Did you know that the Westermo operating system (WeOS ) supports 802.1x port authentication?

Relying on a perimeter firewall to protect an industrial control system (ICS) is no longer considered to be enough. One problem with a perimeter firewall is that it still leaves the control system vulnerable to attack. Consider a small unmanned water pumping station with limited physical security. If the intruder can bypass the physical security, there is nothing to stop the intruder from connecting to the network and getting to work.

To make it more difficult for an intruder to attack an ICS network, cyber security controls should be extended to the edge of the network. This approach is often termed “Defence in Depth”. The Westermo operating system WeOS has support, as standard in all managed layer two and three devices, for the 802.1x port authentication protocol. The 802.1x protocol stands guard on the edge ports waiting for an attempted connection on a physical port. On detection of a switch port becoming active, the switch issues an 802.1x challenge to the connecting device. The edge port will only be allowed to forward packets to the network after the device has verified it credentials.  Failure to present the correct credentials will result in the port refusing ingress of any data into the network.