Webinar Recording

Industrial Control System Security: Getting a Grip on OT Cyber Security


Log in and watch the full video!

Are your operational technology (OT) networks hosting Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, well secured? For many organizations, the answer is still “no”. Information security generally focuses on Information Technology (IT) networks and systems, not on the OT systems used in manufacturing, utilities and critical industrial infrastructures.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
Good afternoon, ladies and gentlemen, welcome to our equipping, our cold webinar, industrial control system security, getting a grip on OT, cyber security, common problems, and unique challenges of protecting OT networks in critical and among critical infrastructures. The speakers today are me marketing, cooking, or I'm founder and principal Analyst at cooking a cold. And my colleague Alexei Alexei Balaganski who's senior Analyst in our company. And with us today is on Andrew Ginter. Who's vice president is us three security at waterfall security solutions, waterfall security solutions, supporting just cooking a cold webinar. Before I start some information about keeping a call and some housekeeping information, and then a minute or so, we will then dive directly into the topic. Keeping a call is an Analyst company. We are providing enterprise it research advisory services, decisions, support networking for it professionals. So our research services, advisory services and events amongst the events.
We have our European identity conference. We are identity cloud conference correctly, which will will be held next time in May 5th to eighth in Munich. This is a conference around information security, identity management, cloud security, digital risk, and topics also such as OT security and related topics. So don't miss this conference regarding the webinar. Some guidelines you are muted centrally, so you don't have to mute around mute yourself. We are controlling these features. We will record the webinar and the podcast recording will be available latest by tomorrow and the Q and a session will be at the end. However, you can enter questions at any time using the questions, feature the go to webinar control panel, which you usually find at the right side of your screen. We appreciate if you enter questions during the course of the webinar so that we have a good long list of questions for the Q and a session.
Occasionally we might pick questions during the webinar. If they need an immediate answer, let's have a look at the trend. Now, the first part me and Alexa will talk about or give an overview of security challenges, come to all areas of security and once unique to interest in industrial networks and critical infrastructures. We also will have a look at the future convergence of traditional and industrial network security. After that introductory part, Richard from waterfall security solutions will provide you with a deep dive into specific industrial security challenges. He will introduce the concept of unidirectional security gateways for safe integration of it and OT networks without the complexity of traditional firewalls. I think this is quite interesting because from our perspective, we are currently in a, in a phase where it and OT are coming close together, where they will need to converge in where it's about sort of bridging some gaps.
Also between this environment. Finally, after this presentation, we will do a Q and a session as I already mentioned. So I will start with a slide which focuses on some of these changes. We are currently experience. It's what we call the computing Troy. So the new scope of information security, this takes more the information security, not the OT perspective, OT for operational technology and OT security for operation technology security perspective. So where we had these fundamental changes of cloud computing, mobile computing, and social computing over the past years, which still are our changing the way it is done. And they also affect information security. So we have to deal with different deployment models. We have to deal with different types of users. It's different types of devices, and this is what already affected the way on this scope of traditional information security. However, things are first changing.
And this is where my next picture is about. So everything in fact today becomes connected. This is from my perspective, a very fundamental change. So we have on one hand, the people, these people are part of organizations. They act on behalf of organizations. They own different types of devices, where the device can communicate with other devices where they use these devices. These devices also might be owned by the organization and they might be used to communicate with the organization. Someone is part of, or with other types of organizations. For instance, the ones who provide smart watches or other types of GAT. On the other hand, we have all these things. So something, some devices also can be things in the sense of that. They collect data, that they provide data, that they do various things, but we have also other types of things such as smart meters, smart homes, smart Watchers, connected vehicles, etcetera.
These things, in fact act autos devices are used by humans. This picture, I think makes clear things are becoming increasingly complex and in this environment, everything communicates using APIs. And so this is sort of the it view of what is the information technology view of what is changing and, and all these things are, are sort of at the edge between the it and the OT world. And then there's the other type of when I say everything becomes connected. There's the other aspect of everything becomes connected, which is where we see terms such as industry for, or first industrial revolution or the hype connected enterprise, where it's about not only connecting the people and their devices when the organization and things where it's also about connecting what is done for instance, in manufacturing. So the idea of saying, okay, I not only have to connect the vehicle, but I also have connection of the production of vehicles with a lot of other things so that someone can change the color of his vehicle still sort of few hours before this, the car is, is, is produced in fact, and all that other types of things, which we hear a lot of about in these days.
