Industrial control systems include supervisory control and data acquisition (SCADA) systems, localized work-cells, enterprise control systems, and cloud-based factory collection systems. Traditional information technology (IT) systems differ from operational technology (OT) systems primarily in their cybersecurity priorities. In general, IT systems defend against data extractions. Encryption used to provide confidentiality is of primary concern. In OT systems, confidentiality is no longer of paramount concern. While eavesdropping can lead to reverse engineering of proprietary factory methods and design, it is usually more important to keep the factory running. Therefore, technologies must assure that both cybersecurity controls and cyber-attack do not limit or prevent the capability of the factory running with high availability. Table 1 lists the priorities of IT and OT systems. It is important for IT professionals to recognize that wireless security practices used in the office may not be available for factory deployments. If they are available, they may not be desirable to maintain system availability. Securing the industrial network can be summarized in the following considerations:
- Secure the physical environment;
- Secure the end-points;
- Secure the controller;
- Secure network transmissions/data.
 |
| Table 1 - Typical Priorities of IT and OT Systems |
In addition, isolation of production devices on a separate network from corporate networks, internet traffic, and phone and surveillance systems is necessary. In other words, one can employ an “island” approach to networking that limits the movement of traffic and devices between islands. By properly segmenting a network, it can limit movement between networks to appropriate devices and block the movement of devices that are unnecessary or provide little value.
Reprinted from Guide to Industrial Wireless Systems Deployments produced by The National Institute of Standards and Technology. A free copy of this entire publication is available here.
