Sign In Help
Schneider Electric
HelpSign In
Schneider Electric Exchange
  • Home
  • Collaborate
  • Develop
  • Shop
Home Collaborate Develop Shop Log in or Register Help

Invite a Co-worker

Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel

Invitation Sent

Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
  • Home
  • Collaborate
  • Exchange Community
  • :
  • Industrial Automation
  • :
  • Industry 4.0 Blog
  • :
  • Industrial Cybersecurity Roadmap for Final Users
Community Menu
  • Forums
    • By Topic
        • EcoStruxure IT
          • EcoStruxure IT forum
        • Industrial Automation
          • Industry Automation and Control Forum
          • Alliance System Integrators Forum
          • Machine Solutions in the Digital Transformation
          • EcoStruxure Automation Expert / IEC 61499 Forum
          • Industrial Edge Computing Forum
          • Level and Pressure Instrumentation Forum
          • Modicon User Group
          • PLC Club Indonesia
          • SEE Automation Club Forum
          • Fabrika ve Makina Otomasyonu Çözümleri
          • Форум по промышленной автоматизации СНГ
        • SCADA & Telemetry Solutions
          • Geo SCADA Expert Forum
          • SCADA and Telemetry Devices Forum
        • Power Distribution IEC
          • Power Distribution and Digital
          • Power Standards & Regulations
          • Paneelbouw & Energie Distributie
        • Power Distribution Softwares
          • EcoStruxure Power Design Forum
          • SEE Electrical Building+ Forum
          • LayoutFAST User Group Forum
        • Solutions for your Business
          • Solutions for Food & Beverage Forum
          • Solutions for Healthcare Forum
    • By Segment
        • Food & Beverage
          • Solutions for Food & Beverage Forum
        • Healthcare
          • Solutions for Healthcare Forum
      • EcoStruxure IT
        • EcoStruxure IT forum
      • Industrial Automation
        • Industry Automation and Control Forum
        • Alliance System Integrators Forum
        • Machine Solutions in the Digital Transformation
        • EcoStruxure Automation Expert / IEC 61499 Forum
        • Industrial Edge Computing Forum
        • Level and Pressure Instrumentation Forum
        • Modicon User Group
        • PLC Club Indonesia
        • SEE Automation Club Forum
        • Fabrika ve Makina Otomasyonu Çözümleri
        • Форум по промышленной автоматизации СНГ
      • SCADA & Telemetry Solutions
        • Geo SCADA Expert Forum
        • SCADA and Telemetry Devices Forum
      • Power Distribution IEC
        • Power Distribution and Digital
        • Power Standards & Regulations
        • Paneelbouw & Energie Distributie
      • Power Distribution Softwares
        • EcoStruxure Power Design Forum
        • SEE Electrical Building+ Forum
        • LayoutFAST User Group Forum
      • Solutions for your Business
        • Solutions for Food & Beverage Forum
        • Solutions for Healthcare Forum
      • Food & Beverage
        • Solutions for Food & Beverage Forum
      • Healthcare
        • Solutions for Healthcare Forum
  • Blogs
    • By Topic
        • Industrial Automation
          • Industrial Edge Computing Blog
          • Industry 4.0 Blog
          • Industrie du Futur France
        • SCADA & Telemetry Solutions
          • SCADA and Telemetry Blog
        • Power Distribution IEC
          • Power Events & Webinars
          • Power Foundations Blog
        • Power Distribution NEMA
          • NEMA Power Foundations Blog
        • Power Distribution Softwares
          • EcoStruxure Power Design Blog
          • SEE Electrical Building+ Blog
        • Solutions for your Business
          • Solutions for Food & Beverage Blog
          • Solutions for Healthcare Blog
          • Solutions for Retail Blog
    • By Segment
        • Food & Beverage
          • Solutions for Food & Beverage Blog
        • Healthcare
          • Solutions for Healthcare Blog
        • Retail
          • Solutions for Retail Blog
      • Industrial Automation
        • Industrial Edge Computing Blog
        • Industry 4.0 Blog
        • Industrie du Futur France
      • SCADA & Telemetry Solutions
        • SCADA and Telemetry Blog
      • Power Distribution IEC
        • Power Events & Webinars
        • Power Foundations Blog
      • Power Distribution NEMA
        • NEMA Power Foundations Blog
      • Power Distribution Softwares
        • EcoStruxure Power Design Blog
        • SEE Electrical Building+ Blog
      • Solutions for your Business
        • Solutions for Food & Beverage Blog
        • Solutions for Healthcare Blog
        • Solutions for Retail Blog
      • Food & Beverage
        • Solutions for Food & Beverage Blog
      • Healthcare
        • Solutions for Healthcare Blog
      • Retail
        • Solutions for Retail Blog
  • Ideas
        • Industrial Automation
          • Modicon Ideas & new features
        • SCADA & Telemetry Solutions
          • Geo SCADA Expert Ideas
          • SCADA and Telemetry Devices Ideas
  • Knowledge Center
    • Building Automation Knowledge Base
    • Industrial Automation How-to videos
    • Ask Exchange
    • Digital E-books
    • Success Stories Corner
    • Power Talks
  • Events & Webinars
  • Support
    • User Guide
    • Leaderboard
    • Releases Notes
How can we help?
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
49237members
Join Now
242453posts
Join Now

