For all the intense focus on mitigating cyberattacks in traditional IT environments, cybersecurity experts say there is still an alarming lack of awareness that exists relative to protecting operational technology (OT) solutions. While ransomware infections have proved tremendously disruptive to a number of industries, an attack against OT systems would likely result in devasting consequences for our nation’s critical infrastructure.
One only must look at last year’s incident at the water treatment plant in Oldsmar, Fla., to realize how impactful an attack of this nature could be. Had the hacker in this case been successful in raising the amount of lye in the city’s water supply, scores of residents could have made ill or even killed as a result. This is just one of thousands of different scenarios that could play out in the future should a nation-state or other malicious actor compromise one of the country’s utility operators.
However, a growing number of companies are investing in developing solutions that can make OT systems safer against these threats. One such organization is TXOne Networks, which was founded in 2019 as a joint venture between cybersecurity firm Trend Micro and industrial networking and automation solutions provider Moxa.
According to TXOne Networks CEO Dr. Terence Liu, the company specializes in protecting OT/industrial control systems (ICS) and industrial internet of things (IIoT) devices and they do this with three different products that are used at different levels in the implementation of OT machines. The first product is a security inspection USB stick, called “Portable Security” that end users can plug into a device to ensure that malware is not already embedded in the machine and to apply any patches that may be necessary prior to deployment. The second product, dubbed “Stellar,” focuses on endpoint protection by identifying and classifying thousands of OT applications to prevent malware masquerading as legitimate programs from being downloaded onto these machines. Lastly, the company offers network defense for OT devices, known as “EdgeIPS,” which monitors traffic coming into and out of ICS networks to detect anomalous events and neutralize them.
“We cover the device onboard, its application activation, as well as network communication across the lifecycle of the machine to make everyone’s life easier,” Liu explains. “In terms of deployment, we are in a very unique position too. Where traditional firewall vendors mainly focus on the perimeter of OT, TXOne Networks sits deep down on the shop floor to protect the industrial network and mission-critical assets with our three different products.”
Situational Awareness for OT/ICS
Liu says being exclusively focused on OT and ICS environments also gives them the ability to provide a higher level of situational awareness to end users than traditional IT security firms that may try to apply their solutions to the space. For example, Liu says they can identify hundreds of OT protocols and thousands of OT applications with their technology, which is something many other companies simply cannot do.
“When we sell our solutions to a customer, normally we need to deal with multiple parties and that includes the CISO, plant manager or frontend operators, so we need to convince every one of them. The CISO is concerned about the efficacy of your solution, but the operator or plant manager cares more about whether your solution will interrupt their operation. All our network products are failsafe and with our endpoint product, we consume much, much less CPU power,” Liu adds.
In one recent deployment, Liu says they were approached by a vendor of several large international parcel shipping service providers that had tried 15 different endpoint protection solutions, however; only TXOne Network’s Stellar product could be used without introducing any additional latency into the production process and was therefore adopted as a result.
“That’s the main value proposition of TXOne, being an OT expert that develops OT-native products. Over the last 30 years, most cybersecurity products did not really care about the operation they would be protecting. If you were a firewall, you just dropped unwanted network traffic and you didn’t care – you could be inside a bank, manufacturing plant or retail shop,” Liu explains. “But for OT, I think it is essential and critical to have so-called situational awareness because when cyberespionage hackers are doing bad things, it’s more about better configuration.”
Go-to-Market Strategy
Despite the ominous warnings from cybersecurity experts and even real world examples like Oldsmar, Liu says that there are still leaders and laggards when it comes to adopting security solutions to protect OT equipment.
“A majority of customers still worry about general malware and ransomware because most of our customer base – they are large enterprises – and they have thousands or tens of thousands of devices connected to their intranet which is a big threat network,” he says. “At this moment, their focus is to build the best network segmentation to secure these networks.”
However, as more forward-thinking organizations begin to adopt solutions like those provided by TXOne, Liu says many others are likely to follow in their footsteps. In the semiconductor manufacturing space, for example, Liu says they have already won contracts with four of the top 10 global makers of semiconductors. The company’s technology is also being used in the pharmaceutical, automation and aviation industries.
“The way we look at the OT cybersecurity market is like this: This market – though it is important – it is still relatively early on, so only industrial leaders are now paying attention and have the determination to secure their OT and ICS plants,” he explains. “The go-to-market (strategy) we are taking is to work with industrial leaders and, in the future, when the majority of enterprises start to deploy or think about their OT cybersecurity, they look up to the leaders in their vertical and they will see TXOne.”
Joel Griffin is the Editor of SecurityInfoWatch.com and a veteran security journalist. You can reach him at [email protected].
