Across multiple industrial segments, there is an increasing awareness and emphasis on improving cybersecurity in industrial data networks. Engineers and plant managers seek up-to-date insights into the most current risks and prevalence of cyberattacks. They recognize the importance of robust security measures and are looking for fresh insights into the best technologies (hardware and software) to incorporate into their networks.

Along with the right technology, adopting more resilient and effective cybersecurity network design and operating concepts, such as the principle of least access and defense to offer flexible and reliable approaches to protecting industrial data and industrial networks. This includes understanding and applying the key concepts of the ISA/IEC 62443 set of standards that helps secure industrial automation and control systems.

Constant threats and vulnerabilities

As industries increasingly adopt the principles of Industry 4.0 (I4.0) – integrating physical processes with advanced digital systems – the importance of robust cybersecurity measures becomes paramount. I4.0 emphasizes connectivity, data sharing and automation. That means once-isolated industrial systems need to be linked with each other and with enterprise IT networks.

It’s true that while this connectivity is essential to improved productivity, flexibility and real-time data insights promised by I4.0, the connectivity also exposes networked industrial systems to an expanding and evolving cyber threat landscape.

Several significant challenges include:

Red Lion’s FlexEdge controller.

Legacy infrastructure: Across many industrial sectors, existing sensors, control devices and networking systems can be decades old – still serviceable but using protocols and older digital technology that is vulnerable.

For example, a pump house operating for decades without connectivity may now need to send data to a centralized digital twin for monitoring and predictive maintenance. This connectivity improves operational control, but it also introduces risks. Legacy systems were not designed with security in mind, making them attractive targets for cyberattacks when connected to modern networks.

Increased targets: Connecting and expanding industrial data networks also exposes the potential targets that cybercriminals could exploit. Since so many production systems or remote operations now interface with cloud-based analytics platforms that lie at the heart of enterprise IT resources, potential weak links multiply if they lack modern security features. These vulnerabilities are exacerbated by the sheer scale of smart digital devices woven throughout an I4.0-enabled business. Devices including sensors, actuators, programmable logic controllers (PLCs) and network routers and switches are all potential targets.

Constantly evolving threats: These vulnerabilities are compounded by the rise of sophisticated cyber threats, with hackers and criminals constantly evolving to get past cybersecurity systems. Attackers continuously refine their methods, targeting vulnerabilities in both hardware and software. For example, unpatched devices, outdated protocols or misconfigured access controls provide entry points for attackers.

Ransomware has become a significant issue across industries, including industrial operations. In one scenario, a hacker might gain access to a factory’s control systems and lock operators out until a ransom is paid. Such attacks can halt production, disrupt supply chains and incur significant financial and reputational costs.

IT and OT misalignments: Traditionally, information technology (IT) departments have focused on securing data networks, while operational technology (OT) teams prioritize the reliability and safety of physical operations. Both play critical roles in maximizing the value, performance and safety of their network assets.

Until recently, IT organizations in many companies took the lead in maintaining cybersecurity systems and best practices without fully engaging the OT departments or understanding their unique needs. This divergence often results in disconnected security practices, leaving gaps that attackers can exploit. Without a unified approach, the organization as a whole remains vulnerable.

The human factor: Human error is a critical vulnerability in industrial cybersecurity. Misconfigurations, such as improperly set access controls or unpatched systems, are common mistakes that create exploitable weaknesses. Additionally, phishing attacks targeting employees can grant attackers access to sensitive systems. For example, a technician might inadvertently connect a compromised personal device to a secure network, introducing malware. The lack of cybersecurity training among OT personnel further exacerbates this issue, as many operators are unfamiliar with evolving cyber threats and best practices.

Key tools to advance industrial cybersecurity

There are no magic bullets to these and other cybersecurity challenges. They need to be addressed with the right investment in time, resources and technology and be part of a complete approach that industrial companies follow as they connect, build and upgrade industrial network capabilities.

Industrial data network designers and OT leaders can benefit by considering four types of tools to begin building robust and responsive cybersecurity platforms in their operations.

Implementing ISA/IEC 62443: Standards like IEC 62443 provide a comprehensive blueprint for securing industrial systems by aligning IT and OT practices. What sets ISA/IEC 62443 apart is its adaptation of IT cybersecurity practices to industrial environments. Its key concepts include:

• Principle of least access: Restricting user and device permissions to the minimum necessary, reducing potential damage from breaches.
• Defense in depth: Implementing multiple layers of security controls, such as firewalls, encryption and access controls, to protect critical assets, even if one layer is compromised.
• Zones and conduits: Segmenting the network into secure zones with conduits controlling data flow between them, protecting sensitive data and limiting the spread of potential breaches.

N-Tron’s NT5000 managed Ethernet switch.

By following IEC 62443, an organization can implement segmentation to isolate critical systems from general operations, minimizing the potential impact of a breach. An added benefit: Applying the ISA/IEC 62443 approach can help foster collaboration between IT and OT teams, ensuring that security measures are consistently applied across the entire organization.

