We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
There’s a huge security gap widening across operational technology (OT) ecosystems today. Attackers are getting more sophisticated and new vulnerabilities are constantly evolving. A recent report by Skybox Research Lab showed about 20,200 new vulnerabilities were published last year — a record high figure for vulnerabilities published in a year.
The report further revealed that OT vulnerabilities — which threaten critical infrastructure and leave backdoors for potentially catastrophic attacks — grew by 88%, up from 690 in 2020 to 1,295 in 2021. Gartner reports “cyberattackers will have weaponized operational technology environments to successfully harm humans.” The real-world hazards and business impact of OT breaches are scary and require proactive and innovative security measures.
Operational technology (OT), described by Gartner as “hardware and software that monitors or controls equipment, assets and processes,” is growing in importance, but challenges with threat detection and risk mitigation still persist. In another report, Gartner explains that security incidents in OT and other cyber-physical systems (CPS) can result in commercial vandalism, reputational damage and physical harm. The report further indicates that the financial impact of CPS attacks resulting in fatal casualties will exceed $50 billion globally by 2023.
Israel-based Radiflow, an OT cybersecurity provider, says its solution secures OT environments by combining visibility, risk assessment, mitigation planning and anomaly detection. Ilan Barda, cofounder and CEO at Radiflow, told VentureBeat in an exclusive interview the company’s visibility and anomaly detection engines use deep-packet inspection of industrial protocols to passively detect the detailed characteristics and behaviors of assets and then alert on any anomalies from the normal baseline.
Radiflow’s risk assessment and mitigation planning engines leverage a breach-attack-simulation algorithm that uses the visibility outputs to build a digital image of an OT network and simulate relevant attack vectors, so the resulting risk score and proposed mitigations are data-driven.
OT networks versus IT networks
While OT networks share certain similarities with IT networks — like routers and wireless technology — Barda noted that they aren’t the same. He said OT networks don’t enjoy the same flexibility and security capabilities as IT networks. An article by Cisco says the major distinction between IT and OT is based on each’s focus: while IT focuses on an organization’s “front-end informational activities,” OT is centered on “back-end production (machines).”
For example, according to Barda, IT networks can ensure that all assets are up to date and patched as necessary, often by doing a network-wide freeze during off-hours so that when workers come back, everything is updated and ready to go. However, in OT, it is not uncommon for certain machinery to have stopped receiving patches a decade ago or more. Other OT assets have known vulnerabilities that can be mitigated, but never fully addressed because of the required down-time of the overall facility and production processes.
Furthermore, he said since availability is the key parameter in OT networks to ensure that production continues and the facility generates its value, there is no room for mistakes.
“No OT manager will allow the security team to actively scan their network or perform pen-tests due to the smallest risk that one of the legacy industrial controllers will shut-down in such an exercise and the whole production process will halt,” he said.
This is a reality that presents huge challenges for OT CISOs and their cybersecurity teams, according to Barda.
Recommendations for CISOs
Barda recommends that CISOs must carefully evaluate the risks, business impact and alternatives to mitigating threats to avoid exploitation of vulnerabilities on their OT networks.
According to Barda, OT decision-makers traditionally rely on best practices and educated guesses, since conducting breach attack simulations was impossible, at least prior to the release of CIARA — Radiflow’s OT risk assessment and management platform. Previously, CISOs had to look at other incidents from around the globe and try to mitigate them as best they could without a simulated environment — a standard practice in the IT world.
Barda said Radiflow is seeing a shift in requests, away from meeting regulatory requirements to business-driven protection that protects an organization’s bottom line — with Europe being one of the major markets where this shift is happening. He also added that another compelling trend Radiflow is seeing in the OT security space is the theory of someone doing damage to an industrial network, which would stop production, power plants and more. Barda said this isn’t a theory anymore, noting that attackers now infiltrate OT networks to stop manufacturing or the operations of critical infrastructure.
As cybersecurity attacks on OT facilities and supply chain instability rise, companies must begin to prioritize understanding the necessity of protecting their assets against any interruption. This protects both their brand’s reputation and the bottom line, according to Barda. Radiflow wants to tackle the delicate balance between needs and resources.
“If a company believes that facility A is the most profitable, they are more likely to put more cybersecurity resources there. But, at times, when running CIARA, they see that an attack’s fallout is more of an inconvenience than a disaster for facility A. At the same time, they can begin to understand that the attack would devastate facility B. Now, they know not only which resources to use, but proper mitigation techniques that align with company needs,” he said.
More about Radiflow
While Barda agreed there are several strong players in the market, like Nozomi Networks and Claroty, he said Radiflow’s unique value offer is the risk management layer on top of the visibility and anomaly detection. He said the company’s CIARA risk management tool provides the CISO with valuable insights for planning rather than just acting as an operational tool. Radiflow was cofounded in 2009 by Zohar Zisapel and Ilan Barda, with a focus on modern communication solutions for industrial automation networks to support the transition to “industry 4.0.” The company pivoted and focused on cybersecurity for the same industrial automation networks in 2016.
Radiflow recently announced what Barda calls “a strategic transaction” with Sabanci Holding, which will acquire a majority stake in Radiflow with a $45M investment and in 2025 plan to have 100% ownership.
Barda said this additional capital will help Radiflow to accelerate growth and gain unique access to the industrial sites of Sabanci Holding to generate in-depth insights for Radiflow’s global solutions.Radiflow believes the next phase in OT security requires collaboration across the community, so the company plans to center its next offering on collecting anonymous data from customers. Barda said the data can be used collectively to provide back valuable insights to each of them about industry benchmarks, trends and more.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.