Rockwell and Cisco launch new architectures to reduce security risk

As industrial markets evolve to unlock the promise of the Internet of Things (IoT), Rockwell Automation and Cisco recently announced new additions to their Converged Plantwide Ethernet (CPwE) architectures to help operations technology (OT) and information technology (IT) professionals address constantly changing security practices. The latest CPwE security expansions, featuring technology from both companies, include design guidance and validated architectures to help build a more secure network across the plant and enterprise.

The Industrial IoT is elevating the need for highly flexible, secure connectivity between things, machines, workflows, databases and people, enabling new models of policy-based plant-floor access. Through these new connections, machine data on the plant floor can be analysed and applied to determine optimal operation and supply-chain workflows for improved efficiencies and cost savings. A securely connected environment also enables organisations to mitigate risk with policy compliance and protects intellectual property with secure sharing between global stakeholders.

Core to the new validated architectures is a focus on enabling OT and IT professionals to utilise security policies and procedures by forming multiple layers of defence. A defence-in-depth approach helps manufacturers by establishing processes and policies that identify and contain evolving threats in industrial automation and control systems. The new CPwE architectures leverage open industry standards, such as IEC 62443, and provide recommendations for more securely sharing data across an industrial demilitarised zone, as well as enforcing policies that control access to the plant-wide wired or wireless network.

“The key to industrial network security is in how you design and implement your infrastructure and holistically address security for internal and external threats,” said Lee Lane, business director, Rockwell Automation. “The new guidance considers security factors for the industrial zone of the CPwE architectures, leveraging the combined experience of Rockwell Automation and Cisco.”

Rockwell Automation and Cisco have created resources to help manufacturers efficiently deploy security solutions. Each new guide is accompanied by a white paper summarising the key design principles, as follows:

• The ‘Industrial Demilitarized Zone Design and Implementation Guide’ and white paper provide guidance to users on securely sharing data from the plant floor through the enterprise.
• The ‘Identity Services Design and Implementation Guide’ and white paper introduce an approach to security policy enforcement that tightly controls access by anyone inside the plant, whether they’re trying to connect via wired or wireless access.

“Security can’t be an afterthought in today’s plant environment. As we connect more devices and create more efficient ways of operating, we also create certain vulnerabilities,” said Bryan Tantzen, senior director, Cisco. “Cisco and Rockwell Automation have been teaming for nearly a decade on joint solutions, serving as the standards-based resource for security in industrial environments. These new architectures and guides build on our collaboration by helping organisations recognise and proactively address today’s security concerns.”