Couldn’t attend Transform 2022? Check out all the top sessions in our on-demand library now! Look here.
With the advent of Industry 4.0, industrial networks are increasingly digitized.
But while this brings significant gains in productivity, quality and efficiency, it introduces new – and never before considered – vulnerabilities in cybersecurity.
Due to their critical nature, operational technology (OT) networks – digital networks on the production floor – require specific security tools beyond those used in IT networks themselves. Intrusion Detection Systems (IDS) are considered one of the most effective of these tools, as they passively monitor network traffic and pose no risk to ongoing operational processes.
MetaBeat will bring together thought leaders to offer advice on how metaverse technology will change the way all industries communicate and do business October 4 in San Francisco, CA.
“The shortage of resources with expertise in OT security is quite high and continues to grow,” said Ilan Barda, co-founder and CEO of Radiflow. “As such, it’s important to use such integrations to reduce the need for manual work.”
OT facilities like Cisco’s are a growing attack surface
Barda described an “alarming” increase in cybersecurity attacks on OT facilities.
Up to this point, a Trend Micro research into industrial cybersecurity in manufacturing, power, and oil and gas companies revealed that nine out of ten organizations had faced manufacturing or energy supply from cyber-attacks in the past 12 months. The average cost of such attacks was $2.8 million, with more than half (56%) of respondents saying the disruptions lasted four or more days.
Such disruptions have led to new and evolved security tools: according to a recent report by Markets and MarketsThe size of the OT security market will grow from an estimated value of $15.5 billion in 2022 to $32.4 billion in 2027, with a compound annual growth rate (CAGR) of nearly 16%.
The report cites the increased use of digital technologies in industrial systems, strict government regulations regarding the Common Industrial Protocol (CIP) to drive adoption of OT security solutions, and convergence of IT and OT systems as the key factors driving the stimulate market growth.
Simple, fluid controls
Cisco’s Network Access Control (NAC) is a widely used tool for protecting IT networks. It supports network visibility and access control through policy enforcement on devices and users of corporate networks.
While many companies rely on it to secure their network access control systems, building management systems (BMS) often have no way of addressing industry-specific needs or protecting against greater cybersecurity risks, Barda said. In BMS settings, OT security systems must take into account specific needs and critiques of different subsystems, e.g. HVAC or elevator operation, which are often supervised by different personnel and departments.
To deploy IT-oriented tools in OT networks and detect anomalies, mature IDS tools such as Radiflow’s platform needed, said Barda. It integrates directly into Cisco’s popular BMS, protects connected devices that don’t have built-in access controls, and adds a layer of protection to a variety of OT networks, keeping security operations “simple and fluid.”
This new integration “helps mitigate an inherent problem in industrial networks, as many of these devices were never designed with built-in access control, which creates a whole host of cyber vulnerabilities,” Barda said.
Controlled, limited connection
As Barda explained, the most common cybersecurity problem in OT networks is unauthorized changes to the network topology, for example, a technician’s laptop is connected to the network and has no restrictions on what he can do in the network. Another risky issue, Barda said, is that changes to device software — even without malicious intent of any kind — can also alter the device’s communication patterns, causing damage to other devices.
Radiflow’s IDS solution discovers network assets and communication patterns, maps inventory details and vulnerabilities, and detects network anomalies. Users at Cisco facilities can distinguish the basic behavior of assets and any deviations in behavior patterns.
“Built-in access control mitigates such threats as each device is connected in a controlled and limited manner,” Barda said.
Barda explained that the platform passively monitors OT network traffic using a span port from the network’s main switches.
To maximize the coverage of the OT network, Radiflow also provides smart collectors that can connect to the span ports of external subnetworks and send the relevant data to the server in an optimized way, he said.
Radiflow’s DPI engine analyzes network traffic and creates a database of network assets, their inventory details and their normal baseline behavior patterns, Barda said. The asset database is expanded with data on their known common vulnerabilities and exposures (CVEs) and can be presented graphically or exported to other asset management tools.
Once the baseline of normal behavior is stable, the platform switches to “detection mode” and uses its DPI engine to detect anomalies in traffic flows, Barda said. Such deviations may include:
- Network topology changes.
- Changes in communication patterns.
- Industrial asset firmware and logic changes.
- Signatures of known characteristics of cyber attacks.
- Deviations in industrial commands or in process ranges.
These anomalies generate events in the platform and are reported to other security control center tools using syslog.
Ultimately, Barda said, “they greatly simplify both network security and asset management, especially in complex IT-OT networks.”
The mission of VentureBeat is a digital city square for tech decision makers to learn about transformative business technology and transactions. Discover our briefings.