Security Approaches for Industrial Internet of Things

Security Approaches for Industrial Internet of Things

GaryThumb14Personal interlude

After leaving the “magazine editor business” a year ago, probably for good as a full-time editor anyway, I turned to just keeping this blog active. Readership has increased slowly but steadily over the past eight months. About as many people will see an article here as on a magazine Website (not as many total as a magazine Website, but they have much more content).

I decided not to pursue advertising as a revenue source. That seems to be the old way. It’ll hang on for a long time, but growth is not there.

Most of my business is consultation of various kinds including messaging and marketing, research, analysis, Web and digital development, and leadership.

It is more fun and insightful than trying to keep sales people and advertisers happy while forging a new message in a crowded field.

However, Manufacturing Connection will continue to bring the latest relevant news along with analysis about why you should care.

OT coming together with IT

I have been fascinated with what we now call the IT/OT divide (information technology professionals versus operations technology professionals) since about 1986. About that time my company was designing, building, and selling automated assembly machines to industry. Our largest customer was General Motors.

General Motors, in a gigantic brain fart, acquired EDS. And, predictably, it succeeded in totally destroying the EDS culture and making it like GM. That is to say, cumbersome, lethargic, bureaucratic.

But one day a senior manager went through the controls engineering department of one of my best customers and said, “You’re EDS,” “You’re GM.” Then they told us, “GM has the wire from the controller to this terminal block, and EDS has the wire from that terminal block to computers.”

Thus began our difficulties with GM and controls on our machines.

Rockwell and Cisco

These days, noted GM (and many others) OT supplier Rockwell Automation and noted IT supplier Cisco have joined forces to provide architectures, technology, and training designed to bring these forces together.

After 30 years, it’s about time.

Previously the two companies tackled training. With this news, they have tackled security for the Industrial Internet of Things. Most of the following is taken from their joint press release (meaning I didn’t delete some of the superlatives).

The two additions to their Converged Plantwide Ethernet (CPwE) architectures are designed to help operations technology (OT) and information technology (IT) professionals address constantly changing security practices. The latest CPwE security expansions, featuring technology from both companies, include design guidance and validated architectures to help build a more secure network across the plant and enterprise.

The Industrial IoT is elevating the need for highly flexible, secure connectivity between things, machines, workflows, databases and people, enabling new models of policy-based plant-floor access. Through these new connections, machine data on the plant floor can be analyzed and applied to determine optimal operation and supply-chain work flows for improved efficiencies and cost savings. A securely connected environment also enables organizations to mitigate risk with policy compliance, and protects intellectual property with secure sharing between global stakeholders.

Core to the new validated architectures is a focus on enabling OT and IT professionals to utilize security policies and procedures by forming multiple layers of defense. A defense-in-depth approach helps manufacturers by establishing processes and policies that identify and contain evolving threats in industrial automation and control systems. The new CPwE architectures leverage open industry standards, such as IEC 62443, and provide recommendations for more securely sharing data across an industrial demilitarized zone, as well as enforcing policies that control access to the plantwide wired or wireless network.

“The key to industrial network security is in how you design and implement your infrastructure and holistically address security for internal and external threats,” said Lee Lane, business director, Rockwell Automation. “The new guidance considers security factors for the industrial zone of the CPwE architectures, leveraging the combined experience of Rockwell Automation and Cisco.”

Rockwell Automation and Cisco have created resources to help manufacturers efficiently deploy security solutions. Each new guide is accompanied by a white paper summarizing the key design principles, as follows:

The Industrial Demilitarized Zone Design and Implementation Guide and white paper provide guidance to users on securely sharing data from the plant floor through the enterprise.

The Identity Services Design and Implementation Guide and white paper introduce an approach to security policy enforcement that tightly controls access by anyone inside the plant, whether they’re trying to connect via wired or wireless access.

“Security can’t be an afterthought in today’s plant environment. As we connect more devices and create more efficient ways of operating, we also create certain vulnerabilities,” said Bryan Tantzen, senior director, Cisco. “Cisco and Rockwell Automation have been teaming for nearly a decade on joint solutions, serving as the standards-based resource for security in industrial environments. These new architectures and guides build on our collaboration by helping organizations recognize and proactively address today’s security concerns.”

Companies can now take advantage of industry-leading solutions from Rockwell Automation and Cisco to address security from a holistic perspective. Together, the two companies provide a common, scalable architecture for ruggedized industrial Ethernet and enterprise networks, along with unique services, such as security assessments and managed security, to help manufacturers define and meet performance metrics and scale in-house resources.

This announcement further extends the commitment by Rockwell Automation and Cisco to be one of the most valuable resources in the industry for helping manufacturers improve business performance by bridging the gap between plant-floor industrial automation and higher-level information systems.

Improved Industrial Network Security

Improved Industrial Network Security

Belden HiSEC OS  Probably the number one response to any discussion of connected enterprise, Internet of Things, and networking at the conference I attended last week security. We are connecting all these devices, therefore we need to know we are doing all we can to assure industrial network security.

Here are some new products from Belden said to enhance industrial network security.

Belden Inc. has introduced the newest version of its Hirschmann Security Operating System known as HiSecOS. With theHiSecOS Version 2.0, customers now have greater levels of insight into network data, as well as the ability to more easily create network routes and connect to multiple secure sites.

The key new features available with the HiSecOS 2.0 software include:
◦ Simpler network configuration options through the Open Shortest Path First (OSPF) dynamic routing protocol, which allow customers to set up network routes without any manual configuration required. The OSPF protocol also offers a seamless connection to the network’s backbone.
◦ Safer, more secure remote connections to the network via encrypted Virtual Private Network (VPN) communication. The VPN connection also makes it possible for customers to connect to two different secured sites using corporate networks.
◦ Protection against unwanted network traffic through an Intrusion Detection System (IDS), which enables customers to analyze ambiguous traffic, detect issues early and prevent those issues from replicating by identifying the root cause.

“The dynamic routing options, in combination with firewall functions, make this security operating system truly unique. Many firewalls do not provide them. The ability to connect seamlessly over VPN connection also enhances the security of the network,” said Product Manager Vinod Rana.

Similar to previous versions, HiSecOS 2.0 is exclusively developed with Hirschmann’s multi-port firewalls, theEAGLE20-0400 and EAGLE30-0402, in mind – to heighten overall network performance and offer more robust security features. These multi-port firewalls with router redundancy and wide area network (WAN) interface save significant time and costs, while helping achieve maximum network availability and reliability for industrial settings.

Due to robust design, EAGLE firewall products with HiSecOS 2.0 operate in various harsh industrial environments, including automotive, power transmission and distribution, oil and gas, and mining.

“It is becoming increasingly clear that security risks are present across all industrial settings. Our customers require networking equipment with reliable security features, so keeping our security product families up-to-date with the newest technology is key,” adds Rana. “HiSecOS 2.0’s new security and routing features not only improve uptime and reliability for customers, but also bring them enhanced ease-of-use and more understanding of the activity on their networks.”

Follow this blog

Get a weekly email of all new posts.