Advances in industrial network hardware: Today’s leading industrial data systems suppliers now offer products such as managed industrial Ethernet switches and advanced network gateways that feature built-in capabilities that make it easier to secure industrial networks and apply ISA/IEC 62443.

Managed switches like N-Tron’s NT5000 Series enable network segmentation, creating isolated zones and controlling traffic flow to reduce the attack surface.

For instance, they can limit communication between devices to only those necessary for specific operations, preventing malware from spreading across the network. Advanced gateways like Red Lion’s FlexEdge edge automation platform provide encryption, firewalls and protocol conversion, ensuring even outdated devices meet modern cybersecurity standards.

Powerful industrial network software: There is also a new generation of industrial network software tools featuring powerful tools for managing and enhancing industrial cybersecurity. Platforms like Red Lion’s Crimson® 3.2 configuration software allow for streamlined protocol conversion, such as translating unencrypted Modbus data into secure OPC UA protocols, ensuring safe communication across networks (especially those with embedded legacy technology and network communications). The use of encrypted tunneling or conduits such as MQTT (with TLS) or OpenVPN can also gather and transfer your data safely and securely.

Platforms like N-Tron’s NT5000 web-based GUI and N-View software support easy-to-implement access control lists, RADIUS authentication and data encryption, helping organizations enforce strict security policies. For example, a facility using this kind of software can ensure that only authorized personnel access critical systems, reducing the risk of insider threats or accidental breaches.

Vulnerability databases: The risks related to cyberattacks are shared by virtually every entity, every person that links to the Internet. These shared risks can be addressed with information-sharing tools.

Access to vulnerability databases, such as those maintained by CISA or equipment vendors, lets industrial companies proactively identify and address potential weaknesses in their systems. These databases catalog known vulnerabilities for specific hardware and software, allowing teams to patch or mitigate risks before attackers can exploit them. By integrating this resource into regular risk assessments, organizations can stay ahead of emerging threats and maintain robust defenses.

Future-proofing industrial cybersecurity

Protecting industrial data networks against cyberattacks is a never-ending challenge, just like improving manufacturing productivity and efficiency. OT and IT professionals recognize there will always be new threats and areas of vulnerability that have to be addressed.

There is a range of best practices and technology solutions that industrial operations can implement. One of the best steps industry can take is to fully apply the approaches established by the ISA/IEC 62443 standards to both the design of their industrial networks and the processes and procedures within their plants.

As companies expand their networks or upgrade legacy systems to current technology, implementing the zones and conduits principle should be a critical aspect of network design. This should include assessing which edge devices and managed Ethernet switches incorporate features that make it easy to build zones and conduits into the network.

Using managed Ethernet switches to create separate zones for different security levels ensures that a compromised device in one zone cannot affect systems in another. This approach reduces the attack surface and enhances control over network traffic, which is particularly crucial in environments with legacy equipment.

To effectively implement the tools offered by ISA/IEC 62443, IT and OT teams need to enter into new levels of collaboration. Both are responsible for the digital technologies that drive their companies, and that responsibility must include cybersecurity.

IT departments bring expertise in data security, while OT teams understand the unique demands of industrial systems. For example, aligning IT practices like encryption with OT requirements for real-time performance ensures secure and reliable operations. By fostering open communication, consistent security measures following the ISA/IEC 62443 principles can be more easily implemented across their entire network.

While the right technology is important, adjusting and upgrading how everyone within an industrial enterprise interacts with and uses their connected systems is just as critical to sustaining industrial cybersecurity.

Educating personnel on cybersecurity best practices is critical to reducing human error, a common source of vulnerabilities. For example, training operators to recognize phishing attempts and properly configure access controls minimizes the risk of breaches. Making sure they don’t connect personal devices that are not secured to network assets is another best practice that needs routine reinforcement.

Routine risk assessment is vital. Organizations must routinely inventory and update their digital assets, evaluate vulnerabilities and determine their tolerance for risk. For example, identifying legacy equipment with outdated protocols allows teams to prioritize security upgrades – particularly if a manufacturer or industrial operation acquires a business or new locations and needs to integrate newer assets into the overall network.

This assessment helps allocate resources effectively, improving security while balancing operational needs. Working with technology suppliers with in-depth knowledge of the features and capabilities of industrial network hardware and software can provide a valuable resource as companies invest in improving cybersecurity.

Cybersecurity is an ongoing effort that requires regular evaluation and adaptation. Leverage the ISA/IEC 62443 standards to elevate how your company approaches cybersecurity challenges. Regular risk assessments combined with investments in technology upgrades and employee training can protect industrial networks against costly disruptions and operating losses.

While it’s not possible to completely future-proof industrial networks against the next cyberattack, the right investments can enable you to build a resilient cybersecurity framework that protects against current threats and adapts to future challenges.

Barry Turner, Product Manager – Connect, N-Tron® by HMS Networks