Industrial Cybersecurity Roadmap for Final Users

mateomadariaga
Ensign mateomadariaga
Ensign
‎2020-11-04 02:07 AM
1 Like
0
153
  • Subscribe to RSS Feed
  • Mark as New
  • Mark as Read
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
‎2020-11-04 02:07 AM

Industrial Cybersecurity Roadmap for Final Users

Originally published on Industry 4.0 Blog by mateomadariaga | November 04, 2020 11:07 AM

Industrial Cybersecurity Roadmap for Final Users.png

 

The Industrial Scenario

Cybersecurity’s importance is being driven by the global business environment becoming increasingly interconnected and reliant on data and digital technologies. As a result, organizations need to think of cybersecurity not just in terms of compliance and risk mitigation, but as an essential business function that is fully embedded in processes and systems.

 

Companies in the industrial sector are most exposed to the changes that digitalization is producing. These changes have arisen from the progress that has taken place in today’s industrial ecosystem; industrial control systems (ICS) optimization, new internet of things (IoT) solutions, Cloud Computing, Big Data and Artificial Intelligence platforms among others. Digital transformation brings several benefits such as boosting the performance of industrial assets, enhances efficiency and productivity, accelerates reaction to changes in trends/demand, fosters competitive advantage, allows predictive and remote maintenance, and most importantly, it optimizes costs and operational expenditures.

 

However, new technology innovations also bring newfound risks. As we connect our factories, machinery, and operational technology (OT) systems to the internet we are also exposing them to new potential threats. This is a well known saying in the cyber world: if connected you are being hacked. We need to assume cybersecurity as a prerequisite for all digital transformation projects and this implies to deal with new problems in both greenfield and brownfield scenarios.

 

Cybersecurity Roadmap

Once the customer is committed to improving his security level, he needs to build a cybersecurity plan to analyze his current situation and evaluate the gaps. This is an essential tool for any organization that seeks to protect its customers, employees and corporate information. The first step in the cybersecurity roadmap is to understand where a company is at present, and where you would like to be in the future. Characteristics and functions of the cybersecurity approach have to be defined, including risk compliance, security administration, security architecture and design, and security operations.

 

Imagen 1.png

 

  • Asset inventory management

At this point, the customer needs to understand the size of the problem and make some research on how his infrastructure looks. At this point, the customer needs to upgrade the last documented version of the architecture and check how the current network diagram differs from it by means of an asset inventory. Sometimes, legacy infrastructures that have been built several years ago have no previous documented version or have not implemented an automatic asset inventory solution.

The most usual scenario is that legacy industrial plants present a flat network. This means that the field devices are all together interconnected. This paradigm was really extended before the 2000's as it was the easiest way to interconnect the network devices and also minimize the maintenance. That was a good idea in those days, because there was no malware still or potential cyberthreats.

Nevertheless, with the advent of Industry 4.0, we are interconnecting through the internet industrial infrastructures, manufacturing factories, water and wastewater systems, electric grids... The reverse side of the coin is that these networks are exposed to the internet and its threats. If one of the devices on the networks get infected, these malicious code can be spread through the plant/facility, disrupting the functioning of the automation equipment, as there is barely any network segmentation in legacy infrastructures.

 

  • Network Segmentation

In order to overcome these problems, segmentation is highly encouraged. Segmentation divides an industrial network into smaller parts. The purpose is to improve network performance and security. There are different ways to achieve this goal depending on the constraints and customer requirements. Typically, at this point, industrial processes are segregated in functional units, controlling how traffic flows among the parts. So enterprises need to understand the risks of the overall system when designing this new network diagram, in order to isolate the most critical units and set up new rules and connections based on security requirements.

 

  • Firewall and Virtual Patching

At the same time, one establishes secure communication conduits defining which zone or segment can talk with which other and through which network services. Thanks to that, the surface attack is reduced. Different techniques and products can be used depending on the likelihood of vector attacks in these functional units. For example, in M2M communication a stateful firewall could be enough. However, in a zone with engineering workstations, a deep-packet-inspection (DPI) firewall is mostly recommended.

