1660601322958 Ct1912fc294x298

12 days of cybersecurity: Baked-in cybersecurity toolbox

Dec. 22, 2019
12 days of cybersecurity: Day 10

Check out the 12 days of cybersecurity mini-series!

As more users wake up and demand cybersecurity in their software, devices and services, more suppliers are seeking to design, instill and build it in from the beginning. Here are some of their solutions and services:  

ABB

Jim Lemanowicz, global cybersecurity product manager at ABB, reports the Industrial Internet of Things (IIoT) and other forms of digitalization increase possible vulnerabilities as they add connections, but they can also have a huge, positive impact on cybersecurity, too. "Cyber threats can also be opportunities, and process infrastructures can help," says Lemanowicz. "We believe our ABB Ability Edge digitalized solutions can also serve as critical first steps in security hygiene. If you know your system and you know its vulnerabilities, you can begin to address and patch them. This is why we've rolled out our Cyber Asset Inventory Tool, which maps devices, completes an inventory, and points out vulnerabilities. Once users understand what's on their network, they look at its software history, determine if they are any outdated pieces and current vulnerabilities, and add updates to close gaps and reduce attack surfaces. They can also examine their overall network architecture with ABB's cybersecurity reference architecture, and enforce controls and patching based on the IEC 62443 cybersecurity standard."

Lemanowicz reports that ABB's controls also use secure deployment guidelines, such as determining what equipment must keep running versus optional items, and closing what's not needed. These guidelines also cover establishing firewalls rules, and determining cybersecurity scores for devices and prioritizing them. Also, ABB works with Netherlands-based Security Matters, which is now part of Forescout to provide anomaly detection, while ABB Ability Edge gateway secures connections and communications.

"All of this is about completing the due diligence to shrink attack surfaces," says Lemanowicz. "While most products aren't affected by security issues, we also post ABB advisories about devices that are affected, and do it within 24 hours, so users can respond right away. Our security patch testing program also publishes bulletins."     

Eaton

"The process control market shifts at a slower pace than IT, but there's still a significant increase in how many devices and applications are connected and how many functions are being digitalized," says Mike Jackson, product line manager for software and connectivity, Eaton. "The way that we address this for customers is to consider cybersecurity at all stages of design and manufacturing. We're also following the UL2900-1 standard launched in 2017; established a cybersecurity center of excellence team two years ago to help users follow standards and check firmware; and opened cybersecurity labs in Pittsburgh and Pune, India, last year."

Jackson reported the security standards and coding requirements carried out by Eaton's cybsecurity team serve mostly connected devices, especially those linked to the Internet. Its latest UL-2900-1-compliant products include Power Expert dashboard for managing motor control centers (MCC); Gigabit network card connecting uninterruptible power sources (UPS) to the Internet; SMP IO-223 substation-grade, distributed I/O platform; and WaveLinx lighting system.

"We try to build in cybersecurity and make it easier for users to manage efficiently with access control, antivirus and malware protection, and network segmentation, For example, password management is fully embedded in our connected platforms," added Jackson. "This can help users make cybersecurity systemic in their applications and organizations, which is crucial because the good guys must block all intrusions by presenting a unified front. Once security is built into devices, user access is controlled, networks are segmented, and basic threats are mitigated, then more advanced methods like anomaly detection can be added."

Honeywell Process Solutions

To help users implement and maintain the most appropriate cybersecurity solution, Eric Knapp, director of cybersecurity products and innovation at Honeywell Process Solutions, reports that its newly released Forge for Industrial software includes a cybersecurity platform that consists of four quadrants:

  • Asset management that's about what equipment and processes a user is running, and what vulnerabilities they may face;

  • Secure resource management that covers who's able to connect to the user's network, and verifies authorized participants;

  • Risk appliance to audit the user's systems and gauge the load on it continuously; and 

  • Threat detection and management capabilities to identify threats and what they're trying to do.

Microsoft

Çağlayan Arkan, global lead, manufacturing and resources industry, Microsoft (www.microsoft.com), reports that Azure is now the first major public cloud with end-to-end security for the Internet of Things (IoT) and participating devices, hubs and cloud-based resources. It's three threat-protection services for IoT include:

  • Azure Security Center for IoT that can be used to implement cybersecurity best practices for mitigate threats across IoT projects, including hubs, computing and data;

  • Azure Sentinel cloud-native security information and event management (SIEM) to protect enterprises from threats, including those affecting IoT devices; and

  • Azure IoT Hub that integrates with Azure Security Center for IoT to provide IoT security data directly inside the hub portal.

OSIsoft

Because its PI System software is viewed as the "door to the cockpit" by many automation users, OSIsoft reports they also see it as a potential way that cyber threats might gain entry. "We have to take cybersecurity seriously, provide advice and solutions to reduce the burden on OT and IT, and help users navigate these transitions," says Bryan Owen, security architect at OSIsoft. "We're building delineated roles into PI System, documenting recommended architectures and threat models, and showing where risk are and where further security is needed. Previously, users had to turn off their systems to enable security functions. Now, it's baked in an always on."

Owen explains that OSIsoft updated its software, so it can migrate from running in Microsoft's default Windows headless version to only run in a Windows core-hardened version, which turns on encryption automatically. "However, we know that cybersecurity requires a big community effort, and OSIsoft can't solve it alone," adds Owen. "And, because good OT protections require process information such as voltages and pressures that can show if problems are happening, we're also working with Dragos to make PI data available in Dragos Platform cybersecurity software. In customer trials, performance spikes and changes of state may indicate performance issues, but they may also indicate breaches." 

PAS

PAS Global LLC has released PAS Cyber Integrity 6.3 software that includes risk analytics to continuously measure and identify cybersecurity risks to multi-vendor operations technology (OT) endpoints, as well as forensic analysis capabilities that provide insight into the impact and propagation of a cyberattack. It enables users to gather and maintain a complete, accurate inventory of OT cyber-related assets, capture configuration baselines, monitor for unauthorized configuration changes, automate a continuous vulnerability and patch management process across an enterprise, and implement a program for system backup and recovery.

Radiflow

Radiflow has launched a partner program for managed security service providers (MSSP) to offer OT-related security services for industrial control system (ICS) and supervisory control and data acquisition (SCADA) networks. The program is based on Radiflow's iSID industrial threat detection system running on the cloud-computing service of an MSSP partner. They can also enhance their OT cybersecurity service with automated vulnerability mapping and assessment processes included in the recently released version of iSID.

About the author: Jim Montague

About the Author

Jim Montague | Executive Editor

Jim Montague is executive editor of Control. 

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...