And so what we really see is this not only an information technology change, it's also something which increasingly starts to affect operational technology. So with, with this brief phase, I want to look at some terms. So what we are talking about and to, to, to clarify some of these terms. So we have on one hand information technology, that's sort of common it term, and we have operational technology. In fact, operational technology, even, even even came into play before we had it, it was about managing controlling etc manufacturing. And within that, we have the ICS, the industrial control systems, they do what they say, industrial control system. They control what happens in manufacturing and industry. And there's this part of data, this term, which is supervisory control and data acquisition, which is not the same as ICS. And my, the other speakers clearly will talk a little bit about the differences of that.
So we have a number of terms it and OT in this picture can be seen as siblings focused on different parts of the enterprise. It traditional serves the business processes. So finance, sales, and marketing and other types of business process. This is the, the primary focus of this. So that part of the value chain is really what it is about. On the other hand, OT serves the physical transformation of goods and services. It serves the manufacturing to production, whatever is done here. And so it's sort of a different level of the, the value chain we are seeing in organizations where these two areas come into play. But when we talk about the hyper connect stuff, hyperconnected enterprise, then it becomes quite obvious that these things are coming closer together. And this is where I hand over right now to my colleague Alexei, who will talk about the next few slides and diving deeper into this. Also what it means from a security perspective. Alexei is your term. Well,
Thank you Martin. Hello everyone. My name is Alexei. Okay. And I am going to talk a little bit further about differences between it and OT and yet the possible future convergence. So as Martin just mentioned, OT is actually Martin new. It's just a new name for the good old industrial automation, which is a technology that even predates the whole computer error. And ever since the first electronic computers have appeared in 1940s, I think so 70 years ago, it and OT have been developing in parallel and yet mostly independently, even by different business demands, different requirements and different regulations. As you can see on the slide, they deal with different objects or it deals primary general purpose computers, servers, notebook, mobile devices, OT is doing with manufacturing control systems, sensors, physical objects, like pumps or oil drills or whatever. And there even managed for a completely different organization like units.
It is almost always belongs to some business department of a company. OTs usually managed through engineering department and historically the technologies were evolving quite differently as well. It is currently mostly standardized and homogeneous. It's based on commodity hardware. It's it relies on open standards in terms of networking. And it's really able to quickly adapt to any new technology which becomes hyped and modern. Next year, OT is completely opposite. It's still uses a lot of proprietary, very specialized, specialized equipment, different for each industry. And yeah, it still relies on you could what you could politely call mature technologies or to be more bluntly, very outdated equipment and very outdated standards. In short, it could be called people centric because although deal with computers, it's primary task is basically letting business people make money OT if things centric because it's helping machines make better products. Martin, Martin, could you please show the next slide? Yeah. So it and OT have completely different targets. It it's primary concern is safety and integrity of business information. This is, this is really it's primary concern because business information is the highest sensitive and highest valuable asset of any modern company. And of course it has other secondary tasks like
Enabling productivity. Like people use this business information as efficiently as possible, ensure compliance security, protecting companies from legal challenges. And so on OTs primary concern is, and has always been worker safety. This is a concern which trumps every other aspect, even reliability and continuity of manufacturing processes because you know, data can be classified by importance and some data can be considered less important. Unfortunately, you cannot classify people's lives. Next slide please. So what are traditional consequences of a failure in an it environment? From the worst case scenario, your company loses a lot of money. The worst case scenario for OT failure is people's lives. People die. Industrial disaster happens all the rest is actually secondary. Yes, a data breach in a it driven company. So just say, can cost you millions now. And it'll probably become even worse with new privacy regulations coming into, into force, but still luckily really on an age where human life cannot be compared with, even with millions of dollars. Next slide please. And this is exactly the root cause of this preferable conflict between it and OT people. It's this security versus safety dichotomy, whenever it and OT people come together in one room and start talking, it usually quickly comes to a heated argument,
You know, for it people security is the highest challenge they have to B F I responsible. They try, try to stay ahead of threats, which means they have to adopt. They have to be able to make rapid changes in the, in the environment. They have to introduce new security technologies. As soon as I become available, even though such changes can hinder business productivity often it's still considered acceptable loss. So to say for all the people, safety is immensely more important and nothing not even a
As a light change as installed an VIR update can be made lightly without some careful and rigorous planning and testing it's of course leads to an argument. So an OT, an OT person could easily say something along the lines of, do you realize that installing the antivirus update can kill people? Or do you realize how much would it cost for us to shut down or oil pump? Because it'll take two weeks to bring it back online. And the it people of course, would respond along something like, well, if you are so good at carefully pleasant testing changes, why haven't you made any single change in your plant for the last 10 years? No, this is, this could become very heated quickly. And this is something which we have to really address first, before we even start discussing technical challenges, the goody place of the next slide as Martin Martin told as much I mentioned before, things are changing and they're changing quickly. All that probable computing is driving a lot of profound changes in the, or in the way companies work together in the way companies are connecting to their partners, to their customers, to their suppliers and so on,
Or the complexity and the number of those connections are increasing rapidly and it becomes more and more difficult to control them. Now, this one new idea of internet of things makes it even more complicated exponentially because it's expected that we will have billions of those smart devices everywhere inside every network, inside every plant in the next five to 10 years. Another problem we've grown adoption of commodity hardware and open network standards within ICS within the industrial control networks, which mean that they are going to experience the same threats of external attackers of hijack administrative credentials, and on, they have to adapt to be able to connect with new types of identities. And they have to basically reconsider their approach towards their perceived economy of security safety. Because
If you are not doing any changes, you are putting your workers in danger as well. The very first example that comes into mind is call that stocks net, but many OT people say, okay, stocks net happened long ago, far away in Iran. And it probably never happened to us because why would us and Israeli intelligence would want to hack our fund? And then of course, I have another example, much more recent, according to BSI, which is a German federal agency for security. Last year, they recorded an accident in a German steel mill where unknown hacker was able to get control over industrial network, running steel mill, and through some unfortunately disclosed details. He managed to disrupt his work so deeply that it could not be shut down properly. And according to the reported cause immense amount of damage, luckily no lives were taken, but you never know what could happen.
