Industrial Security Becomes an Active Topic This Summer

Industrial Security Becomes an Active Topic This Summer

Industrial Security. Especially the cyber kind. My inbox attracts several messages each day.

Last July I began to think that people were ignoring me. Few press releases, announcements, interviews. It was a quiet time.

I really don’t have any list of product announcements or new companies. But I thought that I’d pass along an awareness to pay attention to your cyber security risks, policies, mitigations, and counter measures.

Most of the announcements have come in the guise of “our CEO can address the new threats on industrial control systems”.

Remember when there were 3-4 places to go for industrial cyber security help?

Not so. These days there are many. The interesting ones to watch are several from Israel founded by former Israeli army intelligence officers.

There is a product and/or strategy to fit every conceivable type of threat. Part of your risk analysis needs to be a thorough evaluation of all the new ideas and companies.

Unfortunately, the number one risk continues to be people. Your people. Usually it’s carelessness. For example last winter I was in a conversation with two security product marketing managers for a large company. Each had just been slapped on the wrist (or something) for clicking on a link in a bogus email. It is just so easy.

Clicking links, opening files, not being careful with Flash, inserting USB drives, letting a contractor take a laptop home…

Most companies have policies on terminated employees–whether through downsizing or due to cause. You need to treat people with respect. Even someone terminated for cause doesn’t need a quite public “perp walk.”

However, you do need to make sure there is no network access after termination. IT must move in and change passwords immediately. Check out remote network access they might have.

I am no expert, but I have experience with employees and common sense. Be careful, take your time, think it through.

Protect those assets.

Industrial Cyber Security Becomes Increasingly Important

Industrial Cyber Security Becomes Increasingly Important

Cyber Security is always the “elephant in the room” at Industrial Internet of Things (IIoT) and Industrial Control Systems (ICS) conferences.

The latest edition of the ARC Industry Forum in Orlando featured many cyber security firms. Most were monitoring network traffic for anomalies. Some look at other aspects of the system. More firms are pivoting from other emphases into a cyber security firm.

Here are two news items attacking cyber security from totally different angles. One from the enterprise; the other from the lowest level user.

Manage Cyber Security Risks

Deloitte, the enterprise consulting company, announced plans to expand its cyber risk platform for end-to-end industrial control systems (ICS) and operational technologies (OT) security with next generation technology enabled by Dragos, a cybersecurity company focusing on securing ICS and OT networks.

The tactic Deloitte is taking is to monitor emerging cyber threats. Deloitte Risk and Financial Advisory Cyber Risk Services’ end-to-end ICS offering, enabled by Dragos technology, uses a combination of innovative cyber security products and services. This combination brings hunting and reconnaissance capabilities that now allow organizations to look beyond internal data to threat documentation found in external databases. Beyond securing ICS and OT systems, this combination of cyber risk services and technologies can provide a more complete picture of an organization’s ICS and OT threat landscape through active monitoring that can better inform scenario planning and response.

“Assessing the cyber risks of our clients’ ICS and OT, we see that many organizations are often unprepared for the magnitude of the impact to operational technology and industrial control systems environments” said Ed Powers, principal, Deloitte & Touche LLP, and U.S. leader for Deloitte Risk and Financial Advisory Cyber Risk Services. “A decision to include OT and ICS as a part of a broader cyber risk management program can improve a company’s understanding of the potential damage resulting from a cyberattack and can bolster the efficacy of its cyber risk mitigation strategy.”

The Dragos Platform, Threat Operations Center, and intelligence team form an ecosystem of technology, people, and intelligence to safeguard industrial networks. The Dragos Platform is designed for industrial networks and provides visibility into the environment, detection of threats through behavioral analytics, and the automation of workflows including incident response data collection and analysis.

“There have been pockets of excellence around the community in industrial security leading practices. But the world is facing a more connected infrastructure and a more aggressive threat than we’ve seen in years past,” said Robert M. Lee, chief executive officer, Dragos. “Now is an important time to get the solution correct and that’s what the Dragos and Deloitte cooperation represents.” 

Protecting From USB Device Hacks

We all know about Stuxnet and how it was spread using malware in USB sticks. Well, here is an interesting tactic and new product from Honeywell.

Honeywell Process Solutions (HPS) announced Secure Media Exchange (SMX) to protect facilities against current and emerging USB-borne threats, without the need for complex procedures or restrictions that impact operations or industrial personnel.

