Close IT/OT Gaps to Achieve Holistic Security
We heard from many attendees who have been told they only need a single security strategy.
The truth is, a lone network, application or other security strategy isn’t enough. You need a comprehensive defense-in-depth strategy. One that uses multiple layers of protection to stop threats.
But remember: You can’t holistically address risks across your people, processes and technologies when your IT and OT organizational structures are siloed. There are cultural, procedural and technical differences that must be addressed.
Consider something like user authorization. Your IT and OT security policies should be integrated, so you can deauthorize users at every level of your company with a single action. If you have separate IT and OT policies, a worker may be deauthorized from the enterprise network but not the plant network. That can leave you vulnerable to an attack by a disgruntled former worker.
Patch management is another example. It’s a fairly minor consideration for IT, because they have standard operating systems throughout the enterprise, and delays for users are minor. But patching should be carefully managed on the plant floor, where different controllers have different operating systems, and even minor downtime can be costly.
We formed our Strategic Alliance with Cisco specifically to help companies conquer IT/OT convergence challenges, including security. Our alliance brings together the industry leaders in automation and IT, making us uniquely qualified to bridge IT/OT technical and cultural gaps to support holistic security.
Nowhere is our combined expertise more visible than in our Converged Plantwide Ethernet (CPwE) design guides. They provide guidance and best practices to help IT and OT teams collaboratively deploy scalable, robust, safe and secure industrial network architectures.
Leverage Security Standards
We continue to hear from companies who are looking to their industry allies to help them stay ahead of changing security threats.
For example, we can help you leverage the latest security standards.
The CIP Security protocol from ODVA uses the most proven security standard available. While only available today in a few select industrial devices, CIP Security helps make sure only authorized industrial devices can exchange information. It also prevents tampering or modification of communications or disclosure of data to help protect your production assets and intellectual property.
The right supplier can also provide you with products that have built-in security that meet accepted security standards.
One example is the Allen-Bradley ControlLogix 5580 controller. It’s the first controller on the market to be certified compliant with IEC 62443-4-2, today’s most robust control system security standard. Our security development lifecycle (SDL) approach has also been certified to meet IEC 62443-4-1. This can give you peace of mind, knowing your products are developed to the internationally recognized standard.
