- 225 views
- 328 downloads
On the challenges of achieving IEC 62443 security requirements in time sensitive industrial networks
-
- Author(s) / Creator(s)
-
The IEC 62443 security standards introduce the concepts of zones, conduits, and security levels as a way of segmenting and isolating sub-systems of an industrial control network. Network segmentation physically/logically partition the control network into separate communication zones to restrict unnecessary flow of traffic between zones of different trust level. Firewalls with deep packet inspection capabilities for filtering industrial control protocols are indispensable elements in implementing important security principles, standards, and best practices of IEC 62443. While partitioning of the industrial control network and placement of multiple firewalls at various locations provides defense-in-depth against cyber-attacks, it is important to consider the impact of these firewalls on nodes distributing time critical communications. This paper attempts to (i) study network performance impact introduced by the implementation of multiple firewalls in Modbus TCP/IP
industrial control networks following IEC 62443 security standards and (ii) evaluate if time constraint requirements for communications are achievable. The results reveal that the latency and jitters introduced by multilayered firewalls makes it challenging to achieve real-time communications in some industrial applications when strict IEC 62443 security standards are followed. -
- Date created
- 2018
-
- Subjects / Keywords
-
- Type of Item
- Research Material