Think Security First
DON’T COMPROMISE
Your new automation network is an opportunity to deploy a robust, high-speed, resilient network platform capable of supporting multiple autonomous applications, without compromise. It will become the lifeblood of your OT control and monitoring systems. Failing to include security aspects in the design of new infrastructure would be like providing power circuitry without an earth – to be avoided.
NETWORK LIFE CYCLE
The inclusion of operational awareness at the design stage of a new network takes a little thought but can transform security from an afterthought to a central pillar. Designing an OT network to report on abnormal activity from the outset is not as hard as it sounds, Using standard features such as sensors (SNMP/Syslog) and a good log and event management system, relevant and time-synchronised events, notifications and alerts can provide a great insight into how what is happening across a network. Additional sensors can be added, where needed, to look for more specific conditions or indicators of compromise. Any future deployment of more advanced SIEM (security information and event management) systems that apply logic and intelligence to the vast amounts of data generated by discrete devices (switches, routers, firewalls etc) will benefit from this initial monitoring strategy. Further IDS/IPS (intrusion detection and prevention systems) can be implemented to provide the tightest controls on network usage
REMOTE SUPPORT
With a highly secure and fully monitored site wide network, features such as controlled remote access can be provided to authorised maintainers to provide for more effective support without compromising any integrity.
SIEM, IDS & IPS
Alarms and alerts can be time synchronised and centrally collected, SYSLOG or advanced SIEM (security information and event management) systems can apply logic and intelligence to the vast amounts of data generated by discrete devices (switches, routers, firewalls etc). Further IDS/IPS (intrusion detection and prevention systems) can be implemented to provide the tightest controls on network usage.
TRAINING
Operations staff can be trained to perform the L1 role that is typically expected of them with L2 support provided by either Customer day staff or remotely by IT4A.[/vc_column_text][/vc_column][/vc_row]