CRITIFENCE® Unique Methodology

CRITIFENCE® unique non-intrusive cyber protection approach and process learning methodology

Overview

Most of today’s critical infrastructures, factories and plants management and maintenance process Implemented through Supervisory Control and Data Acquisition, or SCADA systems.

SCADA systems are specialized computer networks and devices that monitor and control production’s key processes to ensure the proper provisioning of critical services involved in the management of facilities, machinery, equipment and critical infrastructure.

SCADA systems considered by cyber security experts and strategists to be the backbone of any country. For example, data taken from a different sensors include temperature, pressure, flow and more are used to make decisions as starting the operation of pumps, open a valve to release water from a tank when it fills up, or to initiate an emergency shutdown of a nuclear power plant.

ICS & SCADA systems are deployed in different environments and areas:

  • Industrial process management
    nuclear power stations, production, chemical and power plants, fabrication, refining industries, etc...

  • Infrastructure management
    electrical power transmission and distribution stations, Water pumping and waste treatment plants, oil and gas processing facilities, large communication systems, etc..

  • Facility management
    Offices, data centers, airports, ships etc...


Problem

Traditionally, SCADA networks have been segregated from other corporate networks to minimize exposure to unsecure areas, such as the Internet. Recently however, more organizations are connecting SCADA networks with other potentially unsecure networks in order to cut costs, share operational information, or distribute ordering/billing data.

Most SCADA protocols were never intended for use on publically accessible networks, and in some cases, not even on IP networks. MODBUS, a common SCADA protocol, was originally designed for use only within simple process control networks to enable low speed serial communications between clients and servers.

In order to communicate on an IP network, MODBUS TCP merely encapsulates serial data within a TCP packet before sending it across the network. No additional protection has been added to secure communications sent using the protocol.

Mechanical, electrical, environmental or operational requirements of SCADA and process control systems can make traditional IT security solutions unsuitable for industrial networks.



CRITIFENCE® Unique Methodology

CRITIFENCE® unique methodology allows to analyze OT network traffic in order to detect anomalies in different patterns of commands or I/O combinations that are monitored and can alert in event of cyber security attack.

CRITIFENCE® perspective comes from the OT world and allows you to enable cyber security mechanism for any Critical Infrastructure and ICS/SCADA systems seamlessly in TAP mode or in INLINE mode.

CRITIFENCE® unique non-intrusive cyber protection approach and the machine learning process of SCADAGate+ done in three different steps:

  1. Learning phase

    SCADAGate+ Machine Learning module and Anomaly Detection Engine designed to learn your OT network easily and total passively will analyze relevant SCADA traffic in real time, watch the relations between OT hardware and other equipment such PLC, HMI, OPC Server, Historian Server and more…


  2. Testing phase

    I/O Combinations SCADAGate+ Anomaly Detection Engine will collect I/O information of different requests and will validate the different scenarios in combination with other I/O values.
    In continuation, SCADAGate+ Anomaly Detection Engine will set a score for every scenario combination. This will allow SCADAGate+ to analyze later an OT Network traffic efficiently and rapidly.

    Request intervals SCADAGate+ Anomaly Detection Engine will calculate the interval time and delays between requests and responses in order to detect malicious activity, DDoS techniques and other targeted attacks.
    In continuation, SCADAGate+ Anomaly Detection Engine will set a score for every scenario combination. This will allow SCADAGate+ to later analyze an OT Network traffic efficiently and rapidly.

    High/Low SCADAGate+ Process Learning Module analyze set points and values of different tags and will learn the normal behavior of every tag and register.

    Trends correlations Based on the data that collected and analyzed, SCADAGate+ Process Learning Module will validate a proper correlation between tags and registers values (digital-digital/digital-analog/analog-analog).

    Physical/Mathematical Anomaly Detection Engine SCADAGate+ will validate the probability of different processes, trend correlation and tag values with different mathematical and physical rules and formulas.

    Security Policy SCADAGate+ will test every security policy based on the data that collected and analyzed and will simulate it before he send it to the SCADAGate+ Agent.


  3. Running phase (MONITOR/CONTROL modes)

    During the running phase SCADAGate+ will analyze the traffic and will be able to detect different cyber-attack techniques and vectors include:

    • Cyber Security Anomalies (0day attacks)
    • Malicious commands (targeted attacks)
    • DoS attacks
    • Reply attacks
    • Firmware update (OT hardware equipment)
    • Legacy software
    • Malware attacks
    • Network attacks
    • Command injection & parameters manipulations
    • Lack of network segmentation
    • Default configuration and poor level of access credentials
    • Web Application Attacks
    • Malicious SCADA updates
    • And more…


SCADAGate+ unique non-intrusive cyber protection approach allows also to learn a lot about the OT network using great set of tools and unique features such the OT Network discovery tool, the relations module and other visual tools.



Learn more about:

Have more questions? Send an email to: info@critifence.com and our experts will be happy to assist you.