Introduction

A leading company in the oil and gas industry wanted to enhance the security of their pipeline monitoring solution by upgrading their existing serial-based communication infrastructure to Ethernet-based networks.

System Requirements

High-capacity oil and gas pipelines are very volatile and often span thousands of kilometers. The pump stations along the pipeline are equipped with analyzers and PLCs. The company found it challenging to maintain a stable network connection between the stations and the remote SCADA system because the PLCs and I/O devices lacked security features. In order to enhance industrial cybersecurity, the company started by strengthening its security policy to ensure that it was based on the IEC 62443 standard, which requires each networking device to be equipped with enhanced security features.

Moxa Solution

For this case, the company had to take steps to secure systems in accordance with the IEC 62443 standard. First and foremost was creating a defense-in-depth strategy, which defends the network in many places so that a single compromise does not expose the entire network. Deploying devices with enhanced security features became the first step to building a secure network. Previously, the company used to deploy unmanaged switches at the field site in order to aggregate the data back to the control center. However, unmanaged switches lack management functions and the security functions required by the industry. Under these circumstances, it is very difficult for operators to monitor the status of the switches at field sites and build the first layer of security for the network. Therefore, Moxa’s recommendation was to upgrade the industrial networks at field sites with industrial managed Ethernet switches because they have enhanced security functions that fully comply with the company’s security policy.

Enhanced security functions include user authentication, data integrity and confidentiality, network access and authentication, and vulnerability management.

• User Authentication
  • Verify user identification when logging into devices
• Data Integrity and Confidentiality
  • Encrypt connections to devices when performing configuration and management
• Network Access Control and Authentication
  • Verify which devices are permitted to access the network and communicate this information to other devices
• Vulnerability Management
  • A well-defined process for device suppliers to respond to reported vulnerabilities

In addition, Moxa also recommended the company to deploy MXview industrial network management software to gain an overview of the network status. MXview Security View provides a visualized tool for network operators to view the security status for each device deployed at field sites.

Pro Tips

Deploy industrial managed Ethernet switches that feature enhanced security functions based on the IEC 62443 standard.

Strong Device Security

• Provides enhanced industrial cybersecurity based on the IEC 62443 standard
• Provides real-time and visualized central network management via MXview network management software

Why Moxa

• Our extensive portfolio of networking devices with enhanced security features based on the IEC 62443 standard
• Moxa's EDS-510E Series complices ATEX, Class I Division 2 certifications
• Intuitive, visualized network management tool tailored for automation engineers

For more information about Moxa's industrial cybersecurity solutions, please visit the microsite.