Designing a Secure, Efficient OT Network Infrastructure

Achieving Effective Industrial Network Security

Rockwell Automation plus the Network Industry Giant

Business practices, corporate standards, policies, industry standards and tolerance to risk are key factors in determining the degree of resiliency and application availability required within an IACS plant-wide or site-wide architecture. Alternatives can include non-resilient LAN, resilient LAN, or redundant LANs for example.

A secure and resilient network architecture within an IACS application plays a pivotal role in helping to minimize the risk of IACS application shutdowns in the event of cyberattack, while helping to maximize overall plant and site uptime. Resilient architectures also accommodate future requirements more flexibly.

Elements to incorporate in resilient physical infrastructure designs include:

• Topologies and protocols
  
• Switching and routing
• Wireless LAN Controllers (WLC)
• Firewalls
• Network and device management

The Converged Plantwide Ethernet (CPwE) design guides from Rockwell Automation and Cisco provide guidance and best practices to help IT and OT teams collaboratively deploy scalable, robust, resilient and secure industrial network architectures.

Full Resilience, Safety and Security: How to Design Them In CPWE

Protecting people, environment and critical infrastructure

The CPwE key tenets include:

• Smart IIoT devices — Controllers, I/O, drives, instrumentation, actuators, analytics, and a single IIoT network technology (Ethernet/IP), facilitating both technology coexistence and IACS device Interoperability
• Zoning or Segmentation — Smaller connected LANs, functional areas, and security groups
• Resiliency — Robust physical layer and resilient or redundant topologies with resiliency protocols
• Time-critical data — Data prioritization and time synchronization via CIP Sync™ and IEEE-1588 Precision Time Protocol (PTP)
• Holistic defense-in-depth security — Multiple layers of diverse technologies for threat detection and prevention, implemented by different personas (for example, OT and IT) and applied at different levels of the plant-wide or site-wide IACS architecture. CPwE helps protect against cybersecurity threats including Man-in-the-Middle (MitM) attacks, ransomware and other drivers of downtime and loss
• Convergence-ready—Seamless plant-wide CPwE are relevant to both OT and IT disciplines

Creating a Modernized Plant That Works for Everyone

The ease of integration with modernized tools will surprise you

An IACS is deployed in a wide variety of industries such as automotive, pharmaceuticals, con-sumer packaged goods, pulp and paper, oil and gas, mining, and energy. IACS applications are composed of multiple control and information disciplines such as continuous process, batch, discrete and hybrid combinations.

One of the challenges facing industrial operations is the hardening of standard Ethernet and IP-converged IACS networking technologies to take advantage of the business benefits associ-ated with IIoT. A resilient LAN architecture can help to increase the overall equipment effec-tiveness (OEE) of the IACS by reducing the impact of a failure while speeding recovery outages – such as cyberattack – which in turn lowers Mean-Time-to-Repair (MTTR).

Modernizing aging automation equipment has far-reaching benefits. Updating can help im-prove productivity and access to plant-wide information, extend product lifecycle and make product development more agile by offering increased system flexibility. Find out how Rock-well Automation does it through planning and design.

Design Guidance and Best Practices

Deployments of Network Convergence

Industry adoption of Ethernet/IP™ for control and managed data transit enables the conver-gence of industrial and enterprise networks. We collaborate with our premium partners to de-ploy scalable, robust, secure, safe, and future-ready industrial network architectures. We have addressed topics relevant to both operations technology (OT) and information technology (IT) teams.