Cyber security was a pervasive topic at the recent ARC Forum in Orlando. There were at least five suppliers with exhibits featuring security. Several were startups headed by former Israeli security officers. Guess they should know what they’re doing.
Claroty / Rockwell Automation
Bedrock Automation announced newly upgraded control system firmware that extends its intrinsic cyber security protection to networks, the Industrial Internet of Things (IIoT) and third-party applications. Bedrock Cybershield 2.0 firmware not only enables authentication and encryption of I/O networks and field devices, it now protects compliant networks and user applications such as controller configuration, engineering and SCADA. It achieves this with the world’s first industrial control system (ICS) certification authority (CA) – drawing on the power and flexibility of public key infrastructure (PKI) and Transport Layer Security (TLS).
Bedrock Automation also announced a controller that enables end users to obtain customized, company specific root keys With the inclusion of more than 40 intrinsic technologies, the BedrockOpen Secure Automation (OSA) platform initially delivered on two fundamentals of cyber defense: a secure control platform and secure component supply chain. The resulting endpoint root of trust leverages hardware-based secret root keys and certificates for advanced cryptographic authentication of Bedrock hardware and software components, which are further fortified with layers of anti-tamper protection.
“Our first objective was to deliver a hardware-based endpoint root of trust, which we did with the Cybershield 1.0, which was built into last year’s product release. Cybershield 2.0 is our next giant leap. It validates our built-in versus bolted-on technologies and is forward and backward compatible. This 2.0 firmware upgrade demonstrates how we continuously enhance intrinsic defense and lead the digital convergence of OT cyber security with enterprise class technologie,” said Bedrock founder, CTO and VP Engineering Albert Rooyakkers.
After a competitive review process, Rockwell Automation selected Claroty for the company’s anomaly-detection software purpose built for industrial network security. The software creates a detailed inventory of an end user’s industrial network assets, monitors traffic between those assets, and analyzes communications at their deepest level. Detected anomalies are reported to plant and security personnel with actionable insights to help enable efficient investigation, response and recovery.
“More connected control systems combined with the potential for more attacks on those systems have made cybersecurity a top concern in the industrial world,” said Scott Lapcewich, vice president and general manager, Customer Support and Maintenance, Rockwell Automation. “Claroty’s deep-visibility software platform and expertise in industrial security made the company a natural fit for substantial collaboration as we grow our existing portfolio of security service and support offerings.”
A key characteristic of the Claroty software is its ability to explore the deepest level of industrial network protocols without adversely impacting the system. This enables end users to identify even the smallest anomalies while protecting complex and sensitive industrial networks. Traditional IT security software often uses active queries and requires a footprint on the network, which can ultimately disrupt operations. However, the Claroty platform uses a passive-monitoring approach to safely inspect traffic without the risk of disruption.
“The Claroty platform can detect a bad actor’s activities at any stage, whether they’re trying to gain a foothold on a network, conduct reconnaissance or inflict damage,” said Amir Zilberstein, co-founder and CEO, Claroty. “It also can detect human errors and other process integrity issues, which are often more common than threats from bad-actors. For example, the software monitors for critical asset changes that, if done incorrectly, could result in unexpected downtime. The system also identifies network-configuration issues that could expose a system to outside threats.” here.
Last year I wrote about Indegy as a stealth security startup. This year, not so much stealth. It was one of several at the Forum. They told me this year that they are more OT focused than IT focused. Most of the other companies look at network traffic trying to find anomalies. Indegy focuses on changes in the PLC. The founders are from Israeli security plus retired US General Petratis is on the board.
PAS is not a new company. It has been known as the “human reliability” company focused on its background in alarm management expanded into cataloging process control systems for purposes of change management. It has taken these technologies to the next level by applying them to cyber security. Over the past two years, PAS has invested heavily in people and technology to become a leading process cyber security company.
Nozomi, a Swiss company, began on the offensive side of cyber security. Founders have an academic background. It switched to the defensive side with a tool that exposes visibility in a process system. Its second co-founder brings a background of machine learning to the mix. The technology listens to the network with an understanding of the process and detects anomalies.