As industrial organizations connect more devices, enable more remote access, and build new applications, the airgap approach to protecting industrial networks against cyber threats is no longer sufficient. As industries are becoming more digital, cyberattacks are getting more sophisticated, and yet many organizations are lagging in the adoption of updated and reliable industrial cybersecurity postures. And when these organization’s security leaders start building a strategy to secure operations beyond the industrial demilitarized zone (IDMZ), they realize it might not be as simple as they thought.
Industrial assets (as well as industrial networks, in many cases) are managed by the operations team, which is typically focused on production integrity, continuity, and physical safety, rather than cyber safety. The IT teams often have the required cybersecurity skills and experience but generally lack the operations context and the knowledge of the industrial processes that are required to take security measures without disrupting production.
Building a secure industrial network requires strong collaboration between IT and operations teams. Only together can they appreciate what needs to be protected and how best to protect it. Only together can they implement security best practices to build secure industrial operations.
Enhancing the security of industrial networks will not happen overnight: IT and operations teams have to build their relationship; new security tools might have to be deployed; networks might need to be upgraded and segmented; new correlation policies will have to be developed.
Security is a journey. Only a phased and pragmatic approach can lay the ground for a converged IT/OT security architecture. Each phase must be an opportunity to build the foundation for the next. This will ensure your industrial security project addresses crucial security needs at minimal costs. It will also help you raise skills and maturity levels throughout the organization to gain wide acceptance and ensure effective collaboration.
Being the leader in both the cybersecurity and industrial networking markets, we looked at the successful projects Cisco has been involved in. This led us to recommend a three-step journey outlined in Cisco’s Industrial Security Validated Design.
What is a Cisco Validated Design (CVD)? CVDs provide the foundation for systems design based on common use cases or current engineering system priorities. They incorporate a broad set of technologies, features, and applications to address customer needs. Each one has been comprehensively tested and documented by Cisco engineers to ensure faster, more reliable, and fully predictable deployment.
Our approach to industrial security is focused on crucial needs, while creating a framework for IT and operations to build an effective and collaborative workflow. It enables protection against the most common devastating cybersecurity threats, at optimized cost. And provides a practical approach to simplify adoption.
To learn more, read our solution brief or watch the replay of the webinar I just presented. A detailed design and implementation guide will be available soon for helping to accelerate proof-of-concepts and deployment efforts.
Want to get the latest news in IoT security? Subscribe to the Cisco IoT Security Newsletter.