The evolution of industrial cybersecurity has always been closely aligned with enterprise IT strategies. From network segmentation and firewalls to whitelisting and patching, the steps taken to ensure plant-floor network security have followed the tactics proven to be effective in enterprise IT.
A key difference between the enterprise IT space and the plant floor is the detrimental effect some IT cybersecurity approaches can have on the real-time operation and downtime avoidance aspects of day-to-day production operations. To be more specific, consider the growing cybersecurity focus on continuous network monitoring. If active network monitoring measures slow down the delivery of your email or web access, or even crash the email server temporarily, it’s not the end of the world and is a small price to pay for securing the front-office network. However, if such measures impact high-speed motion control or bring production to a halt, the price tag can run into the millions of dollars lost very quickly.
That’s why we’re hearing more about the effectiveness of continuous networking monitoring (as a proven front-office cybersecurity measure) coupled with passive discovery and detection capabilities. The use of passive monitoring techniques ensures that the industrial network is not overburdened with cybersecurity-related traffic that could negatively impact production communications.
An example of this trend can be seen in the announcement of an OEM partnership between Nextnine and SecurityMatters, which involves the integration of the SilentDefense technology from SecurityMatters into Nextnine’s ICS Shield.
Automation World first covered Nextnine last year, explaining its operations technology (OT) security management system that automates the deployment and enforcement of security policies with a focus on auto-discovering all operational assets, detecting anomalies and inefficiencies, and establishing a framework for authenticated, authorized and audited secure remote access according to granular policies.
According to Nextnine, the integration of the SilentDefense technology into its ICS Shield adds continuous, state-of-the art network monitoring capabilities and provides augmented passive discovery as well as the detection of anomalies and inefficiencies. This technology reportedly improves the ability of ICS Shield to learn and validate network communication patterns and process operations with in-depth analysis of industrial protocols. It also identifies rogue and malfunctioning devices, intrusions and attacks.
“Through the integration of SecurityMatters’ SilentDefense technology, we can now passively build a comprehensive inventory and baseline picture of the ICS (industrial control system) network—including the PLCs—and quickly identify inefficiencies, anomalies, traffic patterns and misuse or abuse of communication,” said Shmulik Aran, Nextnine’s CEO.
The recent focus on passive monitoring in industrial cybersecurity applications is a developing trend, as evidenced by the entry of Claroty into the market and its partnership with Rockwell Automation. As Rockwell Automation’s Umair Masud noted in my discussion with him about Rockwell’s alliance with Claroty: The difference between passive and active network monitoring comes down to this—active monitoring places test traffic on a network to monitor the traffic. Passive monitoring simply monitors the traffic on the network without adding to the traffic. Passive monitoring is the preferred approach for OT networks so as not to disrupt critical communications between the controllers, actuators and other devices on the network.
Highlighting the inescapability of connecting IT and plant-floor networks in nearly every industry vertical, Nextnine’s Aran said, “Connected operations, along with its benefits, also introduces a new set of cybersecurity vulnerabilities. These risks have attracted a lot of well-deserved headlines recently, although, with the correct security mechanisms in place, it should not prevent an industrial enterprise from enjoying the benefits of merging their IT networks with their OT infrastructure. Our ICS Shield solution provides a holistic approach for manufacturers to minimize the risks of connected operations with a focus on the security essentials, such as secure remote access for multiple third parties, updating patches and antivirus signatures, compliance reporting or even simply creating an inventory of all operational assets.”