Page 60 - 108
P. 60
CYBERSECURITY
frastructure without being noticed due to the lack munications infrastructure is. Other aspects that
of security controls. can be considered are performance and latency.
In addition, the resilience of specifi c ICSs is consi- For example, e-mails sent from Level 4 to outside
dered critical because a loss of availability of those the perimeter can tolerate milliseconds or even se-
systems will affect the core business of the com- conds of latency, while critical Ethernet packets,
pany with potential safety concerns. As an exam- like Generic Object-Oriented Substation Event
ple, large blackouts or interruptions to transporta- (GOOSE) messages, must be processed in under
tion services could have an extreme impact on a a few milliseconds to avoid potential electrical sy-
signifi cant number of people, so for this reason, stem downtime.
state-of-the art OT networks must be designed to
take into account all these concerns. Our target readers are engineers
interested in secure network
Preserving OT performance “design strategies, with whom
and improving security to discuss how software-
defined networking (SDN)
The latest cybersecurity related international stan-
dards, such as ISA/IEC-62443, recommend the technology enhances
use of a strategy based on multiple layers of se- performance, security,
curity controls, applying it to the entire system (not
limited to specifi c devices). Even if the ultimate goal configuration, and management
is to prevent cybersecurity threats before they hap- of an operational technology
pen, an approach based on multiple layers can limit (OT) communications network,
the effects of the attacks to a smaller portion of
the system, preventing them from becoming wide- while addressing all the
spread. requirements of a modern
While the Purdue model represents a com- control system technology
plete hierarchy from physical equipment to
enterprise-/business-level infrastructures, defense
in depth focuses on the OT infrastructure (Levels
0 to 2).
In this case, the main differentiator for the levels is IT and OT Ethernet networks
defi ning the actors involved in the communications reliability
between devices. From Level 0 to Level 3, there
are no human interactions, and communications Traditional Ethernet networks have been suc-
are defi ned as machine-to-machine. Human-to- cessfully implemented in recent decades; however,
machine communications are located at Levels 4 performance and cybersecurity requirements are
and 5. This multiple level approach gives the op- still diffi cult to address. Most cyber-attack techni-
portunity to focus on the security goal that is most ques rely on the plug-and-play behavior of Ether-
critical in each specifi c part of the network. Basical- net appliances; when a device is connected to an
ly, availability is critical at lower levels where devices Ethernet switch, the switch learns and identifi es
directly control physical equipment, while confi den- the connected host using its medial access control
tiality and integrity of the data are more important at (MAC) address. There is no need for human inter-
the higher levels. vention to initiate communications between devi-
This approach makes clear how critical the com- ces, and while this is a key feature for the success
56 Impiantistica Italiana - Novembre-Dicembre 2023