Because cybersecurity is a continuous journey with many hurdles and tasks, it's always good to get some help from friends along the way.
"There's no way to buy one product and be done with cybersecurity,” said Steven Ludwig, program manager, Safety and Security, Rockwell Automation. “Establishing and maintaining effective cybersecurity is an incredibly collaborative affair. This means continuous cooperation between us, our customers, and partners like Cisco, Panduit, Stratus and others. All these players are jointly focused on the layers of achieving defense in depth, including physical, network, computing, applications and devices."
Ludwig and several colleagues reported on and demonstrated several major cybersecurity initiatives and solutions on display in Rockwell Automation's Integrated Architecture booth at this week’s Automation Fair 2019 in Chicago. They reported that collaboration can help users establish policies, procedures and cybersecurity awareness at the physical and network layers, as well as combine the newly released CIP Security standard, FactoryTalk View Security software and ThinManager visualization platform.
The exhibit also used a ControlLogix controller and Stratix 5700 switch to show how an unprotected EtherNet/IP protocol connection could be exploited by an unauthorized software script to reverse the direction of a motor. However, a link using EtherNet/IP and CIP Security and its transport layer security (TLS) remained unaffected by the malware.
"Attack surface protection is a much bigger topic than is commonly understood," said Roger Hill, portfolio manager, cybersecurity, Control & Visualization, Rockwell Automation. "Fortunately, ThinManager serves between many of these elements. It can handle security tasks and reduce attack surfaces."
Three-phase security strategy; a risk-based approach
To coordinate and deploy its cybersecurity solutions and services, Rockwell Automation’s services strategy is based upon the NIST cybersecurity framework using the before, during and after methodology as it collaborates with customers and partners to mitigate cyber risk across the attack continuum:
- "Before" focuses on establishing the current state of cybersecurity hygiene starting with asset inventory identification of a customer’s install base, both hardware, software, and network; leveraging operational expertise, Rockwell Automation conducts risk assessments to find vulnerabilities in order to help customers prioritize and baseline improvement areas and then develop a risk management strategy; to begin implementing protections such as segmenting networks, physical to virtual migrations, and patch management
- "During" concentrates on real time threat detection, and carrying out elements of the risk-based cybersecurity strategy identified earlier. This includes performing continuous monitoring, anomaly detection and other active measures where Rockwell Automation can deploy, configure, and monitor, in real time, 24x7.
- "After" involves incident response planning, disaster recovery and reevaluation in accordance with the individual needs of each customer to minimize the impact of downtown to accelerate the speed of returning to normal operations.
To execute this three-phase framework, Rockwell Automation provides not only consulting based offerings but also a new suite of OT Managed Services that combine critical support components like domain expertise, technology, remote connectivity and monitoring. Furthermore, their threat detection services combined with Claroty’s threat detection software provides continuous threat detection and the ability to scale globally.
Serious assist from standards
Beyond implementing risk-based cybersecurity, Ludwig added that Rockwell Automation is enhancing its cybersecurity efforts by aligning and integrating them with the ISA/IEC 62443 series of cybersecurity standards.
"Cybersecurity standards are important because they can help developers and users build systems with security in mind from the beginning," explained Ludwig. "In addition, Rockwell Automation is a founding member of the ISA Global Cybersecurity Alliance, so we're dedicated the standards-based cybersecurity. In fact, during the past year, we achieved IEC 62443-4-1 certification, while our L8 ControlLogix processor just got IEC 62448-4-2 certified."
Rockwell Automation reported earlier this year that Allen-Bradley ControlLogix 5580 controller is now the world’s first programmable automation controller to be certified compliant with the IEC 62443-4-2 security standard by third party TÜV Rheinland.
"The NIST cybersecurity framework is better for CEOs and others at the enterprise level to determine what they need, but IEC 62443 is a comprehensive set of standards that can help users undertake a compliance effort that will provide practical protection," added Hill. "These standards also enable us to provide some assurance to the customers that we're developing products in a secure way, which they can use to measure their own cybersecurity."
"IEC 62443 and the NIST framework are crucial because they can help drive governance of cybersecurity at the operations technology (OT) level,” added Kamil Karmali, Commercial Lead, Global Services Portfolio Team, Customer Support & Maintenance, Rockwell Automation. “Standards, ,policies and procedures are important to enable executive and customers teams to shift organizational behaviors and practices towards an overall better risk posture. It’s important to understand that there isn't one point solution to Cybersecurity in manufacturing. It’s a multi-step pragmatic approach based on a customer’s overall risk tolerance and commitment to financial capital while combining technology, people, and processes with standards to quickly assess vulnerabilities and risk, identify, implement and scale solutions quickly, and solve workforce skills gaps with remote managed services."