Connectivity 101 for Remote Monitoring Systems

Similar documents
TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

IT and Instrumentation for industry. Modular RTU Controller: IoPAC 8000 Series. Cellular RTU Controller: iologik W5300 Series

Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group

Version No. Build Date No./ Release Date. Supported OS Apply to Models New Features/Enhancements. Bugs Fixed/Changes

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Submitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)

Introduction to RTU Controllers

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

Opengear Technical Note

Securing Industrial Control Systems

Merge physical security and cybersecurity for field operations.

Substation. Communications. Power Utilities. Application Brochure. Typical users: Transmission & distribution power utilities

Remote Connectivity: HMS Industrial Networks/eWon

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

Cloud Security Best Practices

HikCentral V.1.1.x for Windows Hardening Guide

IC32E - Pre-Instructional Survey

SCADA Solutions Since 1981 DATA FLOW SYSTEMS

T BOX MS. Introduction 8 (877) com. Using T BOX. Login HTTP. Firewalll OpenVPN. Enabled. an overview.

WiNG 5.x How-To Guide

The SCADA Connection: Moving Beyond Auto Dialers

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Designing a Reliable Industrial Ethernet Network

SIMATIC NET. Industrial Ethernet Security SCALANCE S615 Getting Started. Preface. Connecting SCALANCE S615 to the WAN 1

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Cisco 5921 Embedded Services Router

Skills Assessment Student Training Exam

HikCentral V1.3 for Windows Hardening Guide

IE156: ICS410: ICS/SCADA Security Essentials

The SCADA Connection: Moving Beyond Auto Dialers

CompTIA Network+ Study Guide Table of Contents

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Chapter 3 Managing System Settings

SANGFOR WANO POC Guideline

Application of Monitoring Standards for enhancing Energy System Security

Machine Remote Access and Network Security Utilizing ewon

Viewing Network Status, page 116. Configuring IPv4 or IPv6 Routing, page 116. Configuring the WAN, page 122. Configuring a VLAN, page 137

Introduction to ICS Security

High performance monitoring & Control ACE3600 Remote Terminal Unit

Wireless Data Communications for SCADA Systems

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

Viewing System Status, page 404. Backing Up and Restoring a Configuration, page 416. Managing Certificates for Authentication, page 418

SMG-1100/6100 User s Manual

Cyber Security for Process Control Systems ABB's view

MRD-310 MRD G Cellular Modem / Router Web configuration reference guide. Web configuration reference guide

Industrial Control System Security white paper

MANAGED WAN SERVICE GENERAL Service Definition Standard Service Features. Monitor and Notify Service Level Monitoring Notification

1Industrial Ethernet Switch

NSG100 Nebula Cloud Managed Security Gateway

SEL-3620 ETHERNET SECURITY GATEWAY

SD-WAN Deployment Guide (CVD)

1100 Dexter Avenue N Seattle, WA NetMotion Mobility Architecture A Look Under the Hood

Jeff Dagle. P.O. Box 999, M/S K5-20; Richland WA ; Fax: ;

Top-Down Network Design

Identify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)

Network Model. Why a Layered Model? All People Seem To Need Data Processing

SCADA System Specification. Vantage Pipeline Project # May 2013

How Industrial PoE Switches Facilitate Reliable Outdoor IP Surveillance Networks. Jackey Hsueh Product Manager

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Firewalls (IDS and IPS) MIS 5214 Week 6

Cisco Unified Operating System Administration Web Interface for Cisco Emergency Responder

Network Engineering/Cyber Security I & II

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

Security+ SY0-501 Study Guide Table of Contents

3180 Compact Service-Aware Industrial Ethernet Switch

NSG50/100/200 Nebula Cloud Managed Security Gateway

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Sample excerpt. HP ProCurve Threat Management Services zl Module NPI Technical Training. NPI Technical Training Version: 1.

Please See Inside for Detailed Information about our Controls...

PROFINET The industrial Ethernet standard. This is my way

Chapter 9. Firewalls

Document Number: rev D Intuitive Surgical, Inc. OnSite Overview. for the da Vinci Xi and da Vinci Si Surgical System.

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

Creating a Dynamic Serial Edge For Integrated Industrial Networks

Designing a Reliable Industrial Ethernet Network

UA-5200 IIoT Communication Server

1Industrial Ethernet Switch

T22 - Industrial Control System Security

Wired internetworking devices. Unit objectives Differentiate between basic internetworking devices Identify specialized internetworking devices

PROFINET The leading communication system

LineRunner IS-3400 Family

Barracuda Link Balancer

Cisco Network Admission Control (NAC) Solution

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

Remote networks. Easy remote access to machines and plants. Industrial Remote Communication. Edition 03/2017. Brochure. siemens.com/remote-networks

Peplink SD Switch User Manual. Published on October 25th, 2018

DrayTek Vigor Technical Specifications. PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6. Redundancy. By WAN interfaces traffic volume

User Manual. SSV Remote Access Gateway. Web ConfigTool

High Availability Synchronization PAN-OS 5.0.3

Reliable and Remote-manageable For Large Scale M2M Deployment

TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified

Ensuring the Success of E-Business Sites. January 2000

Verizon Software Defined Perimeter (SDP).

Safe Place and Code Alert Customer Information Technology Requirements Series 10.x Software

July Funk-Electronic Piciorgros GmbH

1Industrial Ethernet Switch

Advantage TLS Why IpTL TLS versus IPSec Technology Reference Guide

CIS Controls Measures and Metrics for Version 7

Deployment of Cisco IP Mobility Solution on Enterprise Class Teleworker Network

Copyright 2011 Nomadix, Inc. All Rights Reserved Agoura Road Suite 102 Agoura Hills CA USA White Paper

Transcription:

Connectivity 101 for Remote Monitoring Systems Paul Wacker Moxa, Inc. Manager - Edge Connectivity Ariana Drivdahl Moxa, Inc. Product Marketing Manager

Pain Points of Remote Monitoring Pressure to enhance overall productivity and prevent unplanned downtime An identified need for a single go-to-source for all connectivity requirements Unreliable access to devices in harsh or mobile environments The total burden of risks, involving security issues. Interoperability and scale of the existing infrastructure cannot accommodate the escalating demands in an ever-transforming operational milieu Deploying connectivity infrastructure is a complex and timeconsuming undertaking

Choose the Right Communications Protocol

Traditional Polled Architecture Request Response Poll Cycle Time #Sites x ( T SEND + T PROC + T RECV + T DELAY ) Field Devices

Limitations of Polled Systems Sequential processing Poll cycle time proportional to device count Impacted by data size, response time, faults Data considerations Field devices must be polled, even if data doesn t Update rate limited by polling period Operating costs (cellular/satellite) Usage based pricing ($/MB) Impact on data point count Impact on polling rate

Report by Exception (Data Change) Active Tags Digital: Send on change (e.g. Off» On) Analog: Send on percentage (%) change Optional: Refresh on specified interval (sec.)

Report by Exception Data pushed on change Minimizes data transfer Faster data updates Firewall friendly Few field devices support it Field Devices

Emerging Technologies MQTT: Message Queuing Telemetry Transport http://mqtt.org/

Be Prepared for Devices Utilizing Different Protocols

Handling Different Protocols Passive Transparently tunnel serial data over IP RS-232 to Ethernet Active Optional CPU with secondary interface Accessory plug-in module (3 rd party) Embedded PC Industrial gateway

Serial-to-Ethernet Connects serial (RS-232/422/485) devices to Ethernet Serial data is encapsulated in IP packets for transport over the network Known as Device Server Serial Server or in IT as a Terminal Server Transparent to attached devices and application software

Industrial Ethernet Gateway Specialized Device Server Translator for different devices Utilizes shared memory User configured polling table Can be client or server Gateway

Active Gateway Operation Internal Data Tables Request Response Output Table Input Table Request Response Active polling refreshes internal Data Tables

Expect Communications Disruptions

Secondary/Backup Network Backup Redundant connections Secondary network provider(s) Requires managed switch or router Ring Master Block Port Backup Path Cellular modem/router Signal coverage External antenna/placement Monthly service fee Usage fees (per MB) Managed Switch

Cellular: Connection Recovery Rapid recovery minimizes data loss Requires progressive approach Cellular reconnect Reset cellular Device restart

Cellular: Carrier Failover Backup cellular communication Keeping device always online

