Security Framework
9 : Protecting Communications and Connectivity
both management and operations networks can serve as a pivot point for an attack jumping from one network to the other .
9.2.4 GATEWAYS AND FILTERING
Gateways control information flow between network segments . ‘ Industrial Internet Reference Architecture ’ 1 defines a gateway as a “ forwarding component enabling various networks to be connected .” This definition is very general , and describes any computing device with two or more network interfaces that forwards information between those interfaces .
Gateways may transform and forward information between segments without additional controls ; for example , a protocol-translating gateway may translate legacy , insecure communications protocols into modern , encrypted protocols . Gateways may also filter information flows in many ways ; for example , a firewall forwards only messages that match specific rules , and a unidirectional gateway is physically able to transmit information in only one direction , and blocks all communications in the other direction .
Gateways with filters are used to implement network segmentation by controlling the flows of information passing between network segments . These filters may be bidirectional or unidirectional : a bidirectional filter forwards information both into and out of a connected network , while a unidirectional filter forwards information exclusively into or out of one or more network segments . Filters may also be message-based or information-based . Message-based filters preserve message structures at a certain layer of a protocol stack , and forward or do not forward messages at that layer . Information-based filters extract certain kinds of applicationlevel information from one or more messages from a network interface , and forward that information into another network while preserving no part of the originating network ’ s message structures .
Gateways may encode significant application functionality . For example , a dual-ported historian server at an IT / OT interface can be thought of as a bidirectional informational gateway with significant persistence and analysis capabilities . The historian server uses device communications protocols to gather data from the OT network via one network interface , and uses client / server protocols to publish data into the IT network via a second network interface . In another example , a Data Distribution Service ( DDS ) gateway often translates information streams at an application / middleware level , while also enabling secure persistence , secure distributed logging and secure data transformation .
Different kinds of gateways provide different degrees of security benefits . Legacy gateways can translate encrypted , authenticated communications into less-secure communications for legacy end devices so they can also participate in modern networks . Unidirectional gateways are physically unable to forward any information or attack back into protected networks . Gateway security capabilities should be matched to security needs carefully when they connect network segments at different trust levels . Unhardened gateways should not connect a network of legacy safety and control devices to a corporate network , or to the internet .
1
See [ IIC-IIRA2016 ] IIC : PUB : G4 : V1.0 : PB : 20160926 - 88 -