gateway icon  PRODUCT SELECTOR:

Connect Your:

To:

RTA's Blog

Gateways as Cybersecurity Appliances

Posted on by John S Rinaldi
Gateways as cybersecurity
04
Aug

Sometimes when you talk to customers you get the strangest information. Things that you would never have guessed no matter how much time you had available. When I asked one customer about cybersecurity for his machine, he said “Your Modbus RTA Gateway is our security appliance.”

I couldn’t have been more shocked. We have gateways for Modbus RTU, gateways for AB PLC communications, gateways for EtherNet/IP, and more, but none of them are what I would call a “Security Appliance.” I asked him more and he explained it to me.

“By putting the gateway between their infrastructure and ours, all we have is a data interface between their company network and our machine network. On our side, we have a network that includes a controller, some I/O devices, and other intelligent devices that run our machine. On their side, they have their control network with some of their controllers, other I/O devices, servers, and, of course, switches and routers to get to their enterprise network. What the RTA gateway does for us is to prevent messages flowing between the two networks. It’s actually a data diode.”

I had never thought of it that way, but it made sense to me. All that each side sees in our gateway is a data table. They can read the data table or write the data table, but they have no ability to do anything more than just those reads and writes of data values. It’s actually a pretty good use of our gateway technology.

Is this bulletproof? Well, no, it isn’t. If someone had access to either side, they could figure out what is in our box. They could figure out what the OS is. They could get the tools they needed to download a new program. But that’s an awful lot of trouble. My experience in cybersecurity is that people will go after the easier targets first. No one likes to take the long, difficult road. Putting an RTA gateway in an application can make the application more secure.

In a previous article, I wrote about seven simple steps to machine security. Those steps included turning off unused switch ports, capping end ports on linear segments, keying ports that the technicians use to access the network, and eliminating your USB ports. This step, using an RTA gateway, could be considered step number 8.

You never know what you might learn when you talk to a customer. I’ll have to do more of that in the future.

Avatar photo
John S Rinaldi

John Rinaldi is Chief Strategist, Business Development Manager and CEO of Real Time Automation (RTA). After escaping from Marquette University with a degree in Electrical Engineering, John worked in various jobs in the Automation Industry before once again fleeing back into the comfortable halls of academia. At the University of Connecticut, he once again talked his way into a degree, this time in Computer Science (MS CS). John is a recognized expert in industrial networks and the author of six books: Modbus: The Everyman’s Guide to Modbus, OPC UA – Unified Architecture: The Everyman’s Guide to OPC UA, EtherNet/IP: The Everyman’s Guide to EtherNet/IP, The Smart Product Manager’s Guide to Industrial Automation Connectivity, The Smart Product Manager’s Guide to Connectivity in the Packaging Industry, and his latest, The Everyman’s Guide to Properly Architecting Ethernet/IP Networks.