ICS CyberVision for automotive manufacturer

Additional information

Source: Web-site of vendor

The project has been delivered on schedule

The budget has not been exceeded

Functionality complies with task

Description

A LEADING AUTOMOTIVE PARTS MANUFACTURER OFFERS DEVELOPMENT, PRODUCTION AND SERVICES IN ALMOST EVERY MAJOR WORLD WIDE MARKET, SUPPLYING COMPONENTS, MODULES AND SYSTEMS TO A GLOBAL CUSTOMER BASE. INTERNATIONAL IN SCOPE, THE COMPANY OVERSEES 70 FACTORIES IN 31 COUNTRIES, ALL OF WHICH HAVE SUCCESS FULLY APPLIED INNOVATIVE SOLUTIONS AND PROCESSES TO DELIVER QUALITY PRODUCTS TO ITS WIDE CUSTOMER BASE. CHALLENGES In order to maximize efficiency and quality, the company has been rapidly adopting methods for digitizing their production processes and adopting advanced manufacturing techniques and Industry 4.0 standards. The company soon discovered that, as they adopted OT technologies, there was a convergence between OT and IT thus establishing a need for a more collaborative structure between OT and IT to assure security, integrity and reduce risk. The IT organization was tasked with the responsibility for the security and reliability of these newly digitized plants. However, the plant operations staff did not recognize cyber risk and were reluctant to having IT make changes to their operations.
The IT team decided that they needed to establish priorities for this project:
  • They needed to first account for all of their manufacturing assets/systems/ devices such as PLCs, SCADAs, MES, Engineering workstations, or sensors and drives – basically any technologies utilized in the plants.
  • With 70 factories around the globe, this manufacturer needed to assure that they had an up-to-date and accurate understanding of all of their assets in the plants and how these assets were connected – internally and externally.
  • They needed to then analyze this data and find any weaknesses that could impact their reliability, safety, quality and security.
  • Last, ideally, they needed to have their solution meet the needs of the IT team but, also, be embraced by the Plant OT teams and bring them measurable value.
SOLUTIONS
After an extensive evaluation of several cyber security software and systems approaches, the team turned to Sentryo, not only for its expertise in cybersecurity for mission critical and industrial applications, but also for Sentryo’s deep understanding of the industrial internet and operations technology (OT).
The global auto giant chose to use Sentryo’s ICS CyberVision as a network monitoring and threat intelligence platform to provide cyber-resilience for Industrial Control Systems (ICS) and SCADA networks. A two-tier system made up of sensors, central data visualization and analytics software now passively analyzes their industrial network communications providing specific, detailed information about network assets, advanced anomaly detection and also alerts them in real-time to any potential threats.

VISIBILITY, INTEGRITY AND SECURITY Getting started, the cyber security team at Sentryo and IT team at the manufacturer focused on three main issues as it developed the tailored CyberVision-based program: Visibility, Integrity and Security. Step one was to have ICS CyberVision gather data in each of the plants by passively gathering data about all devices on the plant networks, applying ICS CyberVision’s knowledge of the machines’ proprietary data and mapping the information into an easy to view and understand display. In almost every plant, ICS CyberVision discovered and displayed information about devices and connections that they were not aware of and were not in the company’s database. As a result of this initial step of identifying devices and connections, Sentryo’s ICS CyberVision helped them to achieve effective management of their entire network through network monitoring and cyber-resilience threat intelligence on all their Industrial Control Systems (ICS) and SCADA networks. In the case of “ghost connections”, instances where there were connections being made that were not approved and perhaps even unknown, these were identified and assessed. After being detected, these connections could then be removed or monitored if the connection was determined to be essential for OT operators such as remote maintenance. Additionally, the manufacturer used ICS CyberVision to detect the creation of back-door systems, i.e. through the intra or extranet, possibly mistakenly created, but still “live”. For example, in one plant the auto parts maker was able to immediately correct two open back doors that were unknown to them, eliminating potential future problems. CYBER SECURITY Although it was not part of the initial project goals, the company has also been able to leverage the ICS CyberVision sensors to retrieve security data collected and view it in an OT-centric visual, easy to use interface using Sentryo’s DPI (Deep Packet Inspection) technology to extract meaningful information (data and metadata) from the OT networks. ICS CyberVision is a platform customdesigned to create an easy-to-use visualization of a machine-tomachine network oriented to OT staff and APIs for cybersecurity experts. This visualization turns messages between machines into an intuitive representation that helps give meaning to and interacts with the large amounts of information collected on the OT network. The ICS CyberVision platform also performs anomaly detection, i.e. behaviors seen on the OT systems and considered as legitimate during a certain time window. Thus, baselines corresponding to different operating modules of the industrial process can be created. Additionally, multidimensional symbolic graphs are reconstructed for every network layer and the detection engine will take snapshots of reference points labeled “baselines”. A differential gap analysis between each baseline is done with differences shown using advanced visualization techniques. Each difference can be expected – or unexpected – and the OT operator can acknowledge these differences. Sentryo’s threat intelligence capability is providing this auto parts manufacturer with accurate and timely information on specific threats that target ICS and IIoT, as well as detecting intrusions before they’ve caused any terrible incidents, creating a kind of blessed state or uncompromised comfort level. RESULTS
"IT and OT have traditionally held independent roles in the organization,” said the company’s CIO. “However, with the digitization of production processes, the lines have blurred. With the introduction of Sentryo’s ICS CyberVision, our IT/OT collaboration is delivering smart analytics, using data generated from machines to modify and optimize our global manufacturing processes, creating efficiencies, safety and security on a grand scale. For visibility, the team is equipped with an instant and automatic view of all industrial components, logical connections and weaknesses. For integrity, the company can now track any configuration and process control changes and log all key events. It can monitor all component behaviors and raise alerts when anomalies are detected. For security, they are able to monitor all component behaviors and raise alerts when threats are detected. The one goal that was achieved that will continue to have lasting impact is that the IT team is getting the critical information that it needs to meet its responsibilities and the OT plant staff are really pleased with the information that they are getting from ICS CyberVision and the intuitive way that they can now “see” their plant devices and connections. They realize that ICS CyberVision is not just for the IT functions but truly provides them with the information that they need to hit their efficiency and quality goals. A bonus benefit was that OT has optimized their operations and increased the business continuity during maintenance and sub-contractor operations. Now the company has a firm grasp on its global manufacturing networks, sensors are in place and they have collaborative IT and OT teams. With ICS CyberVision. the company has been able to save countless man hours from centralizing data management and gaining visibility into production facilities around the globe. This includes better and safer control of systems and devices, more effective management of the supply chain, higher quality and substantially minimized production downtime. Importantly, it removed 90%+ of industrial based network incidents and detected issues much earlier (in a matter of hours) that, before ICS CyberVision,would have been undetected or had taken months to be detected.

Details

Business tasks

Ensure Security and Business Continuity

Manage Risks

Reduce Costs

Develop Sales Channels

Ensure Compliance

Problems

Inability to forecast execution timelines

Unauthorized access to corporate IT systems and data

Risk or Leaks of confidential information

Total high cost of ownership of IT infrastructure (TCO)

Malware infection via Internet, email, storage devices

No monitoring of corporate IT processes

No control over the state of communication channels

Shortage of inhouse IT engineers

Risk of attacks by hackers

Risk of data loss or damage

Similar deployments

prev
next