Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Tripwire US 1-503-276-7500 belden.com Belden US 1-855-400-9071
Discrete Automation Vertical: Cyber Security Solution GuideMarket Dynamics Facing all Discrete Automation SectorsHow do discrete manufacturers stay competitive and productive, reduce costs and cycle times, increase yields and gain market share? Through digitization. Digitization means connectivity and data. As more and more devices - from field I/O to every layer of the supply chain – are connected to networks, silos are removed and data from each device can be transformed into a treasure chest of valuable information. This digitization revolution is Industry 4.0 and it is no longer optional - it’s all about survival in this new data-centric, connected world.
Connectivity Comes with Concerns Connectivity drives industrial automation. Connectivity drives process monitoring. Connectivity drives remote access. Connectivity also opens the once air-gapped or physically-isolated control networks to the world of cyber security, where malicious, unintended, or accidental human behavior - all of which could happen remotely through the network - could have negative impacts to brand reputation, human safety, operational productivity, and product quality.
Belden – Sending the Right Signals, Securely Belden is a strategic partner to discrete manufacturers, allowing you to embark and excel on your Industry 4.0 journey. Belden’s solutions drive connectivity from industrial cable to connector to IO block to network switch, router, and industrial firewall - these are key foundational components in the new world of Industry 4.0.
Customer Testimonials• Global Automotive Manufacturer:
Excited to learn that Belden could auto-discover all assets on their networks by querying with their native industrial protocol (Ethernet/IP) and provide vulnerability information related to those assets.
• Food and Beverage Manufacturer: Loved visibility and context around log management solution from Tripwire that allowed diagnosis of impending cable failure: the connected switch was sending out a vast number of CRC errors detected through syslog to our solution.
• Consumer Product Goods Manufacturer: Saved hundreds of man-hours evaluating device configuration against IEC 62443 by using Tripwire solutions, which automated the collection and assessment of device configurations.
visibility protectivecontrols
continuousmonitoring
Step One: Visibility
visibility protectivecontrols
continuousmonitoring
Step Two: Protective Controls
visibility protectivecontrols
continuousmonitoring
Step Three: Continuous Monitoring
Having visibility of your manufacturing environment is the first step to a cyber-secure environment. How can something be secured if you do not know it exists on the network? Tripwire Industrial Visibility and Tripwire Log Center provide this visibility by:
• Allowing you to understand all the devices on your control network, what they are communicating with, and when their configurations change.
• Correlating log events from multiple sources and writing rules to flag events of interest. For example, if a failed login is attempted 5 times on an important device, Tripwire Log Center emails an automatic notification to the network manager.
Start with two basic, fundamental measures: network segmentation and device hardening. Belden Industrial Networking solutions and Tripwire Enterprise can both be leveraged to implement solid protective controls:
• Network Segmentation: Hirschmann Eagle and Tofino Security appliances enable robust network segmentation (the practice of organizing networks in smaller segments or zones), so that applications or devices can be separated.
• Device Hardening: Ensure all devices–HMI (human-machine interface), engineering workstations, switches, routers, etc.–are configured to industry best practices and frameworks, such as IEC 62443 or NIST SP 800-82.
Once a foundation of visibility and protective controls has been established, you can begin to continuously monitor the environment to have ongoing situational awareness. This awareness allows you to keep your process operational and avoid unnecessary or unplanned downtime. Tripwire solutions can enhance awareness via a continuous monitoring solution:
• Understand when controller modes have been changed
• Know if a newly-installed IO block has vulnerabilities
• Monitor engineering workstations to ensure correctly configured against internal build specifications or selected cybersecurity framework
Solution Guide
Belden, Belden Sending All The Right Signals, GarrettCom, Hirschmann, Lumberg Automation, Tofino Security, Tripwire and the Belden logo are trademarks or registered trademarks of Belden Inc. or its affiliated companies in the United States and other jurisdictions. Belden and other parties may also have trademark rights in other terms used herein.
©Copyright 2019, Belden Inc. CYBER-SECURITY-DISCRETE-SELLING-GUIDE_SF_INET_BDC_0319_ENG
Call your Belden or Tripwire sales representative to schedule a demonstration or visit our websites at www.belden.com and www.tripwire.com.