Next time. I even have some personal experience when there, because I am using a such engine, which is called Shorton, which exists for quite many years already. And which allows anyone with a minimal knowledge of security find exposed, smart meters, it control, sorry, control systems and other devices on the network. And for example, I've personally witnessed a hacker controlling solar power plant in Israel from convenience of his own home, just through his browser. So the challenge is real. It's no longer some fiction, and we really need to think about the future it and OT, convergence as something which has to start now. And the first thing we have to do is to finally reconcile our differences and agree that we are not, I mean it people and all people are not, enemies are not rivals actually at was to misunderstood friends, which have to forget the rivalry, sit together and start working on possible solutions together.
And what are the solutions? First of all, of course, there are tactical shorter term solutions, which have to be deployed now. And these are more of the technical solutions. Andrew is going to talk about later, which I would call perimeter to 0.0, meaning. Although the current trend is to get rid of parameters for networks. It doesn't mean that it, that OT networks, IC systems can be exposed. They have, there has to be an air gap between ICS systems and the internet. And this a gap cannot be a traditional firewall because firewall isn't highly complex general purpose computing device, which has its own share of vulnerabilities as for strategic approach as well. I'm just going to say three question marks because this is something which has to be rigorously planned in a collaboration between ICS hardware, vendors, it security experts. And it's something which has to requires a lot of long term planning. I hope Andrew will be addressing some initiatives in this area as well, and which is where I'm going to handle to him.
Okay. Thank you. Alexei Alexei Alexei, say it's again, me Martin. And let's have a look at the agenda. So we did our policy presentation, copy a call. And now it's time to hand over to Andrew, maybe one, one comment before I hand over to Andrew and that's I think quite important one. So when we, when we, when we talk about tactical, this doesn't mean 18 or 24 months tactical in this case probably means many, many years where we will need to find ways until the strategic solutions are here. Andrew, you can share your screen. I will open your microphone. So it's up to you now to present your part.
Thank you, Martin. Thank you, Alexei. Thank you everyone for joining us. Let me start by saying thank you for that introduction, that that framed the problem. Very nicely. I'm with waterfall security solutions and waterfall's focus is protecting the safety and the reliability of industrial control networks by replacing firewalls with stronger alternative. You know, as you said, the, the, the, the trend towards greater networking towards greater interconnectivity in my mind is irreversible. The focus is not on how are we going to keep things separate? The focus is how do we integrate these networks safely? And that's waterfall waterfall focus. We're a technology company. We produce technology that replaces firewall. Now the classic way to deal with network threat is of course, to throw firewall in throw in some encryption,
You know, harden the interior. But again, as Alexei said, hardening, the interior with control systems is difficult. The engineering change control discipline, which is essential to safe and reliable operation of physical assets flies in the face of the constant aggressive change that is needed to stay ahead of the bad guys. Throwing a firewall in everyone knows is not gonna cut it. This is a slide from a presentation I do sometimes at conferences, 13 ways to break through a firewall with live demonstrations. I bring in firewalls, I break through them. It's very entertaining. People love to see things break. The problem is the good guys and the bad guys, both know how to break through firewall. Fishing tricks, people into pulling attacks through firewalls, shoulder surfing. As someone enters a VPN password, the lowest tech way of breaking through a firewall forwarding messages straight through firewalls.
