Security New

Defend Your Industrial Networks

Strengthen industrial cybersecurity without compromising production efficiency

While companies are tapping into the opportunities that the Industrial Internet of Things (IIoT) has to offer, digitalization has become a key initiative for industries. Digitalization has allowed the industrial control system (ICS) landscape to develop quickly in recent years. Originally, ICS networks were physically isolated and almost immune to cyberattacks. However, recently, there has been a rise in the sophistication of cyber attacks, which has prompted everyone from IT to OT personnel to produce solutions that enhance industrial cybersecurity. Thus, understanding industrial cybersecurity requirements will help companies mitigate cybersecurity risks. Read on to learn more.

Debunk Industrial Cybersecurity Myths

There are some myths about industrial cybersecurity that may put your facilities and businesses at risk. Watch the video to learn how to debunk the myths and build defense-in-depth security for your industrial networks to ensure continuous operations and the safety of personnel.

Debunk Industrial Cybersecurity Myths

There are some myths about industrial cybersecurity that may put your facilities and businesses at risk. Watch the video to learn how to debunk the myths and build defense-in-depth security for your industrial networks to ensure continuous operations and the safety of personnel.

Vast Differences Between IT and OT

IT IT OT OT
No. 1 Priority Confidentiality Availability
Focus Data integrity is key Control processes cannot tolerate downtime
Protection Target Windows computers, servers Industrial legacy devices, barcode readers
Environmental Conditions Air-conditioned Extreme temperatures, vibrations and shocks

Checklist for Your Industrial Cybersecurity

You can use the checklist below to make sure you do not forgot any of the defense-in-depth security measures and select solutions that fit your needs.

Secure Devices

  • Does your device provide password protection?
  • Does your device check password strength?
  • Can your device verify authorized access and prevent unwanted connections from other devices?
  • Can your device encrypt confidential serial interface data to ensure data integrity?
  • Can your device check the configurations of files before configuring them?
  • Can your device vendor quickly report and fix vulnerabilities?

Secure Network Infrastructure

  • Does your network system contain many access points (like unused Ethernet ports)?
  • Is your network system able to authorize and prevent unauthorized access?
  • Does your network sstem provide secured data transmission, such as VPN tunnels?
  • Is your industrial network system able to filter and control data transmission by deploying industrial firewalls, VLAN, or ACL for industrial protocol/IP/MAC filtering?

Security Management

  • Have you created security policies for your industrial network and field site device?
  • Have you defined the security functions and levels your network devices must apply?
  • Can you continuously scan the security status of all your industrial devices to ensure that your entire network is secure?
  • Are you able to monitor your network topology and control the addition of any new devices?
  • Do your devices save all event logs for reference in the event of security breaches?
  • Have you prepared tools to trace network configuration changes in case someone maliciously changes your network?

Device Security Solution

To enhance our Device Security, Moxa has identified a big set of cybersecurity features based on the component requirements of IEC 62443. The set of security features have been implemented in a wide portfolio of devices, including Secure Routers, Rackmount Switches, EDS-500E series DIN Rail Switches, select models of Device Sever, and Protocol Gateways.

Prevent Intrusions and Attacks

To prevent network intrusions and attacks, it is essential to have a good access control mechanism in place that can identify, authenticate, and authorize users. Moxa’s network devices support user account management, password policy, and authentication interface management features that meet the technical security requirements of the IEC 62443 standard.

  • Operators can use these features to create user accounts and roles, grant different access privileges, and manage access to devices across networks
  • Authentication with IEEE 802.1x, RADIUS, TACACS+ and MAB(MAC Address bypass) helps devices that do not support IEEE 802.1x for easy management.
  • Port security with Static Lock helps to block hackers and careless usage. MAC address sticky can auto learn the device MAC without manual typing. ACL(Assess Control List) Provide network security by controlling access to devices.
  • Provide DoS Defense Capability by disable unencrypted and unused interfaces (e.g. HTTP, Telnet) and Limits the maximum login users to prevent device overload with superfluous requests

Prevent Intrusions and Attacks

Moxa’s devices support advanced HTTPS/SSH features, which provide a secure channel for data transfer over unsecure networks ensuring reliable processing and retrieval of data. To protect data from being stolen or corrupted, Moxa provides functions such as SNMP password encryption and network configuration encryption, which ensure the highest level of protection for your network devices.

