4 Questions to Ask About Industrial Cybersecurity Software

May 19, 2022
From regulatory compliance and configuration security to potential downtime impacts, Gabe Authier of Tripwire highlights the major issues to address when evaluating cybersecurity software.

With the threat of cybersecurity attacks against industry worldwide on the rise amid the war in Ukraine, which follows hard on the news about growing ransomware attacks on industry and the potential for control system incursions via log4j exploits, industrial companies of all sizes are turning a close eye to their own levels of cybersecurity protections.

The good news is there is no shortage of available information about how to protect your operations technology (OT) systems. In all this information, however, there are often references to the need for a “continuous OT monitoring solution to log and alert on malicious indicators and behaviors.” This particular reference comes from the CISA’s alert on advanced persistent threat actors increasing focus on industrial control system (ICS) supervisory control and data acquisition (SCADA) devices.

Learn the cybersecurity lessons from the Colonial Oil cyber attack.

In these government alerts that highlight the need for cybersecurity software, no specific products are mentioned. Consider that, how can you determine which is best for your operation.

Gabe Authier, senior product manager at Tripwire, a provider of security, compliance, and IT operations software, recommends using this 4-question guideline to evaluate the multitude of cybersecurity tools available.
  • Why is it crucial to know what’s on your ICS network? Network monitoring systems provide the first line of defense when applications go down or when performance begins to deteriorate, says Authier, yet 64% percent of security leaders  feel that they lack the tools and resources they need to monitor, 62 percent lack the tools and resources they need to analyze and understand, and 68 percent lack the tools and resources they need to mitigate external threats, according to research conducted by Ponemon Insitute. “It is not always easy to figure out what is running, much less whether or not it is configured properly,” he says. “But once you understand your current security posture, you can develop a strategy to assemble the assets and implement protocols to accomplish your security goals.”

  •  Does it test for regulatory compliance? In addition to detecting an unauthorized change on your industrial devices, cybersecurity software should aid in achieving and maintaining regulatory compliance with frameworks like IEC 62443, NERC CIP, NIST, and the Center for Internet Security’s CIS ISC CSC.

  • How does it handle configuration security? Referencing a recent study by ServiceNow, Authier notes that 78% of chief information security officers are worried about their ability to detect intrusions and anamolies. He says this underscores the need for cyberscurity software to deliver not just best-in-class security, but integrity monitoring and configuration and compliance management with an extensible agent and agentless approach to data collection (i.e., data can be collected from your devices without needing to install additional software to do so).

  • Will remediating suspicious changes cause system downtime? “One of the biggest concerns of control systems operators is that remediating suspicious changes will lead to an interruption in operations,” says Authier. Thus the importance of ensuring that the cybersecurity systems you’re reviewing can provide “centralized control of configurations across the entire physical and virtual IT & OT infrastructures, including multiple devices, platforms and operating systems, without interrupting operations,” he adds.

Authier points out that the Tripewire Enterprise cybersecurity software provides a single interface management system via “an agentless security solution which can be accessed from virtually anywhere to provide a comprehensive picture of security issues and actions. With automated continuous monitoring across different types of operating systems, industrial devices, and applications, industrial organizations now have a simplified and cost-effective solution for maintaining system hardening and continual proof of compliance for standards like IEC 62443, NERC CIP, NIST and CIS ISC CSC.”

About the Author

David Greenfield, editor in chief | Editor in Chief

David Greenfield joined Automation World in June 2011. Bringing a wealth of industry knowledge and media experience to his position, David’s contributions can be found in AW’s print and online editions and custom projects. He is also the chief program architect of the annual Automation World Conference & Expo. Earlier in his career, David was Editorial Director of Design News at UBM Electronics, and prior to joining UBM, he was Editorial Director of Control Engineering at Reed Business Information, where he also worked on Manufacturing Business Technology as Publisher. 

Sponsored Recommendations

Meet our experts - Reduce complexity of a DCS Migration

Sign up for a complementary onsite assessment.

Revolutionizing Germany’s energy landscape: The Wilhelmshaven floating LNG terminal

The German LNG terminal lays the groundwork for future sustainable energy initiatives. Here's how Schneider Electric helped make it happen.

Navigating Distributed Control Systems Migration

Navigating Distributed Control System (DCS) migrations doesn't have to be as complex as it seems. Whether you are planning a migration or seeking to enhance ...

Revolutionize process safety with Tricon CX V12

The most versatile TÜV certified safety instrumented system. One system with a choice of architectures and form factors delivering a lifetime of safe, resili...