Check out all the on-demand sessions from the Intelligent Security Summit here.
With the advent of Industry 4.0, industrial networks are becoming increasingly digitized.
But while this brings many gains in productivity, quality and efficiency, it introduces new — and never before considered — cybersecurity vulnerabilities.
Due to its critical nature, operational technology (OT) networks — digital networks on the production floor — require specific security tools beyond those used in IT networks themselves. Intrusion detection systems (IDS) are considered one of the most effective of these tools, as they passively monitor network traffic and don’t pose risks to ongoing operational processes.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
“The shortage of resources with OT security expertise is quite high and keeps growing,” said Ilan Barda, Radiflow‘s cofounder and CEO. “As such, it is important to use such integrations to reduce the need for manual work.”
OT facilities like Cisco’s are a growing attack surface
Barda described an “alarming” increase in cybersecurity attacks against OT facilities.
To this point, a Trend Micro survey of industrial cybersecurity in manufacturing, electric and oil and gas companies revealed that nine out of 10 organizations had production or energy supplies impacted by cyberattacks in the past 12 months. The average cost of such attacks was $2.8 million, and more than half (56%) of respondents said disruptions lasted four or more days.
Such disruptions have given rise to new and evolved security tools: According to a recent report from MarketsandMarkets, the OT security market size will grow from an estimated value of $15.5 billion in 2022 to $32.4 billion in 2027, registering a compound annual growth rate (CAGR) of nearly 16%.
The report cites increased use of digital technologies in industrial systems, stringent government regulations related to the common industrial protocol (CIP) to boost the adoption of OT security solutions, and convergence of IT and OT systems as the top factors driving market growth.
Simple, fluent operations
Cisco’s network access control (NAC) is a widely used tool for protecting IT networks. It supports network visibility and access management through policy enforcement on devices and users of corporate networks.
Although many companies rely on it to secure their network access control systems, building management systems (BMS) often have no way to account for industry-specific needs or protect against greater cybersecurity risks, said Barda. In BMS settings, OT security systems have to account for specific needs and criticalities of different subsystems — HVAC or elevator operation, for instance, which are often overseen by different personnel and departments.
To deploy IT-oriented tools in OT networks and detect anomalies, mature IDS tools like Radiflow’s platform are needed, said Barda. It integrates directly into Cisco’s popular BMS, protecting connected devices that don’t have embedded access control, and adds a protection layer to a variety of OT networks, keeping security operations “simple and fluent.”
This new incorporation “helps alleviate an inherent problem in industrial networks since many of these devices were never designed with embedded access control, introducing a slew of cyber-vulnerabilities,” said Barda.
Controlled, restricted connection
As Barda explained, the most common cybersecurity issue in OT networks is unauthorized changes in network topology — for example, a technician’s laptop that is connected to the network and has no limitations on what it can do in the network. Another high-risk issue, said Barda, is that changes in device software — even without any sort of malicious intent — can also change the device’s communication patterns, causing damage to other devices.
Radiflow’s IDS solution discovers network assets and communication patterns, maps inventory details and vulnerabilities, and detects network anomalies. Users at Cisco facilities can discern baseline asset behavior and any deviation in behavior patterns.
“With embedded access control, such threats are mitigated since every device is connected in a controlled and restricted way,” Barda said.
Barda explained that the platform passively monitors OT network traffic using a span port from the main switches of the network.
To maximize OT network coverage, Radiflow also provides smart collectors that can connect to the span ports of remote subnetworks and send the relevant data to the server in an optimized way, he said.
Radiflow’s DPI engine parses network traffic and creates a database of network assets, their inventory details and their normal baseline behavior patterns, said Barda. The asset database is enhanced with data of their known common vulnerabilities and exposures (CVEs) and can be presented graphically or exported to other asset management tools.
Once the baseline of the normal behavior is stable, the platform switches to “detection mode” and uses its DPI engine to detect anomalies in traffic flows, said Barda. Such anomalies could include:
- Changes in network topology.
- Changes in communication patterns.
- Changes in the firmware and logic of industrial assets.
- Signatures of known characteristics of cyber exploits.
- Deviations in industrial commands or in ranges of the process.
These anomalies generate events in the platform and are reported to other security control center tools using syslog.
Ultimately, Barda said, they “…greatly simplify both network security and asset management, especially in complex IT-OT networks.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.