Advanced Security for Operational Environments with Radiflow OT Cybersecurity
Traditionally, industrial systems have relied on proprietary protocols and software, lacked an Internet connection, and have been managed exclusively locally. For these reasons, they were a difficult target for hackers, the only way to infiltrate these systems was to gain physical access to a terminal, which was not an easy task. With the convergence of IT and OT and the accelerated expansion of the Industrial Internet of Things (IIoT), these environments are becoming increasingly interconnected and vulnerable to cyberattacks, which requires the adoption of advanced and integrated security measures.
In Europe, ENISA (European Union Agency for Cybersecurity) recently announced the doubling of the number of cyberattacks on critical European infrastructures between October 2023 and March 2024. At the same time, analyses show that cyber attacks on OT tend to have greater effects and with higher damage than those in IT, as they can have physical consequences, such as production stops or interruptions, leaks, explosions etc.
Securing OT is becoming more critical
The increase in the number of cyberattacks on OT systems is also captured by the 2024 State of Operational Technology and Cybersecurity Report conducted by Fortinet, a Radiflow partner. Thus, in 2024, a third (31%) of respondents reported more than 6 security intrusions, compared to only 11% last year. At the same time, the number of organizations reporting 100% visibility of OT activities within central cybersecurity operations decreases (from 13% in 2022, to 10% in 2023, and to only 5% in 2024). The report also shows that fewer organizations are successfully detecting ransomware attacks than in the past (13% in 2024, compared to 22% in 2023), as they become increasingly sophisticated and targeted. Moreover, the integration of IT and OT environments leads to the expansion of the attack surface and the identification of new vulnerabilities.
On the other hand, the negative consequences caused by cyberattacks on OT environments worsen, from business interruptions and financial losses, to reputational damage.
One of the most serious cyberattacks occurred in May 2021, when the operator of refined petroleum products pipelines Colonial Pipeline, which transported about 45% of the fuel used on the US East Coast, was forced to stop its operations due to a ransomware attack. The attackers encrypted the company’s data and demanded a huge ransom in cryptocurrencies to restore access. In the face of pressure to quickly resume fuel deliveries and avoid major economic disruptions, Colonial Pipeline paid approximately $4.4 million in Bitcoin. Among the consequences of the attack are temporary fuel shortages in several US states, rising prices and panic among consumers, which has led to massive fuel purchases.
Also, the need to secure OT environments is also targeted by the regulations of the NIS2 Directive, which increases the pressure on the market.
OT Security and the NIS 2 Directive
The Network and Information Systems Directive (NIS 2) entered into force in 2023 and is designed to increase the cyber maturity level of critical infrastructures and critical industrial organisations across the European Union. Companies that have not fallen under NIS 1 have until October 17, 2024, the date of transposition into national legislation, to align with the new minimum protection measures.
All sectors of critical importance (including energy, transport, waste water and drinking water, food production and chemical production) are obliged to comply with the same set of minimum requirements, which includes the adoption of security policies and tools for risk management, incidents and access control, staff training and incident response, audit, testing and reporting procedures.
In case of non-alignment with NIS 2, the National Directorate of Cyber Security (DNSC) will carry out ad-hoc inspections and audits, will have the authority to send mandatory instructions and will be able to impose fines or temporary suspension of activities and services. Learn more about NIS2 provisions in this article.
Protecting Industrial Environments with Radiflow OT Cybersecurity
Radiflow OT Cybersecurity is a suite of OT security solutions used in more than 8,000 locations worldwide and in more than 12 industries. In 2023, the Radiflow suite was awarded at the Global InfoSec Awards gala, for “The most complete OT security solutions” and “The most innovative Risk Management solutions”.
The Radiflow OT Cybersecurity suite includes the following core components:
- iSID Threat Detection is a suite of Threat Detection Monitoring solutions that provide non-intrusive monitoring, OT visibility and anomaly detection. iSID automatically discovers assets and builds a detailed inventory, monitors both old and modern equipment. iSID improves the alert triage process for increased efficiency.
- Active Scanner: Active Asset Discovery and Data Enrichment for ICS networks. The solution was developed for OT networks and minimizes the chances of service interruption. It allows the discovery of all industrial assets in networks that do not have port mirroring or passive monitoring, both autonomously and in hybrid mode (through iSID compatibility).
- iCEN Central Management provides centralized security monitoring and risk management for the entire OT infrastructure, providing detailed reports on the security components of the enterprise. The platform simplifies the management of multiple iSID instances and provides visibility into the risk levels of locations, OT assets, alerts, and maintenance actions.
- CIARA Risk Management is an ROI-oriented Industrial Risk Assessment Management platform that allows you to direct your OT security budget to maximize the efficiency of security controls, based on cybersecurity regulations, standards and recommendations, such as ISA/IEC 62443, NIS2 and NIST CSF. CIARA automatically discovers and learns key risk indicators and accurately assesses overall and site-level security risk and posture.
At the beginning of 2024, Radiflow updated its portfolio of cyber security and OT risk management solutions and services, including adapting it to NIS 2 regulations. The new version of the Radiflow OT Cybersecurity suite enables industrial and critical infrastructure operators to improve their security posture, optimize the ROI of cybersecurity investments, and initiate effective risk management programs in line with the requirements of the Directive. In addition, the new version simplifies and centralizes the management of the entire suite of solutions.
Safetech Services
Currently, in the field of OT, the shortage of cybersecurity personnel is aggravated by the level of specialization required to manage industrial control systems, such as SCADA. This has led to increased adoption of managed security services and outsourcing, a trend that will accelerate as companies in industrial sectors increasingly focus on compliance with new cybersecurity requirements, such as those imposed by NIS 2.
Smaller organizations with limited human and financial resources will adopt these services first, followed by larger organizations. Radiflow is already seeing this trend reflected in the growth of its number of partners providing managed security services (MSSP) in the US and Europe, to customers operating office buildings and industrial spaces.
In its role as an integrator of security solutions for ICS/SCADA environments, Safetech Innovations offers the following services when implementing Radiflow solutions:
- Assessment of the customer’s infrastructure, specific security requirements and industrial network architecture.
- Identification of critical areas for monitoring and protection.
- Developing the implementation plan, which includes the network design, the locations for the iSID sensors, and the integration strategy with current systems.
- Installing iSID sensors in key locations to monitor network traffic and detect potential threats.
- Configuring iSID sensors to collect and analyze data from ICS equipment and networks.
- Installation of the centralized iCEN management solution, which correlates the security data collected from the iSID.
- Configuring iCEN to provide full visibility and control over the network, facilitating the prompt identification of security incidents.
- Testing and verifying the correct functioning of iSID and iCEN, ensuring that they effectively detect threats.
- Reducing the number of false alarms and improve the detection of real incidents by optimizing settings.
- Training the beneficiaries’ security personnel, ensuring that they use the Radiflow solution effectively.
- Technical support and ongoing post-implementation maintenance
- Preparing a detailed documentation about the configuration and use of the implemented solutions.
- Generating, upon request, security reports that present the network security status and detected vulnerabilities.
For more information about Radiflow OT Cybersecurity and securing industrial environments, we invite you to contact us by email at sales@safetech,ro or by phone +40 21 316 0565.