Welcome to the third edition of this year’s ABB Process Automation Cyber Security Awareness Month blog series. In my last blog post, I shared how ABB Cyber Security Consulting can create a foundation on which to build and continuously improve industrial companies’ security posture enabling digitization within industrial control systems (ICS). In this blog post, I’d like to share how implementing best-in-class technology within operational technology (OT) can solve many of your top security challenges including simplifying security, consolidating tools, and automating risk detection.
Today’s digital landscape consists of a glut of vendors and solutions that claim to offer the ‘best’ or ‘complete’ protection for all OT and ICS threats, and the choices are only growing. However, there is no ‘silver bullet’ when it comes to security, and even with the best preventive measures, cyberattacks can still occur. The reality is not all solutions are created equal—with many vendors focusing on a small piece of the whole, falling short of a holistic view across security controls. Industrial companies require a modern approach to industrial cyber security—a solution that has been validated for their ICS and designed with industrial users in mind to better protect their systems without compromising reliability.
Keep up with ABB PA Cyber Security Awareness Month here.
Selecting the right fit
When industrial companies introduce new digital tools and technologies into their industrial control systems (ICS), their security challenges grow more complex. This is because as these networks continue to increase in size, so does the attack surface, making them a larger target for bad actors. Traditional security solutions have been designed to deal with these challenges in information technology (IT) systems, however industrial companies require a solution that has been specifically designed and validated to work on ICS environments.
Since ICS environments are not the same as traditional IT systems organizations should prioritize a technology vendor that has a deep understanding of their systems and equipment. This is because ICS systems are vital to operations, and security must be added without impacting production, something only a knowledgeable provider with a strong history and experience in implementing and securing ICS networks can provide.
After selecting the right security partner, determining the right OT security solution becomes the next challenge. When selecting an OT security solution, organizations should evaluate the following criteria: functionality, scalability, compatibility, visibility, and user-friendliness. Additionally, OT organizations often lack a dedicated security professional, making it imperative for a solution that simplifies the day-to-day task for securing the OT environment. The bottom line being to stay ahead of cyber criminals and maintain business continuity, organizations require a modern approach to OT security. One that provides organizations full visibility across their OT systems and the functionality to alert them of potential threats—through an intuitive design that is easily manageable, scalable, and compatible with their business operations.
The ABB advantage to OT security
ABB pioneered process control and automation in the 1980s, and as of today has remained the global leader in distributed control systems that automate and manage the processes used to convert raw materials into a continuous flow of high-quality goods. Our extensive knowledge and the expertise on protecting control systems and other automation assets sets us apart from other OT security providers. At ABB, we are working globally across many industries and understand the type of cyber threats industrial companies are facing today.
We recognize these complex threats and have invested heavily in research and development to continuously improve our security offerings to advance cyber resiliency for critical infrastructure. As a trusted security partner, ABB can support industrial companies throughout the lifecycle of their assets. Whether it’s a new system build (greenfield) or existing system (brownfield), our technology and expertise help organizations capitalize on prior investments and reinforce existing cyber security strategies.
OT security management simplified
To secure critical assets and systems, many industrial companies have often purchased and implemented multiple security solutions across their OT environment. This may solve the initial need to secure the OT environment, however with this approach comes its own set of issues. By implementing disparate solutions that operate independently from one another, you limit the visibility across your security controls and hinder stakeholders from gaining a holistic understanding of their ICS environments’’ security posture.
ABB Ability Cyber Security Workplace (CSWP) simplifies security by providing security teams complete visibility with a consolidated view of their security controls through an intuitive user interface. At its core is a user-friendly dashboard that provides industrial companies:
- Integrated Risk Intelligence to reduce the learning-curve and expertise required to maintain controls with integrated risk intelligence KPIs that make it easy to understand both if an issue is present, and its severity.
- Increased Cyber Resilience through consolidated alerts to take immediate action and minimize the time cyber risk are present within your environment.
- Enhanced Decision Making with faster, better-informed decisions through security status monitoring and performing maintenance task from a single, integrated application.
- Improved Efficiency by consolidating tools in one place, eliminating the need to access multiple platforms to get the required security-related data.
CSWP allows industrial companies to collect and consolidate critical security-related data from OT systems and third-party security solution enabling stakeholders to maintain a healthy and secure environment at any level within the organization. With CSWP, industrial companies can manage disparate solutions with a user-friendly interface that has been fine-tuned to handle the day-to-day security task of the control room. By combing system-agnostic and third-party solutions within a single-interface, organizations are empowered to develop a solution that fits their business requirements and security needs without the complexity of additional interfaces to manage.
Pioneering threat detection for OT
As once stated by Donald Rumsfeld, Department of Defense, “As we know. There are known, knowns. There are things we know, we know. We also know there are known unknowns. That is to say. We know there are some things we do not know. But there are also unknown unknowns. The ones we don’t know, we don’t know.” This is a perfect representation of the challenge many industrial companies are facing today. How do you ensure your organization is protected from the known unknown, and the unknown unknowns? Without proper event monitoring it is nearly impossible to identify and respond to suspicious activity in a timely manner. Organizations must look to a solution that can collect, detect, and respond to threats quickly.
Luckily for OT organizations, ABB has taken the lead and was the first to bring automated threat detection to OT environments—allowing industrial companies to detect malicious activity and address threats before production can be adversely affected with ABB Ability Cyber Security Event Monitoring (CSEM). This unique offering leverages established IT systems and processes and applies them to the industrial space enabling organizations with insights into the known and unknowns of their ICS environments to expose potential malicious activity. For industrial companies looking to gain visibility into their entire OT network, CSEM provides a solution that can:
- Meet Compliance by quickly meeting internal and external audit requirements to reduce the risk regulatory penalties.
- Provide Insights into OT systems and networks to detect and prioritize threats across multiple systems and sites.
- Quick Response from ABB security experts spread across the world to detected threats with OT environments.
- Flexible Solution developed to integrate with your existing setup and strategy.
Start your security journey today!
While others may struggle with the complexities of the industrial control system, ABB has a proven track record and deep domain experience delivering world-class automating products, systems, and solutions to a wide range of industries. Together, ABB can empower your organization with the technology and services to remain competitive, improving cyber resilience, and running safe and productive operations.
If you’re ready to start your cyber security journey, contact an ABB security expert today!
Register for IIoT World ICS Cyber Security Day 2024 and hear from ABB and other security experts.
Author
Ruben Ramirez graduated from the University of Texas at Austin with a bachelor’s in economics and business administration. He has over 12 years of B2B experience productizing, marketing, and launching SaaS solutions to better support and benefit organizations around the world.
He has worked on information technology (IT) and operational technology (OT), covering portfolios in supply chain, petroleum refining, cyber security, virtualization, artificial intelligence (AI), machine learning (ML), and more. Currently he serves as the Global Product Marketing Manager in Operational Excellence and Cyber Security for the Process Automation Process Industries (PAPI) Digital Business Line based in Houston, Texas.
