Featured Image

Building an Advanced Cybersecurity Plan: Communications, Network, and Database Security

Implementing a cybersecurity plan includes deploying specific security functions to provide communications, networking, and database security. Learn what key factors to consider, what new technologies are being overlooked, and more for your implementation.
Nov 16, 2022

Many elements of an advanced cybersecurity plan involve strategic decisions that impact how a company operates securely and how company resources are managed and deployed to facilitate secure operations. These topics require engagement by the management team and every user with access to the company’s network resources. We have discussed many of these elements in previous articles in this series – “Building an Advanced Cybersecurity Plan.” Additional elements of a security plan are equally important but are more narrowly focused on IT professionals. One of these elements is implementing and deploying specific security functions to provide communications, networking, and database security.

Systems security engineering is the science of multiple security engineering specialties to provide a fully integrated, system-level perspective of system security. IT professionals utilize systems security engineering principles to define the network architecture and software/hardware implementations for monitoring, controlling, and protecting communications and information “in transit” and when stationary in databases and other data storage devices.

The specific implementation will depend on several factors, including requirements established in other elements of the security plan, the current state of existing network resources, and the risk tolerance of an individual company. Some key factors that should be considered in all implementations include:

  • Security functions should be designed in a layered fashion such that each layer represents an additional obstacle for a potential intruder.

  • A diversity of security functions should be used at different portions of network architecture. The interface between each segment of the system architecture should be viewed as a “locked door,” and a different set of keys is required for each door – no “master key” that gains access to all.

  • Deploying strong security functions at all external boundaries to the network is of high importance. Deploying security functions between system components within the network is highly recommended.

  • Network segmentation is essential to block the propagation of security threats throughout the network. This is especially important in the manufacturing environment due to the high concentration of devices that do not directly support implementing security functions.

Typically, it is not feasible to implement all of the desired security functions in an existing network without incurring significant disruptions and costs. Companies should deploy as many of the desired security functions as possible based on the current state of the network architecture and their risk tolerance for the potential impact of a security threat. However, when new extensions to the network are implemented, or major system modifications are underway, it is an opportune time to extend and enhance the security implementation at the same time.

One of the functions that can normally be implemented in any network without any significant interruption is the separation of administrative and system management functions to different devices and, where possible, separate domains from all user functions. This task can be implemented over time to transition these functions. This step is important to establish a more secure structure in support of all future network security enhancements.

There are multiple concepts for implementing security functions for accessing the network, network resources, and data sources. The preferred concept is “Deny All, Allow by Exception.” In this scenario, all access to network resources is blocked unless specifically approved. This is also known as “whitelisting.” This approach requires more system configuration management resources but is more secure and proactive than the traditional “blacklisting” approaches that only address known potential threat sources.

One of the newer technologies that is becoming very prevalent and is being overlooked from a security perspective in many cases is VoIP (voice over internet protocol). Basically, VoIP is telephone communication over the internet. Most cellular phone service providers will redirect cellphone service through any available internet connection that can be established. Each of these connections represents a potential for a security breach. While most phone service providers should have well-established security protocols in place, it is not practical to validate each one. Companies must recognize that if they allow mobile phone access to their network, this is another external network interface that must be addressed as part of the overall security implementation.

Architecting and deploying a well-structured and effective network security implementation requires advanced systems security engineering expertise. Larger companies often can hire such expertise. Smaller companies typically rely on outside resources to provide these services. In either case, management should thoroughly vet the selected resources that will provide these services since the balance of your cybersecurity plan will provide little benefit if this plan element is not properly implemented.

For more details on concepts addressing network configuration management, you may want to reference Section 3.13 System and Communications Protection of NIST standard SP 800-171.


For more on this topic, we invite you to explore the Building an Advanced Cybersecurity Plan article series.

Part 1: Engagement and Reinforcement

Part 2: Interaction Mapping

Part 3: Access Control

Part 4: Electronic Media Protection

Part 5: Identification and Authentication

Part 6: Activity Logging, Auditing, and Traceability

Part 7: Network Resource Configuration Management

Part 8: Communications, Network, and Database Security 

Part 9: Personnel and Infrastructure Security

Part 10: Maintenance and Incident Response

Part 11: Risk Assessment and Vulnerabilities Testing

PicturePicture
Author
John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
Are you adding an MTConnect adapter and agent to legacy equipment? The AMT-Virginia Tech team collected and visualized data for production managers to monitor real-time metrics and build accurate reports from legacy equipment.
Have you ever experienced hospitality that’s both precise and artistic? Swiss manufacturer Studer AG welcomed nearly 100 attendees to its campus to unveil new products and share some of the joys of Swiss life.
Digital manufacturing uses operational data for more informed decision-making, which helps increase workflow efficiency. But a major challenge is the quality of data. Learn more about this crucial factor in digital manufacturing decision-making processes.
Art and engineering, Robot retires to do what it loves, Projects for standards in measurement, US air force offers am experience for students.
Digital manufacturing is company-specific strategy that uses data from manufacturing operations to support more informed decision-making and increase efficiency. Find out what goes into building a unique digital manufacturing strategy for your business.
Similar News
undefined
Technology
By Kathy Keyes Webster | Jun 05, 2023

Have you ever experienced hospitality that’s both precise and artistic? Swiss manufacturer Studer AG welcomed nearly 100 attendees to its campus to unveil new products and share some of the joys of Swiss life.

8 min
undefined
Technology
By Benjamin Moses | Jun 06, 2023

Are you adding an MTConnect adapter and agent to legacy equipment? The AMT-Virginia Tech team collected and visualized data for production managers to monitor real-time metrics and build accurate reports from legacy equipment.

15 min
undefined
Smartforce
By Christopher Chidzik | Jun 06, 2023

Given current economic conditions compared to where they were forecast to be at this point, this article will look at how the manufacturing employment landscape has changed and what it has meant for orders of manufacturing technology ...

4 min