ATTACKS ON INDUSTRIAL INFRASTRUCTURES ARE RISING
On May 7, 2021, Colonial Pipeline comprising 5500 miles of pipeline and operating since 1962, is one of the largest and most vital oil pipelines in the U.S., suffered a ransomware cyberattack that impacted some of the pipeline’s digital systems managing the pipeline. The hacker group accessed the Colonial Pipeline network (via an exposed password for a VPN account) and stole 100 gigabytes of data within a two-hour window. On Aug 15, the Clop ransomware gang claimed responsibility for accessing the SCADA systems of Cambridge Water and Thames Water, two large water supply utilities in the UK. The breached data, published online after ransom negotiations between Clop and its victim broke down included personal information for many of the utilities’ operations employees. Last year, a successful attack on a water supply occurred when a threat actor hacked into the computer system of the water treatment facility in Oldsmar, FL, and tried to poison the town’s water supply by changing the level of sodium hydroxide in the water from 100 parts per million to 11,100 parts per million, a significant and potentially dangerous increase in the water supply. The attack happened just two days before NFL’s Super Bowl LV which was held nearby in Tampa Bay. The attacker remotely accessed the computer system the operator was monitoring that controls chemical levels in the water as well as other operations. In this case, the alert operator quickly noticed the attack and corrected the lye levels in the water before any significant damage was done.

OT/ICS CYBERSECURITY THREATS REMAIN AN UNDERAPPRECIATED RISK AREA
As manufacturing environments move towards modernizing systems, boosting productivity, and raising overall operational efficiency, the progression is leading to these infrastructures becoming more interconnected and integrated with other IT systems and introducing automated methods to strengthen their overall OT asset management capabilities. allowing remote OT or ICS manufacturers to have full and complete access unadulterated access – to their ‘crown jewels’ without any dispositioned security controls applied.

Applications and data-generating activities once reserved for local operations PLCs, SCADA, and DCSs for manufacturing (MES) and warehouse management systems (WMS) for logistics are finding their way to the cloud, making OT networks more complex.

With every new asset deployed in support of growth, innovation, and efficiency efforts, the enterprise attack surface expands. The number of vulnerabilities is also rising rapidly year over year while the time it takes for attackers to exploit them is dropping.

In many electric utilities, vulnerabilities may exist across multiple devices such as voltage regulators, smart switches, capacitors, RTUs, human-machine interface (HMI) systems and SCADA software.Cyber intruders may exploit a number of ways to attack generators, transmission lines, electric substations, and other critical assets & systems whose failure can contribute to an outage. Consider another industry sitting on significant cybersecurity risk. The petrochemical and oil & gas refineries have four large OT vendors, Yokogawa, Emerson, Siemens, and Honeywell dominating a large part of the industrial controls infrastructure. Imagine one vendor system falling victim to its security vulnerability.

Traditional IT endpoint cybersecurity tools address only 20% of OT/ICS-centric cyber assets, leaving proprietary, heterogeneous industrial control systems hidden and vulnerable.

A COMPREHENSIVE ENTERPRISE-IMPACT BASED PERSPECTIVE TO CYBERSECURITY
Radiflow is a next-generation cybersecurity company focused entirely on protecting from and preempting attacks on industrial infrastructure. While most mainstream approaches to cybersecurity focus on detecting, identifying and mitigating cybersecurity threats irrespective of source and intent, this emerging innovator based in Isreal takes an enterprise impact perspective with a view to prioritizing the most vital assets to secure first, before designing and implementing mitigation strategies. Radiflow has a four step process to accomplish this by providing manufacturers with tools to protect, visualize and safely maintain their systems using a risk-based approach towards detecting potential risks, assessing probable impact of those risks, and planning how to respond should those risks crystallize.

1. Identifying the most critical functions essential to fulfilling the core enterprise goals, and determine the potential consequences of a cyberattack against these functions. (Identify operations that must not fail, and visualize the range of attack scenarios that could bring them down). It generates a visual model of the entire manufacturing network including all assets, connections, protocols and vulnerabilities.
2. Identifying the collection of systems that operating independently (or with interactions) support the critical functions. As an example, one single utility may have multiple OEMs performing a multiple set of tasks such as monitoring power quality, operating the distributed control systems, monitoring process variables. All of these independent OEMs exchange data to support each others activities.
3. Develop scenarios that help determine the the paths a cyber adversary might take to cause the maximum disruption to operations. This allows operators to learn where an intruder needs to be inside of of a system in order to create the maximum disruptions. Radiflow’s CIARA industrial risk assessment and management platform leverages the visual model and other threat intelligence sources to determine the most impactful threat actors, attack tactics and the effectiveness of corresponding mitigation measures. This involves running numerous breach & attack simulations to evaluate the probability of an attack on different business units, and the ability of various mitigation controls (installed and proposed) to protect the network. The indicators paint a clear quantifiable picture of the network’s true exposure to risk.
4. Developing controls within engineering, operations and support to address or mitigate these visualized intrusions. Preparation and implementation of a security roadmap based on the client’s long-and short-term security preferences (e.g. strengthening a single business unit vs. reducing overall risk) and budgetary constraints.

Radiflow’s CIARA platform provides industrial organisations with a ROI-driven risk assessment & management capabilities, helping them identify and prioritize protection for its crown jewels.

---

About the author

Praas Chaudhuri is CEO & Principal Industry Analyst supporting Industrial Autonomy, Intelligent Cities and the broader Digital Transformation markets. The firm’s research scope covers most major equipment companies in industrial manufacturing, mining, process automation, as well as software, hardware, satellite imaging and other innovative technology players focused on building AI-enabled applications to support industrial use-cases. Based in Silicon Valley, Praas is a former strategy consultant with several additional stints in corporate planning & strategy roles at large manufacturing and technology companies. He can be reached at pchaudhuri@arcinsightpartners.com

About ArcInsight Research

ArcInsight Research works with leading global industrial companies involved in smart city infrastructure, process  equipment, control software and hardware, design, simulation, operations,  optimization. It is deeply plugged into the technology ecosystem – bleeding-edge startups and  the investor community.

The group was founded in 2010 by consulting firm partners and senior experienced executives with deep global experience in industrial domain research, strategy consulting, technology and  and investment banking.  The firm aims to equip senior industry leaders with tools and perspectives to view the bigger picture and longer term over-the-horizon opportunities, and also support their strategy with a tangible path to execution.

The strategy advisory approach offered by ArcInsight Partners is a valuable partnership opportunity for enterprises that may be either starting out on the digital transformation journey,  in the midst of of transformation and looking for fresh perspectives to position themselves for a highly connected algorithm driven world.

Some of our past advisory engagements have included assisting clients  –
– Validate transformation goals and its transformation journey
– Assess new target markets; Validate TAM and growth rates
– Validate drivers for new business model; Transition strategy to SaaS / Subscription models
– Design new service opportunities
– Build monetization and revenue models;
– Map in-house competencies; Sales strategy and key account coverage
– Structure appropriate partner ecosystems for effective value delivery
– Due-diligence for potential acquisition & partnership targets; Assess deal valuations