November 1, 2017
The prevailing trend in Industrial Automation and Control System (IACS) networking is the convergence of technology, specifically IACS operational technology (OT) with information technology (IT). Converged Plantwide Ethernet (CPwE) helps to enable IACS network technology convergence through the use of standard Ethernet, Internet Protocol (IP), network services, security services and EtherNet/IP. A converged IACS network technology helps to enable the Industrial Internet of Things (IIoT).
IIoT helps offer the promise of business benefits through the use of innovative technology such as mobility, collaboration, analytics and cloud-based services. The challenge for manufacturers is to develop a balanced security stance to take advantage of IIoT innovation while maintaining the integrity of industrial security best practices. Business practices, corporate standards, security policies and procedures, application requirements, industry security standards, regulatory compliance, risk management policies and overall tolerance to risk are all key factors in determining the appropriate security stance.
Cloud-based services help to enable data collaboration and remote monitoring of dashboards by plant personnel and/or trusted industry partners (for example, system integrator, OEM or contractor) for IACS applications within the CPwE architecture. A holistic industrial security stance is necessary in order to help protect the integrity of safety and security best practices while also helping to enable restricted cloud-based services. No single product, technology or methodology can fully secure plant-wide architectures. Protecting IACS assets requires a holistic defense-in-depth security approach that addresses internal and external security threats. This approach uses multiple layers of defense (administrative, technical and physical), using diverse technologies at separate IACS levels, by applying policies and procedures that address different types of threats. The CPwE Industrial Security Framework, which applies a holistic defense-in-depth approach, is aligned to industrial security standards such as IEC-62443 (formerly ISA-99) Industrial Automation and Control Systems (IACS) Security and NIST 800-82 Industrial Control System (ICS) Security.
This release of Cloud Connectivity to a Converged Plantwide Ethernet Architecture CRD (Cisco Reference Design), which is documented in the Cloud Connectivity to a Converged Plantwide Ethernet Architecture Design Guide, outlines several security architecture use cases for designing and deploying restricted end-to-end outbound connectivity with FactoryTalk® software from the machine to the enterprise, to the cloud within a CPwE architecture. The CPwE Cloud CRD is brought to market through a strategic alliance between Cisco Systems and Rockwell Automation.
Read the full article here: http://literature.rockwellautomation.com/idc/groups/literature/documents/wp/enet-wp019_-en-p.pdf