Today we welcome guest blog author Greg Conary, senior vice president at Schneider Electric, a Belden partner. Originally posted on Schneider’s blog, the article offers expertise we think you’ll find valuable.
While cyber security can be seen as either a barrier or an enabler to the adoption of IIoT, depending on your point of view, what is clear is that no discussion on IIoT is complete without the mention of this topic. And it has to be a comprehensive mention. You know the phrase “You’re only as strong as your weakest link.” Well, this is just as applicable for football teams as it is to industrial automation and control systems. And with industrial automation and control systems it’s not just the weakest link that needs to be secured, it’s also the highest potential risks that need to be planned for and mitigated.
Worldwide the IEC 62443 series of security standards covers all elements of security from product development through to product features, system features, delivery and operation. Complementary to the IEC 62443 security standards, existing industrial standards are also evolving to be more secure. DNP3 has evolved to DNPV5 to add security, OPCUA offers significant security enhancements, Modbus is evolving to Modbus Secure, EtherNET/IP is becoming EtherNET/IP Secure. In addition, many IIoT systems are adopting security features coming from existing IT standards such as HTTPS, Certificates, Encrypted/Authenticated protocols, etc.
Network security has been carried over from the IT and early OT adoptions of security where the network is segmented and access is restricted and monitored between zones. This is sometimes called a Defense in Depth approach. A truly secure system in the IIoT age is made up of many elements and needs to go beyond Defense in Depth.
The ultimate goal of a cyber-secured system is to ensure that the system operating at the end user site is delivered and operates securely while meeting business requirements. Opening the door for collaboration between suppliers, vendors and end users to share knowledge and educate each other will become increasingly important if we are to successfully tackle cyber security in the IIoT age. How do you view IIoT and cyber security – as a barrier or an enabler?
To read more content from Greg, visit Schneider Electric’s blog here: http://blog.schneider-electric.com/author/gconary/.