Page 60 - 108
P. 60

CYBERSECURITY






                            frastructure without being noticed due to the lack   munications infrastructure is. Other aspects that
                            of security controls.                     can  be  considered  are  performance  and  latency.
                            In addition, the resilience of specifi c ICSs is consi-  For example, e-mails sent from Level 4 to outside
                            dered critical because a loss of availability of those   the perimeter can tolerate milliseconds or even se-
                            systems will affect the core business of the com-  conds of latency, while critical Ethernet packets,
                            pany with potential safety concerns. As an exam-  like Generic Object-Oriented Substation Event
                            ple, large blackouts or interruptions to transporta-  (GOOSE) messages, must be processed in under
                            tion services could have an extreme impact on a   a few milliseconds to avoid potential electrical sy-
                            signifi cant number of people, so for this reason,   stem downtime.
                            state-of-the art OT networks must be designed to
                            take into account all these concerns.         Our target readers are engineers
                                                                          interested in secure network
                            Preserving OT performance  “design strategies, with whom
                            and improving security                        to discuss how software-
                                                                          defined networking (SDN)

                            The latest cybersecurity related international stan-
                            dards,  such  as ISA/IEC-62443,  recommend  the   technology enhances
                            use of a strategy based on multiple layers of se-  performance, security,
                            curity controls, applying it to the entire system (not

                            limited to specifi c devices). Even if the ultimate goal   configuration, and management
                            is to prevent cybersecurity threats before they hap-  of an operational technology
                            pen, an approach based on multiple layers can limit   (OT) communications network,
                            the effects of the attacks to a smaller portion of
                            the system, preventing them from becoming wide-  while addressing all the
                            spread.                                       requirements of a modern

                            While the Purdue model represents a com-      control system technology
                            plete  hierarchy  from physical  equipment  to
                            enterprise-/business-level infrastructures, defense
                            in depth focuses on the OT infrastructure (Levels
                            0 to 2).
                            In this case, the main differentiator for the levels is  IT and OT Ethernet networks
                            defi ning the actors involved in the communications   reliability
                            between devices. From Level 0 to Level 3, there
                            are no human interactions, and communications   Traditional Ethernet networks have been suc-
                            are defi ned as machine-to-machine. Human-to-  cessfully implemented in recent decades; however,
                            machine communications are located at Levels 4   performance and cybersecurity requirements are
                            and 5. This multiple level approach gives the op-  still diffi cult to address. Most cyber-attack techni-
                            portunity to focus on the security goal that is most   ques rely on the plug-and-play behavior of Ether-
                            critical in each specifi c part of the network. Basical-  net appliances; when a device is connected to an
                            ly, availability is critical at lower levels where devices   Ethernet switch, the switch learns and identifi es
                            directly control physical equipment, while confi den-  the connected host using its medial access control
                            tiality and integrity of the data are more important at   (MAC) address. There is no need for human inter-
                            the higher levels.                        vention to initiate communications between devi-
                            This approach makes clear how critical the com-  ces, and while this is a key feature for the success
























       56  Impiantistica Italiana - Novembre-Dicembre 2023
   55   56   57   58   59   60   61   62   63   64   65