Unique environmental challenges
The potential damage caused by a cyber attack on a chemical production facility extends well beyond personnel safety and monetary loss, as the environmental hazards caused by production process disruptions may cause widespread leakage of pollutants, carcinogens and other toxic materials into the air, soil and water.
In fact, the 2013 U.S. Presidential Policy Directive on Critical Infrastructure Security and Resilience directive mentions the chemicals industry as one of sixteen critical industrial sectors in need for strengthened security.
As most chemical production facilities rely on a mix of DCS systems and supporting SCADA with PLCs for secondary systems, adequate protection requires an ICS-dedicated, multi-prong approach which includes full visibility into the OT network; identification of threats; real-time monitoring of anomalies and OT-aware firewalls for zone segregation.
Dedicated, comprehensive solution
Radiflow’s solution suite for OT networks provides multi-layered cyber-protection, adaptable to the topology and operational characteristics of each user:
- The iSID Industrial Threat Detection system is a server-based software that analyzes all OT network traffic (via mirrored stream) to generate and display a network topology model, which serves as a baseline for detecting exceptions on the network. iSID packs six detection engines, each for a distinct threat vector or operational aspect: network visibility, maintenance management, cyber attack detection, policy monitoring and enforcement, anomaly detection and operational behavior measuring.
- The iSAP Smart Probe is a cost effective solution that enables collection of data from sub-networks to a central iSID server making it ideal for large chemical facilities with multiple primary DCS networks and secondary SCADA/PLC networks. iSAP enables sending data traffic to a central iSID without taxing the network, thanks to Radiflow’s advanced industrial compression algorithms.
- Radiflow’s Ruggedized Secure Gateways provides DPI-firewalled access to production processes, with configurable access rights for different stakeholders. The Gateways’ authentication proxy authenticates each user and restricts the user’s access based on role or predefined tasks.