Gartner is taking notice of the rise in risk to Cyber-Physical Systems (CPS) and is shining its light on Radiflow’s Risk Assessment and Management solution. In its just-published Hype Cycle for Cyber Risk Management 2023, Gartner has determined that OT Risk Management solutions have penetrated nearly half their target audience and have already begun to deliver high benefit. And Radiflow’s CIARA Risk Assessment and Management is among its featured, hype cycle solutions.
CPS – The Burgeoning Cyber Battleground
Becoming a mainstay in critical infrastructure, manufacturing, and a multitude of other industrial settings, Cyber-Physical Systems increasingly connect processes and people. The growing connections between IT and OT networks, the explosion of IIoT devices, and the sharing of real-time, mission-critical industrial and business data are producing a rapidly growing attack surface. Attackers are spotting the surge in value of industrial operations and data, and are on the hunt for the many new vulnerabilities and entry points that are becoming available.
To cope, OT operators need to boost their risk management efforts beyond traditional information risk management to include operational resilience not only because CPS cyber incidents can have profound financial impact, but they can also threaten production, safety, and even human life. Just as OT risk extends to the physical plane, operators must extend their concern to physical perimeter breaches, jamming, hacking, spoofing, tampering, command intrusion, and malware implanted in physical assets like Industrial IoT devices (IIoT), PLCs, and complex machinery.
Cyber-Physical Systems provide numerous reasons for concern:
- Many were not designed and deployed with security in mind
- Unlike their IT counterparts, legacy systems and devices operate for years and even decades and are difficult or impractical to update
- Most organizations still focus on IT security-centric risk management and are unfamiliar with the significant differences of CPS security
- CPS are routinely deployed by business units without consultation with IT or security teams
- There is a dire skill shortage for risk assessments and mitigation efforts in operations or mission-critical environments
- Purchasing decision makers may not be aware of cyber-physical risks or may prioritize cost and speed over risk
CIARA Risk Assessment and Management
Vendors who provide comprehensive CPS security-posture risk assessment are still emerging. Among those Gartner singles out is Radiflow CIARA.
CIARA is the first-of-its-kind ROI-driven risk assessment and management platform specifically for industrial organizations. Using thousands of data points for network, asset, locale, industry, adversary capabilities and attack tactics, it calculates the per-zone likelihood of attacks and the effectiveness of corresponding risk-mitigation measures (installed and proposed). It also accounts for the impact of attacks on business processes.
CIARA determines the key indicators for risk, threat, and control levels, and delivers a comprehensive hardening plan (compliant with ISA/IEC 62443, NIST CSF, industry best practices), prioritized by each control’s contribution to achieving risk management goals. CIARA also empowers CPS owners and operators with the ability to optimize their OT security expenditure.
CIARA can be integrated with Radiflow’s Threat Detection platform, providing a complete protective shield for CPS. It can also be integrated with other types of cybersecurity systems (e.g., SIEMs).
Radiflow makes several important recommendations for critical infrastructure and industrial organizations:
- Use an asset discovery platform to discover all connected assets in the organization’s environment
- Prioritize assets considered to be of high value
- Identify specific CPS security controls already in place and determine what gaps need to be prioritized based on potential impact
- Adopt a relevant cybersecurity standard and employ a Risk Management solution to calculate compliance progress while illuminating areas that require attention
CIARA not only helps operators follow these recommendations, but also delivers a comprehensive hardening plan (compliant with ISA/IEC 62443, NIST CSF, industry best practices), prioritized for achieving risk management goals and highest cybersecurity ROI.
Details on CIARA can be found here.
Contact Radiflow to see CIARA in your environment.