With the implementation of the Industrial Internet of Things (IIoT) comes more devices, more data and more interconnections between the plant floor, the IT department and the Internet. All of these factors make industrial cybersecurity, which is already important, even more so. The interconnection between networks and external devices brings about new threats from all angles and in many forms—not only in the form of a larger threat surface for external attack, but also an increased opportunity for device failures, software bugs or user error, all of which can negatively impact the operation of a system.
Firewalls are essential for ensuring network security and increasing system robustness and resiliency. No security model is complete without them. Just like the diverse range of devices found across an IIoT network, firewalls come in many different forms, not only in terms of hardware features and industry approvals but also with different filtering capabilities.
Though a firewall might sound like a single type of device, there is actually a diverse collection of device types—which leaves you with the task of determining which type of firewall is best suited for each portion of your application or environment.
What are firewalls?
Firewalls protect networks and devices, such as industrial PCs, control systems and cameras, from unauthorized access by preventing network traffic to or from these systems. They are a core element of segmenting a network, and they play a crucial role in any IIoT-related network security strategy.
Firewalls have a few main goals, including:
- Protecting any connections between enterprise and industrial networks, and preventing external threats.
- Creating barriers within a network to prevent internal issues from spreading.
- Permitting only approved communications between devices to protect against malicious attacks and device or operator errors.
To achieve these goals, firewalls take many different forms, from simple packet filtering to specialized industrial protocol support. For proper network protection and performance, you need to select the appropriate type of firewall for use in each part of your system.
Four considerations when selecting firewalls
There are a variety of factors to keep in mind when looking at options for firewall security. Filtering differences, network environment concerns and how to manage firewalls across a network should be standard considerations for anyone in search of a firewall solution. Following are four specific aspects of firewall use to keep in mind:
- Tailored for your network: Like choosing specific IIoT devices, firewalls should be able to accomplish very specific tasks that support your custom needs and applications. Select firewalls that match the unique communications patterns and needs of the devices across the network.
- Inspection at multiple levels: Depending on where it will sit in your system, various filtering mechanisms will be needed. Firewalls used close to machines as part of a zones and conduits security strategy will need to understand industrial protocols and perform deep packet inspection. In contrast, a firewall used to secure the perimeter between a remote site and the Internet will need the ability to process Internet Protocol (IP) traffic.
- Withstand robust environments: Depending on your network environment, firewalls could be subjected to extended temperature ranges, significant vibration and other environmental factors. Ensure any firewall you choose can withstand harsh environments and that they are compliant with all industry standards and approvals. Selecting a firewall without the robustness required for the application will derail a project very quickly.
- Keep it simple: Without a powerful management tool for simple and mass configuration of firewalls, the tasks can be very time-consuming and error-prone. Teams need to be able to effectively manage and configure the devices when using multiple firewalls. It’s important that firewalls can be centrally monitored by network management tools to keep things running smoothly.
Firewalls are just one component of an effective security strategy for companies taking advantage of the IIoT. But don’t downplay their use—they are the cornerstone that holds a holistic security model together. Having a solid understanding of the types of firewalls available and the role each plays results in successfully securing the network from a range of internal and external threats lurking out there.
By implementing a holistic defense strategy that includes firewalls, you can design networks that effectively mitigate threats and defend against the errors and vulnerabilities introduced by an ever-expanding range of IIoT devices and environments.
To learn more about the various types of firewalls available, read the white paper “Understanding Firewall Technology for Industrial Cybersecurity” (http://awgo.to/682).