Change Management for OT Networks
Industrial Control Systems (ICS) consist of a myriad of networking devices, industrial controllers and operating protocols, typically provided by multiple vendors. The scope and complexity of ICS networks pose the challenges of cost-effectively protecting and managing the process-critical assets that operates the organization’s industrial processes.
Now, Asset Guardian and Radiflow introduce a synergetic solution for a single point of management for all assets that is dynamically updated and protected against unauthorized changes.
The Asset Guardian Software Management Solution
Designed to manage PLC, DCS and HMI/SCADA software assets, Asset Guardian provides a single point of reference to current and archived asset information, including operational status, location and controller logic version.
Asset Guardian safeguards the entire change management process: source code version control and ownership, change requests, code verification, auditing and fault logging.
The system serves as a repository for all user content, and also provides obsolescence management (governed by IEC 62402:2019), which is a major security concern (assuring all devices are still within the manufacturer-defined operating life cycle so that patches can be applied).
Radiflow iSID – Enhanced Risk Mitigation
The combination of Asset Guardian and Radiflow’s iSID Industrial Threat Detection System brings ICS asset management to a new level. iSID provides real-time visibility of all changes in networked assets, ports and protocols, based on self-learning of the SCADA network through passive scanning of all data transactions.
Subsequently, by continuously analyzing all data traffic, iSID can detect and alert against abnormal activity such as changes in the sequence of the SCADA process, abnormal network access and asset changes.
Furthermore, iSID’s advanced attack vector analysis and business process risk scoring capabilities allow users to continually improve their cyber security capabilities in protection, monitoring and mitigation procedures, and optimizing the operator’s investment in cybersecurity.
Use Cases for The Radiflow-Asset Guardian Joint Solution
Securing an ICS system requires thorough understanding of each and every asset on the network as well as the interplay between the assets within different business processes.
Asset Enrichment – improved asset risk score
Cyber-alerts, as well as risk scoring for each asset produced by iSID, are combined with asset information stored in the AG database, including:
- Asset information for dormant devices that haven’t been detected by iSID
- Patching status and details
- Life-cycle/obsolescence information
- Additional asset characteristics.
Operational Commands – detection, verification and validation of changes to assets
Changes to assets, e.g. new firmware or PLC logic, are detected on the network in real-time by iSID based on its self-learned network topology model. These changes are sent to Asset Guardian for verifying whether they had authorized, and for validation against the ‘golden image’ of the binary stored in the Asset Guardian database.
Improved structure and risk scoring for business processes
By meshing the information from Radiflow’s real-time discovery and monitoring of networked assets and properties with Asset Guardian’s asset management inventory, the integrated solution is able to construct a comprehensive model of the business process and its underlying supporting assets and topology.
Business processes are defined by criticality (availability), as well as by vulnerability and attack-vector exploitability within the business process. Alerts are assigned risk scores derived from the predefined criticality of the business process. This enables users to prioritize incident handling and optimize their cyber-security investment, based on a risk matrix.
The result is a much more granular risk score that takes into consideration not just the risk associated with a specific industrial device/controller, but also the context the device operates in.