Malware spread through USB devices – used by employees and contractors to patch, update and exchange data with onsite control and computer systems – is a key risk for industrial control systems. It was the second leading threat to these systems in 2016, according to BSI publications, and uncontrolled USBs have taken power plants offline, downed turbine control workstations, and caused raw sewage floods, among other industrial accidents.

“Industrial operators often have hundreds or thousands of employees and dozens of contractors on site every day,” said Eric Knapp, Cyber Security chief engineer, HPS. “Many, if not most, of those rely on USB-removable media to get their jobs done. Plants need solutions that let people work efficiently, but also don’t compromise cyber security and, with it, industrial safety.”

Currently, many plants either ban USBs, which is difficult to enforce and significantly reduces productivity, or rely on traditional IT malware scanning solutions, which are difficult to maintain in an industrial control facility and provide limited protection. These solutions fail to protect process control networks against the latest threats, and offer no means to address targeted or zero-day attacks.

“SMX is a great example of Honeywell’s major investments in new industrial cyber security technologies, products, services, and research which further strengthen our ability to secure and protect industrial assets, operations and people,” said Jeff Zindel, vice president and general manager, Honeywell Industrial Cyber Security. “With the continued increase in cyber threats around the world, Honeywell’s industrial cyber security expertise and innovation are needed more than ever for smart industry, IIoT and critical infrastructure protection.”

Honeywell’s SMX was developed by the company’s cyber security experts based on field experience across global industrial sites and feedback from Honeywell User Group customers. Honeywell has one of the largest industrial cyber security research capabilities in the process industry, including an advanced cyber security lab near Atlanta. Honeywell also partners with cyber security leaders, including Microsoft, Intel Security and Palo Alto Networks, among others, to develop new, highly-effective industrial threat detection techniques.

Contractors “check-in” their USB drive by plugging it into an SMX Intelligence Gateway. The ruggedized industrial device analyzes files using a variety of techniques included with Honeywell’s Advanced Threat Intelligence Exchange (ATIX), a secure, hybrid-cloud threat analysis service.

SMX Client Software installed on plant Windows devices provides another layer of protection, controlling which USB devices are allowed to connect, preventing unverified USB removable media drives from being mounted, and stopping unverified files from being accessed. SMX also logs USB device connectivity and file access, providing a valuable audit capability.

“For most plants, the proliferation of removable media and USB devices is unavoidable, but the security risks they bring don’t have to be,” said Knapp. “We know our customers have limited resources to maintain another system, so Honeywell manages SMX for them. SMX never connects to our customers’ process control networks. From a system administration perspective, it’s like it’s not even there.”

Managed and maintained directly by Honeywell, SMX provides the easy and secure solution to USB security in industrial plants. It helps prevent the spread of malware through removable media; stops unverified files being read by Windows hosts; and, through the private ATIX connection, provides continually updated threat information and advanced analytics to help detect advanced, targeted, and zero-day malware.

Manufacturing Thought Leadership Summit Discusses Digitalization and Innovation

Manufacturing Thought Leadership Summit Discusses Digitalization and Innovation

Manufacturing in America—an event bringing together vendors, academia, end users of controls and automation. Siemens Industry, collaborating with its local distributor Electro-Matic, held a trade show/seminar series/thought leadership summit at the Marriott Renaissance Center Detroit March 22-23. The show has a distinct automotive industry feel, as you might expect, even though Detroit, and indeed all of Michigan, is reforming itself along high tech lines with less reliance on traditional automotive.

There was certainly a lot of thought leadership opportunity at the event. There was the Siemens Industry President of Digital Factory. There was the Governor of the State of Michigan.

ThunderChickens FIRST Robotics Team

And then, there was the group of high school students competing in the FIRST Robotics competition known as the ThunderChickens—Engineering A Better Way To Cross The Road. The picture shows a model of their robot. Such passion. Such creativity. The mechanical guy pointed to the control module. “It limits me to 6 motors,” he said. “Last year we only had one, but this year I could have used many more.”

Six motors!! What I’d have given as a kid building stuff to have one! Oh well, they were great.

Raj Batra President Siemens Digital FactoryRaj Batra, President of Digital Factory for Siemens, said the focus is on digitalization. Digital Twin is a piece of digitalization. This is the digital representation of a physical thing—product, machine, or component. Siemens brought all this together through the 2007 investment in acquiring UGS to form Siemens PLM. “Companies thought it was hype back then, now we know it drives value,” said Batra. “If you are a pure automation company how do you accomplish all this without a design component? You can’t have the digital twin. Meanwhile, a CAE company that doesn’t have automation and control do manufacturing—what do you get?” Batra added challenging the competition.

