Futureproofing Your Network Infrastructure
Published on : Thursday 06-10-2022
Are today’s enterprise networks ready for future IT/OT integration? Robert Kuo offers a few guidelines that can help customers.
As the industrial world shifts toward Industry 4.0, key technologies pushing the boundaries of IT and OT environments include AIoT, digital twinning, and digital convergence. The implementation of such technologies requires higher bandwidths to cope with the significant increase in data acquisition and edge computing requirements, and this can place considerable strain on even the most efficiently designed local networks. Thus, ensuring system reliability alone is no longer enough.
With growing emphasis on the importance of operational resilience against cyberattacks, it has become essential for enterprises to ensure that their IT/OT environments can resist, absorb, recover from, and adapt to any adverse events that may threaten their day-to-day operations. This requires them to adopt innovative approaches and next-generation solutions to optimise their industrial networks in a manner that helps them adapt quickly to trends and changes in integrating IT and OT environments.
This is especially pertinent as previously closed OT communications shift closer to the cloud, particularly as IT becomes more tightly integrated in OT environments. Why? Because the emergence of remote and distributed networks has exposed OT environments to risks that they’ve simply never faced before. Compounding this problem, IT and OT personnel quite often aren’t on the same page with regard to who is responsible for ensuring network reliability and security.
The importance of data quality, high bandwidth, and simplified management in IT/OT networks
For enterprises to overcome these problems, their primary objectives need to be aimed at facilitating seamless IT/OT integration as well as enhanced network security, scalability, reliability, and simplified management. This gives rise to three main challenges they need to face when integrating their IT and OT systems.
First, enterprises need to focus on more than just data reliability. They also need to be able to ensure data quality by upgrading their systems to support high-bandwidth infrastructure that can handle the increased throughput requirements to achieve adequate security against cyberattacks in modern OT environments.
Second, they must ensure that their network connectivity meets the high-bandwidth requirements of next-generation systems. Regular 10/100Mbps networks may be sufficient for current systems with relatively simple network requirements, but the future is coming and it’s not just coming fast—it is fast. The high-speed needs of AI inferencing and networking monitoring against cybersecurity threats are growing at an exponential rate. Without GbE or even 2.5Gbps systems, current networks simply cannot keep up.
Finally, simplifying the management of IT and OT environments is necessary for enterprises to maintain real-time visibility over their entire network topology. Network weaknesses take only a moment to exploit, and once the damage is done, the cost of recovery can be staggering when production grinds to a halt.
Futureproofing your network infrastructure
With modern IT/OT applications involving AI, AIoT, and data analysis, current 10/100 Mbps network infrastructure is insufficient for the future operations of most companies. Reports and market analyses indicate that many manufacturers have already moved to GbE solutions for their network backbone but are still using 10/100M fast Ethernet at the network edge. Without GbE technology implemented at the edge, they will be unable to accommodate unpredictable network requirements in the future as their network backbone is upgraded to 2.5GbE.
As the world’s first IEC62443-4-2 products certified directly by IECEE, Moxa’s EDS-4000/G4000 series of switches can enhance network flexibility and performance to futureproof network infrastructure at a lower total cost of ownership. Their compliance with IEC 62443-4-1 and IEC 62443-4-2 standards also ensures both robust vulnerability management and component-level security as an extra layer of network protection. While many companies launch only a few products to meet the emerging needs of the market, Moxa’s EDS-4000/G4000 series boasts an impressive portfolio of 68 models in a unified form factor, with support for up to 6 x 2.5GbE ports and up to 8 x 90W PoE ports to suit the specific needs of individual enterprises. Thus, Moxa’s comprehensive series of switches is suitable for a range of scalable applications.
An easier solution for OT cybersecurity
With network segmentation being critical to strengthening industrial network performance and security, enterprises need to utilise different solutions to build defense-in-depth into their OT networks. As the number and variety of connected IP devices continues to grow, enterprises will need to consider 10-port GbE connectivity as a basic standard. The importance of effective firewalls also cannot be overlooked, especially given that a surprising number of enterprises actually believe they don’t need them. While this may seem a safe option for now, trends in cyberattacks against large enterprises provide clear evidence that this will not be the case in the future.
