As digital transformation initiatives continue across industry, more and more data that would have once been relegated to local, isolated industrial control systems (ICS) is being shipped out via the internet to centralized cloud storage facilities, enterprise-level servers, and other remote sites. The benefits of this edge-to-enterprise pipeline are numerous, ranging from allowing for higher-level analytics and decision-making to enabling the development of digital twin simulations. Moreover, with COVID-19 increasing the need for remote access, this trend is only expected to continue picking up pace.
Yet with these opportunities come new threats as well, and experts are taking note. Along with an increasing emphasis on the network technologies that make edge-to-enterprise data transmission possible, cybersecurity has become a growing concern. In particular, operational technology (OT) that was once seen as secure is now proving to be a potential vector for cyber attacks, as plant-level devices such as sensors are becoming gateways to higher-level systems.
This shift is emerging as the Purdue Model, which firmly separates the OT and information technology (IT) environments with multiple levels of security and control, becomes less common. Whereas data once produced by a plant-level device would have had to pass through several layers of control hierarchy, it is now liable to be transmitted directly over the internet to an external server or other remote system. Sometimes, plant operators may not even realize their devices are insecure.
To help address these issues, Claroty, a company focused on bridging the cybersecurity gap between IT and OT environments, has recently announced updates to its Claroty platform that reportedly enable users to seamlessly engage in remote incident management from any location. Claroty notes that the update comes largely as a response to the COVID-19 pandemic, which has accelerated the shift to remote work, resulting in more interconnections between OT and IT, and an expanded surface for potential cyber attacks.
The updated platform seeks to aid customers throughout the entire incident lifecycle, which includes detection, investigation, and response.
In the detection phase, Claroty grants users the ability to identify and differentiate authorized remote activity from unauthorized activity. When an alert is received, it can be compared to similar events across Claroty’s customer base, allowing users to assess its potential impact. Once investigation begins, users are offered visibility into remote activity, as well as insights into how indicators of potential incidents have manifested in other areas. This greater context can ensure a more effective response, while also reducing the need for on-site staff to assess the nature of a potential breach. Finally, should a response be necessary, Claroty facilitates remote collaboration by allowing users to disconnect potentially harmful OT assets from any location.
These features are designed to assist users in deterring and responding to both asset-based attacks, in which equipment is targeted, and identity-based attacks, wherein sensitive information related to a business itself or individual personnel within it may be stolen.
“Receiving vulnerability alerts in real-time is a must-have,” said Thomas Leen, vice president of cybersecurity at BHP, a mining, metals, and petroleum company. “The Claroty Platform allows us to quickly identify which of our assets have led to vulnerabilities and prioritize the actions we need to take in order to reduce and eliminate potential risks to the business.”