SCADAfence and CyberArk have together developed a proven method for protecting utilities and manufacturing facilities from external attackers by blocking malicious access to critical OT production components.
The fast-moving digitalization of all types of industry, sometimes referred to as Industry 4.0, is proving to be highly successful at cutting costs and increasing efficiency, but it has inevitably involved opening up traditionally stand-alone systems to the internet. By providing remote online access, facilities such as power stations and factories have become increasingly vulnerable to all kinds of cybercrime including cyber espionage and cyber-terrorism. According to a report compiled by Siemens and the Ponemon Institute, “Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threat?”, a quarter of industrial plants already admit to being impacted by mega cyber-attacks.
How Attackers Override Formally Approved Procedures
Until now, organized attacker groups, some believed to be sponsored by foreign states, have been able to override formally approved procedures by connecting directly to the OT system via “uncovered” attack vectors comprising modems, firewall holes or rogue network equipment. Some attacks now taking place in countries including the US and the UK have been straightforward crimes involving ransomware demands, while others have borne the unmistakable stamp of nation-state actors bent on stealing industrial secrets and sensitive data or causing disruption via power blackouts, factory shutdowns and other forms of cyber warfare.
Organizations running and maintaining OT environments depend on the availability of reliable and quick response remote access for support staff and others potentially needing off-site systems access such as third-party service providers. But, by opening up systems to outside online connections, they inevitably present new attack vectors to sophisticated attacker groups.
Having sacrificed the “air gap” that once separated their control systems from the internet, industrial facilities have had no way of effectively blocking the highly sophisticated attack vectors, some developed by nation-states, or of identifying potential intruders until after a breach has occurred. But now two leading specialized cybersecurity companies are helping deliver the proactive cybersecurity protection that industrial facilities so urgently require.
How the Joint Solution Works
scadafence, the global technology leader in OT cybersecurity along with CyberArk, the global leader in privileged access management have now announced a joint solution.
SCADAfence monitors the critical OT equipment whereas connections are simultaneously validated against CyberArk Vault records. If no match is found, the remote connection has been created without CyberArk properly authorizing it. In these cases, the SCADAfence Platform triggers an alert. The security administrator is alerted to the incident. Further automatic enforcement with security devices (such as firewalls) can be implemented.
What this Means for OT Networks
The SCADAfence Platform continuously monitors the OT networks running manufacturing facilities and utilities, providing AI-driven asset discovery and inventory management, threat detection and risk management. The CyberArk Privileged Access Security Solution delivers the industry’s most comprehensive approach for protecting against the exploitation of privileged accounts, credentials and secrets anywhere – including across on-premises and hybrid cloud environments. By integrating the CyberArk solution with the SCADAfence Platform, industrial facilities have the ability to validate the authorization of all remote connections instantly.
The joint solution is designed to protect industrial facilities’ industrial OT systems against all types of threat vectors, including ransomware attacks, industrial espionage and cyber warfare.