Three Ways to Increase Security in Industrial Communications. (Part I)
Industrial communications technologies and architectures are a common target of attacks; we propose three ways to increase security in industrial communications
One of the most important differentiating features between IT and OT networks is the use of what is called an industrial protocol in the operation networks. These protocols allow field devices to communicate with each other (PLC, RTU, controllers horizontally) or to communicate these devices with real-time systems (such as HMI, SCADA, MES vertically). They are characterized, among other things, by being very heterogeneous (unlike what happens in the field of information technologies in the corporate environment, where organizations such as IETF and ISCO, through their RFCs, standardize almost all protocols; in the industrial field, each manufacturer defines its own) and by not being secure. That is, communications in OT environments through most industrial protocols lack the possibility of authentication, authorization, encryption, and/or auditability.This makes industrial communications technologies and architectures a clear target for attacks that can mainly affect the integrity and availability of control systems, negatively affecting the normal execution of production processes. Impersonation between masters and slaves that speak a certain protocol, protocol sniffing to alter the functions or typical objects of a protocol, the performance of unauthorized actions, or denial-of-service attacks are just some of the threats associated with the insecure behavior of industrial communications.Considering this context, subsequent entries will propose three ways to increase security in industrial communications:
