He opens describing the defense in depth strategies which includes four major focus areas: plant-level security, integrated services & support, DeltaV system features and setup procedures, and specific security-related products.
Alexandre shows the Emerson Smart Firewall which is a hardware-based perimeter protection device designed to enforce highly controlled external network access to the DeltaV workstations and servers. He next shows the Firewall-IPD (Intrusion Protection Device). It functions to provide additional protection for embedded nodes such as DeltaV controllers, CHARM I/O and Wireless I/O installed on the secure side of the firewall against message flooding and denial-of-service attacks originating from the workstation side of the firewall.
He next describes DeltaV smart switches that provide automatic port lockdown to prevent unauthorized access to the DeltaV control network.
From a features and functions perspective, system hardening is performed per the Center for Internet Security (CIS) benchmarks. The Security Administration Center manages the established DeltaV user accounts, provides listing and auditing of the status of services on the workstation, and provides a listing and audit of the files located in the DeltaV directories. Alexandre shows these capabilities at the 2:50 mark of the video.
He describes the portfolio of cybersecurity services available for DeltaV systems, These include Application Whitelisting, Endpoint Security, Network Security Monitoring, Patch & Anti-virus management, and Security Information and Event Management.
For existing DeltaV users, the latest security manual is available by logging into the Guardian Support portal.
You can connect and interact with other cybersecurity and lifecycle support experts in the Operate & Maintain group in the Emerson Exchange 365 community.