ICS Cybersecurity Application Brief

ICS Cybersecurity Application Brief

ICS/SCADA Cybersecurity – Huge Risk, Big Challenge
Industrial control systems (ICS) were considered to be safe from cyber-attacks because they are isolated, air-gapped networks. However, these critical systems are extremely vulnerable! The development of the Industrial Internet of things (IIoT) and the convergence of operational technology (OT) and IT networks are creating a perfect environment for hackers to attack highly attractive targets – ICS network operators.

Recent deliberate disruptions of critical automation systems (such as the BlackEnergy APT attacks targeting Ukraine’s energy companies or the Kemuri Water Company attacks targeting a U.S. water utility’s control system) prove that cyber-attacks can have disastrous consequences for citizens and nations. Malicious code can potentially be used to manipulate the controls of power plants, water infrastructure, manufacturing facilities, building management systems and even large ships. All of these are considered critical infrastructure with damage potential resulting in real-world catastrophic physical damage, such as blackouts,
disruptions to an entire city’s water supply and substantive threat to human lives.

Current ICS Cybersecurity Solutions are Crucial yet Insufficient
Increasing awareness of the ICS cybersecurity threats has led many software companies to develop and offer security solutions specifically designed for OT networks. These solutions are defined by 5 NIST framework functions – identify, detect, protect, respond and recover. Currently, ALL available ICS cybersecurity solutions are based on securing the IP-based network (Data packets), starting from the PLCs, Level 1 of the Purdue Model, and moving up the network to supervisory controls, operations management and business management.

Of course, securing the data-network is crucial, however, it can be hacked despite the layers of protection installed and the operators don’t even know it. Something is missing!

The Solution:
Monitoring the un-hackable raw electrical signals of critical assets

Paradox: The role of an ICS is to preserve the integrity of physical processes yet current ICS security solutions, designed to protect them, are installed in the most vulnerable levels, the data-packets network! This paradox can be solve by monitoring the most reliable source of information, the physical source which cannot be hacked – the raw electrical signals of level 0 – sensors and actuators.

The SigaPlatform™ safeguards industrial assets by monitoring raw electrical signals (level 0 realtime monitoring) – as opposed to data packets which can be hacked. The SigaPlatformTM brings new and unmatched operational reliability into physical processes, to provide real-time anomaly detection and to support intelligent, real-time, business-critical decision making.

SIGA delivers unique visibility into physical processes – supporting more informed decision making. The system provides customizable real-time alerts and enables ICS/SCADA operators to consolidate all critical sensor data into one platform for optimized situational awareness.

The SigaPlatform™ is an essential ICS security, level 0 solution, complementary to all other IPbased solutions in the ICS network, level 1 and up.

Our Value Proposition
• ICS/OT cybersecurity solution not depended on data flow and cannot be hacked
• Out of Band: unidirectional secure data export
• Device visibility from untampered, unsmoothed raw data (0 level)
• Enabler for continuous operation even when the ICS/SCADA system is compromised or shut down
• Operational reliability & risk minimization
• Situational awareness – 24/7 anywhere
• Smart alert – rule-based, real-time alerts
• Non rule-based Machine Learning engine: monitoring, analysis, anomaly detection & alerts
ICS cybersecurity solutions showing an operational ROI

The SigaPlatform™ for SOC and managed service providers (MSSPs)
The SigaPlatform™ unique, out-of-band architecture and uni-directional monitoring system, allow this solution to be deployed as a managed service.

The system is the most reliable source of information of a SOC (Security Operations Center), as the information, in the form of electrical signals (physics) is coming directly from the device; and in a communication medium which cannot be hacked or circumvented.

The SigaPlatform™ enables a wide variety of notifications options e.g. email, SMS, and also allows direct integration to SIEM-SOC via Syslog, XML or REST API.

The SigaPlatform™ As-A-Service for SOC and managed service providers (MSSPs) is an ideal anomaly detection solution, highly secured, reliable, unhackable and very cost-effective.