Improving ICS Cyber Resiliency with New Version of SCADAguardian

Date: March 20, 2017 By: Andrea Carcano

ICS networks and systems are large, heterogeneous and change frequently as systems are migrated to Ethernet or new components are added. In the past, it was difficult and time consuming to implement basic security controls like having a current system inventory. When SCADAguardian was released in 2013 it represented a major step forward in that it was able, with the help of machine learning and artificial intelligence, to identify assets and provide real-time monitoring of them.

Major customers, such as Enel, have found that SCADAguardian substantially improves the reliability, efficiency, and cybersecurity of their power generation systems. A product is never done, however, and I am glad to be writing today about how our first major release of SCADAguardian in 2017 (v 17.0), better addresses some day-to-day cybersecurity and reliability challenges.

ics-asset-management-for-power-systems
Electric distribution utilities, such as Vermont Electric, use SCADAguardian because its
“one clean, comprehensive solution, from network modeling to process anomaly and intrusion detection.”

ICS Asset Management Improves Cybersecurity and Operational Efficiency

Developing and maintaining a centralized OT system inventory has historically been a very difficult and time consuming project. Since its initial release in 2013 SCADAguardian has dramatically helped this challenge by non-intrusively identifying all assets and keeping them up-to-date in real-time.

Now, with SCADAguardian 17.0, asset tracking is improved so it addresses questions like:

  1. Is it possible to have a dedicated view of all my assets?
  2. What is the firmware version of my PLCs?
  3. Can I monitor and be alerted on changes of my hardware /software?

New, dedicated views make it easy to visualize, find and drill down on asset information. Assets, including common industrial devices, are presented:

  • Grouped visually, as per the Purdue model
  • In list views
  • In detailed, single asset views.

Many attributes are tracked per asset, including vendor, model, firmware, software, configuration details and customized fields.

Context-aware alerts provide notification of changes to hardware, software and devices, quickly bringing potential cyber incidents or process risks to the attention of the appropriate staff.

ICS Vulnerability Assessment Enhances Cyber Resiliency and Productivity

Another challenging aspect of ICS security and process reliability is knowing which devices are vulnerable and require updating or special protection. For example, engineering and cybersecurity staff might want to know:

  1. Are the devices from Vendor X vulnerable?
  2. How many assets are still running Windows XP?
  3. Do I need to update certain network devices because their firmware is vulnerable?

Now SCADAguardian automatically identifies devices with vulnerabilities, saving time and improving cyber resiliency. A dedicated view of all vulnerabilities and their severity facilitates fast remediation. Vulnerabilities can be identified by vendor or other attributes.

A state-of-the-art repository checks the ICS against current vulnerabilities, providing clear visibility of risk.

ics-vulnerability-assessment-for-power-systems
One reason energy sector solution provider Trellis Energy implements SCADAguardian is because “it provides a real-time view into potential industrial vulnerabilities and vastly improves cybersecurity threat detection.”

Faster, Easier Deployment with Dynamic Learning

Part of the “magic” of SCADAguardian is that it non-intrusively discovers the industrial network and its components and then uses behavioral analytics to develop process and security profiles for each system. However, once profiles are established, say, after two process cycles, operators had to manually switch the product from “learning mode” to “protection mode” to initiate monitoring. Operators were left wondering:

  1. When should I close the learning phase and start protection mode?
  2. What do I do if only a portion of the network is stable?

Now the system automatically switches to protection mode when it determines that it is has learned enough and it is appropriate to do so. The learning granularity has increased, allowing the learning, and the switch to protection, to happen per node and per network segment. No configuration is required and stable network nodes and segments become protected automatically and quickly.

Comprehensive Solution for ICS Cybersecurity and Operational Reliability

From my previous experience as a cybersecurity professional working for a major oil company, I know that systems have a lot better chance of being successful if they are easy to deploy and use. I’m glad that this new release of SCADAguardian helps streamline operational tasks, ultimately improving operational visibility and monitoring for stronger cyber resilience and ICS reliability. I urge you to review our updated Solution Architecture (below) and our SCADAguardian 17.0 materials. Find out how our solution can help your organization improve cybersecurity, uptime and productivity.

Nozomi Networks Solution Architecture

Nozomi-Networks-Solution-Architecture-Diagram
SCADAguardian has a modular, scalable and extensible architecture. Now, with release 17.0, it is a comprehensive solution for ICS cybersecurity and operational reliability.

Related Content to Download

Related Links