Whether you are trying to reduce delays in your railways operations, enhance the stability of the power grid, improve road safety by deploying Intelligent Transportation Systems (ITS), or pull data from wind turbines to create an optimized repair schedule, you are facing the same challenge – connecting more OT (operational technology) assets while making your critical infrastructure more cyber resilient.
Building modern and agile operations across a city, a region, or a country is not only a networking challenge, it is also a challenge for cybersecurity. Across industries, regulations such as TSA Mandates, NERC-CIP (North America Reliability Corporation-Critical Infrastructure Protection), or NIS2 (Network and Information Security Directive 2) are requiring strong cybersecurity measures to be enforced. In the enterprise, security has always been a factor in the design. In operational networks, the foundational elements to securing distributed infrastructures are often not in place, and a single breach can be devastating.
As industrial operators are updating their WAN infrastructures to support more assets and streamline operations, they have a major opportunity to adopt architectures that unify networking and security and have been used successfully in Enterprise Markets for decades. For over 20 years, Cisco has been developing rugged routers that are purpose-built for these demanding operational use cases. Our third-generation portfolio of Catalyst Industrial Routers offers the most advanced and modular hardware and embed advanced cybersecurity features and centralized management to simplify building secure distributed operations at scale.
Protect distributed operations with advanced built-in network security capabilities
Ensuring systems are kept safe from cyber attacks once connected to the WAN infrastructure is critical. The TSA security directives call for security across the IT/OT boundary. NERC CIP calls for a deny by default policy across the electronic security perimeter (ESP). ISA/IEC 62443 requires a clear demarcation between IT and OT domains. To help operators comply and protect their distributed assets without having to install dedicated appliances, Cisco Catalyst Industrial Routers come with comprehensive Next-Generation Firewall (NGFW) features and many more cybersecurity capabilities to block modern threats, such as:
- Stateful inspection with application awareness and control allows only permitted traffic to cross the operational boundary.
- Network segmentation allows both critical and non-critical assets to share the same physical infrastructure but to be completely isolated from impacting each other in case of compromise.
- Integrated intrusion detection and prevention system (IDS/IPS) identifies, and blocks known threats and malicious activities such as vulnerability exploits.
- Malware protection and sandboxing stops malicious files from entering the system.
- URL filtering ensures only access to known trusted domains is permitted.
- Integration with secure service edge clouds such as Cisco Secure Access, which combines secure web gateway, DNS security, cloud-delivered firewall, and more enables shifting advanced security policies off box and into a centralized enforcement point.
Distributed enforcement, centralized management
Due to the distributed nature of critical infrastructure, there may be thousands of microsites that must be protected from cyber-attacks. For security to be effective, you need a centralized way to build, manage, and deploy policies, to avoid gaps in defence and ensure all sites and assets are equally protected.
Cisco Catalyst SD-WAN Manager (formerly vManage) simplifies network operations and provides full-stack multilayer security capabilities at the OT edge. Without the need to deploy yet another management console, Cisco Catalyst SD-WAN Manager provides security administrators an intuitive user interface to control all the NGFW features embedded in the Cisco Industrial Routers deployed in the field.
Build a modern and secure industrial WAN with Cisco
It’s the combination of advanced networking capabilities and modern security techniques that keeps our critical infrastructure operational. We cannot sacrifice one to gain the other. Cisco Industrial Routers, along with Cisco Catalyst SD-WAN Manager, offers purpose-built rugged hardware to withstand harsh conditions, advanced network capabilities to make the network resilient, and integrated NGFW features to stop bad-actors from crossing operational boundaries.
As you’re modernizing your distributed operations, take this opportunity to build a robust infrastructure that unifies connectivity and security with our modular industrial routers that embed the best of SD-WAN and advanced cyber resilience, so you can operate more reliably, safely, and productively.
To learn more, please read the new solutions overview:
Cisco Catalyst Industrial Routers with Cisco Next-Generation Firewall.