Recent ActivityRecent Activity

It’s 10:00 p.m. Do You Know Where Your Data Is?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Dictumst vestibulum rhoncus est pellentesque elit ullamcorper. Aliquet risus feugiat in ante metus dictum at tempor. Urna condimentum mattis pellentesque id nibh tortor id aliquet. Nisi quis eleifend quam adipiscing vitae proin sagittis nisl. Nunc sed augue lacus viverra vitae congue eu consequat ac. Elit pellentesque habitant morbi tristique senectus et netus et.

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Dictumst vestibulum rhoncus est pellentesque elit ullamcorper. Aliquet risus feugiat in ante metus dictum at tempor. Urna condimentum mattis pellentesque id nibh tortor id aliquet. Nisi quis eleifend quam adipiscing vitae proin sagittis nisl. Nunc sed augue lacus viverra vitae congue eu consequat ac. Elit pellentesque habitant morbi tristique senectus et netus et. Egestas integer eget aliquet nibh praesent. Tristique sollicitudin nibh sit amet. Sed adipiscing diam donec adipiscing tristique risus nec feugiat in. Lobortis scelerisque fermentum dui faucibus in ornare quam viverra. Lacinia at quis risus sed vulputate odio. Ante in nibh mauris cursus mattis molestie a iaculis at. Non consectetur a erat nam at. Faucibus ornare suspendisse sed nisi lacus. In cursus turpis massa tincidunt dui ut ornare lectus. Fringilla ut morbi tincidunt augue interdum velit euismod.

Id aliquet risus feugiat in. In aliquam sem fringilla ut morbi tincidunt augue. Volutpat lacus laoreet non curabitur. Eget magna fermentum iaculis eu non diam phasellus. Bibendum arcu vitae elementum curabitur vitae nunc sed velit. Pellentesque habitant morbi tristique senectus et. Blandit volutpat maecenas volutpat blandit aliquam. Tellus integer feugiat scelerisque varius morbi. Sit amet purus gravida quis blandit turpis cursus. Viverra orci sagittis eu volutpat odio facilisis. Rhoncus est pellentesque elit ullamcorper dignissim cras tincidunt lobortis. Mi sit amet mauris commodo. Adipiscing at in tellus integer feugiat scelerisque varius morbi enim. Amet nisl purus in mollis nunc sed. Eget dolor morbi non arcu risus quis varius quam. Mattis enim ut tellus elementum sagittis vitae et. Lectus magna fringilla urna porttitor rhoncus dolor purus non.

At auctor urna nunc id cursus metus aliquam eleifend. Ipsum dolor sit amet consectetur adipiscing. Congue mauris rhoncus aenean vel elit scelerisque. Nunc mi ipsum faucibus vitae aliquet nec. Venenatis tellus in metus vulputate eu scelerisque felis imperdiet proin. Scelerisque fermentum dui faucibus in. Vel fringilla est ullamcorper eget nulla facilisi etiam dignissim diam. Est velit egestas dui id ornare arcu. Vel pretium lectus quam id leo in vitae turpis massa. Eu tincidunt tortor aliquam nulla. Hendrerit dolor magna eget est lorem ipsum.

Et pharetra pharetra massa massa ultricies. Tellus at urna condimentum mattis pellentesque id nibh tortor. Non diam phasellus vestibulum lorem sed risus ultricies tristique. Vel pretium lectus quam id leo. Mi sit amet mauris commodo. Id ornare arcu odio ut sem nulla pharetra. Pharetra sit amet aliquam id diam maecenas ultricies. Pharetra diam sit amet nisl suscipit. Vitae nunc sed velit dignissim sodales ut eu. Integer feugiat scelerisque varius morbi enim nunc. Egestas purus viverra accumsan in nisl nisi scelerisque. Sit amet nulla facilisi morbi tempus iaculis.

Nunc aliquet bibendum enim facilisis gravida neque convallis. Sed euismod nisi porta lorem mollis aliquam ut. Elementum facilisis leo vel fringilla est ullamcorper. Orci ac auctor augue mauris augue neque gravida in. Scelerisque viverra mauris in aliquam sem fringilla ut morbi. Tincidunt vitae semper quis lectus nulla at volutpat diam ut. Scelerisque varius morbi enim nunc faucibus a pellentesque sit. Orci porta non pulvinar neque laoreet suspendisse interdum consectetur libero. Nisi porta lorem mollis aliquam ut porttitor leo a diam. Pulvinar etiam non quam lacus suspendisse faucibus interdum posuere lorem. Risus pretium quam vulputate dignissim suspendisse in est ante. Commodo sed egestas egestas fringilla phasellus faucibus. Aenean et tortor at risus viverra adipiscing at in tellus. Quis imperdiet massa tincidunt nunc pulvinar. Diam ut venenatis tellus in metus vulputate eu scelerisque. Enim blandit volutpat maecenas volutpat. Lectus arcu bibendum at varius vel.

