dan-meyers-w6X7XaolqA0-unsplash-scaled

Cyber Security in the OT Environment – a brief history

The OT environment started as a standalone piece of machinery being connected to a network to allow devices to be connected remotely to reduce wiring cost and control cabinet size. It allowed machine manufactures to be more flexible.

The networks were ControlNet (open industrial network or fieldbus, Rockwell), DeviceNet (common industrial protocol, Rockwell), Modbus (data communication protocol, Schneider), Data Highway (local area network, Rockwell), Profibus (process field bus, Siemens), CAN bus (control area network, Bosch) and HART (highway addressable remote transducer, Rosemount).

Special communications module were mounted on the main PLC chassis and using either one, two or more cores could connect to other devices remotely from the main process cabinet. You need to have specialist software to connect to the communications modules and configure them with a mapping address using node addressing. That is to say each device on the network was allocate a node number to identify it from other devices on the network.

Input/Output, drives and instrument manufactures started to offer devices to connect to these new networks, but they were still a single network attached to a piece of equipment. You could not access these networks remotely, you had to be connected to the network controller card using specialist software to see anything. One network was not compatible to another so you could not connect a ControlNet to a DeviveNet etc.

The next jump was converters which allowed you to connect these networks to each other. There was an explosion of networks and equipment being able to be connected to each other and whole factories connected to a network. This started a revolution in data collection but still not connected to the outside world.

Then came the internet with the ethernet network. This then started new networks like Ethernet I/P, ProfiNet and Modbus TCP I/P.

This new revolution allowed the old equipment to be connected to the internet for both data collection and remote control because of our increased need for information, production improvement and automation.

Now all networks module and remote devices had their own web interface page where you could remotely access information about the devices.

Little did we know what a monster we were creating, ripe for the picking.

About five years ago we started to see cyber security being applied to these networks and devices to prevent or reduce remote access to these devices on the various networks by external adversaries.

PLC started to have password protected access, removal of web interface pages and other efforts to reduce potential attacks from outside the organisation.

Comments are closed.