Most manufacturing facilities today are well aware of the need to separate critial manufacturing functions from the general business network. Virus and other threats originating on the public internet cannot be allowed to disrupt plant operations. So the process control network, or PCN, is separated from the enterprise network (EN, or BLAN) on a separate subnet using firewalls.

Plants may not be aware, however, that current best practices advise three subnets rather than two for best security. A neutral "demilitarized zone", or DMZ network, is recommended between the BLAN and the PCN. See the NISCC Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks for an excellent comparison of security, manageability, and scalability between plant network architecture options. The dual-firewall DMZ model, as pictured below, comes out on top for highest security.

This architecture also, as the NISCC study points out, lends itself well to the division of IT infrastructure responsibility common at many manufacturing sites, where the corporate IT department maintains the firewall on the business network side, while local plant personnel maintain the PCN-side firewall.

CIM Concepts has been involved in implementing secure DMZ networks at several clients in past months. Typically the DMZ subnet includes servers that must communicate with both sides, such as database servers that collect data from PCN equipment and present it for reporting to BLAN applications.

Additional Network Security Considerations

Defense in Depth

Stated simply, the "Defense in Depth" idea is to place multiple devices of different designs, and possibly different manufacturers, in the path of potential hackers. Two examples are use of firewalls in combination with router rulesets, or placement of specific security appliances in front of critical hardware. This ISA article by Eric Barnes presents the case for multi-faceted defense.

Redundant Hardware

For plants whose application servers have become integral parts of the operation (i.e. the production lines shut down if the database is unavailable), reliability is just as critical a concern as security in network design. When designing for reliability, don't neglect to provide for redundant firewalls, routers and switches in addition to server-side mirroring or clustering.

Patching the PCN

Many facilities are lax in applying routine security patches against PCN servers. After all, the process control network is protected behind multiple firewalls, and has no contact with the outside world, right?

Wrong. The reality is that phyiscal bypasses of network security can and do occur in plant settings. Even if they can't browse the internet, operators have been known to bring in their favorite games or screen savers... historically on floppy disks, but more recently on external USB drives (also called jump disks, or memory sticks). Vendors may attach laptop computers to the PCN network during onsite support activities. Even if you try to lock things down by eliminating floppy drives and USB ports, and leaving no open network ports for casual connections, what is to stop someone from moving the network cables from that lab data entry station to their personal laptop?

The bottom line is that PCN and DMZ servers need to be routinely patched, just as BLAN servers are.

 


Quick Links

Back to Infrastructure Support >

Home Page >

CIM Concepts Incorporated     One Corporate Commons, New Castle, Delaware     302-613-5400         contact: info@cimconcepts.com
Corporate Philosophy
Our Name
Map & Directions
Contact Us
Data Integration
Reporting and Analysis
Application Development
Database Services
Infrastructure Support
IT Consulting Services
Manufacturing Clients
General Business Clients
Business Partners
Spring Computer Cleanup
Past Favorite Links