• UP restores singed bridge, continues to combat wildfires in northern California

• Assistant Vice President Bridges & Structures

1/8/2016

Wurldtech: Cyber security for operational technology

Wurldtech, a GE company focused on cyber security for operational technology (OT), has announced the availability of OpShield, a security solution designed to protect critical infrastructure control systems and assets, company officials said in a press release.

The solution provides protection from cyber threats and vulnerabilities found in operational environments, and delivers defense-in-depth for oil and gas, power generation, transportation, healthcare and other industries, they said.
 
The emergence of OT security
Given the high profile nature of data breaches in recent years, IT security has received more focus and investment than OT cyber security. Yet control systems found in OT environments have unique and often embedded technology design, and have been traditionally managed in environments separate from IT. This has made conventional cyber security solutions ineffective for OT operators and system integrators.
 
With the advent of the Industrial Internet, operational environments are increasingly connected to a variety of IT networks, which adds complexity and risk. Even if not connected to the Internet, critical assets are vulnerable to insider threats and mishaps that can cause disruption and costly downtime. Adding urgency to the issue, nation-state hackers and other malicious actors continue to find new ways to infiltrate networks and applications that underlie critical infrastructure.
 
"Critical infrastructure assets such as turbines, generators, and nuclear reactors were not necessarily designed to keep up with today's advances in technology,” said Paul Rogers, president and chief executive officer of Wurldtech and general manager of GE Industrial Cyber Security. “But the rapid increase of cyber attacks on industrial operations in the past few years clearly demonstrates that securing critical infrastructure is becoming one of the high priorities for companies and organizations."
 
Based on a 2015 report written by Ponemon and commissioned by Raytheon, 66 percent of organizations are not ready to address OT security issues. Organizations are putting their most critical assets at risk in an environment not suitable for IT practices.
 
Security built specifically for OT
As a security solution for OT, OpShield provides protection at the point where traditional or next-generation firewalls (NGFW) leave off-typically in a demilitarized zone (DMZ) environment, company officials said. But unlike NGFWs, OpShield is designed specifically for OT environments to provide defense-in-depth for embedded systems and industrial assets connected to SCADA, distributed control systems (DCS), and safety systems that communicate in multi-vendor, complex environments.
 
"Cyber attacks are growing at a dramatic pace, and yet most companies are ill prepared," said Sid Snitkin, ARC Advisory Group. "The stakes are high for industrial organizations as attacks on systems that control plants and infrastructure impact safety, business continuity and the environment. Air-gapping strategies are inadequate, and traditional IT security won't do the job. It's critical that operators get OT security right."
 
By addressing vulnerabilities in real time without taking systems offline, OpShield enables critical infrastructure to remain operational and protected from the increasing number of threats.
 
"Traditional security solutions are great for protecting data that transpires across an IT network, but have no native support for the protocols and commands used in an industrial control network," said Nate Kube, chief technology officer and founder of Wurldtech. "It is simply too easy for bad actors to infiltrate and exploit vulnerabilities in this environment if the network isn't protected by technology that can help detect threats at that level."
 
OpShield solutions:
• are designed specifically to protect industrial assets, applications, and communications across process control networks;
• provide protocol inspection engine that adapts to OT command and protocols;
• identify and alert or block at the application command level, helping reduce the threat surface;
• are offered as a modular solution that scales to accommodate complex and harsh ICS and SCADA environments; and 
• are delivered as easy-to-install appliances that can be implemented in tap or in-line mode minimizing disruption to production.