 

  • Communication and devices hardening

Most of the communication protocols in the industrial field do not implement the basic cryptographic techniques to ensure the privacy, confidentiality or integrity of the data. Without this protection, one can manipulate the information sent through the network or impersonate an engineering workstation. As a result, data can be poisoned or misused in analytics or decision-making processes, which can lead to interrupt the operation of the plant, huge economic losses, devastation environmental problems or even could cost lives in critical scenarios.

The only way to increase the security in this case is to implement advanced cryptographic techniques, in those protocols or in the communication or in the network system. Unfortunately, this step is quite difficult as most of the time in legacy infrastructures you cannot modify the architecture or the protocols used. Properly setting encryption in key communications or hardening risky channels mitigate most of the potential risks.

 

  • IDS/IPS Monitoring

Once the security level of the network meets the requirements of the risk manager, the challenge is to keep it against new threats or attack vectors. Monitorization plays a key role in this phase. Different tools and techniques can be used to ensure visibility and persistent threat detection.

Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) detect potential malicious activities or security policies violations. Usually IDS/IPS creates a base-line and when an anomaly is detected, it sends an alarm to Security Information and Event Management (SIEM). This alarm is managed by the qualified personnel and the proper actions are done according to the criticality of the alarm. If the event is not discarded, the Incident Response team will be involved to solve any problem and recover the normal functioning of the system. Finally, note that these solutions do not prevent attacks but help to detect persistent threats.

 

Summary

The cybersecurity roadmap will slightly change per segment and end-user, according to its requirements, needs and circumstances. This roadmap provides a defense-in-depth approach and can be enriched by zero-trust point of view. Building a cybersecurity roadmap doesn’t have to be laborious or overly theoretical. By beginning with high-level objectives and adding details as you progress and mature, you’ll be well on your way to success. 

 

Trust Enigmedia as your cybersecurity partner, our objective is to embrace digital transformation in critical infrastructures and the industrial sector. We provide easy-to-deploy and cost-effective native cybersecurity solutions to protect industrial networks, guiding our partners along the cybersecurity roadmap, ensuring optimum protection at all stages. Mercury Cipher is our native OT cybersecurity solution, allowing secure data collection, communications protection, network segmentation, firewalling, remote access, and intrusion detection, becoming a perfect tool for industrial environments. For more information about our unified threat manager (UTM) solution, visit our Mercury Cipher product page on Schneider Electric Exchange Shop. 

Labels:
  • Cybersecurity

  • Tags:
  • asset inventory management
  • control systems optimization
  • cybersecurity roadmap
  • Digital transformation
  • english
  • industrial cybersecurity
  • IoT solutions

Author

mateomadariaga

Share
  • Back to Stream
  • Newer Article
  • Older Article

Would you like to add a comment?

All registered members have full access to the Exchange Community and can post comments and start topics.

  • Sign in / Register
Top Labels
Top Labels
  • Alphabetical
  • Smart Operations 33
  • Digital Transformation 23
  • Smart Design & Engineering 17
  • Cybersecurity 8
  • Workforce Empowerment 5
  • Asset Management 4
  • Energy Efficiency 1
  • Previous
  • 1 of 2
  • Next
Latest Blog Posts
  • Efficiency Takes More Than Just Good Instruments
  • Integrate new Digital Solutions with Existing Manufacturing Execution Systems?
  • Align digital solutions with the ISA S88 batch processing Standard
  • 3 tips to select Hybrid process automation system digital solutions components
  • Industrial Cybersecurity Roadmap for Final Users
Featured Blog Posts

Align digital solutions with the ISA S88 batch processing Standard

cs_limaye_super
Related Products
Enigmedia
Mercury Orchestrator
Enigmedia
Mercury Cipher
Support

Have a question? Please contact us with details, and we will respond.

Contact Us
FAQ

Look through existing questions to find popular answers.

Learn More
About

Want to know more about Exchange and its possibilities?

Learn More

Full access is just steps away!

Join Exchange for FREE and get unlimited access to our global community of experts.

Connect with Peers & Experts

Discuss challenges in energy and automation with 30,000+ experts and peers.

Get Support in Our Knowledge Base

Find answers in 10,000+ support articles to help solve your product and business challenges.

Ask Questions. Give Solutions

Find peer based solutions to your questions. Provide answers for fellow community members!

Register today for FREE

Register Now

Already have an account?Log in

About Us FAQ Terms & Conditions Privacy Notice Change your cookie settings
©2020, Schneider Electric