Industry leaders join forces to improve and scale security monitoring and management from the enterprise, to the IDMZ, and now down to the cell/area zone
As the Industrial Internet of Things (IIoT) continues to deliver value from connecting plant-floor devices to the enterprise, security remains an ongoing challenge. Today, IT systems leverage firewalls to monitor security risks on the IT network. These IT firewalls are not aware of industrial protocols used on the plant floor – limiting the ability to minimise risk throughout the entire network. In response, Cisco and Rockwell Automation have collaborated to develop a deep-packet-inspection (DPI) technology for use in industrial security appliances.
An industrial firewall with DPI technology extends visibility down to the plant floor, enables logging of traffic patterns, and provides the opportunity for informed decision-making following a set of security policies. Users can log a range of data for any network connection or protocol, such as EtherNet/IP, including where the traffic is coming from, where it is going and with which application it is associated. While IT managers previously had this visibility, now both plant and IT managers can use this technology to more securely manage network traffic from the plant to the enterprise.
When used between industrial and cell/area zones in a Converged Plantwide Ethernet (CPwE) architecture, a plant-floor application using DPI technology has the ability to instruct a firewall to deny firmware downloads to a controller. This guards against tampering with firmware and helps protect the integrity of the operation. Only an authorised user would be able to conduct the download.
“Security on the plant floor continues to be a top concern for manufacturers and industrial operators as they build a Connected Enterprise,” said Juergen Weinhofer, vice president, common architecture and technology, Rockwell Automation. “DPI technology combines our unmatched automation and information control expertise with that of Cisco, the industry leader in IT security, to enhance security for new and existing industrial control systems.”
“With this security addition to our joint portfolio and architectures, we can help eliminate the ‘air gap’ or ‘security by obscurity’ that leads to false confidence of safety and security,” said Doug Bellin, global industries lead, Cisco. “We can track all network connections in real time and react when issues arise. This is another case of the best of IT and the best of operations coming together to solve a real need.”
Through the strategic alliance collaboration between Rockwell Automation and Cisco, manufacturers can benefit from the sharing of proven security best practices from the IT space made possible for the plant floor and industrial environment. DPI technology will be brought to market in industrial network devices from both Rockwell Automation and Cisco in 2016.
Rockwell Automation are a global provider of industrial power, control and information solutions