Firewalls are routers with filters. They forward messages. If they recognize a message as an attack, they'll block it, but no firewall can recognize all attacks. Fuzzing tools generate a million new attacks. A second. Some of these attacks make it through the firewalls. They forward these messages, and now we've compromised. The systems that have, you know, were supposed to protected. This is why no one deploys firewalls by themselves. Everyone deploys firewalls along with compensating measures like encryption and antivirus and security updates and all of these other measures to try and deal with these well known limitations of the 30 year old firewall technology.
You know, perhaps the attack pattern that is the most disturbing is the one that's become commonplace in the last half decade targeted persistent attacks. They use spearing to punch through the corporate firewall, trick someone into pulling the attack through when the attack comes through the anti-virus does not catch it because it's custom. It's being designed specifically for this target. There's only a hundred of them deployed in the world. A hundred copies of this malware antivirus vendors create new signatures. When they see 5,000 or 10,000 copies of a piece of malware on their honeypots, these authors don't get greedy. They infect a hundred machines or 50 machines, and there will never be anti-virus signatures for them. They operate the malware by remote control. They use the malware to steal passwords or better yet steal password hashes. Once they have administrative credentials, they create new accounts for themselves on the corporations, computers, and they can log in now like any other user, this class of attack defeats all software based, all standard it type security.
This is why a lot of people are very worried about this class of attack. One of the common responses to this class of attack is intrusion detection. These guys are so good that if we are not searching for them actively, assuming we've been compromised, we will never find them. Intrusion detection though, from the operations point of view is icing on the cake. There's gotta be a cake first. What ha what's the consequence. If, if a system is erased on the corporate network, well, we go to the backup tapes and we restore the system, you know, a few hours downtime. Well, we can't back up in the store generators. We can't back up and restore high voltage transformers as much as we'd like to. We can't restore human lives. And so the equation, the answer on control system networks has to be different. This is why one best practice authority, one standard authority after another is documenting unidirectional security gateways as a stronger alternative to firewalls for protecting operations networks.
What is the gateway? The gateway is this red area that you see in the center here. It's a combination of hardware and software. The software runs on regular computers. The software moves the data. The hardware keeps us secure. The hardware consists of two modules, a transmit module on the left that contains a fiber optic transmitter, but no fiber optic receiver. And for the record, no CPU, the transmit module cannot be hacked. It has no instructions. It contains a fiber optic transmitter and physically contains no receiver. The receive module contains a fiber optic receiver, but there is physically no transmitter in the receive module. And there's a short piece of fiber between these two modules. So together, this technology can send information out of industrial networks, but it's physically impossible to send anything back in the classic example. How does this work? Classic example is historian database replication.
If you're familiar with historian, databases, think, I don't know OS IOF pie or Wonderware orchestra on the left here. If you're familiar with relational databases, think Oracle or SQL server as the database server on the left, the hardware makes us secure. What does this software do? The software comes on a CD. It's a normal application like Excel. It connects to the database and asks the database for data and gets the data back. We serialize the data. We send it through the hardware. And on the other side, again, the software is a client of another database. If the database on the inside is SQL server, it's gotta be SQL server on the outside. If it's OSI soft pie on the inside, it's gotta be OSI soft pie on the outside, like to like what the software on the outside does is it takes the data from the one way hardware and asks this database server on the outside to store the data.
Now we have a copy of the data. We have a copy of the entire database on the corporate network. Anyone who needs access to the data can ask this copy, ask the replica for the data and we'll get the same answer as the original server would've provided. We keep these two servers synchronized typically to within a couple of hundred milliseconds. So again, the hardware makes us secure. The software moves the data, whereas this used most common use is currently in power generation. Typically we deploy this kind of technology, one per plant, sometimes one per generating unit. It depends on the, the security model, but what it does is takes information from the plant and sends it out to the corporate network where corporate applications can take advantage of the data can profit from access to the data can use it to reduce costs, can use to serve customers. Typically the data's aggregated in a central enterprise historian database. It can come from many plants with many different kinds of systems. OPC is often a bridge that's used between systems.
What is OPC for the OT guys out there? You know, already it's a standard interface to plant systems and plant devices. People think of it as a protocol. Really, it's more of an API programming interface. It's a calm based programming interface. And so if we want to run OPC across a network, we've gotta use DCOM running decom across a network. The protocol is complicated. It is intensely bidirectional two-way how can we possibly do two-way OPC over a one way hardware medium. Well, we can't, we don't do OPC over the one way. What we do is the, the software on the inside network. The unidirectional gateway software is a true native OPC client. It uses the intensely bidirectional. DCOM OPC to ask industrial service for data. Once we have the data, again, we send the data over the long way hardware. And on the other side, the software is a native OPC server, a true OPC server. It hangs onto the data until such time as somebody on the outside network asks for the data, it might be SAP asking for the data. It might be a corporate historian asking for the data. It might be that we do not have a historian on the industrial network. We only have a historian on the corporate network that historian asks for the data serializes the data and makes it available to the, to the corporate network.
