Industrial Cyber Security: Securing OT

It’s an exciting time for organizations that are migrating to Industry 4.0. Over the last few decades, industrial control systems (ICS) have enabled modern industrial automation.

Today, Industrial Internet of Things (IIoT) technologies present new opportunities to increase operational efficiency and launch a new generation of industrial products and services.  But first, organisations must address security. Cisco’s Cyber Vision is a solution designed to address these security challenges so that organisations can control cyber security risks and capture the benefits of Industry 4.0.

Protecting industrial operations is a very specific challenge that can’t be addressed with traditional IT security tools. Industrial processes can’t come to a halt to install a patch. Disruption can have a devastating impact on human lives and/or the environment. To further complicate matters, attacks can be difficult to detect because they are often custom made and look like legitimate process instructions.

Cisco Cyber Vision is specifically designed for industrial organizations to ensure continuity, resilience, and safety of their operations. It provides full visibility into the ICS infrastructure, including dynamic asset inventory, real-time monitoring of process data, and threat intelligence, enabling operators to build secure infrastructures and enforce security policies to control risk. Let’s take a look under the hood at these features and capabilities.

Security built into your industrial network 

Complexity is the enemy of security. Unfortunately OT cybersecurity can quickly become very complex, especially if the industrial network is dispersed across an entire country or many remote industrial sites. For an OT cybersecurity project to be successful, you must be able to scale it easily and at a reasonable cost across your entire organization.  Cyber Vision enables the industrial network to collect the information required to provide comprehensive visibility, analytics, and threat detection.

cyber security
image supplied by Axonex.

Visibility

You can’t secure an asset if you don’t know it’s there. OT teams need a precise view of their asset inventory, communication patterns, and network topologies. Cisco Cyber Vision brings visibility to the OT environment by building a list of all industrial assets down to the component level. Cyber Vision automatically uncovers the smallest details of the production infrastructure: Vendor references, firmware and hardware versions, serial numbers, PLC rack slot configuration, etc.  Furthermore, Cisco Cyber Vision identifies asset relationships, communication patterns, changes to variables, and more.

Operational Insights 

Cisco Cyber Vision gives OT engineers real-time insight on the industrial processes they manage. Cyber Vision “understands” the proprietary OT protocols used by automation equipment, so it can track process anomalies, errors, misconfigurations, and unauthorized industrial events such as unexpected variable changes or controller modifications. Control engineers can take action to maintain system integrity and production continuity.

Cisco Cyber Vision also records all these events. It becomes the “flight recorder” of the industrial infrastructure so cyber experts can easily dive into this data to analyze attacks and find the source. Security officers also have the information they need to document their incident reports and comply with new regulatory requirements such as NERC CIP or EU NIS.

Threat detection and remediation 

The industrial control network is exposed to both traditional IT threats and custom OT attacks designed to alter industrial processes. Organizations need holistic threat detection techniques to protect their industrial network and ensure production integrity, continuity, and safety.

Cisco Cyber Vision combines protocol analysis, threat intelligence from Cisco research teams, intrusion detection, and behavioral analysis to detect any attack tactic. This holistic approach ensures Cyber Vision can detect both known and emerging threats as well as malicious behaviors that could be warning signs of an unknown attack.


Axonex, part of the VCG Group, are a leading Managed IT Services and Cyber Security provider working with UK manufacturers. As a Cisco Gold partner, Axonex can work with you to analyze your ICS network using Cisco Cyber Vision from a holistic view and get you ready for your OT security journey, no matter what stage you are in. To find out more about our Cyber Vision Assessment Services, contact Roberto Savage – [email protected]

Article written by Fabien Maisl, Cisco Product Marketing Manager, IoT Security