ICS/OT NETWORK MONITORING WHITE PAPER

Industrial Control Systems (ICS) and Operational Technology (OT) networks are critical for managing essential infrastructure and industrial operations, from power grids to manufacturing plants. However, these systems' increasing digitization and connectivity have made them more vulnerable to cyber threats and operational failures. To safeguard these environments, ICS/OT network visibility and monitoring are essential in providing real-time insight into network traffic, detecting anomalies, and identifying potential security risks.

OT monitoring solutions should deliver actionable, packet-based network insights without compromising network security or continuous machine operation. Let’s explore how.

... Open the white paper ?

Differences in IT and OT networks

While adding new hardware to IT networks is relatively easy, this is different for OT networks because they are started simultaneously. Once the configuration or boot-up phase is complete, deploying monitoring systems is impossible without taking offline parts. Therefore, it is important to consider network monitoring in OT systems from the early stages of building network infrastructure.

The importance of data diodes

Integrated into Profitap Diode Fiber and Copper TAPs, Data Diode technology ensures unidirectional traffic, blocking any accidental or malicious signals from re-entering the operational network through monitoring ports. This added security measure protects critical OT systems while allowing network aggregators and packet brokers to collect data and forward it to security and monitoring tools for analysis.

...

Aggregation to a network packet broker

Aggregating traffic to a packet broker is essential for comprehensive monitoring and analysis without disrupting time-sensitive operations. TAPs can aggregate multiple data streams and forward them to a packet broker.

The network packet broker is a powerful tool for optimizing and managing traffic in high-bandwidth environments. Their key features include traffic aggregation, which consolidates data from multiple sources, and replication, which duplicates traffic for various analysis tools. Load balancing ensures an even distribution of network traffic across multiple monitoring tools.

This setup monitors eight critical network connections using C1D-1G Industrial TAPs deployed inline. These TAPs duplicate the 1G traffic from each connection without introducing any disruption to the live network. The duplicated traffic from all eight TAPs is then forwarded to the XX-720G Network Traffic Aggregator.

The XX-720G Aggregator filters and aggregates the incoming traffic. Filtering ensures that only relevant data packets are selected based on predetermined criteria, and through aggregation, it combines the ... Continue reading the white paper ?

Purdue model

The Purdue Model for Industrial Control Systems (ICS) security is a framework that outlines a multilayered approach to safeguarding sensitive industrial environments. Originally developed at Purdue University and further refined by the International Society of Automation (ISA) as part of the ISA-99 standard, the model defines six distinct layers of network segmentation, each designed to serve a specific function in protecting and managing industrial operations. These layers range from the enterprise level down to the actual physical processes.

The primary objective of the Purdue Model is to create clear, secure boundaries between ...

Continue reading ?

Remote network capture and troubleshooting on trains

Profitap supports the railroad industry's digital transformation with tailor-made network monitoring and troubleshooting solutions for onboard traffic capture and remote analysis.

Digital Transformation in the Railroad Industry

As the railway industry undergoes a digital evolution, increased technological sophistication in trains is becoming prevalent. Intelligent safety technologies and Wi-Fi connectivity are being fortified in trains, necessitating specialized solutions to manage train network traffic, troubleshoot connectivity, and test the correct operation of new systems.

Continuous visibility and troubleshooting in railway applications can be complex. Engineers must gather and analyze data but can’t always be physically present on the trains due to their constant movement.?

The Profitap IOTA is an all-in-one network traffic monitoring solution that includes analysis dashboards and enables remote troubleshooting.

Specifically designed for our customers in the railway industry and in compliance with industry safety standards, the IOTA 1G M12 meets EN 45545-2 safety standards for fire. The M12 connectors make it easy to connect IOTA with standardized equipment. They are compact, rugged, and suitable for ... Continue reading ?

Troubleshooting VoIP Network Issues: From Log to IOTA analysis

Voice over IP (VoIP) networks, with their reliance on real-time communication protocols like SIP (Session Initiation Protocol) and RTP (Real-Time Transport Protocol), must maintain high availability and low latency. Issues that arise need to be quickly identified and resolved to prevent service disruptions.?

A common problem is incompatibility issues where there are over 100 Requests for Comments (RFCs) related to SIP with a lot of “SHOULD” statements instead of “MUST”. This often leads to users being unable to make outgoing or incoming calls.?

This article presents a troubleshooting approach using IOTA, a real-time traffic capture and analysis tool that simplifies the identification of root causes in complex VoIP network problems. The article will highlight how IOTA can help efficiently troubleshoot network issues, identify anomalies, and resolve problems that traditional log analysis and basic traffic capture might miss.

Problem Statement

VoIP networks are susceptible to various issues that can affect service quality. A typical user complaint might involve being unable to ... Continue reading ?

Optical Budget & Split Ratios in Fiber Network Monitoring

Understanding the optical power budget and split ratios for fiber TAPs in fiber optic network monitoring is crucial to ensuring effective signal management and optimal network performance. This article will shed some light on these subjects.

Optical budget

Optical budget or light budget refers to the total amount of optical power that a fiber optic system has available to maintain an acceptable level of performance. It is calculated by considering the power of the optical signal at the transmitter, the minimum acceptable power at the receiver, and the losses incurred along the path, including those from fiber TAPs. Sufficient optical budget ensures that the signal reaching the receiver is strong enough to be detected and interpreted correctly.

Components of the Optical Budget

1. Transmitter power: The output power of the optical transmitter.
2. Receiver sensitivity: The minimum optical power required by the receiver to function correctly.
3. Fiber loss: The fiber's attenuation, typically measured in dB/km.
4. Connector loss: The loss introduced by connectors in the network.
5. Splice loss: The loss at splice points where fiber segments are joined.
6. Tap loss: The loss introduced by fiber TAPs used for monitoring purposes.
7. Safety margin: An additional margin to account for unforeseen losses and aging of the components.

?

Network TAP insertion loss

Insertion loss is the total amount of ... Continue reading ?