perm_phone_msgConsider your business risks? Chat With US

Effective cybersecurity is a team sport

Cyber insurance BCyber todayDecember 25, 2019 54

share close

“IEC 62443 and other standards are crucial because they can help drive governance of cybersecurity at the operations technology level.” Rockwell Automation’s Kamil Karmali on the important role that industry standards play in promulgating consistent cybersecurity practices. 

Because cybersecurity is a continuous journey with many hurdles and tasks, it’s always good to get some help from friends along the way.

“There’s no way to buy one product and be done with cybersecurity,” said Steven  Ludwig, program manager, Safety and Security, Rockwell Automation. “Establishing and maintaining effective cybersecurity is an incredibly collaborative affair. This means continuous cooperation between us, our customers, and partners like Cisco, Panduit, Stratus and others. All these players are jointly focused on the layers of achieving defense in depth, including physical, network, computing, applications and devices.”

Ludwig and several colleagues reported on and demonstrated several major cybersecurity initiatives and solutions on display in Rockwell Automation’s Integrated Architecture booth at this week’s Automation Fair 2019 in Chicago. They reported that collaboration can help users establish policies, procedures and cybersecurity awareness at the physical and network layers, as well as combine the newly released CIP Security standard, FactoryTalk View Security software and ThinManager visualization platform.

The exhibit also used a ControlLogix controller and Stratix 5700 switch to show how an unprotected EtherNet/IP protocol connection could be exploited by an unauthorized software script to reverse the direction of a motor. However, a link using EtherNet/IP and CIP Security and its transport layer security (TLS) remained unaffected by the malware.

“Attack surface protection is a much bigger topic than is commonly understood,” said Roger Hill, portfolio manager, cybersecurity, Control & Visualization, Rockwell Automation. “Fortunately, ThinManager serves between many of these elements. It can handle security tasks and reduce attack surfaces.”

Three-phase security strategy

To coordinate and deploy its cybersecurity solutions and services, Rockwell Automation is using a before, during and after methodology as it collaborates with customers and partners. Each of these phases include:

To carry out this three-phase mission, Rockwell Automation recently expanded its Threat Detection Services powered by the Claroty threat detection platform. It creates an inventory of a user’s industrial network assets, monitors traffic among them, and analyzes communications at their deepest level. Detected anomalies are reported to plant and security personnel with actionable insights.

Serious assist from standards

Beyond implementing risk-based cybersecurity, Ludwig added that Rockwell Automation is enhancing its cybersecurity efforts by aligning and integrating them with the ISA/IEC 62443 series of cybersecurity standards.

“Cybersecurity standard are important because they can help developers and users build systems with security in mind from the beginning,” explained Ludwig. “In addition, Rockwell Automation is a founding member of the ISA Global Cybersecurity Alliance, so we’re dedicated the standards-based cybersecurity. In fact, during the past year, we achieved IEC 62443-4-1 certification, while our L8 ControlLogix processor just got IEC 62448-4-2 certified.”

Rockwell Automation reported earlier this year that Allen-Bradley ControlLogix 5580 controller is now the world’s first programmable automation controller to be certified compliant with the IEC 62443-4-2 security standard by third party TÜV Rheinland.

“The NIST cybersecurity framework is better for CEOs and others at the enterprise level to determine what they need, but IEC 62443 is a comprehensive set of standards that can help users undertake a compliance effort that will provide practical protection,” added Hill. “These standards also enable us to provide some assurance to the customers that we’re developing products in a secure way, which they can use to measure their own cybersecurity.”

“IEC 62443 and other standards are crucial because they can help drive governance of cybersecurity at the operations technology (OT) level,” added Kamil Karmali, commercial leader, Global Services Portfolio Team, Customer Support & Maintenance, Rockwell Automation. “They help in setting policies and procedures, and enable users to understand that there isn’t one solution. Standards also show users how to assess vulnerabilities and risk, implement and scale solutions quickly, and update critical workforce skills, too.”

Get the best of Automation Fair 2019

The editors of Control are on-site at Automation Fair 2019 to bring you breaking news, innovations and insights from the event. Once the event is over, they will put together a report featuring the top news. Pre-order your copy today.

This content was originally published here.

Written by: BCyber

Rate it
Previous post