The "CIA Triad" is a foundational model that has been around for a long time and remains highly relevant today. It consists of three components and is used to guide organizations in how to protect sensitive data and ensure their systems remain functional:
BRX PLCs incorporate many security features that comply with the pillars of the triad.
There is a vast array of communication networks in the industrial automation field, some with better isolation than others. To ensure that Do-more Designer programming software connections to the PLC are restricted to authorized personnel only, the BRX PLC platform utilizes session-based communication. By using sessions, each initiated communication request must contain a unique ID. If the ID is missing, the BRX PLC will discard the request. This guarantees that no unauthorized access will be granted and also prevents PCs from accessing the wrong PLC. Sessions will also time out if not utilized, closing the idle link between the programming software and the PLC which must be reestablished if needed.
Control who has access to your controller and what kind of access they have with the versatile password protection and user accounts
available in the Do-more Designer software. Define multiple users and assign combinations of privileges from the available options.
For OEMs, code block password protection can be used to allow your customers to see enough of the program for basic
troubleshooting, while keeping your proprietary code blocks hidden and secure.
BRX PLCs also provide a convenient method to encrypt your data so it can be safely transmitted. The (ENCRYPT) instruction uses the Ascon-128 algorithm, along with the supplied key and nonce, to encrypt the plaintext block into a block of ciphertext.
The block of encrypted data can be stored in a file or transmitted via any communication method (e.g., FTP, HTTP, MQTT, Modbus) to another party that can decrypt the block back to its original, unencrypted form.
On the other hand, the (DECRYPT) instruction also uses the Ascon-128 algorithm along with the supplied key and nonce to decrypt the ciphertext block back to its original plaintext form.
All BRX PLC units have a block of 8 on-board DIP switches that are used to perform various debug and recovery operations. One of these switches enables/disables firmware downloads to the controller. Disabling firmware downloads will protect your CPU from unwanted operating system changes and keep you in control of if and when these changes are made.
BRX PLCs allow users to disable unused protocols and restrict access to protocols via IP addresses. By providing an easy way to turn off protocols that aren't in use, and providing a way to assign specific IP addresses, or IP address range, to specific protocols, BRX makes sure there are no loose ends or open doors that could be used to compromise your system.
Communication and security go hand-in-hand and the BRX platform has incorporated new security features to keep your system safe.
Protocol-specific memory or guest memory is one of these features and it prevents external devices from randomly accessing the BRX PLC's
I/O and memory.
When communicating using the Modbus protocol (RTU or TCP) or the DL protocol (K sequence), the BRX PLC will only allow the 3rd
party Master to access the data stored in the CPU's Modbus or DL memory registers, keeping the native memory secure from unwanted access.
Voted #1 mid-sized employer in Atlanta
Check out our
job openings