Protecting and securing a facility’s operational technology (OT) has evolved into a task of significant importance for the industrial sector, and this endeavor is no longer a role relegated to a company’s IT department. With modern plants running thousands of devices connected via the Industrial Internet of Things (IIoT), the successful convergence of OT and IT has become a business imperative on the executive management agenda. The critical need for securing these assets is increasingly apparent, as the incidence of industrial control cyber breaches continues to rise. The lack of overall visibility and control of systems can leave companies exposed to malicious tampering and cyberattacks on vital infrastructure.
Bringing business leaders, IT specialists and OT engineers together to solve plant-wide security issues requires know-how across the physical plant and technology spectrums. That expertise is here, in a partnership between Voith and Kudelski Group.
Security solutions that bridge IT and OT mindsets
Establishing security across IT and OT environments is no easy task. These two technology infrastructures are inherently different, posing challenges for CISOs and facility managers to integrate systems, identify threats and respond to incidents.
IT is a fast-paced environment in which systems are frequently patched, upgraded and replaced. Just as one would update the operating system on an Android or iOS device, corporate IT systems are dynamically maintained to ensure continuous data confidentiality, integrity and availability.
Conversely, in an operational environment, availability, safety and reliability are top priorities. The complex and sensitive legacy equipment and control systems found in many industrial plants require careful maintenance and thorough testing prior to making upgrades.
Traditionally, corporate headquarters have steered the IT function, while OT takes place at the plant or mill level. Today however, business leaders are recognizing the need to integrate these two roles, as security becomes an essential part of a company’s culture.
Companies in power generation, pulp & paper, chemical, oil & gas, and other industries now have a trusted resource to protect their assets from new and emerging cybersecurity threats. Together, Voith and Kudelski have the expertise to support customers with end-to-end security risk management and the critical OT/IT/IIoT Platform infrastructures they rely on for operation. Voith brings in-depth domain knowledge of the OT and IIoT domain, while Kudelski offers world-class security as well as IT/OT/IoT software and hardware-based cybersecurity capabilities.
Advisory Services for end-to-end OT/IT/IIoT Platform security
Advisory Services provides a framework that empowers CISOs and plant managers to make strategic decisions about their IT/OT security options. Starting with an exploration of an organization’s IT/OT risk exposure, Voith and Kudelski assess all critical assets and discover potential threats and vulnerabilities to business continuity. We then offer customized safeguards to address the variety of security gaps found in the customer’s operations. And finally, we provide education and training to increase security awareness and enable fast and prudent response to threats.
Strategy and expertise to deliver OT security
Voith’s experts combine industry insights, OT know-how and IIoT connectivity with Kudelski’s cybersecurity prowess, enabling the discovery and mapping of OT systems to establish an overarching security framework. The outcome is actionable advice that helps set strategic direction, define best practices, optimize compliance efforts, support an agile security structure, and demonstrate successful identification and defense of attacks.
Threat, vulnerability and risk management
Every piece of critical infrastructure must be addressed to identify potential threats and minimize impact on plant operations. Our OT security advisors draw on deep operational experience and execute technically-based engagements to help businesses identify risks associated with infrastructure, mobility, applications or platform. Building robust vulnerability management and continuous testing programs amplifies risk visibility, allowing leaders to strike an optimal balance between risk mitigation and business enablement.
Incident response and cyber resilience
Voith and Kudelski help companies establish a high level of readiness to identify emerging threats and minimize the impact of a security breach. Through a combination of incident preparedness activities and training workshops, businesses are able to identify emerging threats and attacks before they cause harm. In the event of a breach, we provide emergency-based breach support to fully protect your critical infrastructure – 24x7x365.
Cybersecurity training & education
Advisory Services includes comprehensive training to develop security expertise within the business organization. Voith and Kudelski offer education on a range of topics – from IT/OT security awareness, IIoT connectivity and open source intelligence to tailored security trainings.
OT/IT Managed Security Services
Voith and Kudelski offer a new level of Managed Security Service (MSS) for the IT/OT environment. Powered by Kudelski’s Cyber Fusion Center (CFC), a next-generation security operations center, the end-to-end solutions cover all phases of the kill chain to protect a business’ connections to its operation controls and other systems.
The MSS has been designed from the ground up with these advanced capabilities in mind. Technology, methodology and system protections have been selected and developed based on the ever-evolving threat landscape, attacker tactics, techniques and procedures and the security needs generated by rapid IIoT business transformations that rely heavily on their IT/OT infrastructures.
Our analysts take a non-linear approach to threat detection, imitating the ad-hoc way an attack moves through a network of devices. Leveraging disruptive monitoring, detection and analytics tools, the analysts reinject what they learn back through the technology chain to strengthen their monitoring capabilities while empowering their ability to identify, intercept and contain suspicious activity at any stage of an attack.
Threat intelligence and monitoring
Businesses often struggle to collect, index, evaluate and process the vast direct and indirect security intelligence data that is generated from all of their internal systems and then combine it with information gathered from external sources. Most companies simply do not have the time, resources, or expertise to dedicate to such ongoing and intensive tasks. These critical tasks, however, are needed for the business to have meaningful plans of action to reduce incident-detection time and maximize remediation efforts.
Kudelski’s Cyber Fusion Center-based threat intelligence and monitoring services allow businesses to bring context to this data by injecting technical and practical intelligence from both Voith and Kudelski into the analysis process. As a result, threat exposure is reduced and security investments are optimized.
Breach protection and response for IT/OT systems
The modern threat landscape continues to evolve, and effective threat detection and response requires technology and methodologies that keep up with these daily changes. Delivered from Kudelski’s CFC, breach detection and response services leverage cutting-edge tools from leading technology vendors to detect the most evasive and advanced threats that can jeopardize business operations. These tools and coordinated communities accelerate the rate of exposing malicious activity at the endpoint and deliver an ability to disrupt attacks and confuse the attacker while enriching future detection and containment capabilities.
Security device management and support
Teaming with the Kudelski’s Cyber Fusion Center, Voith provides full technical support and managed services for critical infrastructure as well as industrial operations. Our services are in operation 24x7x365, freeing up your staff to focus on the business of your business while we focus on the security of your OT/IT/IIoT Platform infrastructure.
Next-generation security by design
In the future, the partnership will also leverage the Kudelski IoT Security Platform, a comprehensive, end-to-end platform that makes IoT security simple, scalable and sustainable. In addition to its deep cybersecurity expertise through its advisory consulting teams and managed services that are delivered through Cyber Fusion Centers in Switzerland and the United States, the Kudelski Group has more than 30 years of experience designing software and hardware-based security solutions that protect high-value business models.
“As companies around the world seek the benefits of connecting their OT systems to their enterprise IT infrastructure, the focus must move from air-gapped, physical security to a holistic, end-to-end, security-by-design approach,” said Jean-Michel Puiatti, Senior Vice President of IoT security at Kudelski. “Voith is driving digital innovation across many different industries, and we look forward to supporting customers in achieving their long-term objectives with device and data protection, access management, active security and managed services that will help them create sustainable growth and success.”
For more information on Voith, please visit their website.