Belden US 1-855-400-9071 Tripwire US 1-503-276-7500Belden EMEA +49 (0)7127 14 1809 Tripwire EMEA +44 (0) 16 2877 5850
Discrete Network Reference Architecture Example In this example of a discrete reference architecture, Belden’s solutions can:
• Provide complete asset inventory and industrial protocol communication
• Identify vulnerabilities to all assets
• Identify changes to controllers – configuration, mode and firmware
• Measure the configuration for HMI, SCADA, engineering workstations and network infrastructure to IEC 62443
• Provide visibility to all log information from controllers, SCADA, HMI, engineering works and network infrastructure
• Provide network segmentation between plant and corporate IT, inter-zone/cell communication and enforce all industrial protocol communication to controllers
PC 1 VRRP active
PC 2VRRP active
PC 3VRRP active
PC nVRRP active
TLCManager
TEConsole
TIVMngt Hub
TIVCTD
Console
TLCManager
TEData
Collector
WEB APP DNS
Core Layer Switch
FTP EnterpriseLayer
CoreLayer
Aggregation Layer Switch
Field Layer Switch
AccessLayer
INTERNET
MACH 4000/4500 MACH 4000/4500
EAGLE EAGLEEAGLE EAGLE
MSP MSP MSPMSP
Layer 3 link Layer 2 link Layer 2 backup link
Enterprise Network
Production Backbone (Operations Level)
Network Access of Production Cell (ControlLevel)
Production Cell (Field Level)
Octopus Switches
Production Cell 1
Robots
IOModule
Tofino
PLC
Layer 2MRP Ring
Octopus Switches
Production Cell 2
RobotsTofino
PLC
Layer 2MRP Ring
Octopus Switches
Production Cell 3
RobotsTofino
PLC
Layer 2MRP Ring
Octopus Switches
Production Cell 4
RobotsTofino
PLC
Layer 2MRP Ring
IOModule
ENTERPRISE NETWORK CONTROL ROOM
OpenBAT Wireless Access Point
MSP
PHYSICALOR
VIRTUALSERVERS
PHYSICALOR
VIRTUALSERVERS
Secure Remote Access
WebServer
IP/Ethernet
EAGLE30
EAGLE One
MSP MSP
MSP
MSPMSPMSP
EAGLE30
MSP
TOFINOXENON
TOFINOXENON
TOFINOXENON
TOFINOXENON
TOFINOXENONTOFINO
XENON
MSP
EAGLE30
TOFINOXENON
DEMILITARIZED ZONE (DMZ)
INDUSTRIAL NETWORK
To noCon gurator
TETLCIndustrialHiVision
TIV
Magnum 10RX
PC Windows OS
GREYHOUND
Magnum DX940e
PLC
TLC = Tripwire Log Center | TE = Tripwire Enterprise | TIV = Tripwire Industrial VisibilityIndustrial visibility, protective controls and monitoring enabled through active and passive solutions:
Tripwire Enterprise, Tripwire Log Center and Tripwire Industrial Visibility
ENTERPRISE NETWORK CONTROL ROOM
OpenBAT Wireless Access Point
MSP
PHYSICALOR
VIRTUALSERVERS
PHYSICALOR
VIRTUALSERVERS
Secure Remote Access
WebServer
IP/Ethernet
EAGLE30
EAGLE One
MSP MSP
MSP
MSPMSPMSP
EAGLE30
MSP
TOFINOXENON
TOFINOXENON
TOFINOXENON
TOFINOXENON
TOFINOXENONTOFINO
XENON
MSP
EAGLE30
TOFINOXENON
DEMILITARIZED ZONE (DMZ)
INDUSTRIAL NETWORK
To noCon gurator
TETLCIndustrialHiVision
TIV
Magnum 10RX
PC Windows OS
GREYHOUND
Magnum DX940e
PLC
TLC = Tripwire Log Center | TE = Tripwire Enterprise | TIV = Tripwire Industrial VisibilityIndustrial visibility, protective controls and monitoring enabled through active and passive solutions:
Tripwire Enterprise, Tripwire Log Center and Tripwire Industrial Visibility