Our second biggest use case, the second biggest installed base for this kind of technology is upstream oil and gas. For example, offshore platforms. This example is from a presentation that noble does, they've gone on record that they're using our, our technology. They use a Wonderware control system on their, their operating their, their control network on their, their offshore platforms. It has an OPC interface, the unit directional gateway technology replicates the interface, the OPC data out to business where an OSI soft PI server on the platform. There's a business network on the platform, as well as a control network. The PI server collects the data, serializes it and transfers it across a wireless of satellite connection into a corporate data center where that data is aggregated from all the platforms and is made available to corporate users. This is the standard solution that noble is deploying on all of the, their, their, the platforms that they're building.
It begs the question, though, if we are connecting at a high level to all of these industrial systems, do we not need a different piece of software for every industrial system? And the answer is yes, of course we do. Different vendors have different sets of software. This is waterfalls. Our claim to fame is that we have the largest set of commercial to self industrial unidirectional connectors, replications of any vendor on the planet. Not only that, but we have a commercial off the shelf, product sale approach. Some of the vendors out there, if you need, if a customer needs a new replication, they'd be happy to build it on a custom engineering basis. It'll only cost 2 million. The waterfall model is that we always make those investments. If a customer needs something, just ask, we never charge customer engineering, our accounting part departments forbidden from doing that.
So there's lots of connectors available. The hardware packaging varies. You saw on previous diagrams, a package where the transmit module and the receive module are in separate physical appliances. There's lots of flexibility there. The transmit and receive modules can be put into one U rack Mount case. These are the modules at the, at the rear here at the front. We can insert conventional computers, lay them on their side is like a bit of a blade server laid on its side. We have the transmit Mo transmit system, hardware and software on the left, transmits a received system on the right, a physical divider down the center that, you know, an auditor can run their finger down and verify that there are no cables cross connected across the, the it OT boundary. The only connection is on the front panel. It's a bright orange fiber optic cable, which an auditor can readily prove is the only connection between it and OT. If we need the software to run on virtual machines, that works too. If we want, you know, the customer wants to use their own servers because they're a Dell shop or an HP shop or an IBM shop, it's extremely flexible
Where to go with this. What do people do with this? Here's an example, batch processing. There's an Aspen tech IP 21 historian on the plant network aggregating all of the information from the plant network. That's gonna be shared with corporate applications. There's a replica IP, 21 historian out here, but
On a regular basis, we need to send antivirus updates back into the plant. Don't we, we need to send process orders and control recipes from our SAP server or our MES server back into the plant. Don't we, there is a technology called a flip gear. The waterfall flip is a unit directional gateway, and it can flip over from time to time. It can never be two way. It can only be one way, but if we need to program it to say every morning at two in the morning, flip over for 10 minutes, pull antivirus updates, pull the SAP recipes through, and then flip back. We can do that. How does that work? This is how it works inside. We have the electronics from the transmit module physically in the flip, we have the electronics from the receive module physically in the flip. There's a short, bright orange fiber up cable, physically inside the flip.
And there's some extra stuff. So what we have is the ability to send in one way, there's only one transmit module. We can only send in one way, but there's a button on the front. If we press the button, it is as if this unit flips over, it can only send one way. It is a unit directional gateway, but it can be a gateway out or a gateway in, but never both. We can trigger the flip with a button. We can trigger the flip with a bit of software running on a CPU on a trigger controller and, and, you know, program it to flip. As I said, once a day, twice a day, 10 times a day whatever's needed. The technology is specifically built to defeat TCP, to defeat interactive, remote control, none of the waterfall products ever forward messages, firewalls are routers. They forward messages.
This technology never forwards messages, but even if you manage to trick it into somehow tunneling TCP through you, can't run an SSH session or a remote desktop session. If you're only flipped for 10 minutes every hour, it simply doesn't work. So the flip is a disciplined way of allowing information back into the plant from time to time, while still defeating the modern attack paradigm. What if we need continuous feedback into the plant? Some of our customers and chemicals say, look, I'm using the IP 21 system. I'm using the IP 21 simulators. I'm using the IP 21 optimization systems. And these optimization systems need access to millions of data points from the plant. So fine. We can put a gateway in place to replicate those millions of data points out. And the optimization systems create a few hundred data points that need to be replicated back into the plant.
These customers say, we do not want to replicate the entire Aspen tech back into the plant. We only want those few hundred data points. We do not want mistakes in the programming of the optimization apps to be able to impair the reliability or the safety of the plant. What we do in these cases is we've got a unit directional path out to do the replication out, nothing gets back, and we have a unit directional pack in that only allows these couple of hundred points to come in. And we're using something called advanced application data control, providing fine grain control for data exfiltration controls as well as inputs to the plant.
