A LEADING AUTOMOTIVE PARTS MANUFACTURER OFFERS DEVELOPMENT, PRODUCTION AND SERVICES IN ALMOST EVERY MAJOR WORLD WIDE MARKET, SUPPLYING COMPONENTS, MODULES AND SYSTEMS TO A GLOBAL CUSTOMER BASE. INTERNATIONAL IN SCOPE, THE COMPANY OVERSEES 70 FACTORIES IN 31 COUNTRIES, ALL OF WHICH HAVE SUCCESS FULLY APPLIED INNOVATIVE SOLUTIONS AND PROCESSES TO DELIVER QUALITY PRODUCTS TO ITS WIDE CUSTOMER BASE. CHALLENGES In order to maximize efficiency and quality, the company has been rapidly adopting methods for digitizing their production processes and adopting advanced manufacturing techniques and Industry 4.0 standards. The company soon discovered that, as they adopted OT technologies, there was a convergence between OT and IT thus establishing a need for a more collaborative structure between OT and IT to assure security, integrity and reduce risk. The IT organization was tasked with the responsibility for the security and reliability of these newly digitized plants. However, the plant operations staff did not recognize cyber risk and were reluctant to having IT make changes to their operations.
The IT team decided that they needed to establish priorities for this project:

• They needed to first account for all of their manufacturing assets/systems/ devices such as PLCs, SCADAs, MES, Engineering workstations, or sensors and drives – basically any technologies utilized in the plants.

• With 70 factories around the globe, this manufacturer needed to assure that they had an up-to-date and accurate understanding of all of their assets in the plants and how these assets were connected – internally and externally.

• They needed to then analyze this data and find any weaknesses that could impact their reliability, safety, quality and security.

• Last, ideally, they needed to have their solution meet the needs of the IT team but, also, be embraced by the Plant OT teams and bring them measurable value.

SOLUTIONS
After an extensive evaluation of several cyber security software and systems approaches, the team turned to Sentryo, not only for its expertise in cybersecurity for mission critical and industrial applications, but also for Sentryo’s deep understanding of the industrial internet and operations technology (OT).
The global auto giant chose to use Sentryo’s ICS CyberVision as a network monitoring and threat intelligence platform to provide cyber-resilience for Industrial Control Systems (ICS) and SCADA networks. A two-tier system made up of sensors, central data visualization and analytics software now passively analyzes their industrial network communications providing specific, detailed information about network assets, advanced anomaly detection and also alerts them in real-time to any potential threats.

