10.16. Wide Area Connectivity Some industrial control systems, like those for the power grid, are connected over a wide area network. Long range, wide area connectivity requirements are common when interconnecting central control rooms to remote plants, micro grids, pipelines, offshore oil platforms, and etc. Wide 126
area connectivity can be provided by infrastructure or by leased connectivity from public carriers. These technologies may vary widely as to the transport mediums, which include, let’s say, satellite up to optical networks. Wide area connectivity should be given the same consideration as any other network connection when designing a secure network. By it’s nature, the WAN infrastructure is physically accessible to unknown users who can potentially be threat actors. So access to these networks could be obtained by these attackers by the use of appropriate wireless transmitters and receivers or by physically splicing or tapping cables and wires. So these connections should be considered higher risk and extra measures should be taken to ensure that the confidentiality, integrity, availability, and all the other desired security services of a wide area connection are provided. When performing risk and vulnerability assessments, make sure that specialized wide area overlay networks are not overlooked. So one example is a smart grid, which uses distributed PMUs, which require precise synchronized timing and use GPS network timing. The GPS network is a globally accessible network and researchers have already proven that GPS spoofing can result in real-world impact. 10.17. Conclusion to Industrial Networks In this lesson, we’ve talked about the similarities and differences between typical business and industrial networks as they relate to common protocols and topologies they use. Having an understanding of these similarities and differences is critical in order to have adequately secure ICS networks. 127
Chapter 11. Industrial Network Protocols 11.1. Intro to Industrial Network Protocols Understanding how industrial networks operate requires a basic understanding of the underlying communication protocols that are used as well as the circumstances under which they’re used. There are many highly specialized protocols used for industrial automation and control, and many of these protocols are designed for efficiency and reliability. This is done to support operational requirements of large ICS’s. These requirements often include real-time synchronization to support precision operation and deterministic communication of both monitoring and [? controlled ?] data. One negative takeaway from this lecture is that many of these protocols forgo security in order to meet the requirements of the ICS’s. 11.2. Overview of Industrial Networks Industrial network protocols are deployed throughout a typical ICS network. This includes wide area networks, business networks, plant networks, and skated networks, and also, fieldbus networks. Since these protocols can perform various functions across several network zones, we refer to them generically as industrial protocols.
You've reached the end of your free preview.
Want to read all 325 pages?