Data Buffering Useful for streaming serial data Serial: RS-232/422/485 Scales, barcode scanners, etc Environmental sensors First In First Out (FIFO) Data is buffered on network loss Local data storage (SD card) Push data on network reconnection Ethernet to Serial Wired Wireless

Offline Storage (Data Logging) Capture process data Internal storage (NVRAM) Expandable storage (SD card) Date/time stamp (real-time clock) Operations Center Local Storage Modbus Polling

Local/Offline Control Consider operational and safety issues Controlled shut-down on network loss Stand-alone or autonomous operation Local control options Simple sequencing and logic Built-in to field device (PLC, RTU) Add a smart connected relay IF THEN ELSE

Design-in Security from the Start

The reality is that security is not something you can buy; it is something you must get Bruce Schneier Renowned Security Technologist

Cyber Security Updates Industrial Systems are in the Crosshairs DCS PLC Safety Systems SCADA Plant Management System Assess Management System No Vendor or user is immune from a potential cyber security incident Source: Honeywell Cyber Security Lab

Cyber Security Updates Increasing Incidents, especially in Critical Manufacturing 2013 257 2014 245 2015 295 2013-2014 Energy Sector 46% Critical Manufacturing 71% 2014-2015 Energy Sector 42% Critical Manufacturing 49% New: Water, Transportation 50%

Cyber Security Updates Best Practice to Decrease Cybersecurity Risk Plant security Block access for unauthorized persons Physical prevention of access to critical components Production Plant Production Plant Network security Strictly control interfaces between office and plant network (e.g. via firewalls) Segmentation of plant network (e.g. VLAN or subnet segment) System Integrity User authentication for plant or machine operators Antivirus software and whitelisting policy for control servers Maintenance and update processes for vulnerability patch Access protection mechanisms for automation components

Defense-in-Depth Strategy Employ life-cycle processes Threat assessment Implementation of countermeasures Monitoring and maintenance Network segmentation Break down to physical/logical zones Group by security requirements Clearly define borders Identify connections between zones Define Zone to Zone interaction Determine device requirements Identify allowed traffic

Application: Secure Pipeline Monitoring Firewall / VPN

Firewall: Basic Operation WAN WAN LAN External / Unsecure zone Accept or Drop Internal / Secure zone Firewall Policy: Incoming/outgoing IP/MAC Protocol (TCP, UDP ) Source IP/Port Destination IP/Port

Firewall: Policy Processing Policies are stored in lists Checked sequentially until matched List accepts first End with drop all Best Practice: Always use a Positive Listing, dropping all but specified traffic.

VPN: Virtual Private Network Extends a private network across a public network Virtual point-to-point connect with encryption Internet Site 1 Leased Line HQ Leased Line Site 2 Site Old Model User User New Model

VPN Key Features Secure tunnel over un-trusted networks IPSec OpenVPN Allow only authorized users Password or digital certificate Centralized server (RADIUS) Ensure data integrity Confirm data source Confirm data has not been altered Hide in-transit data (encryption)

VPN: Common Use-Cases Remote Access Roaming Engineer (Dynamic IP) Site-to-Site

Select Infrastructure that supports Remote Monitoring

What do you do when Your SCADA/HMI shows a device offline Your PLC shows an Ethernet remote I/O fault You re having SCADA communications faults

SNMP: The IT Solution Simple Network Monitoring Protocol (SNMP) Modbus of the IT world Framework that provides facilities for managing and monitoring network devices Agent Manager or Network Management System (NMS) Management Information Bases (MIBs) SNMP agent SNMP manager SNMP protocol messages SNMP agent SNMP agent

Device Health/Status Monitoring System status Power (Pwr1, Pwr2) System faults Ethernet port status Up/Down Speed (10/100/1000 Mbps) Traffic (packets) monitoring Sent Received Errors And much more

Monitoring your Infrastructure Conventional Approach: SNMP SNMP OPC Server HMI / SCADA Native Industrial Protocol Support HMI / SCADA

Network Management & Maintenance Network Management Software Topology visualization Remote device management and configuration Real-time event management Performance reporting

Network Management & Maintenance Efficient Visual Monitoring Virtual Device Panel Visualization Real-time Event

Remote Monitoring on your phone! Industrial Network Management Software in Your Pocket Real-time Notifications Network Status Check Easy Device Mapping

2016 Moxa Inc. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback