Kees van Overveld Cyber Security Service Products Etten-Leur, The Netherlands kees.overveld@nl.abb.com; Matthew Virostek Cyber Security Service Portfolio Cleveland OH, United States matthew.virostek@us.abb.com
With numerous assets, multiple control loops, a multitude of controllers and extensive IT and operational technology (OT) infrastructure, industrial plants can pose significant cyber security challenges. Indeed, cyber attacks against industrial plants are growing in frequency, level of sophistication and degree of harm inflicted. For example, some 450,000 new malicious program (malware) instances are detected each day [1]. To further exacerbate the problem, there are currently 3,500,000 unfilled cyber security jobs globally [2].
Although most enterprises know the consequences of lax cyber security, appropriate malware countermeasures often leave much to be desired. One common scenario is that the company purchases and implements one cyber security software solution for each system in the plant. So far, so good. However, because these solutions are manufactured by multiple, competing vendors, they are all different and the management, maintenance and monitoring of each platform independently is complicated, cumbersome, costly and time-consuming. Team members can then often neglect to give these cyber security tools the attention they deserve and the inevitable happens: Cyber attackers penetrate IT and OT networks and cause catastrophic damage. The plant may have to shut down for weeks – with hefty financial losses – and brand reputation damage and regulatory fines may result. Here, the company’s failings can be summarized as:
• Poor risk awareness and insufficient prioritization of cyber countermeasures →01.
• Lack of visibility into the security controls currently running.
• Limited time spent maintaining security controls.
What such a company needs is a way to simplify security by consolidating tools, automating risk detection and remediating risks sooner. This is exactly what ABB Ability Cyber Security Workplace does.
ABB Ability Cyber Security Workplace
ABB Ability Cyber Security Workplace automatically gives complete visibility of security controls by providing a consolidated view of all such countermeasures in a simple user interface.
Data from ABB and third-party cyber security solutions is collected by ABB Ability Cyber Security Workplace and forwarded to a consolidating native application. Operators can then seamlessly monitor the status of all their security controls, perform maintenance activities to increase resilience and receive alerts with actionable insights to remediate threats and reduce risks →02.
ABB Ability Cyber Security Workplace makes it easy and cost-effective to reduce significantly the risk to production from cyber security threats.
Simplify, consolidate and automate risk detection
In ABB Ability Cyber Security Workplace, traffic-light key performance indicators (KPIs) clearly flag an issue and its severity. Inbuilt root-cause analysis then evaluates the issue and suggests steps required to fix it. Such inbuilt intelligence reduces the expertise needed to maintain cyber control systems. Further, these step-by-step guides shorten remediation times, lowering overall operating costs.
Because all alerts are consolidated in one console and are, thus, recognized quickly, the length of time that cyber risks are present in the production environment is minimized. Moreover, as all controls are accessible from one place, the labor costs required to maintain them are reduced.
Security controls status dashboard
At the core of ABB Ability Cyber Security Workplace is a single dashboard that monitors security controls, flags increased risks and guides the operator through the steps required to protect people, assets and processes →03-04.
Further, ABB Ability Cyber Security Workplace monitors the status of security patches continuously so that patches against known exploits are installed as soon as they become available. The operator is informed if an update succeeded, told which systems are missing updates and is alerted when a system reboot is required.
To protect the production environment against non-targeted threats, ABB Ability Cyber Security Workplace constantly monitors the status of malware protection and warns when an anti- malware deny list update is unsuccessful so the issue can be quickly corrected. An alert is also issued if anti-malware software is missing or has been forgotten – as can happen, for example, when a peripheral device is replaced. With ABB Ability Cyber Security Workplace, it is also possible to isolate chosen OT and IT environments to protect them from external intrusions. Using a cyber-asset inventory and communication-flow intelligence, it is possible to monitor which devices are connected. If an asset in the monitored network were to start communicating with a hacker on another network (eg, with a command and control server) the operator would be informed →05.
ABB Ability Cyber Security Workplace also monitors the status of backups to ensure that adequate backups are on hand to restore to a known good state quickly. This precaution can mean the difference between recovering production in hours instead of days or weeks.
Remote access user management
Remote access is a very useful feature but can also be a liability. ABB Ability Cyber Security Workplace reduces the risks associated with remote access by managing user accounts and authentication. Once the operator is notified that a user wants to remotely access any system, they can activate or terminate that user’s account at will and generate an audit history of management tasks performed by the user.
Consolidated cyber security
By bringing ABB and third-party cyber security solutions together into a consolidated native application, an operator can easily monitor the overall situation in their plant. Alerts with actionable insights ensure nothing is missed and that any imminent threat can be immediately recognized and countered.
ABB Ability Cyber Security Workplace also lowers costs by consolidating tools and improving security operations efficiency and, at the same time, increasing cyber resilience by cutting mean time to risk recognition and response.
The last word is best left to a plant manager who has recently implemented ABB Ability Cyber Security Workplace: “Cyber security risk is one of the many areas I need to manage at my site. I task local engineers with implementing security controls across the site and must be reassured that my systems have the right controls in place and are compliant with global policy. It is difficult and resource-intensive to know what and where my gaps are and how to sort them. I don’t have access to internal cyber security expertise to implement and manage specialist tools. However, I don’t have to be an expert to understand the status of my security controls with ABB’s Cyber Security Workplace. This solution allows me to see gaps in my security controls from one interface. If there are any issues, I will get an alert that provides me with the data and analytics to investigate further and take appropriate remedial action with the support of ABB service engineers. The Cyber Security Workplace significantly reduces the effort required to manage and maintain my security controls and reduces my risk.”
References
[1] AV-TEST Institute, “Malware Statistics & Trends Report.” Available: https://www.av-test.org/en/statistics/malware/. [Accessed September 7, 2022.]
[2] Cybercrime Magazine, “Cybersecurity Jobs Report: 3.5 Million Openings In 2025.” Available: https://cybersecurityventures.com/jobs/. [Accessed September 7, 2022.]
