This is security day at The Manufacturing Connection. Not only do we have an implementation of CIP Security (see other post today), demand for increased protection where IT meets OT drives this decision to form a new company.
Moxa Inc., a leader in industrial communications and networking, and Trend Micro Inc., a global leader in cybersecurity solutions, have executed a letter of intent relating to the formation of a joint-venture corporation-TXOne Networks-which will focus on the security needs present in the Industrial Internet of Things (IIoT) environments, including smart manufacturing, smart city, smart energy and more.
Historically, Information Technology (IT) and Operations Technology (OT) have operated within industrial organizations as isolated and independent networks with different teams, objectives and requirements. Organizations are teeming with machinery and devices that were not originally designed for connectivity to the corporate network, which means they often lack the ability to be easily updated or patched for security measures. There is a critical need to secure these devices, identify clear ongoing ownership, and to provide a holistic view across the broadening attack surface within enterprises.
Trend Micro, majority owner in TXOne Networks, identified the potential challenges faced by IIoT stakeholders early on and has been working on several fronts to secure the entire ecosystem, from data center to device. Moxa Inc. brings more than 30 years of experience in industrial networking and protocol expertise. TXOne Networks combines these strengths and responds to the growing security needs of industry, such as smart factories that require a unified solution for delivering deeper visibility into both devices and protocols. These complicated environments are made up of multiple layers requiring protection that sits in and between IT and OT. The responsibility for the security of these combined layers is traditionally unclear.
“I’m excited about this venture and how Trend Micro continues to take diverse yet focused growth steps that allow our teams to remain concentrated on core strengths while giving room to better serve customers and advance into new markets,” said Eva Chen, chief executive officer for Trend Micro. “Partnering with Moxa will combine more than 60 years of expertise to accelerate our ability to view and secure the extended enterprise including these important but often overlooked OT environments.”
TXOne Networks will build security gateways, endpoint agents and network segmentation to secure, control, and provide visibility of operational technology and equipment. Unlike some solutions focused solely on protecting assets nearest to the IT layer via detection, TXOne Networks has expertise closest to the OT layer and will provide proactive, timely and easily implemented solutions to secure the Industrial Control Systems (ICS) world.
In addition to investing intellectual capital, funds, and dedicated headcount, each parent company lends complementary channel expertise. For its part, Trend Micro brings IT channel partner strength while Moxa brings OT channel partner strength. Together these reinforce the business model and geographic territory targets. TXOne Networks will be led by Dr. Terence Liu, Trend Micro Vice President and former CEO of Broadweb. With experience building both products and teams, Dr. Liu will bring nearly 20 years of security product expertise to this new team.
“With this joint venture, Moxa and Trend Micro will position TXOne Networks as a global leader in the industry to create effective IIoT security solutions that help ensure that IIoT applications and critical infrastructures are secure,” said Andy Cheng, Strategic Business Unit President for Moxa Inc. “Industrial automation customers around the globe will be able to reap the benefits of having a holistic OT/IT security solution to protect assets and reduce operational risk.”
TXOne solutions also will enable OT customers to optimize network infrastructure for more IIoT opportunities. They will benefit from Moxa’s expertise in building reliable networks to bring more legacy and disparate networks into on industry-grade Ethernet backbone and raising the security level of the entire network’s communication to help drive nonstop productivity and cost reduction. Professional services will also be provided including security risk assessment, security breach response, and access to threat intelligence from Trend Micro Research and its Zero Day Initiative (ZDI).
“In a world where attacks are getting more persistent and sophisticated, while organizations are struggling with skills shortage and alert fatigue, these two groups are joining forces to successfully secure enterprises around the globe,” said Dr. Terence Liu, General Manager, TXOne Networks. “I am eager to pursue the opportunities and challenges this team will tackle in the months and years to come.”
I didn’t attend Automation Fair this year, but I have been watching for news. Here is a first product release from Rockwell Automation using CIP Security—an extension of the Common Industrial Protocol promulgated by ODVA designed for, well, secure communication as one part of a defense-in-depth strategy.
CIP is the application-layer protocol for EtherNet/IP. CIP Security supports transport layer security (TLS), the most proven security standard in widespread use on the World Wide Web today.
“CIP Security can protect devices and systems that use EtherNet/IP from some of the top risks in connected operations, such as unauthorized PCs,” said Tony Baker, portfolio manager, security, for Rockwell Automation. “It does this in a few key ways. First, it limits device connectivity to only trusted PCs and devices. It also guards against packet tampering to protect data integrity. Finally, it encrypts communications to avert unwanted data reading and disclosure.”
Engineers will be able to implement CIP Security in their systems through new Rockwell Automation products and firmware updates to existing products such as Allen-Bradley ControlLogix controllers, communication modules, and Kinetix servo drives.
