Head of information security at COPA-DATA explains why a secure web gateway is crucial to combat cyber threats

The 2021 Global Threat Intelligence Report (GTIR) revealed that there was a 300 percent increase in cyberattacks during 2020. The growing cyber threat puts energy grids more at risk than ever before, yet some of the cyber security protocols in this sector are often lacking in sophistication. Here, Reinhard Mayr, head of information security and research operations at automation software supplier, COPA-DATA, explains why a secure internet gateway is crucial for industry to combat rising cyber threats.

A secure internet gateway is an essential component when building a safe entry point into a critical infrastructure. It helps to protect OT infrastructure from online threats by filtering internet bound traffic and is therefore embedded in security standards. All security related standards, such as the IEC 62443, the BSI or the NIST SP 800 series, demand access to critical operational technology (OT) infrastructure is secure.

These standards do not only suggest a secure web gateway or connection, but for a company to implement a demilitarized zone (DMZ) for more OT protection. Simply put, a DMZ is a physical or logical component that separates a local area network (LAN) from other untrusted networks, acting as a buffer zone between the public internet and the private network. All inbound network packets are screened using a firewall, or other security appliance, before they arrive at the servers hosted in the DMZ.

Operators require appropriate software to follow these cybersecurity measures — but where do they start?

Revamping existing systems

A secure internet gateway can be implemented without negatively impacting existing systems, such as human machine interfaces (HMIs) and supervisory control and data acquisition (SCADA). This is particularly relevant to users in a brownfield environment, where they need to implement new software to existing — and often ageing — infrastructure without causing interference.

A web gateway, such an DMZ, also needs to support other commonly accepted security standards, like transport layer security (TLS) encryption, and digital authentication methods. It also must be integrated seamlessly into the existing infrastructure, while also being able to support different ways of deployments, from a native local installation to a containerizes option.

Containerization simplifies administration and is another step to making systems secure. Here, containerization implements tools and policies to ensure that container infrastructure, apps and other container components are protected. Applications run in isolated user spaces, called containers, using the same shared operating system (OS).

With software like COPA-DATA’s zenon Service Grid, it is easy to implement on brownfield applications. Its design allows access to data without impacting existing infrastructure. This is particularly crucial for energy grids and infrastructures that contain legacy equipment.

This method can help to prevent any unwanted denial of service (DoS) blocking an operator’s path, access information systems, devices or other network resources due to a malicious cyber threat.

Up to the standard

Scenarios like this are recognized in the security industry standards and must be supported by software.

Continuing with our aforementioned example, COPA-DATA’s zenon Service Grid communicates using certificate-based TLS connections, ensuring secure transmission of information, even over public networks. Here, the software’s Identity Service handles data flows and access rights over the web, which is crucial for a secure web gateway.

The Identity Services does this by providing high project specific security standards and checking all connection requests from all Service Grid connections. This service also includes a web bases interface to configure access clients, user roles and access rights.

Greater protection and a higher level of sophistication is a necessity in cybersecurity measures for the energy sector. And with the right software, adhering to industry standards and providing a more secure internet gateway, users can protect their critical OT infrastructure to significantly reduce the number of cyber security attacks.

SourceCOPA-DATA

NEWS CATEGORIES

LATEST NEWS

Hafren Dyfrdwy to deliver record levels of investment after Ofwat’s final determination

Hafren Dyfrdwy can now deliver record levels of investment to improve its water and waste network and boost its environmental performance after Ofwat approved...

Thames Tideway takes top prize at the ITA Tunnelling Awards 2024

At the recent ITA Tunnelling Awards, held in Genoa, London's Thames Tideway took the top prize in the Major Projects category. The 25km long...

£118,000 profit for WaterAid Rwanda project at 80s charity fundraising ball

The WaterAid Northern Ireland Committee has announced that a record-breaking £118,000 profit was raised at the “Back to the 80s” Charity Ball, held recently...

Southern Water’s CEO Lawrence Gosden apologises to the community in Hampshire following three days of water supply interruptions

The CEO of Southern Water, Lawrence Gosden, has publicly apologised to residents of Hampshire after parts of the county were left without water, in...