VISIBILITY, INTEGRITY AND SECURITY Getting started, the cyber security team at Sentryo and IT team at the manufacturer focused on three main issues as it developed the tailored CyberVision-based program: Visibility, Integrity and Security. Step one was to have ICS CyberVision gather data in each of the plants by passively gathering data about all devices on the plant networks, applying ICS CyberVision’s knowledge of the machines’ proprietary data and mapping the information into an easy to view and understand display. In almost every plant, ICS CyberVision discovered and displayed information about devices and connections that they were not aware of and were not in the company’s database. As a result of this initial step of identifying devices and connections, Sentryo’s ICS CyberVision helped them to achieve effective management of their entire network through network monitoring and cyber-resilience threat intelligence on all their Industrial Control Systems (ICS) and SCADA networks. In the case of “ghost connections”, instances where there were connections being made that were not approved and perhaps even unknown, these were identified and assessed. After being detected, these connections could then be removed or monitored if the connection was determined to be essential for OT operators such as remote maintenance. Additionally, the manufacturer used ICS CyberVision to detect the creation of back-door systems, i.e. through the intra or extranet, possibly mistakenly created, but still “live”. For example, in one plant the auto parts maker was able to immediately correct two open back doors that were unknown to them, eliminating potential future problems. CYBER SECURITY Although it was not part of the initial project goals, the company has also been able to leverage the ICS CyberVision sensors to retrieve security data collected and view it in an OT-centric visual, easy to use interface using Sentryo’s DPI (Deep Packet Inspection) technology to extract meaningful information (data and metadata) from the OT networks. ICS CyberVision is a platform customdesigned to create an easy-to-use visualization of a machine-tomachine network oriented to OT staff and APIs for cybersecurity experts. This visualization turns messages between machines into an intuitive representation that helps give meaning to and interacts with the large amounts of information collected on the OT network. The ICS CyberVision platform also performs anomaly detection, i.e. behaviors seen on the OT systems and considered as legitimate during a certain time window. Thus, baselines corresponding to different operating modules of the industrial process can be created. Additionally, multidimensional symbolic graphs are reconstructed for every network layer and the detection engine will take snapshots of reference points labeled “baselines”. A differential gap analysis between each baseline is done with differences shown using advanced visualization techniques. Each difference can be expected – or unexpected – and the OT operator can acknowledge these differences. Sentryo’s threat intelligence capability is providing this auto parts manufacturer with accurate and timely information on specific threats that target ICS and IIoT, as well as detecting intrusions before they’ve caused any terrible incidents, creating a kind of blessed state or uncompromised comfort level. RESULTS
"IT and OT have traditionally held independent roles in the organization,” said the company’s CIO. “However, with the digitization of production processes, the lines have blurred. With the introduction of Sentryo’s ICS CyberVision, our IT/OT collaboration is delivering smart analytics, using data generated from machines to modify and optimize our global manufacturing processes, creating efficiencies, safety and security on a grand scale. For visibility, the team is equipped with an instant and automatic view of all industrial components, logical connections and weaknesses. For integrity, the company can now track any configuration and process control changes and log all key events. It can monitor all component behaviors and raise alerts when anomalies are detected. For security, they are able to monitor all component behaviors and raise alerts when threats are detected. The one goal that was achieved that will continue to have lasting impact is that the IT team is getting the critical information that it needs to meet its responsibilities and the OT plant staff are really pleased with the information that they are getting from ICS CyberVision and the intuitive way that they can now “see” their plant devices and connections. They realize that ICS CyberVision is not just for the IT functions but truly provides them with the information that they need to hit their efficiency and quality goals. A bonus benefit was that OT has optimized their operations and increased the business continuity during maintenance and sub-contractor operations. Now the company has a firm grasp on its global manufacturing networks, sensors are in place and they have collaborative IT and OT teams. With ICS CyberVision. the company has been able to save countless man hours from centralizing data management and gaining visibility into production facilities around the globe. This includes better and safer control of systems and devices, more effective management of the supply chain, higher quality and substantially minimized production downtime. Importantly, it removed 90%+ of industrial based network incidents and detected issues much earlier (in a matter of hours) that, before ICS CyberVision,would have been undetected or had taken months to be detected.

Oiltanking has dramatically expanded over the years. They have deployed many new storage tanks with many different types of control systems. Each were installed by various contractors.
Increased awareness about the consequences of a cyber-attack led Oiltanking to realize they didn’t really know how secured their industrial systems were. They asked for a network security assessment to be done to understand their exposure to a potential cyber event.

The deployment was carried out by Axians and Actemium. Axians has a wide expertise in IT networks and cyberdefense technologies. Actemium is an expert in OT infrastructures and processes. Together they offer the ideal skill set: understanding industrial assets and information flows, identifying vulnerabilities and recommending architecture changes.
They installed Sentryo Sensor7 probes on Oiltanking’s infrastructure to collect network traffic. The Sensor7’s unique Deep Packet Inspection algorithms could extract meaningful information on each asset: vendor references, hardware and firmware version, installed programs and modules, messages sent and received, etc. All this data was automatically sent to Sentryo’s ICS CyberVision platform which leverages artificial intelligence to build a map of all industrial components and their relationships. It also correlates this information with Threat Intelligence feeds to highlight vulnerabilities. Oiltanking very quickly had a precise view of their existing ICS infrastructure and a clear understanding of the cyber risks they were facing. Sentryo’s ICS CyberVision gave Oiltanking precise information to take immediate sanitary measures to secure its OT infrastructure. It also gave Axians and Actemium a factual basis to build their report and suggest midterm security improvements and items to be included in the roadmap. Having a clear understanding of the existing industrial network helped every stakeholder discuss about the desired target infrastructure and network segmentation. Oiltanking’s ICS managers could now build change specifications and work efficiently with their IT department responsible for technical domain management. "We operate a very large site so it is quite difficult to track every industrial asset manually. We have been very impressed by Sentryo’s ability to quickly build a map describing our infrastructure and network flows. It immediately identified vulnerabilities so we could take actions right away. Actemium and Axians did a great job helping us understand how to improve security on the long term. We now have a roadmap to work with our IT department", said Herman Van Loo, Maintenance Supervisor.