Protection of industrial control systems (ICS) from cyber threats is a critical priority, but the transformation of these intentions into effective acts can be demanding. Given the complexity of IC and their networks, which often rely on outdated technologies and insufficient safety measures, it may be difficult to determine the best starting point. Cisco verified designs (CVDs) are proven network and security architecture that industrial organizations can use to build advanced capacities and create a flexible foundation for the future.
The proven CISCO design for industrial security has been updated to create further plans to ensure critical infrastructure. Accepting a gradual approach to ensuring industrial network, defense of industrial threat Cisco included the visibility of OT assets, access to zero confidence and section and detection, investigation and reaction across domains.
Understanding an industrial threat to Cisco industrial threat
Understanding the visibility of the network segmentation
The previous version of CISCO industrial security has described how the cyber vision sensor software built into the Cisco switches and routers can help gain visibility into interconnected industrial assets without having to deploy depes or space sheetions. It explains how control engineers and network administrators can use this inventory to understand asset understanding Adaptive emphasis of zone segmentation in industrial network By having a cyber vision and an identity engineer service cisco engine to work smoothly.
Updated CVD now includes Using a secure CISCO gate to ensure plant networks. Increasing investment in AI and virtualization of plants floor leads to an industrial data center (IDC) to become a critical part of the operating networks. Virtual PLCs are an example of this shift where virtual controllers allow a more flexible and modular design of production plants.
In the traditional architecture of the Pardue by IDC, the industrial operating zone was based. Many operating networks that have implemented some levels of network traffic controls did so on IDMZ or level 3.5. Once the IDC becomes more modern, it is also more connected and relies on the cloud connection for services to run as intended. More connectivity extends the surface of the attack, so the location of IDC for firewall is required to protect it if the attack should break the firewall border gate.
Cisco Secure Firewall to protect industrial data center and OT network segmentation
Secure Firewall Cisco, filled with integration with Cisco Cyber Vision, can also be used to dynamically segment of industrial network and prevent the spread of cyber attacks. The updated CVD explains how to use the Cisco Secure Dynamic Authority Connector (CSDAC) connector to make the OT assets created in Cyber Vision an automatically available firewall (FMC) as dynamic objects. Dynamic objects can be easily integrated into access control principles to allow or refuse communication based on resource/targets, ports, protocols and even industrial management commands (ICS) using OpenAppid. Secure Firewally Cisco installed within industrial distribution, or Purdue level 3, will promote these approach principles, control segmentation to the east-west and north-south with the need to deploy reserved firewall devices in each zone.
Plan to ensure distributed industrial infrastructure
The second main update of CVD provides instructions for proposal Building cyber resistant network for distributed field assets with Cisco industrial routers. Although we often talk a lot about cyber security, which concerns robust instruments and policies carried out to prevent attacks in operating networks, we often overlook cyber resistance. Cyber resistance concerns the ability of the organization to maintain its critical operations as a result of cyber attacks.
Cyber security is part of racial architecture of cyber resistance. Capacity, such as firewall, segmentation and model of zero level, means that if the attack in the network gets a phothold, their range is limited and can be prevented side movements. However, cyber security and network team experts often make a mistake to be treated with modified entities in the organization. Network configuration is as important as safety appliances deployed in the network. The quality of services (QoS) ensures that critical operation always has a priority when the network is in a degraded state. Lossless reports for redundancy ensure that critical operation meets the metrics of latency when network paths drop. The aircraft management ensures that only trusted users only get access to network infrastructure and harmful actors cannot take it off. Plug And Play ensures that new network devices are on board a secure configuration outside the box. Although all of these functions usually consider a part of the network, it is a combination of network and security that results in cyber -resistant architecture.
Cisco industrial router provides the best of OT and rough industrial network security
Zero confidence of remote access for ot
Last but not least, CVD examines different options for ensuring remote access to industrial networks and describing how to deploy Cisco Secure Equipment Access Access Access Enable access networks zero confidence (ZTNA) to the floor of plants. The remote approach solution comes in many forms and can often be confusing which of them will meet the business needs. The design wizard compares virtual private networks, remote desktop protocol and development towards access to zero confidence network, which eventually leads to the deployment of Cisco Sea in the architecture of the Purdue model.
Cisco Secure Equipment Access Enable remote access of ZTNA in industrial settings
More information
A new version of the verified design of Cisco Industrial Security is now available. It is free to help all involved in building and/or ensuring industrial networks to implement advanced capabilities without fear of integration complexes or surprises of performance. For further assistance, browse our industrial CVD library or scheduled free consultation without coping with the CISCO industrial security expert and we will address you.
Share: