New Rockwell, Cisco CPwE additions for OT/IT

Nov. 23, 2015 – As industrial markets evolve to unlock the promise of the Internet of Things (IoT), Rockwell Automation and Cisco say they have announced new additions to their Converged Plantwide Ethernet (CPwE) architectures to help operations technology (OT) and information technology (IT) professionals address constantly changing security practices.

The security expansions, featuring technology from both companies, include design guidance and validated architectures to help build a more secure network across the plant and enterprise, they note.

Through these new connections, the parties say machine data on the plant floor can be analyzed and applied to determine optimal operation and supply-chain work flows for improved efficiencies and cost savings. A securely connected environment also enables organizations to mitigate risk with policy compliance, and protects intellectual property with secure sharing between global stakeholders, they add.

Core to the new architectures is a focus on enabling OT and IT professionals to utilize security policies and procedures by forming “multiple layers of defence.” A defence-in-depth approach, according to the parties, helps manufacturers by establishing processes and policies that identify and contain evolving threats in industrial automation and control systems. The new CPwE architectures leverage open industry standards, such as IEC 62443, and provide recommendations for more securely sharing data across an industrial demilitarized zone, as well as enforcing policies that control access to the plantwide wired or wireless network.

“The key to industrial network security is in how you design and implement your infrastructure and holistically address security for internal and external threats,” said Lee Lane, business director, Rockwell Automation. “The new guidance considers security factors for the industrial zone of the CPwE architectures, leveraging the combined experience of Rockwell Automation and Cisco.”

Rockwell Automation and Cisco have created resources to help manufacturers deploy security solutions. Each new guide is accompanied by a white paper summarizing the key design principles, as follows:
 
• The Industrial Demilitarized Zone Design and Implementation Guide and white paper provide guidance to users on sharing data from the plant floor through the enterprise.
• The Identity Services Design and Implementation Guide and white paper introduce an approach to security policy enforcement that controls access by anyone inside the plant, whether they’re trying to connect via wired or wireless access.

“Security can’t be an afterthought in today’s plant environment. As we connect more devices and create more efficient ways of operating, we also create certain vulnerabilities,” said Bryan Tantzen, senior director, Cisco. “Cisco and Rockwell Automation have been teaming for nearly a decade on joint solutions, serving as the standards-based resource for security in industrial environments. These new architectures and guides build on our collaboration by helping organizations recognize and proactively address today’s security concerns.”