"Pre-engineered solutions can help users get their networks installed faster, as well as implement best practices for cybersecurity," Rockwell Automation’s Sherman Joshua explained the broad range of cybersecurity services and capabilities the company offers today at Automation Fair.
If the first question is, "How can my organization participate in The Connected Enterprise and profit from its performance gains?” the second question is, "How can I do it securely and safely?"
To answer both queries and give its customers the confidence to fully participate in today's more tightly integrated networks, Rockwell Automation is offering a continuum of cybersecurity and other services, and is demonstrating them this week in the Connected Services exhibit at Automation Fair 2017 in Houston.
"With today's raised threat levels, we're all focusing more on cybersecurity. However, these alerts and information typically come from many different sources, so we're pulling them together into one view," said Sherman Joshua, portfolio manager for Connected Services, Rockwell Automation. "This lets users understand high-level attacks, and deal with them before, during and after they occur."
To give users the appropriate firewalls and software patches before probes, intrusions and attacks happen, Joshua reported that Rockwell Automation services personnel begin by performing its asset inventory service. “Our people walk a customer's facility, collect all its assets and profiles, and put them in a hierarchy," explained Joshua. "After that, we do ongoing evaluations with tools like Claroty software, which does passive monitoring to keep the inventory up to date."
Cybersecurity at this "before" stage also involves the Rockwell Automation Qualified Patch Management service that relies on Microsoft Azure, publishes patches to a customer site, and provides a list that the customer and the Rockwell Automation team can use to develop and carry out an appropriate patching plan. These preparation services also include:
- Vulnerability and Risk Assessments,
- Industrial Control System (ICS) Security Zone and Industrial Demilitarized Zone (DMZ) Segmentation, and
- Industrial Security Countermeasure Deployment, such as firewalls, application whitelisting for legacy devices, and protection software from Symantec, another Rockwell Automation partner.
Using data from Claroty and its other security preparations, Joshua reported that Rockwell Automation's cybersecurity offering “during” operations uses a baseline for normal operations to determine when abnormal network traffic or other anomalies are happening. "We blend baseline/normal traffic, and use detection technology with services management, which lets us look at industrial protocols, and even map how a PLC is talking to drives from multiple vendors," added Joshua. "Having reports like these and the asset inventory on the cloud in Azure makes them much easier for users to access compared to the Excel spreadsheets they used to get."
Other security measures "during" and immediately "after" intrusion and attack events include:
- Real-Time Threat Detection Services
- Remote Monitoring and Response Services
- Incident Handling and Response, Incident Response and Disaster Recovery Planning Services
- Backup and Recovery Solutions, such as Rockwell Automation FactoryTalk AssetCentre software, which can assist backup and recovery efforts because it can restore entire computers, servers and plant images
"Besides simply monitoring switches and servers, we also evaluate asset health because device performance can also indicate that an abnormal event may be happening," said Joshua. "If a switch or other component is heating up unexpectedly, it could indicate an attack."
In addition to monitoring and reporting on networks and hardware for customers, Joshua added they can also use their new FactoryTalk Network Manager software to easily monitor and troubleshoot their networks on their own, with little IT expertise required. "FactoryTalk Network Manager enables a blend of us and our user monitoring their networks," explained Joshua. "It’s information technology (IT) horsepower at an operations technology (OT) skill set."
While implementing cybersecurity tools and software is crucial, Joshua cautioned that it must be accompanied by a response and recovery plan for when a security breach actually occurs. "You must know what to do. You don't want to be scrambling," said Joshua. "So, we consult with each customer's IT and OT leaders, and find the middle ground on which they can build their Incident Handling and Response Plan, and test it, so they can contain and eradicate infections, but also balance it with the need to maintain production."
Essential network services
While cybersecurity might seem like a final goal, Joshua reported it's also part of a series of network services that users need to run their applications efficiently and profitably. "The foundation of building industrial networks is taking security into account, but pre-engineered solutions can also help users get their networks installed faster, as well as implement best practices for cybersecurity. Most users have a hodgepodge of networks, but to achieve The Connected Enterprise, they need a more deliberate way to transfer data from their plant floors to the enterprise."
The best vehicle for making this journey is Rockwell Automation's Industrial Data Center (IDC), the five-year-old centerpiece of its Pre-Engineered Network Solutions portfolio. Consisting of rack-mounted servers and virtual networks in an industrial enclosure, the IDC was a collaborative effort by Rockwell Automation and a who's who of its partners, including Microsoft, Cisco, Panduit, VMware and EMC2. Its latest capabilities include:
- Patch management services managed by Rockwell Automation,
- Backup solutions and location separation functions, and
- Gateway devices that receive data from Industrial Internet of Things (IIoT) components and transfer them to the cloud.
"When users need set up a secure network quickly, IDC lets them do it comfortably with a tested solution that gets them to market faster," he said. "We also give them one part number, and most importantly, one number to call for support. Instead of having to call a different supplier for each component or system, we support the IT side and all the attached OT applications and hardware with Industrial Data Center. Plus, we can do all of these tasks as managed services for a low monthly fee. We call it Infrastructure as a Service (IaaS)."
For instance, Joshua reported, the Rockwell Automation Connected Services team recently helped a mining client with 21 sites assess its facilities; plan, separate and segment its networks; add pre-engineered devices like building blocks; install new switches, fiber and copper cabling; implement PLCs, drives and HMIs; and roll out four or five sites at a time. "We were able to complete this project for them in one year, even though they expected it would take two years, which was a 50% savings," said Joshua.
Similarly, he added, Pepsico recently needed to upgrade networking at seven of its beverage plants, but wanted to do it without using its capital expenditure (CapEx) budget, and to enable its OT staff to monitor and manage the new network. As a result, Pepsico adopted Rockwell Automation's IaaS program two years ago, scaled it up a year ago, and is continuing to expand it to 20 plants. Rockwell Automation also layered in security and patch management services with its pre-engineered equipment.
"We're proud of the fact that our average response time to critical alerts and alarms for this application is three minutes," added Joshua. "In fact, if a response takes more than 10 minutes, the service level agreement (SLA) in our contract contains penalties for us. We really mean what we say about the performance for this application, but with us monitoring and managing its infrastructure, we've also achieved a 90% reduction in troubleshooting time, which has meant a lot less downtime."