The NPort 6000 secure servers use SSL to implement secure data transmission for Secure TCP Server, Secure TCP Client, Secure Pair Connection, and Secure Real COM modes.. The NPort’s drivers follow the SSL standard and automatically negotiate the encryption key. To prevent hacker attacks, the NPort will automatically switch from DES/3DES to AES encryption for highly secure data transmissions.

Track Network Events

Your cybersecurity journey does not end when your network security solution is up and running. You must constantly monitor your networks and audit network events for potential threats. Although it is quite difficult to detect breaches in real time, security event logs can help you identify the source of the issue. Information from these data logs can be used to track network activities, analyze potential threats, or identify devices that are incorrectly configured, which you can then use to disconnect user access, delete user accounts, or restart devices.

Moxa’s Solution Highlight

Security Management Solution

As ICS networks keep expanding and more networks continue to converge, it is important to understand the benefits of the defense-in-depth approach when designing security architecture. However, having cybersecurity building blocks deployed in an ICS network is not sufficient to completely protect critical assets from unauthorized access. According to a report published by ICS-CERT, a sound security management model should include the following stages:

  • Identify and secure network connections in the ICS
  • Harden network devices
  • Manage the human factor
  • Continually monitor and assess the network’s security status
  • Respond to incidents and get networks back to normal operation quickly

Those with malicious intent can still access the secure network if individuals who use the ICS network do not adhere to the security management model. In order to guarantee that the network has not been compromised, check if the ICS network is following the management principles and ensure that all users have read the guidelines to ensure a more secure ICS network.

MXconfig’s Security Wizard Saves You Time and Effort for Security-Related Parameter Setup

Quick Questions to Ensure Best Practices are being Followed

Secure Access and Identity Management are Important

To prevent unauthorized access to your data and assets, it is essential to have secure access and identity management even for users who are accessing the ICS network from separate sites. It is very important to ensure that only authorized users are the ones accessing the network.

Moxa’s Offering

Moxa’s network devices support RADIUS, Role-Based Access Control, web login page alerts, centralized account management, and authentication management. In addition, Moxa also provides WPA2 wireless network security for its wireless devices

Get the Easy-to-Follow Management Guidelines for Critical Infrastructure

Device Management is Important.

No single product, solution, or approach can completely secure an ICS network. Therefore, it is very important to have an understanding of all the network devices and focus efforts on assets that, if disrupted, could have the greatest impact to the organization. Users should start by compiling a network topology to identify which ports can be connected to the network and which should be locked. In addition, the IP access table should be clear to all OT operators in order to prevent users who have not been granted access from connecting to the network.

Moxa’s Offering

Moxa offers many Ethernet switches that can be used with sticky MAC addresses in order to significantly enhance security.

Get the Easy-to-Follow Management Guidelines for Critical Infrastructure

Configuration Management

Based on the technical recommendations of the IEC 62443 standard, all event logs should be recorded. By having complete event logs, OT operators can trace any cybersecurity incident that occurs on the network and respond to the event in a timely manner. Moreover, network device configuration data should be kept confidential. If the configurations are changed without permission from the network operator, it could result in all of the data being corrupted. Therefore, configuration encryption and regular backups are very important to ensure that the network can return to normal quickly if a cybersecurity incident occurs.

 

Moxa’s Offering

Moxa’s MXview network management software has a job scheduler function, which helps users routinely back up the configuration data and newtork settings. Moxa also provides ABC-02 automatic backup configurators to save the configuration files, which enhances maintenance efficiency and reduces system downtime.

Get the Easy-to-Follow Management Guidelines for Critical Infrastructure

User-Friendly Security Management

Security Status at a Glance

MXview's Security View visualizes the security parameters of your network devices and shows their status on a single page.

