The digital transformation in industrial automation brings increasing requirements for communication between the operating technology (OT) and the computer systems (IT) of industrial enterprises. Automation devices in the OT network provide an increasing amount of data to the IT network, which is needed for efficient production management, minimization of production costs, reducing downtime or predictive planning of maintenance interventions. However, intensive data communication between the OT and the IT network brings, in addition to clearly positive effects, a greater openness of the OT network, and thus its higher vulnerability to cyber attacks.

The OT networks have traditionally been built as almost isolated from the surrounding cyber environment, that way the possibility of being attacked by an external cyber attacker was minimal. Therefore, the requirements for ensuring the cyber security of the OT network were low in the past. However, if we want to make full use of the potential of digital transformations and IIoT technologies, this concept needs to be changed. The modern OT network is not isolated at all; it is necessary to analyze its vulnerabilities, deal with the protection of the entire network as well as individual devices, monitor the network communication, detect potential cyber threats and actively respond to them. The aspect of cyber security thus plays a significant role in modern automation projects.

ThinManager

ThinManager is a software product that enables the use of thin clients in an industrial network. Thin client is a computer without an operating system, or even without the memory storage. With ThinManager, it is possible to provide content (such as a visualization application) to such a device from a single central server. In addition, ThinManager offers a number of other features - blocking USB ports for mouse and keyboard connections only, providing content by location, logging users in with PIN, biometrics, or QR code scanning, user management and authorization, etc. The use of thin clients greatly helps to make complex cyber security solution in OT network. Thin clients do not have problems with patch management and these devices are secured against the unwanted malware.

CIP Security

CIP Security is a network communication protocol that ensures secure data transmission and protection of individual devices in the OT network.

Endpoint authentication - the sender and receiver of a data message are authenticated using certificates or shared keys. The device is thus able to reject a data message comming from an untrusted source.

Data integrity - the TLS message authentication code (HMAC) verifies that the data has not been altered during its transmission within the network. This protects the device against Man-in-the-Middle (MitM) attacks.

Data encryption - data transmitted within the network are encrypted using TLS and DTLS cryptographic protocols. Data communication is thus protected against unauthorized monitoring.

We offer Rockwell Automation products with the native support for the CIP Security protocol.

Software

• FactoryTalk Policy Manager (version 6.11 +)
• FactoryTalk Systém Services (version 6.11 +)
• FactoryTalk Linx (version 6.11 +)
• Studio 5000 Logix Designer (version 31 using 1756-EN4TR communication module, version 32 + also without this modul)

Hardware

• ControlLogix 5580 controllers
• 1756-EN4TR ControlLogix EtherNet/IP Communication Module
• Kinetix 5300 drives
• Kinetix 5700 drives
• PowerFlex 755T drives
• 1783-CSP - CIP Security Proxy

The last of these hardware products - the CIP Security Proxy module - serves as a secure communication provider for devices that do not have native CIP Security support. CIP Security Proxy manages encryption keys and certificates for the protected device and provides its network communication based on the CIP Security protocol.

Claroty CTD – Continuous Threat Detection

Continuous Threat Detection is a modular and scalable software system designed for continuous monitoring of devices and communications within the OT network and for the detection of potential cyber threats.

• Visibility - Claroty CTD provides a complete overview of the OT network and a centralized, fully automated inventory of all connected devices. The system was designed universally for all industrial OT networks, has an extensive library of industrial network protocols and is able to identify difficult-to-see nested devices and devices located at levels 0-2. For each device identified, Claroty CTD provides complete inventory data, including hardware description, model designation, current firmware version, slot designation, IP address, and other details.
• Segmentation - Claroty CTD automatically maps the network and organizes individual devices into virtual zones. Virtual zones are logical units that bring together devices that normally communicate with each other. This virtual segmentation facilitates the detection of anomalous behavior in network communication, increases the efficiency of data analysis of network communication and can also be the basis for future decisions on the physical segmentation of the OT network.
• Risk and vulnerability management - Claroty CTD provides an overview of all vulnerabilities of individual devices in the OT network. The system thus warns of non-standard configurations, unsecured protocols, unprotected communication ports and other identified risks. To identify the risks, a continuously updated proprietary vulnerability database maintained by the system manufacturer (Claroty) is used, as well as the National Vulnerability Database, which serves as a public source of information on cyber vulnerabilities in the United States.
• Detection of anomalies and possible cyber attacks - Claroty CTD monitors network communication and uses the artificial intelligence algorithms to automatically create a model of normal network traffic. It also contains five different detection engines for detecting anomalous network behavior. Thanks to these tools, the system is able to immediately alert the user to a possible cyber attack.

Cyber security consulting services

In cooperation with our partners, we provide cyber security consulting, design and project assessment in accordance with IEC 62443 standard. The primary goal of this standard is to ensure the safe operation of industrial automation systems and to protect all components of these systems from unwanted interference. We offer a systematic and practical approach to ensuring the cyber security of industrial systems provided by certified experts in this field.

Cyber security consulting services

• risk analysis
• security analysis of OT network and components
• wireless network security design
• SIS - Safety Instrumented Systems - design and security
• design and provision of accurate documentation of logical and physical infrastructure
• remote access security
• cyber security incidents (management, evaluation, recovery)
• documenting access points
• malware protection, including evaluation, approval, and testing
• installing and management of patches and security patches
• specifications and documentation for managing and performing data and configuration backups