As the string of cyber attacks on industrial networks grows, security vendors are developing new protection systems. Rockwell Automation and Cisco have joined together to provide a network security solution called Converged Plantwide Ethernet (CPwE) architectures. These architectures are designed to help operations technology (OT) and information technology (IT) professionals address constantly changing security threats. The architecture features technology from both companies, including design guidance and validated architectures to build a more secure network across the plant and the enterprise.
The Industrial Internet of Things (IIoT) has elevated the need for highly secure connectivity across all aspects of the plant, especially now that the plant is connected to the enterprise network and out to suppliers and customers. The Cisco/Rockwell CPwE architecture was created to let engineers analyze machine data on the plant floor while also determining that operation and supply-chain workflows are secure. The validated architectures enable OT and IT professionals to utilize security policies and procedures by forming multiple layers of defense.
MORE FROM DESIGN NEWS: Certification Training Brokers Peace Between OT and IT
As well as creating parameter and internal network safeguards, the joint architecture tool includes policies on managing access. "We've always considered security from a holistic view. We've enhanced that with the Cisco network architecture. You can come into this connected service through a wire or wireless," Gregory Wilcox, development manager for the CPwE design guides at Rockwell Automation, told Design News. "It makes sure I get where I want to go and that I don't get to where I'm not supposed to go. It restricts what I have access to while supporting my machine."
This "defense-in-depth" approach was created to help manufacturers establish processes and policies that identify and contain evolving threats. The architectures leverage open industry standards, such as IEC 62443, and provide recommendations for more securely sharing data across an industrial demilitarized zone, as well as enforcing policies that control access to the plant-wide wired or wireless network.
Cisco and Rockwell have been working together on security for some time, including the development of training programs designed to find common ground between OT and IT. "We've been putting this together for the last few years. We just launched the new version of this security architecture in June," Bryan Tantzen, senior director manufacturing solutions at Cisco, told us. "It comes with a design guide, identity services and policy, and recommendations on how to create an industrial agreement between OT and IT. That's key to protecting the plant."
MORE FROM DESIGN NEWS: Cyber Spy Versus Spy Hits the US Government Hard
One of the difficulties of securing the plant network is that most plants in North America still have portions of legacy equipment that was designed before security was an issue. "The legacy systems were designed to be open. Once you got in the network, you were free to do anything," said Tantzen. "Almost any factory in the world today is not secure enough. The threat enters not just through the IT space but also through the OT space. With Target, it came in through someone who was monitoring the air conditioning. You have to think about new solutions to solve this."
Rob Spiegel has covered automation and control for 15 years, 12 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years he was owner and publisher of the food magazine, Chile Pepper.