In August 2005, security consultant Michael Lynn demonstrated to the Black Hat Briefings conference of security professionals in Las Vegas that he could remotely access a Cisco router and gain the highest level of access, which gave him the ability to do anything on the network. According to Network World magazine (8/01/05), the exploit "took all of five seconds."
Lynn was sued by Cisco and his previous employer Internet Security Systems, claiming his actions were illegal.
The parties later settled their dispute, Cisco fixed the problem, but these security issues are unsettling because, if the bad guys get into the corporate network, they can get to your industrial network, too.
This is a big issue because Ethernet is on its way to becoming a dominant industrial network, raising more vulnerability and security issues than the old proprietary networks.
"Threats such as Distributed Denial of Service Attacks now must be considered when deploying the supporting technology of a process control system," says Holly O'Gara, director of industrial automation at Enterasys Networks. "One vendor solution is a focus on secure networks for industrial automation environments. Specific industrial-quality switches and routers are being developed with not only a traditional focus on environmental hardening, but also security-enablement, which introduces the integrated intelligence required for the switches and routers to participate in a larger infrastructure security architecture."
We can see this new emphasis on security in recently released products from Cisco, Enterasys, Schneider Electric and Contemporary Controls.
Cisco touts its "self-defending network," which includes hardened routers, switches and access points. Enterasys says its switches and routers provide access control protocols, network enforcement policies, protocol filtering, rate limiting, and secure management access.
Schneider Electric's managed Ethernet switches incorporate security features such as limiting password transmission, providing complex calculations of keys, and encrypted SNMP packets.
Bennet Levine, R&D manager at Contemporary Controls, says you need these features if an office network is involved. "When you interconnect the office network and the control network, you introduce office network problems to the control network," he explains. "Features in our switches, such as overlapped VLANs and port locking, control which devices in the control network are accessible by the office network. Rate limiting manages the traffic transmitted by one device to limit the amount of traffic your office network can send to your control network."
It's still important to use industrial-grade switches and routers. "Commercial switches normally can operate only at room temperature or a few degrees above and below," says Levine. "Some commercial switches use fans to cool themselves, and fans can fail. Most industrial switches operate from 0-60 °C; some from -40-75 °C. Most commercial switches require a wall-mount power supply or operate at line voltage. All industrial switches can operate at 24 VDC, so you can use your panel power supply to power these switches and the rest of your control equipment. Most commercial switches are difficult to mount in a control panel. Most industrial switches mount on a DIN-rail or are easily panel mounted. Most industrial switches are tested to more stringent EMC industrial standards while the commercial switches are tested to EMC standards used in the home."
O'Gara adds that your industrial switch and router must withstand dust and airborne contaminants, harsh chemicals, ultraviolet radiation, extreme high or low humidity levels, extreme temperatures, power source irregularities, and/or shock, vibration and impacts.
As Ethernet moves deeper into the industrial world, some network engineers are concerned about redundancy problems. "To prevent loops, but still allow a redundant network, the Spanning Tree Protocol (STP, or 802.1D) is used," explains Keven Burak, consulting network engineer at Invensys. "A drawback of STP is that it takes a minimum of 30 sec for it to converge on a failure. This is unacceptable in industrial networks carrying real-time traffic."
The answer is to use switches and routers with the Rapid Spanning Tree protocol (RTP, or 802.1W), which switches in as little as 100 msec. "Armed with RTP, single-switched Ethernet networks can be configured to provide redundancy," says Burak. "These redundant switched networks can range from a simple ring topology to a fully meshed network."
Invensys and Enterasys developed such a mesh network, using RTP-based switches and routers, and Invensys has been selling it to its process control customers for more than 12 months.
"Ethernet LANs can now be deployed as highly reliable, deterministic, self-healing, redundant mesh networks," says Burak.