Working with Rockwell Automation was the logical choice for the utility, thanks to a 20-year relationship built on the foundation of prior automation services. The utility was confident the Rockwell Automation team understood its business operations, infrastructure security, and OT system.
The utility team also knew, from previous engagements, that Rockwell Automation backs their company's security and architecture expertise with comprehensive capabilities, setting the stage for another successful collaboration.
Rockwell Automation delivered a blend of lifecycle management and lifecycle refresh initiatives, with cybersecurity elements baked in from the start.
Step 1: Asset Inventory
First, Rockwell Automation initiated a comprehensive audit of the utility's digital assets to assess vulnerabilities and risks. This audit, critical for identifying potential cyber threats, illuminated previously unseen devices on the plant floor, enabling robust protection measures.
Step 2: Security by Network Segmentation
Recognizing the importance of network segmentation, the Rockwell Automation team implemented this critical security technique, dividing the network into subnetworks to control traffic flow and access rights. This step fortified the network's security posture, minimizing the impact of potential cyberattacks.
Step 3: Virtualized Industrial Data Center
Next, upgrading the compute infrastructure was pivotal in enhancing the utility's cybersecurity. Dual Industrial Data Centers (IDCs) with cross-backups and managed support services replaced the single-managed IDC. This upgrade delivered redundancy for process operations and a more dependable compute infrastructure, reducing the risk of downtime.
Step 4: Network Perimeter Security with an IDMZ (Industrial Demilitarized Zone)
To strengthen network perimeter security and safeguard OT assets from unauthorized access, an Industrial Demilitarized Zone (IDMZ) was deployed. This IDMZ architecture enabled secure remote operations, even during infrastructure disruptions.
“The dedicated OT virtualized compute infrastructure hosts a stretched IDMZ across two IDCs, to permit a site redundant IDMZ. The utility’s leaders were serious about maintaining the uptime of their critical and remote operations, even in the event of a plant disaster,” says Robert Matear, business development lead for Connected Services at Rockwell Automation.
Step 5: Extra Security Measures
Rockwell Automation also enlisted the help of Encompass™ Product Partner Claroty to detect hacking attempts and suspicious network activities. Specifically, the utility company will use Claroty’s Continuous Threat Detection (CTD) to monitor OT traffic and pinpoint threats and anomalies across the enterprise.
Claroty Secure Remote Access (SRA) will also be deployed, facilitating Role-based Access Control (RBAC) and privileged access management (PAM) to lock down accounts with elevated access rights.