Highlights:

  • Unauthorized network topology modifications are the most common form of a cybersecurity breach in OT networks.
  • Radiflow’s IDS solution can help find network assets and communication patterns, map vulnerabilities, and inventory details.

An ever-increasing number of industrial networks are being digitized as a direct result of the implementation of Industry 4.0. While this positively affects productivity, quality, and efficiency, it also creates previously unanticipated cybersecurity risks.

Because Operational Technology (OT) networks, also known as digital networks on the production floor, are critical in nature, they need additional security measures beyond those used in traditional Information Technology ( IT) networks. An Intrusion Detection System (IDS) is widely regarded as one of the most effective technologies due to its ability to monitor network traffic without disrupting normal operations.

Cybersecurity firm Radiflow has now entered a technical partnership with networking giant Cisco to offer IDS in Cisco-managed OT facilities to counter mounting threats and attacks.

Ilan Barda, Radiflow’s co-founder and CEO, said, “The shortage of resources with OT security expertise is quite high and keeps growing. As such, it is important to use such integrations to reduce the need for manual work.”

OT facilities like Cisco are becoming more vulnerable to attacks

Barda stated that there had been an “alarming” increase in cyberattacks directed at OT facilities.

According to a survey conducted by Trend Micro on industrial cybersecurity in manufacturing, electric, and oil and gas industries, nine out of 10 businesses have had their production or energy supply disrupted by cyberattacks in the past year. The average cost of such attacks was estimated to be USD 2.8 million, and more than half of respondents (56%) stated that disruptions lasted for four days or more.

These interruptions have led to the development of novel and improved security technologies. A recent report published by Markets and Markets said that the size of the OT security market will increase from an estimated value of USD 15.5 billion in 2022 to USD 32.4 billion in 2027, registering a Compound Annual Growth Rate (CAGR) of nearly 16%. The report was based on projections from industry analysts.

According to the report, the top factors driving the market growth are the increased use of digital technologies in industrial systems and stringent government regulations related to the Common Industrial Protocol (CIP). The convergence of IT and OT systems is one of the factors driving the market growth.

Quick and easy operations

The Network Access Control (NAC) system developed by Cisco is a technology that’s frequently utilized to protect IT networks. It enables network visibility and access management by enforcing policies on devices and people connected to corporate networks.

According to Barda, many companies depend on it to secure their network access control systems. Still, Building Management Systems (BMS) lack the way to account for industry-specific needs or protect against greater cybersecurity risks. OT security systems have to account for specific needs and criticalities of different subsystems in BMS settings. For instance, HVAC or elevator operations are often overseen by people.

Barda argued that established IDS technologies, such as Radiflow’s platform, are required to install IT-oriented tools in OT networks and detect anomalies. It provides a layer of protection to many OT networks while making security operations “easy and fluent.” It connects directly with Cisco’s famous BMS, safeguarding linked devices without inbuilt access control.

The new incorporation “helps alleviate an inherent problem in industrial networks since many of these devices were never designed with embedded access control, introducing a slew of cyber-vulnerabilities,” said Barda.

Controlled, restricted connection

As Barda explained, unauthorized network topology modifications are the most common form of a cybersecurity breach in OT networks. This might be due to, for instance, a technician’s laptop being connected to the network and having full access to the network. Barda added that another significant threat is that alterations in device software – even without any sort of malicious intent – can change the communication patterns of the device, resulting in damage to unrelated devices.

Radiflow’s IDS solution can help find network assets and communication patterns, map vulnerabilities, and inventory details. When utilizing Cisco infrastructure, end users can recognize typical asset behavior and deviations from the norm.

Barda said, “With embedded access control, such threats are mitigated since every device is connected in a controlled and restricted way.”

Increased automation

Barda described the technology utilizes a span port from the network’s primary switches to monitor OT network traffic passively.

According to him, Radiflow also provides smart collectors to maximize OT network coverage. The collectors can connect to the span ports of faraway subnetworks and optimally transmit relevant data about those networks to the server.

As Barda explained, Radiflow’s DPI engine analyses network traffic to compile a database of network assets, complete with information on their inventories and typical baseline behavior patterns. Data of the Common Vulnerabilities and Exposures (CVEs) enhance the database and can be visualized or exported to other asset management applications.

When the platform’s usual behavior has stabilized, it enters “detection mode” and uses the DPI engine to detect deviations in traffic patterns. Potential examples of such irregularities include:

  • Modifications in network topology
  • Modifications to conventional communication patterns
  • Alterations to the software and code of industrial equipment
  • Identifiable traits of previously discovered cyber-attacks
  • Changes in the process range or in the industrial commands.

Barda argues that they “…greatly simplify both network security and asset management, especially in complex IT-OT networks.”