Author: Fabien Maisl
It’s an exciting time for organizations that are migrating to Industry 4.0. Over the last few decades, industrial control systems (ICS) have enabled modern industrial automation. Today, Industrial Internet of Things (IIoT) technologies present new opportunities to increase operational efficiency and launch a new generation of industrial products and services.
But first, organizations must address security. Last week at Cisco Live in Barcelona we announced the first release of Cisco Cyber Vision, a solution designed to address these security challenges so that organizations can control cybersecurity risks and capture the benefits of Industry 4.0.
Protecting industrial operations is a very specific challenge that can’t be addressed with traditional IT security tools. Industrial processes can’t come to a halt to install a patch. Disruption can have a devastating impact on human lives and/or the environment. To further complicate matters, attacks can be difficult to detect because they are often custom made and look like legitimate process instructions.
Cisco Cyber Vision is specifically designed for industrial organizations to ensure continuity, resilience, and safety of their operations. It provides full visibility into the ICS infrastructure, including dynamic asset inventory, real-time monitoring of process data, and threat intelligence, enabling operators to build secure infrastructures and enforce security policies to control risk. Let’s take a look under the hood at these features and capabilities.
Security built into your industrial network
Complexity is the enemy of security. Unfortunately OT cybersecurity can quickly become very complex, especially if the industrial network is dispersed across an entire country or many remote industrial sites. For an OT cybersecurity project to be successful, you must be able to scale it easily and at a reasonable cost across your entire organization.
Cisco Cyber Vision leverages a unique edge computing architecture that enables security monitoring components to run within Cisco’s industrial network equipment (IoT switches, routers, access points, industrial compute, etc.). That means there’s no need to install and manage dedicated appliances. Nor do you need to configure SPAN ports and build an out-of-band network to send industrial network flows to a central security platform. Cyber Vision enables the industrial network to collect the information required to provide comprehensive visibility, analytics, and threat detection.
You can’t secure an asset if you don’t know it’s there. OT teams need a precise view of their asset inventory, communication patterns, and network topologies. Cisco Cyber Vision brings visibility to the OT environment by building a list of all industrial assets down to the component level. Cyber Vision automatically uncovers the smallest details of the production infrastructure: Vendor references, firmware and hardware versions, serial numbers, PLC rack slot configuration, etc.
Cisco Cyber Vision identifies asset relationships, communication patterns, changes to variables, and more. This wealth of information is shown in various types of maps, tables, and reports that maintain a complete inventory of industrial assets, their relationships, their vulnerabilities, and the programs they run. Cyber Vision makes it easy to group assets and define their “industrial impact” so you can prioritize events according to your own safety targets. It summarizes all flows between zones, enabling you to monitor relevant traffic.
Gaining this level of visibility is key to drive network segmentation. This is about placing assets that don’t need to talk to each other into isolated network segments. Segmentation is one of the key recommendations of the ISA/IEC–62443 OT security standards as it can help limit the spread of an attack. Cyber Vision shares asset profiles with Cisco ISE so you can create security groups based on asset characteristics. Cisco ISE will then dynamically enforce segmentation policies using TrustSec to configure network equipment. How much easier could it be?
Cisco Cyber Vision gives OT engineers real-time insight on the industrial processes they manage. Cyber Vision “understands” the proprietary OT protocols used by automation equipment, so it can track process anomalies, errors, misconfigurations, and unauthorized industrial events such as unexpected variable changes or controller modifications. Control engineers can take action to maintain system integrity and production continuity.
Cisco Cyber Vision also records all these events. It becomes the “flight recorder” of the industrial infrastructure so cyber experts can easily dive into this data to analyze attacks and find the source. Security officers also have the information they need to document their incident reports and comply with new regulatory requirements such as NERC CIP or EU NIS.
Threat detection and remediation
The industrial control network is exposed to both traditional IT threats and custom OT attacks designed to alter industrial processes. Organizations need holistic threat detection techniques to protect their industrial network and ensure production integrity, continuity, and safety.
Cisco Cyber Vision combines protocol analysis, threat intelligence from Cisco research teams, intrusion detection, and behavioral analysis to detect any attack tactic. This holistic approach ensures Cyber Vision can detect both known and emerging threats as well as malicious behaviors that could be warning signs of an unknown attack.
Cisco Cyber Vision is fully integrated with Cisco’s leading security portfolio, providing your security operations centers with detailed information on OT assets and industrial threats. Security groups can be easily defined based on asset profiles. New filtering rules can be automatically triggered in the event of an attack. Security analysts can trace industrial events in their SIEM. Cyber Vision enables your existing cybersecurity environment to easily cope with the specificities of your industrial control network so you can build a unified IT/OT threat management strategy.
Cisco Cyber Vision enables organizations to ensure continuity, resilience, and safety of their industrial operations by providing continuous visibility over their ICS infrastructures and controlling the risks of cyber attacks. To learn more about Cisco Cyber Vision, visit us online.
Used with permission from Cisco.