Cybersecurity for Digital Plants Solution Overview
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Industry 4.0 revolution is accelerating the move to a digital plant. Unfortunately, cybersecurity challenges are also accelerating, as more manufacturers are impacted by an ever-growing set of risks and threats. This imperils the improved business performance and sustainability gains expected from digitization. Cisco and Schneider Electric have collaborated to integrate IT and industrial cybersecurity to protect the digital plant and maintain business value.
The Cisco and Schneider Electric solution brings in-depth cybersecurity to the digital plant, with protection from the sensor to the cloud, including devices, communications, and applications. We have developed and tested a reference architecture to guide customers and system implementers as they deploy new digital services and capabilities. And we supply global cybersecurity services to confidently deploy and operate the solution.
Cisco and Schneider Electric Cyber Secure Digital Plant provides a foundation to:
● Discover and inventory industrial assets and communications
● Detect and prevent known attacks to industrial systems
● Protect against malware and viruses
● Segment devices and applications into zones with secure conduits
● Automate the deployment of security policy
● Integrate enterprise and operations security for rapid response and recovery
● Provide secure remote access and sensor-to-cloud connectivity
● Support key cybersecurity standards
● Provides secure conduits between the Schneider plant industrial automation systems and EcoStruxure Industrial IoT applications to enable optimization and operational improvements
● Increases overall uptime by segmenting and protecting critical automation and control systems
● Reduces the effort required to monitor and maintain the security of the plant environment with a network assurance and automation platform
● Overcomes skills gap by enabling operational teams to benefit from the same robust cybersecurity framework as IT
Our solution and reference architecture reflects a common view and understanding of cybersecurity, enabling key enterprise IT and OT capabilities to come together. The solution represents the following key cybersecurity functions:
● Identify and gain visibility into devices, applications, and communications
● Protect and segment devices and communications
● Actively monitor and detect risks and threats
● Respond to identified risks
● Recover from incidents with resilient systems and restoration abilities
Both Cisco and Schneider Electric are certified to IEC 62443-4-1 Cybersecurity Product Development standards and supply equipment certified to IEC 62443-4-2 Product Security Features. Our products, technologies, and common solution and reference architecture supports IEC 62443-3-3 System Security Features specifications.
Our joint solution, products, and technologies offer:
● Visibility into industrial assets and communication via:
◦ Reliance on standard, converged networks
◦ Ability to identify OT devices and monitor ICS traffic via sensors embedded into network equipment rather than additional appliances or complex SPAN networks
● Protection of the on-premises industrial and cloud system and industrial assets via:
◦ Devices and infrastructure built in a secure development lifecycle and with key security features
◦ Behavior analysis and anomaly detection within industrial communications
◦ Simple and automated network access control and security policy deployment and enforcement
◦ Industrial and enterprise-grade firewalls that provide secure conduits between production zones
◦ Antivirus and malware protection on endpoints and in firewalls
◦ Secure, encrypted, multifactor authorized remote access for experts and service personnel
◦ Secure access to cloud-based services
● Detection and response via:
◦ Monitoring and analysis of telemetry across the network and cybersecurity infrastructure
◦ Identification and monitoring of vulnerabilities in industrial devices and network infrastructure
◦ Industry-leading, advanced threat intelligence from Cisco Talos®
◦ Coordinated detection and response platform to manage the complete security deployment
● Services and support to deploy and operate:
◦ Common support for Industrial Cybersecurity Standards (IEC 62443) and frameworks
◦ Ability to deploy confidently with jointly developed Tested Validated Documented Architecture (TVDA)-based solution and reference architecture
◦ Cybersecurity services
Cisco and Schneider Electric OT/IT industrial automation reference architecture
The Cisco and Schneider Electric OT/IT industrial automation reference architecture, as depicted in Figure 1, contains the components listed in the table below.
Table 1. Solution components
| Product name |
Description |
| Cisco® Catalyst® IE3300 and IE3400 Rugged Series switches and 9300 and 9500 Series switches |
Versatile and modular architecture components that scale as needed and support integrated network security so IT can continuously monitor network activity and gain valuable insights into traffic flows. |
| Cisco Secure Firewall ISA3000 and Cisco Firepower® 2100 Series |
Industrial firewalls developed specifically for deployment in harsh industrial environments; provide the foundation to enable secure industrial operations and regulatory compliance. |
| Cisco Cyber Vision |
Provides full visibility into the industrial control system, including a unique edge monitoring architecture, to support real-time monitoring of control networks and process data with comprehensive threat intelligence. |
| Cisco DNA Center and Identity Services Engine |
Provide full network management and logical segmentation capabilities to comply with IEC 62443 best practices. |
| Cisco Secure Endpoint |
Integrates prevention, detection, threat hunting, and response capabilities in a single solution, leveraging the power of cloud-based analytics. |
| Cisco AnyConnect® Secure Mobility Client |
Empowers remote workers with frictionless, highly secure access to the enterprise network from any device, at any time, in any location while protecting the organization. |
| EcoStruxure Control Expert |
A vendor-neutral, open, IoT-enabled architecture and platform from Schneider Electric that includes an open but tailored stack of connected products, edge solutions and software, and cloud-based applications, analytics, and services. |
| Modicon M580 |
Ethernet Programmable Automation Controller (ePAC) that features redundant processors, native Ethernet, and embedded cybersecurity to deliver high performance and high availability for processors and networks. |
| Modicon X80 modules |
Common platform for M580 ePACs that includes backplane, power supply, I/O digital, I/O analog, communications modules, and expert modules. |
| AVEVA System Platform |
A responsive, scalable solution that provides a collaborative, standards-based foundation to unify people, processes, and assets across facilities for continuous operational improvement and real-time decision support. |
| Schneider Electric Digital Advisors platform |
Applications to help distill the right insights from industrial business and process data, to help staff run processes and world-class levels of productivity and sustainability. |
Cisco technology provides:
● Comprehension range of best-in-class industrial networking equipment that provide full visibility into industrial devices and communications
● Segmentation and protection of devices, communications, and applications
● Detection of anomalies and unexpected behaviors
● Response to and recovery from identified risks and threats
● Monitoring and management of the cybersecurity infrastructure
What does Schneider Electric bring?
Schneider Electric provides:
● The EcoStruxure IIoT platform which provides user with the insights they need to operate at world class levels of efficiency, sustainability and profitability
● Cybersecure by design products, solutions, and software
● Cybersecurity solutions for the operational lifecycle: Consulting, integration, and managed security services
● Technology partnerships: Situational awareness, compliance, change management, and big data security
● System deployment: Secure delivery of project and services during product or system deployment
Cisco and Schneider Electric are leaders in networking, cybersecurity, and industrial automation and control. Our capabilities complement each other and enable our customers to take full advantage of an operational digital plant. If you are an IT or security organization looking to provide key capabilities to critical lines of business, or an operational organization in need of networking and cybersecurity capabilities, our solution provides a framework for collaboration across these organizational boundaries. The result is accelerated digitization programs that deliver higher efficiency and improved sustainability, safety, and reliability.
Visit Cisco and Schneider Electric partnership pages at Schneider Electric and at Cisco to learn how these organizations work together to help customers optimize performance with less risk.