Security Setup in 3 Steps

MXconfig helps you configure your network to meet established industrial standards in just three steps.

Fast Security Monitoring

MXview and MXconfig tools help both general industrial users and security experts efficiently manage device security levels on their networks.

Easy-to-Use Management Software

MXview’s Security View

Security Status at a Glance

MXconfig’s Security Wizard

Security Setup in 3 Steps

Case Studies

With over 30 years of experience in industrial networking, Moxa draws on this expertise to help customers build secure networks by offering protection for PLCs, SCADA systems, factory networks, and remote access. Download the case studies to learn more.

Customer: Oil & Gas Service Company

Challenges

High-capacity oil and gas pipelines are very volatile and often span thousands of kilometers. The pump stations along the pipeline are equipped with analyzers and PLCs. The company found it challenging to maintain a secure and stable network connection between the stations and the remote SCADA system because the PLCs and I/O devices did not have any security features.

Customer: Automotive Parts Plant

Challenges

An automotive parts plant manager planned to digitalize their production processes. The field devices run on the EtherNet/IP protocol for control unification and data acquisition. As the network infrastructure in this plant is on a large scale, it is very difficult for the plant manager to monitor all devices and visualize the network topologies. In addition, to realize digitization, all networks are interconnected from the field site all the way to the ERP and even to the cloud. It is essential to have good cybersecurity measures to allow this transformation to occur, without compromising production efficiency.

Customer: CNC Machine Builder

Challenges

Maximizing network uptime enhances machine productivity. Therefore, a leading manufacturer of mechanical power presses needed to provide a timelier and more efficient after-sales service in order to ensure improved machine performance and effective troubleshooting. At first, the machine builder adopted Windows-based Remote Desktop Control (RDC) technology, but security risks and additional costs came at a high price. Furthermore, the Windows-based computer by itself is susceptible to security risks, and the possibility of attacks increases even more when the computer connects to the Internet.

Why Moxa Products

To close the gap between the OT and IT worlds, Moxa offers coordinated solutions that are designed to completely protect your industrial networks.

Defense-in-Depth Cybersecurity

Moxa’s product portfolio is based on the defense-in-depth concept that includes secure devices, secure network infrastructure, and security management.

Continuously Enhancing Security

Moxa takes a proactive approach to protect our products from security vulnerabilities and help our customers better manage security risks.

Development for IT/OT Security

Moxa has partnered with Trend Micro to respond to the growing security needs of industries as well as the security demands from IT/OT personnel.

Get In Touch

Your Messages
Click to Watch the Tutorial

Quickly Check the Security Level with MXview Security View

MXview provides an integrated management platform that can manage network devices installed on subnets from a web browser at both local and remote sites. In addition, Security View helps users visualize the security status of network devices. By utilizing Security View, network administrators can view the security level of a device, as well as check the security parameters such as the password policy status in real time for each network device. For general industrial users, this view provides built-in user-friendly profiles to meet the technical security requirements of the IEC 62443 standard. Security View also provides security experts the flexibility to create profiles. Network administrators can easily gain a complete overview of the network’s security level and quickly respond to any vulnerability that is identified on their networks.

Click to Watch the Tutorial

Easy Setup with MXconfig
Security Wizard

MXconfig helps users install, configure, and maintain multiple Moxa network devices in just a few clicks. MXconfig’s Security Wizard allows users to select multiple network devices and launch a wizard that can set up or change security-related parameters for those devices. Even though some devices on the network might require complex parameter configurations, network administrators can rest assured that the MXconfig tool will set up each device on their network with the correct configurations.

Save Time on Security Management with MXconfig

There are multiple security settings for each and every network device that need to be checked and enabled to meet the technical requirements of the IEC 62443 standard. Without the help of tools such as MXview and MXconfig, network administrators have to manually check network devices one by one to set the parameters, which is time consuming and prone to errors. MXconfig’s Security Wizard drastically cuts down on configuration time by supporting batch configuration of large numbers of network devices, which also helps when configuring each device manually.