Internet and E-Mail Access on Metering Networks
In most cases, there is no justification for providing direct Internet access on any devices connected to the metering network, which forms a part of a broader Process Control Network.
Metering systems are designed to operate in a completely isolated environment and typically do not require any external connectivity during day-to-day operations. However, by providing direct Internet connectivity on such devices, even if appropriately assessed and controlled, risks related to the spread of malware and unauthorized access by malicious actors increase significantly.
Managing External Access
In most use cases, external connectivity in metering systems is required for handoff to data historian systems, conducting software updates, and providing remote access for fault-finding and monitoring. In all those scenarios, suitable solutions are available that utilize the higher-level networks (such as Process Information Networks) as intermediate channels of access.
These networks are connected via firewalls, which ensure that all traffic is suitably controlled and monitored. Therefore, no system – either newly designed or existing – should be connected to the Internet to ensure compatibility with the standards and best practices.
Managing E-Mailing
There is no reason to allow generic e-mail access on devices connected to the metering network. If such access is required for operators and technicians, it should be via separate computers connected to the Enterprise network.
However, some older systems may require access to a mail server to automatically send periodic production reports to the engineering team. If such a requirement exists, this should be achieved by interfacing with a local mail server via an encrypted connection. Again, such a connection would be appropriately controlled, as mail servers reside on a higher-level network. The metering system should use a dedicated mail account for this purpose, which should be monitored to ensure that there is no unauthorized data exfiltration.
At Swinton Technology we work closely with asset operators to ensure that no unauthorized connectivity occurs while ensuring that all system-critical functionality is maintained. In addition, we can offer assistance on interfacing metering systems – both new and old – to external networks if required. Contact us now to find out more.