What is application data control? It's the promise that NextGen firewalls made seven years ago and never delivered on look at NextGen firewalls. How many applications do they support? Ask one of the vendors they'll wave their hands. They'll say thousands, thousands of applications. Great. How many of those applications are industrial applications? Seven. Oh, what can you do with the first of these industrial? Well, we could look at some of the bits in the packet. Hitter is that deep packet inspection? No, not really. The waterfall application data control technology seize the data. When we ask OPC or we ask OS IOF pie for the data, there's a bunch of messages to get exchanged and we get the data back. Those messages might be encrypted. We don't care. If we ask the programming library to get us the data, they might be compressed. We don't care how complicated the messages are.
The messages we're all thrown away. By the time we got the data, those messages could be proprietary and undocumented in any way, we get the data. We give each piece of data, a name, and now we can have a policy engine where we can put rules together saying these names are allowed and those names are not. We can say these values are allowed. These are reasonable values. Any value between seven and 13 for this data point is reasonable. A value of 3.6 million is completely unreasonable. Block that and raise an alert. Something's gone wrong. We can do this for any of the industrial protocols that waterfall supports. This is delivering on the industrial data control promises that were made many years ago.
We see this inbound, outbound gateway technology being used in transmission system operators as well. These are the, the, the brains of the power grid. These are the ones that decide that, that balance from second to second, they balance generating capacity with loads and to do that, they need to connect to dozens of partners in the geography, typically other power companies, some of which are well secured and some are not. And these, you know, these balancing authorities, these transmission system operators, they recognize that they are strategic targets. They need serious protection. They're deploying in the directional gateways as well.
People might ask. Yes, but all of this flies in the face of ITT integration, one of the tenants of ITT integration is centralize everything. Centralize the engineering team centralize the it team. How can you do that? If the central teams cannot reach into the plant, this is how we do it. Set up parallel wide area networks, one for operations. And one for corporate. You already have everyone already has a corporate wide area network that have a parallel network and do not connect the two networks except through unit direction, hardware enforced solution. Now, any engineer or any it help desk person at corporate who needs access to both networks needs two computers on their desk. One is physically connected into the dangerous corporate network where they can go out to Google and pull down who knows what webpages to try and figure out how to solve problems.
And the other computers physically connected to the operations wide area network, where they can control dangerous physical processes, where they can fix the problems that they've done, the dangerous research for on the other physical computer. And again, the only connection between the reliability critical, the equipment critical, the safety critical network and the dangerous network is one way, lots of best practice authorities are documenting unit directional security gateways. This class of unidirectional technology as an alternative to firewalls for these reliability critical network. The most recent one of these authorities was antsy in France. They recently put out new advice that in my understanding is gonna become law at some point. But the advice says that for new control systems, there are three classes of control networks, class, one networks. If they fail, have minimal impact on society like a washing machine manufacturer, you know, they've got recommendation, but they're not, they're not critical recommendations.
Class two networks have a significant impact on society. When the process fails, think a large power plant unidirectional communications is recommended by the standard and remote access from the internet into the brains of a one gigawatt power plant is, and I quote strongly discouraged. The word strongly is followed by the word discouraged in the standard class three networks with enduring risks, where we could damage physically damage, physical infrastructure that's society relies on, or that can put public by or public safety at risk. For instance, railway switching systems or the safety systems or the protection systems in those same power plant. The only connectivity between these critical networks and less critical networks that is permitted by the standard is unit directional gateways and remote access from less trusted networks is simply forbid. So the world is evolving. The world is changing. Good things are happening. Lots of different authorities are recognizing the role of integrational protection.
Waterfall's mission. If you indulge me for a minute is to replace all control system firewalls with stronger alternatives, we are developed and we continue to develop a whole spectrum of solutions that can be used across an entire spectrum of communications needs for safe. It O T integration, we're headquartered Israel. We have an operations office in the USA. We are deployed worldwide. We're deployed in every critical infrastructure sector. The Analyst analysts are all saying roughly the same thing about us. They're saying, you know, this is an idea whose time has come. And they are saying, they're, they're giving advice to their clients saying become familiar with this technology. The, the bottom line here is this attacks only become more sophisticated over time. This is fundamental modern attacks, routinely defeat all software security mechanisms, including firewalls. This is why best practices must continue to evolve to address these more and more sophisticated attacks.
