Guest contributor |
October 30, 2024

Critical infrastructure and production networks are currently under unprecedented attack, with cyber incidents reported daily. However, never before has data from industrial processes been more in demand for artificial intelligence and analysis. Everything from power plants, oil pipelines, mines and wind farms to pharmaceutical manufacturing facilities, water treatment sites, food processing plants and more need secure access to production data to function.

For plant engineers, securing industrial systems is the top priority, with data exchange a secondary concern. Strong and effective cyber security measures must be in place before connecting operations to the rest of the company or to a cloud service. Here are six essential measures to implement:

1. Secure only outbound connections from the factory to the cloud, IT department, or a demilitarized zone (DMZ). Solutions should keep all incoming firewall ports closed or use a data diode to maintain an attack-free surface.

2. Avoid using virtual private networks (VPNs) as they extend the security perimeter of the plant and increase the attack surface. Every client added to a VPN increases exposure to cyber attacks. Once inside, a hacker can access every connected node.

3. Ensure that the system supports unidirectional or optionally bidirectional data flow with real-time connectivity and conversion between major industrial data protocols in a unified namespace.

4. Each node should provide multi-factor authentication with one-time, time-based passwords and lightweight directory access protocol support. Use secure socket-level encryption with the latest ciphers and configure permissions based on connection origin and data protocol.

5. Segmenting the network with a DMZ is essential for securing operational data as recommended by the European Union’s second Network and Information Security Directive. Secure-by-design software is usually required for multi-hop data transfer.

6. For added security, use a hardware data diode to prevent any data from entering the operational technology system. Data communication software must effectively connect via diode, or support data diode mode for this type of protection.

These are the main considerations for establishing secure and reliable connections to industrial networks for remote data access. The software and services provided by Skkynet meet these criteria, enabling artificial intelligence and industrial data analysis with the highest levels of security.

Xavier Mesrobian is the Vice President of Sales and Marketing at Skkynet

Discover more information like this in Autumn issue 2024 of Technology record. Don’t miss – subscribe for free today and get future issues delivered straight to your inbox!