Discrete Automation Vertical:

Cyber Security Solution Guide

Market Dynamics Facing all Discrete Automation Sectors

How do discrete manufacturers stay competitive and productive, reduce costs and cycle times, increase yields and gain market share? Through digitization. Digitization means connectivity and data. As more and more devices - from field I/O to every layer of the supply chain – are connected to networks, silos are removed and data from each device can be transformed into a treasure chest of valuable information. This digitization revolution is Industry 4.0 and it is no longer optional - it’s all about survival in this new data-centric, connected world.
 

Connectivity Comes with Concerns

Connectivity drives industrial automation. Connectivity drives process monitoring. Connectivity drives remote access. Connectivity also opens the once air-gapped or physically-isolated control networks to the world of cyber security, where malicious, unintended, or accidental human behavior - all of which could happen remotely through the network - could have negative impacts to brand reputation, human safety, operational productivity, and product quality.

Belden – Sending the Right Signals, Securely

Belden is a strategic partner to discrete manufacturers, allowing you to embark and excel on your Industry 4.0 journey. Belden’s solutions drive connectivity from industrial cable to connector to IO block to network switch, router, and industrial firewall - these are key foundational components in the new world of Industry 4.0.
 

Step One: Visibility

Having visibility of your manufacturing environment is the first step to a cyber-secure environment. How can something be secured if you do not know it exists on the network? Tripwire Industrial Visibility and Tripwire Log Center provide this visibility by:
• Allowing you to understand all the devices on your control network, what they are communicating with, and when their      configurations change.
• Correlating log events from multiple sources and writing rules to flag events of interest. For example, if a failed login is attempted 5 times on an important device, Tripwire Log Center emails an automatic notification to the network manager.

Step Two: Protective Controls

Start with two basic, fundamental measures: network segmentation and device hardening. Belden Industrial Networking solutions and Tripwire Enterprise can both be leveraged to implement solid protective controls:
• Network Segmentation: Hirschmann Eagle and Tofino Security appliances enable robust network segmentation (the practice of organizing networks in smaller segments or zones), so that applications or devices can be separated.
• Device Hardening: Ensure all devices–HMI (human-machine interface), engineering workstations, switches, routers, etc.–are configured to industry best practices and frameworks, such as IEC 62443 or NIST SP 800-82.

Step Three: Continuous Monitoring

Once a foundation of visibility and protective controls has been established, you can begin to continuously monitor the environment to have ongoing situational awareness. This awareness allows you to keep your process operational and avoid unnecessary or unplanned downtime. Tripwire solutions can enhance awareness via a continuous monitoring solution:
• Understand when controller modes have been changed
• Know if a newly-installed IO block has vulnerabilities
• Monitor engineering workstations to ensure correctly configured against internal build specifications or selected cybersecurity framework

Discrete Network Reference Architecture Example
In this example of a discrete reference architecture, Belden’s solutions can:
• Provide complete asset inventory and industrial protocol communication
• Identify vulnerabilities to all assets
• Identify changes to controllers – configuration, mode and firmware
• Measure the configuration for HMI, SCADA, engineering workstations and network infrastructure to IEC 62443
• Provide visibility to all log information from controllers, SCADA, HMI, engineering works and network infrastructure
• Provide network segmentation between plant and corporate IT, inter-zone/cell communication and enforce all industrial
protocol communication to controllers