Batra continued, “We are close to a new era of autonomous manufacturing. And there is the growth of IIoT, we call Mindsphere. This all means manufacturing is no longer a black box to the enterprise. Indeed, it is strategic to the enterprise.”

Paul Maloche, vp sales and marketing Fori Automation, manufacturers of automated guided vehicles, discussed the methods by which collaboration with suppliers (in this case with Siemens) leads to innovation. Fori was diversifying from reliance on building machines for automotive applications, and evaluated the aerospace industry. The Siemens rep came in and said they could help get them into that market. But Fori would have to convert to Siemens control. The Fori team replied, “OK.” This led to development of automated guided vehicle technology and products. The partnership opened doors. Fori won several orders in aerospace market for the new AGVs with Siemens control.

Alistair Orchard, Siemens PLMAlistair Orchard, Siemens PLM, riffing off a space movie, began his talk, “Detroit, we have a problem.” All the old business models of trying to ship jobs overseas has not worked. We need to make stuff to be successful as a society. “So much of what we do has not changed in 50 years in manufacturing,” he noted, “but digitalization can change everything. Additive manufacturing can lead to mass customization due to 3D printing using the digital twin. You can try things out, find problems in design or manufacturing. You can use predictive analytics at design stage. Digital enterprise is about manufacturing close to the customer.”

Governor Rick SnyderGovernor Rick Snyder, Michigan, touted his manufacturing background as former operations head at Gateway Computers. “As governor,” he said, “it’s about how you can build an ecosystem and platform for success. Long term, success needs talent. His philosophy contains the idea that we shouldn’t tell students what they should study, but let them know where opportunities are and how to prepare for them. The private sector needs to tell government what they need in the way of talent.”

Michigan has grown more manufacturing jobs than anywhere else in the country. Not only manufacturing, though, Michigan is also a center of industrial design. But the economy not only needs designers and engineers, but also people in skilled trades. “We need to promote that as a profession. We must break the silos that said your opportunities are limited to your initial career choice.”

Michigan has invested a lot in students, especially in FIRST Robotics, where Michigan teams have risen to the top. The state has also started a computer science competition in cyber security.

How are you innovating and making the world better?

Josh LinknerJosh Linkner, CEO Detroit Venture Partners, gave the keynote address on innovation. I’ll leave you with his Five Obsessions of Innovators.

1. Curiosity—ask open ended questions
2. Crave what’s next—future orientation
3. Defy tradition—use Judo flip to turn idea on its head
4. Get scrappy—grit, determination, tenacity
5. Adapt fast

Cyber Security Featured at Recent ARC Forum

Cyber Security Featured at Recent ARC Forum

cybersecurityCyber security was a pervasive topic at the recent ARC Forum in Orlando. There were at least five suppliers with exhibits featuring security. Several were startups headed by former Israeli security officers. Guess they should know what they’re doing.

Featured:
Bedrock Automation
Claroty / Rockwell Automation
Indegy
PAS
Nazomi

Bedrock Automation

Bedrock Automation announced newly upgraded control system firmware that extends its intrinsic cyber security protection to networks, the Industrial Internet of Things (IIoT) and third-party applications. Bedrock Cybershield 2.0 firmware not only enables authentication and encryption of I/O networks and field devices, it now protects compliant networks and user applications such as controller configuration, engineering and SCADA. It achieves this with the world’s first industrial control system (ICS) certification authority (CA) – drawing on the power and flexibility of public key infrastructure (PKI) and Transport Layer Security (TLS).

Bedrock Automation also announced a controller that enables end users to obtain customized, company specific root keys With the inclusion of more than 40 intrinsic technologies, the BedrockOpen Secure Automation (OSA) platform initially delivered on two fundamentals of cyber defense: a secure control platform and secure component supply chain. The resulting endpoint root of trust leverages hardware-based secret root keys and certificates for advanced cryptographic authentication of Bedrock hardware and software components, which are further fortified with layers of anti-tamper protection.

“Our first objective was to deliver a hardware-based endpoint root of trust, which we did with the Cybershield 1.0, which was built into last year’s product release. Cybershield 2.0 is our next giant leap. It validates our built-in versus bolted-on technologies and is forward and backward compatible. This 2.0 firmware upgrade demonstrates how we continuously enhance intrinsic defense and lead the digital convergence of OT cyber security with enterprise class technologie,” said Bedrock founder, CTO and VP Engineering Albert Rooyakkers.

