Embedded Cybersecurity to Include Anomaly Detection
Published by : Industrial Automation
With its introduction a few years ago of an automation platform that was built from the ground up for cybersecurity, Bedrock Automation made a significant impact on the way the industrial world thinks about how it secures its systems. The security of its industrial control system has solidified even further since then, including the extension of embedded cybersecurity capabilities with Cybershield 2.0, which incorporates certification authority into its hardware root of trust.
In its latest development, Bedrock’s Open Secure Automation (OSA) firmware will include intrinsic anomaly detection (AD) to continuously monitor the controller’s network and system time to detect intrusions and anomalous behavior.
“Preventing control system intrusion is fundamental to holistic cybersecurity. In addition, users need to know when the system security is being challenged. This is the role of anomaly detection,” said Albert Rooyakkers, Bedrock founder and CEO. “At no additional cost or complexity for the user, Bedrock’s AD delivers additional assurance that no one is tampering with your automation.”
Anomalous behavior detected at the controller level signifies a high likelihood of a cybersecurity event, according to Bedrock. Embedding detection into the controller provides advanced cyber defense while reducing complexity and lifecycle cost.
Bedrock AD includes the following functionality:
Dynamic port connection monitoring, which records all attempts to connect any controller or communication point and captures identifying information on the intruder.
Network port scanning, which detects if hackers are scanning for open ports that might provide access to the control network.
System time monitoring, which detects attempts to manipulate log files to conceal malicious activity.
Cryptographic controller engineering key lock, which permits only users with valid credentials to change the configuration and operation mode of the controller. It also records all access.
Intrusion event logging, which records all detected anomalies and reports them to supervisory control and data acquisition (SCADA) software through OPC UA and standard database access for historian, alarming and trending functions. A tri-color status LED on the faceplate of Bedrock controllers also provides local indication whenever an intrusion is detected.
Bedrock AD will be standard on all Bedrock systems and will be available as a free firmware upgrade to installed systems as part of Cybershield 3.0 in March 2018.