And this is why best practices are evolving to recommend hardware, enforced unit directional gateways. What is a best practice? A best practice has to be good. And it has to be practiced five years ago. These authorities had a hard time documenting unit directional gateway technology as a best practice, because even though it was very, very good, it was not widely practiced. The technology was only invented in 2004, did not, you know, was not sold outside of Israel until 2007, 2008. Today the technology is widely used. It is very, very good, and it is widely practiced today. It is the new best practice. 10 years ago. We could not ask the question. Am I gonna use hardware to protect my network? Or am I gonna use software today? We can ask the question. And many people are asking the question which of our industrial networks are expendable enough to protect with software alone. And which do we need to protect with stronger hardware protections? This is the question I encourage all of us to ask and think about how we want to protect our reliability critical and our safety critical network, Martin Alexei. That's all I had. Thank you for your, your patience.
Thank you, Andrew, for this great presentation. So I will move over to my presentation. Again, we have already a number of questions here, and if you have further questions, your attendees enter them now, and I'll directly start with the first question. Andrew, does this unidirectional no approach mean that all operating should be in the OT environment? No automatic stream of planning info from it to OT. So just the first question or first two questions.
Sure. That's a great question. I mean, that very question is why the flip exists. We see that there is planning information such as control recipes, process orders optimization even second by second optimization information that needs to come in. So yes, we do recognize that that information must come in from it. But you know, this is why if possible, we recommend deploying the flip because it still defeats the modern remote control attack. Even while allowing a disciplined flow of information back into industrial sites. This is why we recommend advanced the application data control to double check everything coming through after it gets through the one way hardware after it's outta the hands of any attacker on the, on the corporate network, anything, anything at all, anything physical or anything logical coming back into an industrial network needs to be scrutinized, needs to be examined, to determine if it's safe. You know, a question we ask sometimes is how many machines on the corporate network are authorized to control the reliability critical, the equipment critical or the safety critical networks. Most often people say none, nobody out in corporate, you know, the corporate receptionist, forget it. Nobody out in corporate should be controlling the plant. And yet we need some information to trickle back in. This is why we've, we've developed and why we see people deploying these controlled mechanisms for getting information back in. That was a long answer. I hope that answered the question.
Okay. Thank you. And for next question, does waterfall offer a solution for the, a, B, D a I S protocol one way
The protocol does not ring a bell, but our development team is developing stuff constantly. I need to tap them on the shoulder every month and ask, what are you doing? What, what have you done recently? So I don't know if they have that in progress. I can double check and, you know, we can, we can I trust we have the, the, the questioners email.
Yes. And you can follow up via email.
Yes. But as I said earlier, if this is something that a site needs, just ask for it, we're happy to develop this class of technology. We're happy to put it in our price list. The first customer will pay the same price for the technology as the 27th customer pays for it. We never charge custom engineering, just let us know what's needed.
Okay, perfect. Another question. When undertaking an ICS initiative, are there any specific frameworks, one could leverage to assess the degree of control?
Are there any frameworks to leverage to assess the degree of control? I'm not sure I understand the question. Does it make sense to you?
I, I think it's, it's about, you know, if, if you're going to do an OT security initiative, so if you're moving forward in securing your entire ICS environment, are there any blueprints frameworks etcetera, you can rely on? And so on?
Sure. I mean the, the classic framework that everyone refers to is the ISA framework. The, which is also published as IEC 62, 4 43. And there's a number of documents that have been published already. There's even more documents under development, but it's, you know, each of the documents is, you know, typically 150 pages of dense material. If you would like a, sort of a more readable approach. I, I very much recommend the French and the approach. When I saw that document last year, it's actually two documents, one sort of full of examples and the classification mechanism for the different classes of sites and the other one full of security controls. It was surprisingly readable. Not only did it explain what to do, it explained why to do it. And it explained who's coming after us. And how capable are they? I've never seen this in a standards document. So I was, I was pleasantly surprised at how readable the anti document was. I would encourage folks, you know, anyone who's, who's practicing OT security or ITT integration to have a look at that, that document.
Okay. Another question. What would be your guidance for farmer manufacturing customers in terms of implementing ICS security, OT security, where does one start and then scale out?
Where do we start and scale out?
I'm a technology guy. So, you know, if you ask me process questions, this is, you know, this is something that I watch from a distance, but I see people doing this, they'll look at, you know, they'll bring in a security assessment service or they'll have their own in-house capabilities. But part of the problem is inventory. What you have, figure out what you have, figure out how it's communicating, and then look at the modern threats. Again, you know, these remote control attacks that pretty much breaks through anything. Look at other threats, like physical threats. Can people walk up to the facility and, you know, hit it with a hammer, look at your personnel. Do we have labor disputes going on? So you look at what we have. We look at what we're worried about. And then we put a plan together. And again,
Almost always the first step in the plan is to nail down the physical perimeter and the cyber perimeter, which is where the waterfall technology comes in. Once that's nailed down. Once we have eliminated the online threat from external networks. Now we can, you know, in a sense, we've closed the barn door. We can start looking at locking the windows. It makes no sense to put bars in the windows at the barn door, standing open, and people will look at their physical security. They'll put in scanning systems for USB, they'll start locking down USB ports. Be careful though, if we lock down the USB port, if we start controlling what comes physically into the facility, as well as what comes logically in people are people put, you know, iPhone chargers everywhere. So no one's tempted to plug a cell phone into a critical device. Train people put, you know, corporate or even guest wireless networks everywhere so that no one is tempted to connect a rogue laptop into the ICS, just to pull email and, you know, unwittingly, let viruses lose everywhere. So that very quickly is sort of the progression. We see do some assessment, walk down the perimeter and now look at how are we, what are we gonna do about the, the perennially soft interior, you know, anti-virus systems, whitelisting systems and so on.
Okay, perfect. So we have still a number of questions waiting. So let's look at the next one. What other countries then France are talking about mandating unidirectional gateways.
That's a very good question. And I have been keenly interested in the answer to that question for years and France is looking at mandating it in the nuclear world and we're deployed at, for example, the, the majority of American nuclear reactors and a lot of European reactors as well. It be mandated in many countries in the conventional world RCIP and north America is not mandating it, but is absolutely recognizing the strength of unit directional protections by relaxing by about one third, the number of requirements that sites need to comply with if they've deployed strong perimeter security solutions. So in a sense, they reward the site for deploying security by removing requirements that are no longer necessary when strong perimeter securities in place. But the really interesting part is who else is doing it? I have heard third hand accounts that China's doing it, but I've never found anything published. And even if I did, I'm not sure I'd be able to read it. You know, I hear that other countries are doing it, but you know, a lot of the times these regulations are considered state secrets or for official use only. And so it's difficult to tell, I know, third hand that a number of countries are doing this, but I can't say so definitively because I've never seen the regulation because I'm never allowed to see them. So I know it's happening.
Next question. Would you say the approach of in unidirectional gateway would prevent or prevent from being successful, especially if a flip gateway exists?
Well, that's a very good question. There's a couple of answers. There's, there's been a lot written about, about St. Smith. A lot of that, that writing was nonsense. I know because I wrote a bunch of it. So, you know, I wrote a lot of stuff saying, let's take a copy of the Stuxnet worm. I got a copy of the worm and I put it on a test bed and isolated test bed. And I said, let's see how it fares against this technology, how it fares against that, how it fares against the gateway, the flip, the whitelist, the antivirus, et cetera, etcetera, etcetera. And I said, oh, this technology is stronger than that one because of X, Y, or Z, because it block stocks net, or it didn't, that's the wrong approach.
Fundamentally stocks net, as far as we can tell was a combination of well funded military and intelligence agencies going after a single target. It does not matter how secure we make any single target. Nothing is ever absolutely secure. It's always possible to be more secure, which means it's always possible to break into anything. If we have an adversary who has feet on the street in our organization, feeding detailed plan of our defenses and our systems out to our enemies. If we've got compromised insiders doing that, we don't have a cybersecurity problem. There is no cybersecurity technology that can be deployed that will protect that class of adversary. That's not a cybersecurity problem. That's an espionage problem. We need to escalate to our national intelligence agencies and get government involvement. Now, a simpler answer is when people deployed or when people heard about stocks, net, a lot of people literally went and glued the USB ports shut on their control systems.
And they said there I'm safe. What they didn't realize is that stocks net blew through industrial firewalls piggybacked on SQL server connections, just as easily as it blew across unprotected networks. And so the only way that gluing USB port shut would work is if we glued the USB port shut on every computer on the corporate network as well. And every laptop that was ever connected direct there by VPN, if an industrial unit directional gateway was deployed on the it OT interface, stocks, net could not have jumped across from the corporate network after infecting a corporate machine with the USB. Then with the gateway in place brewing the USB port shut on the it or on the OT network, would've been effective. Same thing with the flip, the flip blocks SQL server connections that you know, those connections could not have been used to spread the, the, the worm through industrial firewalls. The flip never forwards messages. It doesn't allow TCP connections. It's designed to defeat that class of attack. Long answer. I hope I answered the question.
Okay, perfect. So we are already beyond the top of the hour. So as we stop here, thank you to all the attendees for listening to just cooking a call webinar. If there are open questions, they will be follow up by email. So thank you to all the attendees. Thank you to you, Andrew, for your excellent presentation on the extensive answers to the various questions. Hope to you have you soon again, as partition depends at one of our coping call webinars and don't miss our upcoming European identity and cloud conference where OT will be one of the topics we will discuss there. Thank you. Bye.
Thank you, Martin. Thank you all. Bye bye.