Networking is a critical component of industrial control systems (ICS). ICS networks differ significantly from information technology networks. Unfortunately, most existing Ethernet networking-related technologies are based on information technologies and practices. While information technology networks must manage dynamic environments, ICS networks are typically less dynamic and more repeatable in terms of network communications. ICS networks control processes including factory floor automation, food processing, water and wastewater system, and electric power distribution.
Veracity Industrial Networks set out to develop an ICS network system that addressed, among other things, reliability, visibility, data traffic control, and deny-by-default security. Through our research and development efforts, as well as years of industrial networking experience, we have adapted software defined networking (SDN) to address demanding ICS requirements that traditional networking technologies are unable to do. SDN is an architectural networking concept that separates network configuration, or control plane, from the switch, or data plane. What this allows ICS network designers and engineers to do is define exactly what traffic and to which devices the traffic is allowed to flow within an ICS network. SDN technology also obsoletes complex concepts including VLANS, Spanning Trees, Network loops, and allows ICS networks to be designed to fit the requirements of the control system using standard IEEE 802.3 Ethernet. Network designers and engineers are not encumbered by traditional information technology practices. We call our SDN ICS flow controller Net-Optix™.
Net-Optix™ manages deployed SDN switches in an intuitive way that gives ICS designers and operators significant control and visibility into their networks by micro-segmenting traffic. Benefits of Net-Optix™ include:
- Deny by default and network whitelisting.
- Inherent network auditing
- Network configuration management
- Inherent network traffic segregation by micro-segregating network operation
- Enhanced visibility and control of traffic within the network
- Anomaly filtering that simplify syslog management
- Ability to quickly restore network setting or roll back to last known good state.