What’s the most critical information in your control system network? If you’re like most life sciences OT/IT professionals I meet, you’ll be able to answer that question even before I finish asking it.

Identifying critical system data – and recognizing the need to protect it – in many ways is the easy part. But designing a network infrastructure that can both help mitigate cybersecurity risk and take advantage of the latest Internet of Things (IOT) technologies can be a sticking point.

Certainly, today’s life sciences companies recognize the advantages of connecting more information across their enterprise to enhance electronic batch records and reporting – and enable advanced analytics and other digital technologies.

However, in their quest for greater connectivity, they could be making network choices that inadvertently introduce risk.

Is your network infrastructure intentional or unintentional?

Think about it. How do you enable disparate systems to share data?

Of course, the easiest way to achieve that goal is to put everything on the same network. And that’s not an uncommon occurrence.

For convenience, an organization may decide to move forward with a flat, unsegmented network – where information is freely exchanged. More commonly, an unsegmented network is an unintentional result of a legacy infrastructure that has expanded over time without benefit of VLANs, firewalls and other boundaries.

The problem with unsegmented networks

Regardless of the cause, an unsegmented network may enable easy access and communication – but it does so with a hefty price.

First, a flat, unsegmented network infrastructure exposes both non-critical and critical data equally to cybersecurity risk. Without network boundaries or access limitations, attackers can exploit the most vulnerable points of entry and move deeper into the network or anything connected to it.

Content at risk could range from manufacturing and recipe information – to clinical trial data, pricing and marketing strategies.

Additionally, an unsegmented network is typically an inefficient network. Companies may not initially be aware of network performance issues simply because they can still run their operation. But as systems are updated and new capabilities are added, network traffic increases, network collisions and slowdowns occur more frequently – and production issues often surface.  

Have you or someone you know ever lost data…or system visibility? It happens.   

As part of a defense-in-depth approach, network segmentation – or splitting a network into smaller networks – can help mitigate unnecessary broadcast traffic and limit what is immediately available to an attacker.

Building segmentation into your system     

Did you consider network design and performance when you built your automation system? And how do you incorporate segmentation to help limit the reach of a potential breach and improve network performance?

In my experience, most life sciences companies are great at managing their production processes. But many just don’t realize how the options they’ve chosen impact the network infrastructure. As a result, they may be unaware of the content scope and traffic patterns in their existing infrastructure – and potential risks and performance limitations. 

A system audit can help you gain a better understanding of what content is included in your system, how devices communicate and how information travels. As a first step, a system audit will provide you with the foundational information you need to identify potential risks and evaluate performance improvements.

Once an audit is complete, conducting a risk assessment aligned with IEC 62443 guidance is an industry best practice that can lead you down the right path to better network design and segmentation.  

IEC 62443 is a series of international standards that provide a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACS). Specifically, IEC 62443-3-2 provides risk assessment guidelines.

A risk assessment will provide a picture of your current security posture and what you need to do to achieve an acceptable risk state.

No doubt, you will find that different areas in your system have different security needs. The risk assessment will help you make reasonable decisions regarding the level of risk you’re willing to take to implement new technologies – and how to segment your network logically to achieve both security and productivity goals.  

Depending on your requirements, you may choose multiple segmentation methods including access control lists, firewalls, VLANS, industrial demilitarized zones (IDMZ), and other technologies. 

Securing your connected facility

Keep in mind, network segmentation is just one of many practices recommended as part of a defense-in-depth approach to cybersecurity. An effective strategy includes multiple layers of protection ranging from physical security devices as simple as doors to sophisticated electronic and procedural safeguards.

And an effective strategy is an ongoing process that requires not only thoughtful design, but also active intervention – and maintenance.

Learn how Rockwell Automation can help you design and maintain your system in alignment with IEC 62443 guidelines. And check out our latest IEC 62443 certifications.

Tim Mirth
Tim Mirth
PlantPAx Platform Leader, Rockwell Automation

Subscribe to Rockwell Automation and receive the latest news, thought leadership and information directly to your inbox.

Recommended For You