In addition, the newly enhanced FactoryTalk Linx communications software allows FactoryTalk visualization and information software running on a PC to communicate to CIP Security-enabled devices. The new FactoryTalk Policy Manager tool within the FactoryTalk software is used to implement and configure security policies between CIP Security-enabled devices.
Rockwell Automation developed this new capability to work with existing industrial control devices regardless of whether or not they were designed to support CIP Security. This allows industrial users to phase in security over time and retrofit existing installations.
In addition, Allen-Bradley ControlLogix 5580 controllers will soon be certified compliant with the IEC 62443-4-2 security standard, building on the IEC 62443-4-1 certification that the Rockwell Automation Security Development Lifecycle has already received.
This latest certification means the controllers will meet the global standard’s robust cybersecurity requirements to help companies secure their connected operations. The ControlLogix 5580 family of controllers is one of the first platforms on the market to achieve this compliance.
I asked PAS founder and CEO Eddie Habibi about his pivot to cybersecurity during our conversation this week. It’s not a pivot, he corrected me. Cybersecurity is a natural progression from all the work PAS has done since its founding.
(Read to the end to learn about further security threats.)
Fighting Cyber intrusions begins with data
“Cybersecurity starts with knowing everything in the system from level 0 forward. This creates a baseline for change management. (PAS product) Integrity had that already, so we built analytics, visualization, and reporting on top of it,” he added.
Everybody on OT side looking for diversified information, security is fundamental, know what you have, know your vulnerabilities, address them. Golden baseline, so you can manage change
Supply chain (reason PR firm reached out), If you have a six sigma process but if your suppliers don’t then you don’t have the full value. Cyber is the same way. If I know everything I need to do but if DCS vendor sends patch with malware, then I’m in trouble anyway.
PAS is seeing customers in sectors they’ve never worked in before. While once PAS was focused on working with one supplier, now it works with more than 80 different systems and brands.
I asked about corporate awareness and concern. Habibi said pressure is coming from boards of directors who are concerned about risk and liability. “I haven’t seen anything this serious for a long time. It’s as serious as safety was in the ‘90s.”
USB as a Threat
This was almost a #DUH moment when I saw the press release from Honeywell. USB media devices pose a significant and intentional cybersecurity threat to industrial control networks.
Raise your hand if you already knew that. However, Honeywell used a remote monitoring technology to document the threat.
Data derived from Honeywell technology called Secure Media Exchange used to scan and control USB devices at 50 customer locations showed that nearly half (44 percent) detected and blocked at least one file with a security issue. It also revealed that 26 percent of the detected threats were capable of significant disruption by causing operators to lose visibility or control of their operations.
Claroty has been busy. Following the news of investments and partnership with Rockwell Automation, Claroty and Siemens announced a global partnership. Siemens will leverage Claroty’s advanced behavioral analysis technology in Siemens’ recently announced Industrial Anomaly Detection solution.
Siemens, through its global venture firm Next47, also invested in Claroty, joining a global syndicate of industrial giants that invested $60 million in the company’s Series B round, bringing the company’s total investment to date to $93 million.
Siemens initiated the Charter of Trust in February 2018, gaining the support of other giant companies in the global fight against the rising cybersecurity threat to industrial systems. Siemens also continues to expand its cybersecurity portfolio, debuting at the 2018 Hannover Messe industrial automation conference a new Industrial Anomaly Detection solution, which will deliver significant value for both operations and cybersecurity teams. Operations teams receive a detailed inventory of industrial assets and changes to the network. Cybersecurity teams can continuously monitor these critical networks for vulnerabilities, malicious activity, and high-risk changes, across distributed industrial sites.
Claroty was selected by Siemens following an intensive technical evaluation. “In selecting our security partner for Industrial Anomaly Detection, we reviewed the market, conducted a detailed evaluation, and rigorously tested possible technology in our industrial lab environment,” said Dr. Thomas Moser, CEO of the Siemens Customer Services business unit. “Claroty’s advanced behavioral analysis provides a significant advantage to our customers in reducing risk to their OT environment.”
“Our mission is to help our customers secure industrial networks so they can avoid costly operations downtime, and maintain the safety of people and expensive assets,” said Amir Zilberstein, Claroty Co-founder and CEO. “Siemens’ selection of Claroty as a strategic partner and their investment in our company is further validation of our technology, our team, and our ability to deliver world-class, enterprise-level protection.”
Siemens uses Claroty in a pre-packaged offering enabling customers to quickly and safely deploy anomaly detection in their operations. Siemens brings the offering to the market based on pre-installed packages on Siemens IPC. In the future, it is planned to also offer this based on Siemens switches with an Application Processing engine provided by the Ruggedcom RX1500 series.
Siemens, as owner and operator of nearly 300 factories, heavily leverages digitalizing for efficiency gains. Responsible digitalization must go hand in hand with cybersecurity. Therefore, Siemens is implementing a defense-in-depth security concept in its factories. Industrial Anomaly Detection is an important element of this concept.
