Cybersecurity for Digital Plants Solution Overview

Available Languages

Download Options

  • PDF
    (1.0 MB)
    View with Adobe Reader on a variety of devices
Updated:October 29, 2021

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (1.0 MB)
    View with Adobe Reader on a variety of devices
Updated:October 29, 2021

Table of Contents

 

 

Overview

Overview

The Industry 4.0 revolution is accelerating the move to a digital plant. Unfortunately, cybersecurity challenges are also accelerating, as more manufacturers are impacted by an ever-growing set of risks and threats. This imperils the improved business performance and sustainability gains expected from digitization. Cisco and Schneider Electric have collaborated to integrate IT and industrial cybersecurity to protect the digital plant and maintain business value.

The Cisco and Schneider Electric solution brings in-depth cybersecurity to the digital plant, with protection from the sensor to the cloud, including devices, communications, and applications. We have developed and tested a reference architecture to guide customers and system implementers as they deploy new digital services and capabilities. And we supply global cybersecurity services to confidently deploy and operate the solution.

Cisco and Schneider Electric Cyber Secure Digital Plant provides a foundation to:

     Discover and inventory industrial assets and communications

     Detect and prevent known attacks to industrial systems

     Protect against malware and viruses

     Segment devices and applications into zones with secure conduits

     Automate the deployment of security policy

     Integrate enterprise and operations security for rapid response and recovery

     Provide secure remote access and sensor-to-cloud connectivity

     Support key cybersecurity standards

Key benefits

     Provides secure conduits between the Schneider plant industrial automation systems and EcoStruxure Industrial IoT applications to enable optimization and operational improvements

     Increases overall uptime by segmenting and protecting critical automation and control systems

     Reduces the effort required to monitor and maintain the security of the plant environment with a network assurance and automation platform

     Overcomes skills gap by enabling operational teams to benefit from the same robust cybersecurity framework as IT

How it works

Our solution and reference architecture reflects a common view and understanding of cybersecurity, enabling key enterprise IT and OT capabilities to come together. The solution represents the following key cybersecurity functions:

     Identify and gain visibility into devices, applications, and communications

     Protect and segment devices and communications

     Actively monitor and detect risks and threats

     Respond to identified risks

     Recover from incidents with resilient systems and restoration abilities

Both Cisco and Schneider Electric are certified to IEC 62443-4-1 Cybersecurity Product Development standards and supply equipment certified to IEC 62443-4-2 Product Security Features. Our products, technologies, and common solution and reference architecture supports IEC 62443-3-3 System Security Features specifications.

Our joint solution, products, and technologies offer:

     Visibility into industrial assets and communication via:

    Reliance on standard, converged networks

    Ability to identify OT devices and monitor ICS traffic via sensors embedded into network equipment rather than additional appliances or complex SPAN networks

     Protection of the on-premises industrial and cloud system and industrial assets via:

    Devices and infrastructure built in a secure development lifecycle and with key security features

    Behavior analysis and anomaly detection within industrial communications

    Simple and automated network access control and security policy deployment and enforcement

    Industrial and enterprise-grade firewalls that provide secure conduits between production zones

    Antivirus and malware protection on endpoints and in firewalls

    Secure, encrypted, multifactor authorized remote access for experts and service personnel

    Secure access to cloud-based services

     Detection and response via:

    Monitoring and analysis of telemetry across the network and cybersecurity infrastructure

    Identification and monitoring of vulnerabilities in industrial devices and network infrastructure

    Industry-leading, advanced threat intelligence from Cisco Talos®

    Coordinated detection and response platform to manage the complete security deployment

     Services and support to deploy and operate:

    Common support for Industrial Cybersecurity Standards (IEC 62443) and frameworks

    Ability to deploy confidently with jointly developed Tested Validated Documented Architecture (TVDA)-based solution and reference architecture

    Cybersecurity services

Cisco and Schneider Electric OT/IT industrial automation reference architecture

Figure 1.               

Cisco and Schneider Electric OT/IT industrial automation reference architecture

What the solution comprises

The Cisco and Schneider Electric OT/IT industrial automation reference architecture, as depicted in Figure 1, contains the components listed in the table below.

Table 1.           Solution components

Product name

Description

Cisco® Catalyst® IE3300 and IE3400 Rugged Series switches and 9300 and 9500 Series switches

Versatile and modular architecture components that scale as needed and support integrated network security so IT can continuously monitor network activity and gain valuable insights into traffic flows.

Cisco Secure Firewall ISA3000 and Cisco Firepower® 2100 Series

Industrial firewalls developed specifically for deployment in harsh industrial environments; provide the foundation to enable secure industrial operations and regulatory compliance.

Cisco Cyber Vision

Provides full visibility into the industrial control system, including a unique edge monitoring architecture, to support real-time monitoring of control networks and process data with comprehensive threat intelligence.

Cisco DNA Center and Identity Services Engine

Provide full network management and logical segmentation capabilities to comply with IEC 62443 best practices.

Cisco Secure Endpoint

Integrates prevention, detection, threat hunting, and response capabilities in a single solution, leveraging the power of cloud-based analytics.

Cisco AnyConnect® Secure Mobility Client

Empowers remote workers with frictionless, highly secure access to the enterprise network from any device, at any time, in any location while protecting the organization.

EcoStruxure Control Expert

A vendor-neutral, open, IoT-enabled architecture and platform from Schneider Electric that includes an open but tailored stack of connected products, edge solutions and software, and cloud-based applications, analytics, and services.

Modicon M580

Ethernet Programmable Automation Controller (ePAC) that features redundant processors, native Ethernet, and embedded cybersecurity to deliver high performance and high availability for processors and networks.

Modicon X80 modules

Common platform for M580 ePACs that includes backplane, power supply, I/O digital, I/O analog, communications modules, and expert modules.

AVEVA System Platform

A responsive, scalable solution that provides a collaborative, standards-based foundation to unify people, processes, and assets across facilities for continuous operational improvement and real-time decision support.

Schneider Electric Digital Advisors platform

Applications to help distill the right insights from industrial business and process data, to help staff run processes and world-class levels of productivity and sustainability.

What does Cisco bring?

Cisco technology provides:

     Comprehension range of best-in-class industrial networking equipment that provide full visibility into industrial devices and communications

     Segmentation and protection of devices, communications, and applications

     Detection of anomalies and unexpected behaviors

     Response to and recovery from identified risks and threats

     Monitoring and management of the cybersecurity infrastructure

What does Schneider Electric bring?

Schneider Electric provides:

     The EcoStruxure IIoT platform which provides user with the insights they need to operate at world class levels of efficiency, sustainability and profitability

     Cybersecure by design products, solutions, and software

     Cybersecurity solutions for the operational lifecycle: Consulting, integration, and managed security services

     Technology partnerships: Situational awareness, compliance, change management, and big data security

     System deployment: Secure delivery of project and services during product or system deployment

Key differentiators

Cisco and Schneider Electric are leaders in networking, cybersecurity, and industrial automation and control. Our capabilities complement each other and enable our customers to take full advantage of an operational digital plant. If you are an IT or security organization looking to provide key capabilities to critical lines of business, or an operational organization in need of networking and cybersecurity capabilities, our solution provides a framework for collaboration across these organizational boundaries. The result is accelerated digitization programs that deliver higher efficiency and improved sustainability, safety, and reliability.

Learn more

Visit Cisco and Schneider Electric partnership pages at Schneider Electric and at Cisco to learn how these organizations work together to help customers optimize performance with less risk.

 

 

 

Learn more