Improve cybersecurity for connected serial devices







Improve cybersecurity for connected serial devices

Industrial network security is no longer a luxury option, it’s a necessity. A series of high-profile cyberattacks targeting critical infrastructure has highlighted the need for industrial organizations to prioritize cybersecurity.


Regardless of your industry, potential threats are everywhere. Recent incidents include hackers who shut down a fuel pipeline and demanded millions of dollars in ransom payments, and a ransomware attack on a UK rail company’s self-service ticket machines that shut down machines. line. Needless to say, these types of cyberattacks result in considerable cost and inconvenience to industrial operators and their end users. To make matters worse, it’s nearly impossible to predict where the next cyberattack will strike, which means anyone or anything connected to a network can be a target.


To improve network security, you can replace equipment with newer models that have built-in security functionality. However, replacing equipment will be costly and will involve significant deployment and installation effort. Also, legacy equipment is most likely still in good working order. A more realistic option is to update the security patches of existing equipment. Unfortunately, some legacy equipment still uses legacy operating systems that no longer support the latest security patches, Windows XP being an example. In this article, Moxa’s cybersecurity experts discuss challenges faced by industrial operators and solutions that improve cybersecurity with minimal effort.


Challenges in Securing Edge Networks


To improve operational efficiency, industrial operators must take advantage of the capabilities of today’s networks to achieve real-time remote monitoring. However, this also means that field devices can no longer be isolated. The first challenge is connecting legacy equipment that uses RS-232/422/485 communications to your local area network (LAN) or the Internet, which uses Ethernet communications. Serial to Ethernet devices, such as serial device servers or protocol gateways, depending on the transparent transmissions or protocol conversions required by the application, can connect serial devices to Ethernet networks. Once old devices are connected, security issues unfortunately arise, especially if the connection is not properly protected. Therefore, it is essential to find a serial to Ethernet device that provides secure connectivity without replacing existing serial devices.


How to Choose a Secure Serial to Ethernet Device


Current security standards, such as IEC 62443 and NERC CIP, are available to help secure your network infrastructure. These security standards include guidelines for verifying qualified network devices and component vendors. So this is an easy way to find a secure serial to Ethernet device that meets industry security standards. Moxa is an IEC 62443-4-1 certified networking solution provider, and the design of Moxa serial to Ethernet devices is based on the IEC 62443-4-2 standard. With built-in security features, Moxa Serial to Ethernet devices improve network security and reduce the risk of unwanted actors accessing serial equipment through Moxa devices.


Two concrete examples: Improving cybersecurity


Moxa Secure Serial Device Servers and Protocol Gateways have helped customers enhance their connectivity security in a variety of industrial applications. To demonstrate this, here are two real-world examples of how Moxa NPort 6150 Series Device Servers and Moxa MGate MB3000 Protocol Gateways enhance cybersecurity in the energy industry.


Issue 1: A Moxa customer with over 600 service stations in the United States needed real-time monitoring of levels in their oil tanks with “ATG” (Automatic Tank Gauge), typically with serial interfaces , to plan inventory replenishments as needed at remote sites. They also needed data from POS terminals at gas pumps to be sent back to the store for transaction processing and records. These connectivity requirements are security sensitive. Tank level information needs to be well secured so that it cannot be manipulated, and point-of-sale data contains confidential consumer information that needs to be further protected. To enhance connectivity security, the connection between the service station and the store’s computer room also requires protection. Additionally, to ensure connected devices are operating at accepted security levels, IT staff should periodically run vulnerability scans to update firmware and security patches, protecting communication systems.





Solution: Moxa NPort 6150 series device servers have basic security features such as user authentication and accessible IP list to enhance device security with device access control. During operations, Moxa products support a data encryption function to improve transmission security when sending serial data via Ethernet. To make day-to-day maintenance easier for IT staff, the NPort 6150 Series Device Servers support tools that make it easy to configure and manage a variety of devices.


Issue 2: A data center service provider and its data centers have been frequent targets of cyber intruders resulting in significant data loss and penalties over the past five years. To reduce the risk of hacking, cybersecurity has become an enterprise-level initiative. Security risk assessments not only focus on server room vulnerabilities, but also extend to all network entry points, including the power sources that power the server rooms.





Solution: To monitor power consumption and quality, power equipment including switches, PDUs and UPS connect to networks to allow operators to receive real-time information. Moxa MGate MB3000 protocol gateways bridge communication between serial-based Modbus RTU devices such as power meters used inside power equipment and Ethernet-based SCADA systems in the control center. When corporate IT staff need to perform a vulnerability scan, they can scan thousands of MGate MB3000 protocol gateways so they can take immediate action if they identify a vulnerability.

To facilitate the work of IT staff, Moxa also periodically performs vulnerability scans and, if necessary, takes necessary measures, such as updating security patches and firmware to reduce potential threats. Additionally, Moxa MGate MB3000 protocol gateways feature an easy-to-use configuration tool in GUI and CLI format, helping OT and IT users easily manage massive firmware updates. Moxa MGate MB3000 protocol gateways not only allow customers to monitor the power consumption of their serial devices, but also reduce their security concerns and daily operation efforts at the same time.



About the Author


Oliver Wang is Product Marketing Manager, Edge Connectivity, at Moxa.



Did you enjoy this great article?

Check out our free e-newsletters to read other great articles.

Subscribe






Source link