-to-Ethernet devices enhance network security and reduce the chances of unwanted actors accessing your serial equipment through our devices. Read another article to learn more about security tips on how to protect your legacy systems.
Real-world Examples: Enhancing Cybersecurity With Moxa’s Solutions
Our secure serial device servers and protocol gateways have helped our customers ramp up their connectivity security in a variety of industrial applications. To show you how we have helped our customers enhance cybersecurity, we provide you two real-world examples, showcasing how our NPort 6150 serial devices servers and MGate MB3000 protocol gateways strengthen cybersecurity in the energy industry.
Ramping Up Connectivity Security for Hundreds of Gas Stations
A customer who owns over 600 gas stations in the U.S. required real-time monitoring of the levels in their oil tanks with ATG (automatic tank gauge, usually with serial interfaces) to schedule inventory replenishments as needed at remote sites. They also needed data from POS terminals at gas pumps to be sent back to the store for transaction processing and records. These connectivity requirements are security sensitive. Information regarding the tank levels needs to be well secured so that it could not to be manipulated, and the POS data contains confidential information of consumers, which needs to be protected. To enhance connectivity security, the connection between the gas station and the in-store IT room needs to be protected. In addition, to ensure the connected devices are operating at accepted security levels, IT personnel are required to execute vulnerability scans periodically to update firmware and security patches, keeping the communication systems safe.
Our NPort 6150 serial device servers feature basic security functions such as user authentication and accessible IP list to ramp up device security with device access control. During operations, our products support a data-encryption function to enhance transmission security when sending serial data over Ethernet. To make the daily maintenance easy for IT personnel, our NPort 6150 serial device servers support tools to make the configuration and management of many devices easy.
Enhancing Cybersecurity for Data Centers
A data center service provider and their data centers have been frequent targets of cyberintruders, resulting in data losses and significant penalties over the past five years. To reduce the chances of being hacked, cybersecurity has become a corporate-level initiative for them. Their security risk assessment does not focus solely on vulnerabilities in the server rooms, but also extends to all network entry points, including the power sources that supply the server rooms.
To monitor power usage and quality, the power supply equipment, including switchgears, PDUs, and UPSs, connect to networks so that operators can receive real-time information. Our MGate MB3000 protocol gateways bridge communication between serial-based Modbus RTU devices, such as power meters used inside power supply equipment, and Ethernet-based SCADA systems in the control center. When corporate IT personnel are required to perform a vulnerability scan, they must scan thousands of MGate MB3000 protocol gateways so that they can take immediate action if they identify a vulnerability.
To make IT personnel’s work easier, Moxa also performs vulnerability scans periodically and, if needed, takes necessary action, such as updating security patches and firmware to reduce potential threats. In addition, our MGate MB3000 protocol gateways feature an easy-to-use configuration tool in both GUI and CLI format, helping OT and IT users easily handle mass firmware updates. Our MGate MB3000 protocol gateways not only allow our customers to monitor power usage in their serial-based devices but also ease their security concerns and daily operation efforts at the same time.
With over 35 years of experiences in developing serial connectivity solutions, we are committed to providing secure serial-to-Ethernet solutions to fulfill your future demands in a variety of industrial applications. To find a secure serial-to-Ethernet solution, use our selection table. To learn more about our development of serial communication, visit our microsite.