The Claroty Platform is comprised of multiple integrated products, built on Claroty’s advanced CoreX technology. The products provide the full range of cybersecurity protection, control, detection, and response. Claroty has received multiple industry awards in recent months. It was recently named an Energy Innovation Pioneer at CERAWeek 2018, and the company’s flagship Continuous Threat Detection product won the ICS Detection Challenge during the S4x18 conference in Miami.
Amongst the cloud and manufacturing IT booths in Hannover was a sizable booth nestled in the middle housing Arm, the processor company. Here Ian Ferguson, Vice President, Ecosystem Development, met with me to discuss some of the latest embedded computing news.
Arm licenses chips which are optimized to the OS for customer companies to use and customize.
Its software business includes a device manager for small device apps for provisioning and connecting. It has also announced a bridge to IBM Watson.
Its software product, Embed, runs on ARM. Among the areas of focus is smart meters and tracking of small assets. Ferguson also mentioned smart buildings–especially lighting.
Security is a key focus working at the chip level to detect intrusions, “device health”.
• Rapid industry adoption of Mbed Platform with more than 300,000 developers (>30% growth over the past year) and 80 partners
• Arm expands integration with IBM Watson IoT, and partners with Cybertrust and GlobalSign to deliver BYOC (Bring-Your-Own-Certificate) flexible IoT security authentication
• Mbed drives IoT business value for logistics, utilities and smart cities as organizations shift to Industry 4.0
Help organizations take advantage of the opportunities offered by IoT data and combine this with their business data to create valuable business outcomes. However, in talking with these organizations, many feel that pursuing opportunities to achieve these business outcomes through IoT opens themselves up to more IT complexity and greater security concerns.
Security and complexity of integration are legitimate concerns that addressed with Arm Mbed Platform. This platform provides the necessary IoT building blocks including, connectivity, device management, security and provisioning with the support of a 300,000+ strong developer community that has grown more than 30% in the past year.
It’s also supported by a growing ecosystem of 80 contributing partners such as IBM, which is bridging the Mbed Cloud with IBM Watson IoT Platform. We’ve integrated Mbed Cloud with Cybertrust and GlobalSign to provide more flexible security authentication for IoT devices.
Mbed Cloud and Mbed Cloud On Premises were designed to provide device management, connectivity and provisioning that customers demand, supported across multiple public and private clouds, on-premises and hybrid environments.
IoT security should be easy to implement, not an inhibitor. The new integrations between Mbed Cloud and Cybertrust and GlobalSign enable customers to BYOC (Bring-Your-Own-Certificate) for flexible and secure IoT authentication, leveraging the public key infrastructure they already use. Security should also be built into development, which is why Arm is planning to make its free open-sourced development platform, Mbed OS, the first OS to support PSA-Compliant trusted boot, storage and opaque cryptography.
However, even when security is built-in, software updates are often needed to maintain a strong security posture, which is a challenge when there are millions of devices already deployed out in the field. Through an expanded integration with IBM Watson IoT Platform, its users can now manage, provision and update firmware over-the-air for their IoT devices through Mbed Cloud.
Sometimes I wonder–Is it time for the entire Boomer generation to retire and pass the baton to the next generation? Here is another survey, this one on cybersecurity, that reveals executives know about a problem but have few or no plans to solve it soon.
People tell me constantly about surveys such as this one or training opportunities where executives and engineers in Europe pursue knowledge and those in Asia cannot satisfy their demand for standards and knowledge. And in the US? Not so much interest.
Here is a poll by a security company, Indegy, who (maybe not so surprisingly since it sells solutions) uncovered the gap yet again.
The poll found that nearly 60 percent of executives at critical infrastructure operators polled in a recent survey said they lack appropriate controls to protect their environments from security threats. As expected, nearly half of all respondents indicated their organizations plan to increase spending for industrial control system (ICS) security measures in the next 12-24 months.
“We have been tracking the escalation in cyber threat activity specifically targeting critical infrastructures for some time,” says Barak Perelman, CEO of Indegy. “As the recent joint DHS/FBI CERT Technical Alert illustrates, adversaries have compromised facilities across the US to conduct reconnaissance and likely develop “Red Button” capability for future attacks.”
Lack of Visibility and Control Cited
While organizations have made significant investments to secure their IT infrastructures, they have not fully addressed threats to operational technology (OT) environments. The recent Indegy poll of nearly 100 executives from various critical infrastructure organizations underscores the lack of preparedness in key sectors including energy, utilities and manufacturing. Among the key findings:
- 35% of respondents said they have little visibility into the current state of security within their environment, while 23% reported they have no visibility
- 63% claimed that insider threats and misconfigurations are the biggest security risks they currently face
- 57% said they are not confident that their organization, and other infrastructure companies, are in control of OT security
- Meanwhile, 44% of respondents indicated an increase in ICS spending was planned in the next 12 to 24 months, with 29% reporting they were not sure