While the DeltaV distributed control system (DCS) has long incorporated firewalls and network switches that provide easy-to-configure security and protection features, users have traditionally used simple authentication from remote workstations or possibly “jump” server gateways to remotely access the control system. This may no longer be sufficient to protect the control system from unauthorized remote access.
Emerson teamed up with Cisco to develop a more secure remote access solution to the control room both from within your network and from an externally located site. What we are calling “Secure Remote Access” includes the Cisco Identity Services Engine, which provides the technology to examine the remote user’s PC as it attempts to access the control system.
It answers the “who, what, when, where, and how”, and uses that information to grant access to the DeltaV system based on identity. This provides far more granular security control, and negates most problems before they start. It scales better, as it centralizes all endpoint authentication and authorization responsibilities.
Remote access can be the weak link in an otherwise strong defense-in-depth strategy. By incorporating Cisco’s Identity Services Engine, switches, and firewalls within the business level network, users can more securely enable access to the control system firewall for solutions such as engineering of remote or isolated DeltaV control systems.
“Strong cybersecurity best practices have become of paramount importance to those industries that comprise critical infrastructure to the economies of the world,” said Anthony Sabella, Cyber Security Architect at Cisco. “By working with our partners in the automation industry, we can jointly provide secure solutions where system availability is critical to maintaining process uptime.”