The Future of Industrial Security
Power, efficiency raise the security stakes ever higher
- By Chris Wall
- Aug 02, 2021
In the new world of modern industrial
networking solutions, the security
measures to protect a network must
match the pace of innovation across
many industries, including mining,
oil and gas, agriculture, transportation,
heavy construction, military, municipalities,
and government.
With Artificial Intelligence (AI), the
Industrial Internet of Things (IIoT), and
robotics, integrated and intelligent systems
have been devised that offer novel
ways of incorporating new assets into a
network. With more systems becoming
integrated, the line between digital and
physical infrastructure has become increasingly
blurred. As the power and effi-
ciency of connectivity solutions improve,
the security stakes are raised ever higher.
It is for these reasons that, in real
terms, a compromised network represents
a significant threat to mission-critical systems
that keep people safe from harm, as
well as jeopardizing sensitive data. Data
deserves protection from malicious actors
seeking to steal from, subvert or
otherwise interfere with vital industrial
operations. Given the significance of
the problem, the industry is increasingly
turning to networks with encryption options
and unwavering reliability to solve
to this very problem. To stand up to the
escalation of the “cyber war” CSO’s and
CISO’s are searching for secure networking
solutions to provide the kind of protection
they now require, which must often
support mobility and autonomy.
The Rajant ES1 also earned Security
Today’s Govies award for platinum-level
“Intelligent Communications. As a result,
Rajant Kinetic Mesh is well-established
as being a best-in-class offering for
CSOs and CISOs in their arsenal of tools
to reduce the risk from external threats,
all while managing security effectively at
a degree of efficiency that was previously
inaccessible.
THE BEST OF MESH NETWORKS
Rajant’s Kinetic Mesh networks are built
to provide multi-level, robust security to
protect network traffic, even as network topologies
evolve. As a result, Rajant can offer
resilient, intelligent, and secure wireless
broadband connectivity, and the Kinetic
Mesh solution shines in environments not
typically suited to traditional connectivity,
such as mobility-driven locations, including
ports, mines, energy plants and railyards.
With the Kinetic Mesh, you can remove
or introduce new nodes into the network,
and the intelligent mesh will automatically
adapt, while maintaining complete security.
Rajant has strived to create a “living”
network which is dynamic, and capable of
adapting to the communication requirements of any organization without ongoing,
engineering micro-management.
As such, the network can seamlessly be
installed in minutes and integrate with
existing communications infrastructure
saving upstart time and money.
Establishing secure network traffic is
as simple as choosing the security features
required by the organization’s information
security strategy. These many features
can be controlled, monitored, and
managed by Rajant BC|Commander®
software that accompanies the Bread-
Crumb nodes and integrates with systems
that exist on non-Rajant network infrastructure.
CRYPTOGRAPHIC LAYERS
There are many layers to the cryptographic
protection installed with Rajant’s
Kinetic Mesh network, and all Bread-
Crumb nodes are configured with 256-bit
Advanced Encryption Standard (AES)
using Rajant’s BC|Commander. The first
layer of security starts with the cryptographic
‘handshake’ when two nodes interface.
The nodes initiate this security
handshake upon establishing a connection
with each other no matter which
security options are selected for the network.
This feature is always active and can’t
be removed. If the nodes don’t recognize
the cryptographic settings, then the connection
is denied.
Beyond this, the selection of cryptographic
options includes packet ciphers to
encrypt all data as it flows between Bread-
Crumbs and per-hop authentication to
ensure that each data packet received is in
its original state. The network has MAC
address cipher capabilities to encrypt the
source and destination MAC addresses
and a client traffic cipher secured via WEP
(Wired Equivalent Privacy), WPA (Wireless
Protected Access), WPA Enterprise
(Remote Authentication Dial-In User
Service or RADIUS), WPA2, and WPA2
Enterprise (RADIUS).
Rajant offers access control lists
(ACLs) that can be applied to Ethernet
and radio interfaces to specify the users
or system processes that are granted access
to objects as well as the operations
that are allowed on given objects. You
can deny access to specific items such as
email addresses, users and URLs with a
blacklist.
Virtual local area networks (VLANs)
allow the segmentation of multiple virtual
networks on a single mesh and are
configured on a per-port basis, where a
port is a BreadCrumb node, one of its
Ethernet interfaces or a radio interface-
ESSID combination. Clients with access
to one set of VLANs cannot receive or
send traffic to other VLANs even if they
are on the same BreadCrumb mesh.
Quality of service settings applied to
prioritize critical traffic can provide a security
benefit in certain applications, and
disabling interfaces allows unused Ethernet
and Radio interfaces to be disabled
remotely.
Beyond these deep features, further
security options are available to protect
communications from the mesh network.
To fortify the integrity of the Rajant
firmware, updates are encrypted using
256-bit AES in CBC mode and cryptographically
signed using a 4096-bit RSA
key-pair meaning that non-Rajant firmware
cannot be installed. Further to this,
BC|Commander’s administrative and
management communications are secured
using TLSv1 with an RSA or ECC key
that is configurable and unique to each
BreadCrumb. All BreadCrumb configurations,
passwords, and critical security
parameters are capable of being remotely
managed via BC|Commander or via a
button on the device with physical access
to a BreadCrumb node. This makes the
BreadCrumb device inert so that it cannot
join a secured mesh network.
THE FUTURE OF SECURITY
As the abilities of malicious parties
improve, the techniques and methods
used to compromise and assault critical
information systems at industrial
enterprises become more and more
sophisticated. Therefore, industry-leading
connectivity solutions need to provide topof-
the-line security to match the strength
of the network. Rajant has been engaged
in a long-term effort to build the most
secure solutions available and fight back
against malicious parties hoping to intrude
on private networks. As a result, they are
incredibly well-positioned to provide the
latest and most effective security measures
to CSOs and CISOs across the industry.
This is something
the military, the first
customer, has known
for 20 years.
This article originally appeared in the July / August 2021 issue of Security Today.