With various cybersecurity solutions and devices on the market, can you start by categorizing or breaking down where Mission Secure’s technology and hardware fit in?
We work in the operational technology (OT) space. A lot of organizations try to solve OT problems with basically the same information technology (IT) systems. But OT is a different paradigm, and we focus on how operators want to control and protect the OT environment. There’s a fundamental difference between the two; we specialize in the OT security model with Purdue (ICS Reference Model) Levels 2, 1, and 0. That is the kind of work we do.
Technically speaking, what are the differences in these types of solutions and the challenges they are addressing?
In a typical IT environment, most IT admins try to put perimeter barriers around the organization and limit what comes into the corporation or organization. Users can go to web browsers, IP addresses, or services. IT allows traffic going out, but they try to restrict what’s coming in.
On the OT side, it’s a different paradigm because there is a precise process. You know what should take place on a given network segment. In OT, you completely lock those segments down and restrict data flow. In effect, when there is a threat in an OT environment, adversaries are locked out of the network to protect the organization, physical process, and even the industrial plant in question.
Are there IT versus OT solutions within the OT cybersecurity arena? How do they differ?
What we’ve seen in the marketplace is there are a lot of tools out there that do IT cybersecurity. They may apply to OT to a certain degree, but to really secure OT, solutions need to be able to do both IT and OT and do that down to the protocol level. An OT cybersecurity solution needs to be able to identify abnormalities as well as be able to protect the actual system down to Level 0, the source. And this degree, Level 0, is not necessarily seen as an IT problem today. So, we have IT companies that traditionally don’t typically look at OT Level 0 sensor data or components.
Right now, everybody’s got this push to do IIoT, the Industrial Internet of Things, as well. And cybersecurity is an afterthought as companies adopt IIoT devices. Companies need to secure IIoT too. But today, most solutions aren’t securing the lower levels in the OT network, IIoT included.
Mission Secure holds quite a few U.S. patents for the MSi Platform. So how is the technology or hardware different from the other available options?
A lot of our patents are around protecting that area of the OT network that today, nobody else does. We’re able to deliver visibility and protection at the lower levels, Levels 1 and 0, and validate what’s going on in the OT environment.
For example, if a valve of a tank is not filling, that could be an abnormality. We’re able to provide that level of visibility and protection, securing down to Level 0 for our customers. We have patents around that process and other elements as far as maintaining a secured, locked down if you will, operational technology network.
Clearly, defense and industrial environments have different requirements than corporate IT environments. What specific objectives were you aiming to accomplish in engineering and developing the technology and hardware in this manner?
In IT development, it’s focused on blocking certain risk factors, whereas, in an OT environment, it’s blocking everything. On the IT side, users are more random. A typical IT user might be doing one thing today, and tomorrow, that user will do something completely different. IT allows an amount of flexibility for people to do various tasks. On the OT side, the processes are fairly set, and those steps don’t typically change over time. If we model the process, including down into the lower levels on the OT side, then it is known what devices or assets communicate with others, when they communicate, and how it should appear. We even know fingerprints and signatures, such as how much data should a particular process send. The main goal is to lock down the OT network entirely, and we’re able to achieve that, allowing only approved processes to occur. That’s really where the difference comes in between IT and OT cyber security.
From an OT development standpoint, engineering and development must also have a keen understanding of OT assets and operating environments. How am I going to represent this process back to the user? How are we going to allow users to see what’s going on? How are we going to identify what’s normal and what is not? And what are those deltas? We put a lot of time into engineering and developing our products to do that. One also focuses a lot more on the lower levels, down to the protocol level. Is this protocol doing what I expected it to do? Are these protocols allowed to write and read registers?
On the OT side, you also have to factor in the hardware used in the context of environmental issues, safety, and process demands on those devices. Engineering and development must ensure hardware can withstand extreme weather, extreme humidity, and those sorts of external factors.
How are you developing the future of Mission Secure’s technology and hardware to keep up with the evolving threat landscape?
As OT accelerates its adoption of new technology, the question becomes: how are we going to adopt technologies in an OT environment safely and in a way that enables those organizational benefits without compromising the cyber-physical process? We develop our technologies to make sure it is also future-proof. We secure an organization by locking down assets and processes as much as we can. The second part is resiliency. We make sure the networks are resilient, that they can quickly restore operations or anticipate the next move.
Threats are getting more and more sophisticated. Bad actors are not just sending out blind scripts anymore to attack a generic customer. Attacks are highly targeted, and we work to stop those highly targeted attacks. That’s really where the future is going for this area in cyber security.
A lot of organizations try to solve OT problems with basically the same information technology (IT) systems. But OT is a different paradigm, and we focus on how operators want to control and protect the OT environment.
Paul Arceneaux, Vice President, Product Development at Mission Secure