2021 saw an increase in cyberattacks on critical infrastructures, such as the one on a water treatment plant in Florida, due to gaps in security that allowed hackers to access the program controlling system to poison the water with harmful chemicals. Attacks on critical infrastructure are only continuing in 2022, with Oiltanking, a German fuel supplier, being a recent victim.
Here Shimon Peretz, VP of Business Development at IXDen, the pioneer of biometric identity for industrial equipment, explains how monitoring data at the physical layer, where it is generated, helps prevent both cyberattacks and operational technology (OT) failures.
In the utility sector, citizens’ well-being can be seriously endangered as a result of OT failures and cyberattacks. To tackle the latter, in January 2022 the Biden-Harris administration announced an action plan to accelerate cyber-resilience for the water sector.
“Cyberattacks represent an increasing threat to water systems and thereby the safety and security of our communities,” said Michael S. Regan, U.S. Environmental Protection Agency (EPA) Administrator. “As cyber-threats become more sophisticated, we need a more coordinated and modernized approach to protecting the water systems that support access to clean and safe water in America.”
The EPA’s plan to modernize cybersecurity outlines clear goals for the future. However, it gives no practical suggestions on how companies can secure their networks.
In addition, governmental efforts are currently overlooking the danger of ineffective predictive maintenance, which exposes treatment plants to the risk of premature equipment failure. In the case of critical equipment such as sensors, this can mean that crucial management decisions could be based on partial or inaccurate data.
The Importance of Full Data Visibility
There are four different levels to consider in creating a cyber-secure network: the cloud level, enterprise-level, programmable logic controller (PLC) level, and the physical layer, where end devices such as sensors and actuators are situated.
Most companies have robust cybersecurity strategies in place for the first three layers, such as implementing firewalls, intrusion detection and prevention systems, network access control, and deception tools. However, the physical layer is often overlooked.
Recent data suggests that most industrial cyberattacks occur on the sensor level. By neglecting these devices, companies are providing a trojan horse with which hackers can access their networks.
Moreover, most of today’s industrial processes are based on outdated configurations. They were built when bandwidth resources were very limited, so most of the sensor data had to be processed locally at the PLC or RTU layer. Therefore, only about 20% of sensor data is propagated upwards, to the network level. With 80% of data left unaccounted for, companies cannot have full visibility of the health state of their OT environment.
This means that this data cannot be trusted. The first reason is that it could have been already infiltrated by cybercriminals, and the second is that sensors could be misfunctioning as a result of failure or natural aging.
Monitoring Data at the Source
This is why IXDen, the company that created the concept of a biometric identity for industrial equipment, launched a single self-contained solution that monitors equipment data at the source, combining OT failure prediction and cybersecurity in one software. IXDen’s patented solution is the first fully autonomous software to create a dynamic behavioral model of each device, both in isolation and as part of interrelated process dependencies.
The software creates a biometric identity profile of each and every sensor and device on the plant, monitoring data transactions to detect anomalies that signal OT failures or cyberattacks.
Analyzing 100% of the data transactions at the physical layer, where it is generated, allows the overall health and reliability of OT systems to be monitored in an extremely accurate way. This data is also secured by the multifactor authentication process required for access.
Crucially, the health state of equipment is summarized by a single score and a traffic light performance indicator. This means that operations managers have an extremely intuitive way of monitoring the whole OT system at a glance, with the ability to drill down on the root causes of problems if necessary.
Mekorot, Israel’s national water carrier, has chosen to implement IXDen’s solution to cover OT sensor anomaly detection for better predictive maintenance and cybersecurity in its vast supply network, comprising 13,000 km of pipelines, 3,000 water production, 25 desalination sites and supply installations, and millions of sensors.
Mekorot found that the IXDen solution predicts failures 14 to 60 days in advance, failures that were not detected by the existing systems in place. It was estimated that the IXDen’s software OT failure predicting abilities would help the company save millions of dollars every year.
Mekorot is one of the most advanced water carriers in the world and its holistic approach to OT failure prediction and cybersecurity could be successfully copied elsewhere. This technology is currently being launched on the American market with IXDen planning visits to showcase its capabilities.
In safety-critical sectors such as water management, companies have a moral and social responsibility to keep their data safe and cannot afford to be stuck in the past. Monitoring data directly where it is generated is the only way to ensure that cybersecurity and failure prediction go hand in hand, protecting core equipment while safeguarding consumers’ health.