Video: Deploying Industrial Defender Agents on ICS and SCADA Systems (Part 2)

May 28, 2020

Learn how Industrial Defender overcomes complex endpoint asset visibility challenges including data diodes, unsupported protocols, strict security zone rules and air-gapped operations in part 2 of ID's agent deployment series.

Video Transcript & Slides

Welcome back. In our last video, we introduced how a typical Industrial Defender deployment starts as well as our deployment complexity level scale based on my own use of a popular exercise bike.
Once again, I’m George Kalavantis, Chief Operating Officer and with me is Jeremy Morgan, Principle Solutions Engineer. Jeremy, why don’t you introduce the next phase?
Thanks George. To quickly recap where we are, let’s take a look at our plant diagram again. At this point, you’ve deployed your Windows or Linux assets and they’re receiving syslog. You’re now collecting data from your Schweitzer relays and GPS clocks. All of this allows you to cover a ton of risk like 3rd-party access, removable media, or even a well-meaning but security-naive employee looking to work from home.
The next situation we’ve often encountered is that some of the more heavily regulated industries or more advanced customers have implemented or are implementing data diodes. These allow traffic to pass in a unidirectional manner. This often breaks many security products that rely on two-way communication for exporting collected data or a centralized cloud-based model. To continue with our story, our customer now wants to start sharing this data with more people than just the local staff. Since the more people with access to this data, the more value you get from the solution. The people with local access really enjoyed it, but you can’t get it out since you have data diode in the way. This is not a problem, as Industrial Defender has data diode integration enabled by the proprietary Industrial Defender protocol IDIS which allows for multi-tier support. This allows your collectors to have maximum access to the important assets while not compromising your plant’s security zones by requiring two-way communication.
Industrial Defender considers this Complexity Level Medium, or ID Zone 3. Hey Jeremy, we can handle data diodes at ID Zone Level 3? How much more complex do the installations get? Well now we’ve deployed this in all of these different zones, and we’ve integrated with data diodes.
The next step would be to collect information from your ENIP/CIP or OCP UA devices, which you don’t want to open up communications with paths across different security levels, as is good practice per the Purdue model. Again, this is not a problem, as ID supports ASA to ASA peer-to-peer communication via the IDIS protocol as previously mentioned in Zone 3. The collection is enabled by deploying the active ID technology, which sends out a small broadcast message that triggers your devices to report it using their own native protocols.
Industrial Defender considers this Complexity Level High, or ID Zone 4. Before George interrupts again, there’s still one more zone left. But Jeremy, what happens if the protocol doesn’t support Active ID?
It’s no problem George. Industrial Defender supports passive monitoring of other protocols such as Siemens S7, Profinet, MODBUS, BACnet or DMP3, or any other protocols that do not support Active ID.
Industrial Defender considers this Complexity Level Highest, or ID Zone Level 5. Hey Jeremy, I noticed that you have a medium substation that’s completely air-gapped from an IP-connectivity perspective. How would ID extract information from that substation? George, that’s a great question. ID supports store and forward from an embedded agent and ASA perspective. It also supports air-gapped operations, meaning an agent or an ASA can be deployed as a disconnected asset and the information can be manually moved at the customer’s convenience to the main ASA, for instance on routine maintenance rounds, providing the customer with 100% asset coverage. Hey Jeremy, that’s great and that’s the end of our quick presentation.
I would like to thank you for taking us through the presentation and our audience for listening in. I would also like to thank all of the essential workers, who have kept our country moving forward during this pandemic. In closing, I would like to say that Industrial Defender is well-positioned to overcome any and all customer endpoint and network challenges by leveraging our different agent deployment methodologies and technologies and we are confident that we can provide 100% asset visibility to our present and future customer base. Thank you everyone and please stay safe.