The increased connectivity of industrial networks has led to a surge in cyberattacks, emphasizing the need for cybersecurity measures tailored to the specific requirements of industrial systems. Modern Industry 4.0 technologies, such as OPC UA, offer enhanced resilience against these threats. However, widespread adoption remains limited due to long installation times, proprietary technology, restricted flexibility, and formal process requirements (e.g. safety certifications). Consequently, many systems do not yet implement these technologies, or only partially. This leads to the challenge of dealing with so-called brownfield systems, which are often placed in isolated security zones to mitigate risks. However, the need for data exchange between secure and insecure zones persists. This paper reviews existing solutions to address this challenge by analysing their approaches, advantages, and limitations. Building on these insights, we identify three key concepts, evaluate their suitability and compatibility, and ultimately introduce the SigmaServer, a novel TCP-level aggregation method. The developed proof-of-principle implementation is evaluated in an operational technology (OT) testbed, demonstrating its applicability and effectiveness in bridging secure and insecure zones.
翻译:工业网络连接性的增强导致网络攻击激增,突显了针对工业系统特定需求定制网络安全措施的必要性。现代工业4.0技术(如OPC UA)提供了针对这些威胁的增强韧性。然而,由于安装周期长、技术专有化、灵活性受限以及正式流程要求(例如安全认证)等因素,其广泛采用仍然有限。因此,许多系统尚未或仅部分实施这些技术。这导致了处理所谓棕地系统的挑战——这类系统通常被置于隔离的安全区域中以降低风险。然而,安全区域与非安全区域之间的数据交换需求依然存在。本文通过分析现有解决方案的方法、优势与局限性,系统回顾了应对这一挑战的现有方案。基于这些分析,我们提炼出三个核心概念,评估其适用性与兼容性,并最终提出SigmaServer——一种新颖的TCP层级聚合方法。所开发的原型验证系统在运营技术(OT)测试平台中进行评估,证明了其在桥接安全与非安全区域方面的适用性与有效性。