To mitigate the impact of cyberattacks, governments worldwide are implementing laws and regulations to strengthen cybersecurity for critical infrastructure. For example, by October 2024, EU members are required to incorporate the NIS2 Directive into their national laws to strengthen cybersecurity for critical infrastructure. Therefore, industrial organizations need to adopt a comprehensive cybersecurity framework and implement robust solutions to meet these standards and regulations.

Defense-in-depth Strategies

Typically, industrial cybersecurity standards and regulations recommend defense-in-depth strategies, which involve implementing multiple layers of protection to limit security risks for organizations. Industrial operators will concentrate on fortifying network boundaries and establishing security zones to minimize potential threats from external access.

However, addressing internal threats is just as critical because internal devices without protection can compromise an entire network. For instance, plugging in a portable storage device that carries malware can compromise a network and have it controlled by bad actors. Thus, protecting the network from internal and external threats is of utmost importance. Industrial firewalls effectively filter traffic to prevent potential threats from internal and external access. However, industrial operators usually have concerns about network performance when deploying industrial firewalls in LANs near critical assets.

Below, we focus on four concerns faced by various stakeholders— asset owners, chief information security officers (CISOs), system integrators, OT network administrators, and industrial network design experts—when implementing firewall solutions. We also highlight how next-gen industrial LAN firewalls overcome these challenges to strengthen network security and ensure uninterrupted network operation.

Four Worries When Implementing Firewall Solutions

Although implementing firewall solutions increases the security level of industrial operations, these changes can affect current operations. Striking a balance between network security and performance is challenging.

1: Adding New Devices Requires Changes to Existing Networks

Deploying industrial firewall solutions into existing networks can lead to significant network topology changes. Redesigning the topology and reconfiguring IP subnets to integrate the new firewall solution into existing networks will demand substantial efforts and time from industrial engineers. This is particularly difficult for critical applications that cannot afford any network downtime. Therefore, industrial operators need a firewall solution that does not alter their present network configuration.

2: Adding New Devices Affects Network Performance and Services

Seamless system operations rely on smooth network communications. The big worry when adding new devices to enhance cybersecurity is whether they meet current network performance standards, such as boot time, network latency, and operating environment needs. Furthermore, the addition of new devices raises the likelihood of network downtime caused by maintenance or device malfunctions. Therefore, a firewall solution must prioritize network performance and mitigate the risk of complete shutdown from a single point of failure.

3: Protecting Many Legacy Devices at Field Sites Is Challenging

Standards such as IEC 62443 and frameworks like NIS2 require critical assets to protect against DoS attacks and maintain event logs during incidents. However, many critical assets in industrial applications are legacy devices that usually use older versions of operating systems and cannot be replaced right away to meet these network security requirements. To safeguard legacy devices from growing threats, a firewall solution is required that doesn’t require frequent system updates. Moreover, a significant number of legacy devices at field sites use diverse industrial communication protocols for different application needs. For improved communication security, a firewall solution needs to support these protocols and conduct detailed data analysis in industrial control networks.

4: Monitoring Networks and Cyberthreats Is Not So Simple

To ensure the safety of networks, constant monitoring and management of network security is crucial. It requires a lot of time and effort for administrators to keep their eyes on the network status, making sure they receive real-time notifications when a network error or security event occurs. The absence of an effective monitoring mechanism for firewall solutions leads to delays in network error notifications and security event alerts, resulting in extended network downtimes and compromised operational performance.

Maximize Industrial Network Security and Uptime

With Moxa EDF-G1002-BP Series LAN firewalls, industrial operators can overcome networking challenges, ensuring both network security and uptime. Operating in transparent firewall mode, the Moxa LAN firewall prioritizes safeguarding critical assets and facilitating secure east-west communication within the LAN.

Simplified Installation

The nature of the LAN firewalls allows the deployment of firewalls without reconfiguring IP subnets. Such designs are perfect for those critical applications that cannot afford to change their existing network topology. To simplify network installations, our 2-port LAN firewalls allow bump-in-the-wire installations so that engineers can simply connect these LAN firewalls in front of critical assets without reconfiguring IP subnets. This way, our LAN firewalls ensure minimal disruption to existing configurations and enhance network security.

Optimized Network Uptime

It only takes 30 seconds of boot time to enable Moxa LAN firewalls. This quick boot time ensures that during a power outage and subsequent restoration the anomaly detection mechanism between the control center and terminal PLC equipment does not trigger mistakenly. Also, Moxa LAN firewalls have a LAN Bypass function that prevents hardware or software anomalies from causing the firewall to interrupt operational services. Both mechanisms aim to achieve uninterrupted operations.

Legacy Device Protection

Making it easy to protect legacy devices is the core mission of Moxa LAN firewalls. They are designed for industry use, incorporating an intrusion prevention system (IPS) and deep packet inspection (DPI) technology to strengthen network security. Industrial-grade IPS designs ensure the security of legacy devices, including PLC and HMI. Moxa IPS functions safeguard legacy devices from current threats using virtual patches and pattern-based protection, allowing additional time to update systems. Moxa DPI technology provides greater control over the security of industrial communications. To maintain data integrity, rules can be defined that limit Modbus equipment to read-only access, for instance. Legacy devices can be safeguarded using different protocols and benefit from DPI technology’s support for multiple industrial protocols and advanced traffic filtering capabilities.

Simplified Network Management

Using Moxa LAN firewalls to secure network and legacy devices will simplify network monitoring and security management, along with Moxa MXview One network management software and MXsecurity network security management software. MXview One software provides a holistic view of network security status and notifies users when a network error occurs. With MXsecurity software, users can effectively manage firewalls and monitor security events. Implementing firewall policies on a centralized platform minimizes manual errors in individual configurations. Furthermore, Moxa software notifies users of security events for quick responses and risk mitigation.

The EDF-G1002-BP Series is an advanced LAN firewall that boosts industrial cybersecurity and provides the reliability required for applications. Visit the Moxa website to learn more about the features the EDF-G1002-BP Series offers.