Illusive Blog January 25, 2016

The Industrial Ethernet & Threats to Critical Infrastructure

By Ofer Israeli

defending_industrial_ethernetWhen Bruce Willis began his role as John McClane in the first Die Hard movie in 1988, Ethernet connectivity was only just finding its place in the world.

Although it became a ubiquitous standard in typical offices, critical infrastructure sectors continued using their serial port-to-port networks.

Bruce_Willis_Die_HardHowever, the events of the fourth Die Hard movie, Live Free or Die Hard – where cyber terrorists take control over critical infrastructures and end up wreaking havoc throughout the US, have become a very real (albeit highly exaggerated) possibility with the rise of the Industrial Ethernet.

Securing the Industrial Ethernet is a tall task; but to avoid needing the services of John McClane to stop an attack on critical infrastructures, we’ll have to revamp the measures that have been protecting your legacy computer systems.

Who Should be Concerned about Defending the Industrial Ethernet?

Tweet: The #IndustrialEthernet is introducing a new world of #SecurityThreats to critical infrastructuresThe Industrial Ethernet is introducing a new world of security threats to critical infrastructures—but what are critical infrastructures, exactly?

In the US, there are 16 sectors which support critical infrastructures. According to the Department of Homeland Security, these are the assets, systems and networks so vital to the entire population that their failure would devastate the country.

Check below. Does your company operate in one of these sectors?


The Industrial Ethernet vs. Typical Ethernet Environments

You may think that defending the Industrial Ethernet is similar to implementing cyber security measures in a typical office environment.

However, variable traffic patterns in Ethernet environments are flexible—you can analyze packets, wipe them clean and manipulate traffic as necessary for security. In production cells, this isn’t possible.

Production cells require standardized traffic and tampering with it can cause serious problems. Critical infrastructure sectors must be careful to not modify any of the traffic in their networks.


Deploying standard security appliances and applications—next-gen firewalls, deep packet inspection, intrusion detection systems (IDS) and more—is still important, but there are additional measures that must be taken when securing the Industrial Ethernet.

Tweet: Two vital aspects of #IndustrialEthernet security are access control and virtual #LANisolation >>Below are 3 vital aspects of Industrial Ethernet security:

  • Access Control: Implementing port-based MAC address management throughout the Industrial Ethernet helps keep unauthorized users from tampering with systems;  this aids in reducing the potential for human error within a company.

  • Virtual LAN Isolation: Serial port-to-port architectures worked so well for critical infrastructure sectors because they were entirely isolated from Internet traffic. Virtual LANs can help you isolate certain systems for greater control of traffic flow.

  • Identifying Anomalies: The nature of critical infrastucture networks tends to be quite static. In this sense, the traffic they generate is both predictable and repetitive, making it much easier to identify and examine any anomolies that appear.

Any standard security measure can be tailored to an Industrial Ethernet environment—but when these strategies fail, that’s when the problem begins.

Cyber attack and data breach numbers are at an all-time high, and critical infrastructures require more effective security strategies that meet their strict requirements.

Recommended reading for you: