Today in Schneider Electric’s News Release it was announced that we are partnering with Claroty, an innovator in Operational Technology (OT) network protection, to help to address cybersecurity challenges for the world’s industrial infrastructure. Claroty is joining our Collaborative Automation Partner Program (CAPP) to make its real-time industrial control threat monitoring and anomaly detection solution available to our customers.
Responding to the changing cyber threat landscape
In the past three months, there has arguably been more (at least from a disclosure perspective) threat activity against critical infrastructure/industrial control networks than we’ve seen in the past few years. With two recent examples of disruptive cyber-attacks against Ukraine’s energy grid, the spill-over ransomware impact to industrial networks caused by WannaCry and Petya/NotPetya, and disclosure of a coordinated campaign against global nuclear and energy firms, we are entering a new reality of increasing danger to the world’s critical infrastructure.
We’ve long stated that safety and cybersecurity must be addressed in a comprehensive way for industrial customers. Cybersecurity must be designed into the components that make up the automation system. In addition, services to support customers who need assistance to secure their networks, and the selection of best-in-class security technology partners complements and helps to build a best-in-class secure system. An essential part of system defense is monitoring for intrusion or irregular behavior so it can be detected before an attack occurs.
Security monitoring system requirements in industry
For a threat detection system to be beneficial in the industrial sector it must meet several criteria:
- The system must cater to the industrial sector and its users, including the ability to recognize industrial systems, products, and protocols and have a global support system that aligns with industrial needs. A system designed for the industrial environment meets these needs whereas systems adapted from an enterprise focus will often struggle.
- The solution must be able to run in a mode where it can “do no harm” within industrial control systems – its approach must not introduce the potential for down-time or an impact on safety.
- The solution must be complete enough to address external threats, internal threats, and unintentional human error that could cause safety concerns or disruption.
The partnership with Claroty provides real-time network monitoring and anomaly-detection. In addition, their approach of passive, deep packet inspection (DPI) helps fulfil these criteria. The ability to explore the deepest level of industrial network protocols without adversely impacting the system enables end users to safely identify anomalies while protecting complex and sensitive industrial networks.
Proactive protection of industrial control systems, and continuous monitoring of industrial networks for cyber threats, creates a detailed inventory of industrial network assets, identifies misconfigurations, monitors traffic between assets, and finds anomalies that may indicate the presence of a malicious actor.
Finally, Claroty’s ability to understand not only the public Modbus protocol, but also our programming protocols and Triconex protocols, means that this solution can not only detect deviations to normal behavior and IT type anomalies in the control room, but it can also alert the shop floor teams on specific attempts to modify the control of the plant.
Cybersecurity is not a one size fits all approach – talk to us about your specific needs.