Industrial control system (ICS) operators and owners have found themselves in an unenviable position. Once air-gapped, serial-based critical industrial control systems are now becoming more and more connected. And while many of the systems themselves have not changed, the networking world around them has changed dramatically, introducing vulnerabilities and threats that had been nearly non-existent ten or 20 years ago. Each networked connection from the control network to the corporate network is another potential avenue of attack. Control networks are designed to be static and predictable, but more and more commercial off-the-shelf applications and operating systems, as well as routable protocols, are now being introduced. This is creating more complexity with no greater visibility leaving operators blind to what is on their networks.

It isn’t as if Operations doesn’t want visibility; it’s quite the opposite. The term “loss of visibility” in the context of control networks is tantamount to a complete loss of control, making visibility vital. So why does visibility in respect to cybersecurity and network behaviors appear to be such an issue? The problem more often has to do with many traditional IT cybersecurity vendors trying to migrate IT techniques and methods to the Operations side of the house without understanding how their approach could take down vital systems and potentially threaten human and environmental safety. Operations, therefore, will sacrifice this visibility if there is any risk to safety or to service integrity.

Cisco has been providing the networking infrastructure for industrial control networks for decades. We understand the mission of and requirements demanded by our industrial customers. Our market-leading industrial switches, routers, access points, and more, have kept industry humming along around the globe. Our integrated cybersecurity solutions now extend our capabilities by protecting industrial control networks from the latest threats, vulnerabilities, and attacks facing the ICS world and by giving visibility and control to Operations teams without threatening operational integrity.

We are proud to announce that we are extending that visibility and control to the furthest reaches of industrial networks with our ruggedized 5506H-X ASA with FirePOWER Services. Our 5506H-X is the perfect balance of a ruggedized chassis, market leading cybersecurity protection and price making it ideal for deployment in substations, the factory floor, the assembly line: everywhere market-leading cybersecurity is a must in a harsh environment. The 5506H-X comes in a smaller form factor suitable for the desktop, wall mounting, or DIN-rail, but it includes the same software as our largest ASA with FirePOWER Services devices. With Cisco’s world-class next-generation firewall, next-generation intrusion detection/prevention system, advanced malware protection, and virtual private networking all in one ruggedized appliance, you benefit from a smaller physical footprint, but without sacrificing visibility or control.

The output from the control network is the bread and butter of any industrial customer, so it is vital that operators and management alike benefit from a secure network and are not distracted by the complexities that can come with managing multiple point solutions and multiple vendor relationships. When point solutions are cobbled together, there are often gaps in coverage, which leave the network vulnerable, while there are redundancies in other areas that lead to wasted, inefficient investments. Add to this, the complications of getting disparate technologies to integrate while also trying to convince multiple vendors to collaborate for the benefit of the customer, rather than compete to the detriment of all. Our end-to-end, platform-based approach means both less operator burden as well as simplifying your burden of vendor management, all while helping to protect your business from the threats facing today’s industrial control systems.

Learn more about the new ruggedized Cisco ASA 5506H-X with FirePOWER Services.


Marc Blackmer

Product Manager, Engineering

IoT Product Mgmt Networking