CIARA OT Risk Management

EFFECTIVE RISK MANAGEMENT FOR TODAY’S CYBER PHYSICAL SYSTEMS (CPS)

CIARA automatically discovers and learns key risk indicators and accurately evaluates security posture and risk per site and overall. It determines how to direct the OT security budget to maximize the effectiveness of threat-mitigation measures.

AUTOMATED, FREQUENT, ACCURATE RISK ASSESSMENTS

CIARA delivers prompt, automatic, accurate, and compliant risk assessments, slashing assessment and audit time. Automatically ingesting relevant data from the network and operations, it assesses risk accurately, rapidly, and unobtrusively. CISOs, MSSPs, auditors, and consultants can run safe risk assessments as frequently as desired to measure security posture and track cyber progress.

UNDERSTANDING RISK ACROSS THE OPERATION

Highly scalable CIARA’s calculations, outputs, and displays are applied across the operation and to each industrial site. With consolidated visibility of the entire operational network, security staff can quickly view overall risk scores and drill down to each region, site, and network for finer granularity. Flexible and customizable dashboards and reports simplify understanding and presentation to stakeholders.

OPTIMIZED SECURITY ROADMAP AND CYBER SPEND

CIARA’s risk-mitigation planner helps security stakeholders prioritize controls to meet risk goals taking into consideration budgetary constraints. By following CIARA’s mitigation roadmap, operators are able to divert expenditure from mitigations which marginally reduce risk – given actual threats to networks, assets, and operations – to those that produce the greatest cybersecurity ROI. When a new attack tactic or vulnerability is published, CIARA can check the potential impact on the network and operation, and direct the security team to undertake effective defense tactics.

ALWAYS CURRENT WITH THE ENVIRONMENT

CIARA provides network visibility tables and reports, displaying all network segments, zones, conduits, assets, asset properties, protocols, links, and vulnerabilities. As the environment changes, data-driven CIARA automatically updates its knowledgebase.

GUIDING THE COMPLIANCE JOURNEY AND CLOSING THE GAPS

CIARA’s value increases over time. As it delivers historical and long-term perspectives, CIARA reveals compliance improvements, deteriorations,

and trends. The outcomes of CIARA’s risk assessments include key indicators for risk, threat, and control levels. CIARA produces a comprehensive hardening plan (ISA/IEC 62443-compliant), prioritized by each mitigation control’s contribution to achieving risk management goals. Best practice and tailored practical playbooks provide step-by-step instructions to help teams mitigate vulnerabilities, demonstrate compliance, and ensure operational resilience.

CIARA AND NIS2

NIS2 requires subject companies to adopt “policies and procedures to assess the effectiveness of cybersecurity risk management measures.” CIARA is a complete OT Risk Management solution that maintains compliance with the new, stringent directive.

HOW IT WORKS

CIARA builds a digital twin of the network. It then employs a Machine Learning-driven, virtual breach-and-attack simulation (OT-VBAS) for assessing risk based on the latest threat intelligence and vulnerabilities. Using multitudes of current data points for network, asset, locale, industry, adversary capabilities, and attack tactics, and more, OT-VBAS simulates a wide array of security controls against relevant known threats, factored against a host of common OT risk scenarios such as loss of availability, loss of control, and loss of data. It calculates the likelihood of attacks and the effectiveness of corresponding risk-mitigation measures – both installed and proposed – per asset and zone, appraising the impact of attacks on a variety of prioritized business processes.

Users can control attack vectors such as source or destination and they can create adversary and loss scenarios. CIARA determines and displays top insights, attack routes, techniques used, and exploitable CVEs.

CIARA’s threat mapping, based on its breach & attack simulation results

CIARA OT-VBAS answers questions like:

• How can a specific Advanced Persistent Threat (APT) take control over a certain engineering station?
• What is the likely kill chain of an adversary who would attempt to impair safety in the cooling zone?
• What are the potential threats and vectors from LockBit ransomware?
• What is the likelihood of losing control of a certain PLC?

Security analysts can use CIARA proactively by proposing specific mitigations whereupon it will promptly calculate their contribution to reducing risk.

Inputs

CIARA’s data sources include:

• iSID-generated or other digital image of the OT network
• Vulnerability management: mapping of CVSS/CVEs
• Virtual penetration testing (based on MITRE-ICS simulations & Radiflow Lab research)
• User and system behavior analyses
• Historical data on previous incident scoring
• Adversary threat intelligence (including MITRE ATT&CK™)

CIARA uses geo-location, among many other factors, to calculate risk, threat and control levels

OUTPUTS

The outcomes of CIARA’s simulations are key indicators for risk, threat, and control levels with a comprehensive hardening plan, prioritized by each mitigation control’s contribution to achieving risk management goals. In addition, it produces a variety of rich, granular OT-security reports clearly structured for all types of stakeholders, regulatory bodies, auditors, and other interested parties.

CIARA AND THE RADIFLOW PLATFORM

In a Radiflow platform implementation, CIARA is managed from the iCEN central manager that also automates its ingestion of inputs and periodic/on-demand running of risk assessments per site and overall. Results display on the iCEN console from where deeper investigations can take place.

CIARA can also be implemented as a stand-alone risk-management solution with its own management console.