The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Limited Scalability Challenges ROI for Bolt-on OT Network Cyber Security
July 31, 2020 | Robert Bergman
Writing in a recent issue of helpnetsecurity.com, SCADAfence CEO Elad Ben-Meir calls attention to a significant drawback of bolt-on industrial cyber security applications: they don’t scale well. He says that Operational Technology (OT) networks are increasingly becoming cyberattack targets yet many of the OT security solutions they are deploying are not designed for the high volume of traffic on these networks.
“Most OT security solutions were originally designed for industries such as oil & gas, utilities, or water. In these industries, even though the OT infrastructure is usually spread across a large geography, each OT network has a relatively small number of assets, low bandwidth, and deterministic, predictable behavior,” he writes.
But as such company applications become more complex and diverse, communication with thousands of network devices, even the security applications designed a few years ago are not equipped to handle the complexity of traffic.
“When inadequate systems are installed, they give the illusion that the network is protected, yet they don’t process critical information due to performance issues. They provide partial asset inventory, leaving shadow OT assets unmanaged,” he writes.
“Contrary to popular belief, a lab test isn’t sufficient to protect against these pitfalls. When solutions are tested in a small lab network, they don’t accurately model the challenges of monitoring a production network. In most cases, an OT security solution will succeed in a lab test; it will then fail miserably in an actual production environment,” he continues.
Ben-Meir believes that inability to scale up for large-scale OT networks manifests in low performance, difficult usability, low detection rates, and a high total cost of ownership (TCO). He points to the following characteristics a security system must have to support environments with thousands (or even tens of thousands) of devices:
- It must be able to collect and analyze huge amounts of data without missing a single byte, device, configuration, or any other data point.
- Once the data is properly collected and analyzed, the end-users must be able to access it via a responsive and usable interface that helps visualize actual security risks and respond accordingly.
- It must be highly accurate to avoid false positives resulting from constant changes and noise in large environments, which can fatigue security teams.
His solution involves extensive testing of solutions in actual production environments, performing both false positives and negatives test, verifying the number of assets that were detected, and extensive sampling of the asset inventory for accuracy and depth of detection.
This is all fine, but if growing the network would entail also augmenting control capability, wouldn’t it make more sense to implement a control system with the security and communications already built-in? That way, for just the cost of the PLC, DCS, or RTU functionality you need anyway, you get deeper, more accurate and better security than bolt-on on devices can provide, plus you get virtually unlimited scalability of the secure controls themselves.
For more information on maximizing ROI in automation see “Driving Costs out of Upstream Oil & Gas Operations”