Malware attacks and other recent security intrusions affecting manufacturers have made us acutely aware that these attacks can cause factories to shut down, resulting in lost production and affecting their bottom line. Manufacturing environments today are quite diverse. We often see a great many different systems configured into the plant floor from a variety of manufacturers. This diversity creates a challenge in providing a network environment that can support as well as secure these different places in the network. We have had customers literally run around the building pulling cables to stop an attack.
For most, however, this approach fails to protect the plant floor systems. It also causes difficulties with connecting the devices, gathering data from the devices, and doing any kind of analysis during or after an attack. Originally, many factories affected by an attack tried “running while infected” to lessen the blow. However, the idea that this method could reduce lost production time while also containing the malware has since been debunked.
Enter Cisco® Work Cell Security, which provides an architecture and a design for cell networks that adds detection to protection. Essentially, the solution is focused on preventing a security breach originating in one cell from leaving the cell and infecting others. The architecture is designed to protect assets on the production or assembly line from being contaminated by intrusions. It reduces risk and protects intellectual and physical property, plant assets, production integrity, and people with industrial security technologies for OT. Additionally, it significantly lessens the financial impact of security events, particularly ones caused by intrusions.
● Protect factory work cells from intrusions such as malware attacks
● Reduce lost production and labor hours resulting from individual malicious attacks
● Minimize property and equipment damage
● Avoid compliance violation penalties
● Improve worker and community safety
● Reduce the cost to detect, respond to, and fix data breaches
As one of the most commonly targeted industries, manufacturers are, more than ever, looking to minimize their liability and reduce factory downtime while also increasing their plant availability and maintaining regulatory compliance. To achieve these goals, knowing where the attacks originate is an important data point. A common entry point for malware in a plant floor, for example, is contaminated personal computers that are brought in by technicians from third-party companies such as machine builders. Often, USB drives are used to transfer information from devices in order to have the necessary software to solve a problem. The USB drives are often not checked for any malware contamination.
To combat this security weakness, an environment is needed that first, in an automated fashion, identifies devices on the network, their location, and their type. In addition, it is necessary to examine the traffic that passes between these devices to ensure that it is the correct traffic, with integrity, to avoid outages due to either errors or malicious actions. To accomplish this, Cisco Work Cell Security imposes the following principle throughout the network: Automated identification of industrial network endpoints and application of appropriate network policy.
By barricading and examining traffic seeking to move from the carpeted space to the plant floor, we can observe behavior that should not be permitted. That traffic can then be mitigated and identified so as to prevent harm to the production systems. The facilities are there to protect the assets in production from malicious intent by individuals who may get access to the equipment from within the plant. Continuity of production is the goal.
In addition to the examples given above, the Work Cell Security use case offers solutions that are able to:
● Identify users, applications, and devices connecting to systems in the cell (Programmable Logic Controller [PLC], process application host, Human-Machine Interface [HMI]): Cisco Identity Services Engine (ISE)
● Observe and evaluate behavior during system interactions: Cisco Stealthwatch®
● Exchange security information between systems: Cisco pxGrid
● Identify, catalog, track, and manage cell systems and devices: Cisco Industrial Network Director (IND)
● Hold policy regarding acceptable connections and communications: Cisco IND, ISE, Stealthwatch, Industrial Ethernet switches (IE)
● Notify staff when a security or malware event occurs
To learn more about Work Cell Security and discover more manufacturing use cases, check out our Manufacturing Portfolio Explorer.