This is not the usual case with the theft of personal and corporate data.
Industrial cyber attacks are different from other well-known types of cybercrime activities, such as personal and corporate data breaches and losses, which can lead to reputational damage and fines. Chassar said the difference is that with the latter, mitigation measures are in place. “When personal data is breached and extracted, there are mechanisms such as assurance, backup, encryption, multi-factor authentication and others that are widely implemented to help further protect that particular data,” he said.
“However, on the industrial side, you often look at technologies and systems in place that are sometimes decades old and therefore difficult, if not impossible, to update and correct. And in the event of an attack, processes can stop. Imagine a large automaker that produces a vehicle every 50 seconds. If this is stopped for five hours, then how many cars are not produced? In addition to that, the next question to ask yourself is, how many people cannot make money because they cannot work in the manufacture of cars? In this regard, industrial cyber attacks can have a much more tangible impact than data breaches. “
The critical benefits of industrial cybersecurity protection
The first important thing to establish with Claroty clients, says Chassar, is to identify the assets they have in their industrial environment. Indeed, he adds, customers do not always know that, for example, their heating controls are connected to this environment. The same goes for engineering workstations, controllers, sensors and other devices. Chassar advises that they should start by finding out what parts of their operations are connected to their industrial environment, because you can’t protect what you can’t see.
“This is how Claroty helps at the start of the journey – by identifying devices and connections and those with inherent risks, such as a control system that has not been updated for ten years. Once you understand what these inherent risks are and where they are, the next step is prioritization. Our threat detection capabilities let customers know when they are under attack and what exactly the residual risks are. We apply our standard cybersecurity procedures at the perimeter and throughout their environment.
Chassar says the company also takes an approach of looking at vulnerabilities from a hacker’s perspective with a risk rating, so organizations can more easily prioritize and then make changes and keep them up to date with regulatory requirements.
He adds that the company is supported and adopted by the three major global suppliers of industrial automation: Siemens, Schneider Electric and Rockwell Automation. Claroty’s strategic partnerships with the three have allowed the company to develop a solid understanding and awareness of all of their protocols, capabilities and vulnerabilities. He explains, “It also allowed Claroty, through our Team82 research team, to know where the threats are coming from, the constant changes in the threat landscape and the reality of the dark world. “
The importance of partnerships
With this investment, Chassar says the company has been able to expand its coverage of what has long been the industry‘s most comprehensive library of industrial protocols. He said this means that Claroty’s platform is fully compatible with greenfield IoT and IIoT environments and traditional brownfield OT environments. Developing and extending support for the various protocols used in these environments requires close collaboration and a solid relationship with industrial suppliers, including those who are investors and partners of Claroty.
“We have always been a technology company rather than a service company. For this reason, we have also built very strong technical integrations with our IT security partners. These are the same companies that control the firewalls and other technologies our customers already rely on. Not only does this allow us to work in harmony, but we can also plug in and play directly in these environments. This creates opportunities for our customers to easily integrate our platform into their existing technology stack, ”he says.
Chassar says the company has three categories of partners who have different values but are equally important. The first, he says, are the service partners who are driving the transformation of the business and include Deloitte, KPMG, NTT and Kudelski Security. The second is made up of ICS / automation vendors including Siemens, Schneider Electric, Yokogawa and Rockwell. And then there are strategic integrations with CrowdStrike, Check Point Software Technologies, and Tripwire.
“We consciously focus on industries that have absolute excellence in what they do and that have a very large customer base. We are firmly committed to taking a “partner first” approach. There is a real shortage of skills in OT and in particular in OT security, so we allow our partners to develop these skills and offer them the economies of scale necessary to face the shortage.
The future of these partnerships
These relationships will strengthen, says Chassar. “In the past six months alone, we’ve focused more on improving our partners’ certifications and their OT cybersecurity capabilities. At Claroty, we have taken our core core knowledge and skills and shared it openly with them, which has increased the volume of skills and abilities so that they can take advantage of our hyper growth that I mentioned at the start. This closer partnership relationship is the future at this time.
Chassar said this was important because it was vitally important for industrial cybersecurity actors to be aware of the criticality of protecting these environments. This stems from the momentum generated by the convergence of OT and IT. He cites everything from vaccines and pharmaceutical companies to automotive production, to food and drink manufacturing.
“Our mission is to be the industrial cybersecurity business and protecting everything within the four walls of an industrial site – and, ultimately, keeping businesses running. We do not focus on preventing the extraction of personal information or, for example, credit card numbers. Our goal is to help companies maintain their production and overall business operations.
He gives the example of the development of a technology for an automobile production line where a breach would interrupt the supply of vehicles. “On the industrial side, it is more about business continuity than damage to reputation and fines. Watch the Colonial Pipeline incident, in which operations were halted after the breach, as well as JBS Foods. Stopping the production of things that consumers need leads to loss of income and an impact on the stock markets, which is very difficult to fix. It can mean that people can no longer go to work because the bean cans and cars are no longer made. “
“The bottom line is that everyone, no matter what field or industry they are in, should be aware of industrial cybersecurity and the importance of protecting increasingly industrial factories and production facilities. connected in the world. This issue is of enormous importance to us as individual consumers and to the economy as a whole. “