Enterprises must thus implement next-generation firewalls to establish security between network segments in order to isolate critical OT networks, protect critical assets, and provide secure remote access. For this, traditional single-point firewalls simply lack the defense-in-depth flexibility that enterprises will need.
Moxa’s EDR-G9010 series of industrial routers provide the high level of defense-in-depth network security that enterprises need to protect their assets. This includes robust network security at every level, from real-time visibility, network segmentation, and security-hardened infrastructure to pre-emptive threat detection, analysis, and intelligent response to threats. They act as an all-in-one firewall, NAT, VPN, router, and switch with deep packet inspection for a wide range of industrial protocols. As a more economical alternative, enterprises may also opt for more affordable security solutions such as the NAT-102 series of secure routers to provide an extra layer of security through IP address translation to protect machine networks against unauthorised access.
An easier way to manage larger OT networks? You just need the right tools
With large industrial networks now commonly comprising thousands of IoT devices, enterprises need to be able to leverage innovative network management platforms that maximise their visibility over network security and operations to ensure system availability. Traditionally, adverse events would require engineers to physically locate the problem and correct it. While this may seem manageable for smaller systems, it is simply unfeasible in large-scale networks because of the considerable resources required for troubleshooting alone.
To overcome this problem, Moxa offers MXview One as the core of its scalable industrial network management platform to help OT engineers simplify the management of converged IT/OT networks in various domains. It provides comprehensive, real-time visibility over wired, wireless, and IEC 61850 substation networks while optimising operations and system availability, from network deployment and management to maintenance – all without the need for IT expertise.
One key challenge that MXview One overcomes is deployment, which can be both time-consuming and problematic. It speeds up deployment through auto topology tools as well as group configuration and duplication capabilities. Its smart visualisation takes the level of network visibility well beyond merely mapping out the network topology to help identify the configuration and status of connected devices – it helps users pinpoint security issues that may have been overlooked for every device in the network, thus making network monitoring and management easier. It also offers one-click configuration backups, scheduled maintenance, firmware upgrades, customisable rollbacks, and easy-to-use diagnostics via event searches and playback functions for more efficient troubleshooting.
The real power of MXview One comes into play with add-ons that make the platform exceptionally customisable for specific fields. For example, the MXview Power add-on has been designed specifically to aid with monitoring critical IEC 61850 power networks. It extends real-time visibility to include IED statuses, GOOSE messages, and redundant connections in PRP/HSR networks, and its design is backed by extensive industry experience and expertise. For added security, it also automatically scans and detects unauthorised IEDs for pre-emptive protection.
For distributed and remote networks, MXview Wireless is another add-on that delivers full visibility of dynamic Wi-Fi connections between APs and clients to help ensure reliable wireless communication. The roaming playback feature lets OT engineers review a client’s history to identify and troubleshoot network issues. Its client dashboards and performance charts for wireless devices also make network management easier and more efficient.
Defending enterprise networks without disruption
When looking to add defense-in-depth to their existing network topologies, enterprises might utilise different categories of products in their OT systems. It is for this reason that Moxa provides different types of solutions for OT network defense.
When selecting which products to scale or converge their IT and OT networks, enterprises must consider more than just functionality. The focus should be on how the selected products can be integrated into their existing OT networks with minimal disruption to daily operations. In fact, the main reason many enterprises choose to not adopt a firewall for their OT system isn’t because they don’t think they need it – it’s usually because they are concerned that setting up a firewall may have adverse effects on their current OT system.
Given their extensive experience in designing and implementing IT/OT security solutions, Moxa has many guidelines that can help customers review their current OT networking systems so they are more educated in selecting and implementing network products that will help them futureproof their current networks, add additional layers of security to their network, and implement a system that will help them simplify their network management.
Robert Kuo is Product Manager at MOXA. Robert graduated from Yuan Ze University, and majored in Communication Engineering. After graduation, he enrolled at the International Trade Institute (ITI), where he studied Business Management, Marketing, and enhanced his language skills.