Claroty

Industrial security software provider Claroty and Rockwell Automation will work together to combine their security products and services into future, packaged security offerings.

After a competitive review process, Rockwell Automation selected Claroty for the company’s anomaly-detection software purpose built for industrial network security. The software creates a detailed inventory of an end user’s industrial network assets, monitors traffic between those assets, and analyzes communications at their deepest level. Detected anomalies are reported to plant and security personnel with actionable insights to help enable efficient investigation, response and recovery.

“More connected control systems combined with the potential for more attacks on those systems have made cybersecurity a top concern in the industrial world,” said Scott Lapcewich, vice president and general manager, Customer Support and Maintenance, Rockwell Automation. “Claroty’s deep-visibility software platform and expertise in industrial security made the company a natural fit for substantial collaboration as we grow our existing portfolio of security service and support offerings.”

A key characteristic of the Claroty software is its ability to explore the deepest level of industrial network protocols without adversely impacting the system. This enables end users to identify even the smallest anomalies while protecting complex and sensitive industrial networks. Traditional IT security software often uses active queries and requires a footprint on the network, which can ultimately disrupt operations. However, the Claroty platform uses a passive-monitoring approach to safely inspect traffic without the risk of disruption.

“The Claroty platform can detect a bad actor’s activities at any stage, whether they’re trying to gain a foothold on a network, conduct reconnaissance or inflict damage,” said Amir Zilberstein, co-founder and CEO, Claroty. “It also can detect human errors and other process integrity issues, which are often more common than threats from bad-actors. For example, the software monitors for critical asset changes that, if done incorrectly, could result in unexpected downtime. The system also identifies network-configuration issues that could expose a system to outside threats.” here.

Indegy

Last year I wrote about Indegy as a stealth security startup. This year, not so much stealth. It was one of several at the Forum. They told me this year that they are more OT focused than IT focused. Most of the other companies look at network traffic trying to find anomalies. Indegy focuses on changes in the PLC. The founders are from Israeli security plus retired US General Petratis is on the board.

PAS

PAS is not a new company. It has been known as the “human reliability” company focused on its background in alarm management expanded into cataloging process control systems for purposes of change management. It has taken these technologies to the next level by applying them to cyber security. Over the past two years, PAS has invested heavily in people and technology to become a leading process cyber security company.

Nozomi

Nozomi, a Swiss company, began on the offensive side of cyber security. Founders have an academic background. It switched to the defensive side with a tool that exposes visibility in a process system. Its second co-founder brings a background of machine learning to the mix. The technology listens to the network with an understanding of the process and detects anomalies.

Jacobs and Bedrock Automation to Pursue Open Secure Automation Systems Opportunities

Jacobs and Bedrock Automation to Pursue Open Secure Automation Systems Opportunities

Bedrock Automation has built a good automation platform with built-in security and toughness. I’ve been watching to see just how disruptive it might be in the market. In this announcement, it is showing further growth in its go-to-market strategy of working with integrators. It has signed a memorandum of agreement with Jacobs Engineering Group Inc., one of the world’s largest and most diverse providers of full-spectrum technical, professional and construction services. Under the agreement, the companies will pursue selected projects with automation system requirements for potential implementation of the Bedrock Open Secure Automation (OSA) system.

“Our clients are increasingly concerned about both cyber security and advanced automation and we have been creating innovative service packages to meet these needs.  Bedrock Automation has excellent experience and superior designs in this area. I am impressed with their comprehensive background and knowledge in the industrial DCS and PLC arena,” said Jacobs’ Mission Solutions Chief Technology Officer Dr. Tommy Gardner.

The Bedrock control system is known for its patented Black Fabric Cybershield architecture, which provides an intrinsic cyber secure automation platform to protect user hardware, software and applications. Unlike other conventional industrial control systems, Bedrock was designed from a clean sheet of paper with advanced components and architecture to be simple, scalable and secure.

“Jacobs is taking a leadership role in integrating the next generation of information and automation technologies for its clients,” added Bedrock Automation President Bob Honor. “We see this as a tremendous opportunity to bring our technology and our vision of holistic cyber security to a much larger audience. We look forward to an exciting and mutually beneficial relationship with Jacobs.”

 

Follow this blog

Get a weekly email of all new posts.