Various objects are being threatened by cyberattacks, and the demand for cybersecurity is constantly growing. With the development of IIoT technologies, the goals of attackers have changed. From attacks on information assets, hackers have switched to industrial automation and control systems (IACS). Burglary and disruption of industrial facilities can lead to serious accidents and damage to equipment, up to a complete shutdown of the facility and destruction of system components. To counter cyberattacks, it is necessary to ensure the security of the system at all levels of the IACS, including: operational level (OT), information level (IT), and even at the level of an individual device. Cyber security requirements are defined by the IEC 62443 standard, which has recently become popular and is being implemented at all levels of industrial control systems.
The main trends and features of the development of industrial automation include:
Secure remote access
Ensuring the stability of processes
Enhancing device cybersecurity
Business optimization
Automation of all processes
Minimizing time spent
MOXA company monitors industrial trends and quickly implements functionality to ensure equipment security in accordance with the IEC 62443 standard. To ensure reliable and secure operation of their devices, MOXA has implemented the following functions:
Device functionality
By default, secured protocols TLS v1.2 and HTTPS are enabled, and unsecured HTTP and Telnet are disabled
Security control
User-friendly MXview Security View software makes it easy to check the status and determine the necessary settings to ensure device security
Update management
Software updates on a large number of devices can now be done via MXconfig with a graphical interface or via Moxa CLI Configuration (MCC) from the console
Rapid elimination of vulnerabilities and bug fixes
MOXA specialists constantly checks software for errors and vulnerabilities, as well as promptly provides software updates for devices
MOXA equipment allows you to build a security system not only within one level, but also along the entire vertical of the APCS through the use of security functions on gateways, I/O modules, switches, routers, as well as the operation of IDS (intrusion detection system) and IPS (intrusion prevention system).
Catalog of MOXA products with built-in security features
| Model | Serial device servers | NPort 6000 termilal servers | MGate 3000/5000 protocol gateways | ioThinx 4510 modular I/O system |
|---|---|---|---|---|
| Photo |
|
|
|
|
| Built-in connectivity security | ||||
| User authentication and authorization | Password protection | Password protection, support for RADIUS and TACACS + authentication, customizable privileges for different user groups | Password protection | Password protection |
| Device integrity | CRC checksum check before device update | |||
| Limiting device functionality | , unused services can be disabled, by default Telnet console is disabled | , unused services can be disabled, by default Telnet console is disabled | , unused services can be disabled, by default Telnet console is disabled | , unused services can be disabled |
| Communication integrity | HTTPS (TLS 1.2 with built-in self-signed certificate), SNMPv3 | HTTPS (TLS 1.2 with built-in self-signed certificate, support for importing public certificate), SSH/SNMPv3 | HTTPS (TLS 1.2 with built-in self-signed certificate, support for importing public certificate), SNMPv3 | HTTPS (TLS 1.2 with built-in self-signed certificate, can be exported), SNMPv3 |
| Network access control | Available IP Lists and Access Control Lists (ACL) supported | |||
| Securing devices during service | ||||
| When setting up a device | MXconfig GUI software, MCC software CLI tool for console operation | |||
| When managing a device | Remote and local Syslog, MXview software to manage the entire network structure | |||
| Upon detecting a vulnerability | A dedicated cybersecurity team (CSRT) looks for hardware vulnerabilities and promptly updates device firmware, constantly searches for software vulnerabilities using the Nessus scanner | |||
*Except NPort 5100/5200 Series, NPort IA5000, and MGate MB3180
