Ordr Recognized in Gartner Market Guide for CPS Protection Platform Read more here!

Ordr

Request a Demo Search

Author: Chris Westphal

Paradigmatic shifts are often not fully recognized until after they have occurred. Innovations are made, evolutions take place, and then someone realizes, “Hey, this is much different from when it started.” That’s when people start to re-think context and terminologies reflective of the new reality.

Cyber-Physical Systems: A Brief History

That scenario is playing out in the realm of the Internet of Things (IoT) and its permutations like the Internet of Medical Things (IoMT), Industrial Internet of Things (IIoT), Internet of X Things (IoXT) that covers consumer, military, automotive, and other applications of connected technologies, and operational technology (OT). It’s a trend that began back in the 1980s when system-on-chip technology started getting designed into office printers, then adapted to use for industrial equipment, allowing users to manage and monitor machines and office appliances via the organization’s local area network (LAN). When the LAN gave way to public networks, the term “Internet of Things” was coined by MIT’s Kevin Ashton during a proposal to Procter & Gamble in which he suggested using RFID tags to track products moving through the supply chain.

Fast-forward to 2006 when, according to the National Institutes of Health’s National Library of Medicine, the term cyber-physical systems was introduced to describe the interplay of digital and analog infrastructure in which “embedded computers monitor and control physical processes, usually with feedback loops, where physical processes affect computations and vice versa.”

Gartner has since adopted the term cyber-physical systems (CPS) to describe the full scope of connected technologies that once seemed arcane but are now not only common, but integral to the digital operations and infrastructure of nearly every enterprise. CPS are therefore the next-generation of integrated physical and cyber systems, and can include IoT, OT, and IoMT assets such as critical infrastructure sensors, surveillance cameras, building management systems, and healthcare devices with embedded systems that interact with the real world as well as with complex software elements. And because of the essential role CPS now plays, the devices comprising CPS assets have introduced new, critical risks to the organizations that have adopted them as a part of their digital transformations.

Managing Risks With Cyber-Physical Systems

That means new challenges for the IT security teams responsible for keeping networks, data, and people safe. In a recent report, Innovation Insight for Cyber-Physical Systems Protection Platforms, Gartner wrote:

“As organizations connect operational or mission-critical systems, or deploy automation and digital transformation technology, they create cyber-physical systems that security and risk management leaders must securely manage. Enter CPS protection platforms — new solutions for a new security reality.”

A cyber-physical systems protection platform is a security solution that automates cyber-physical systems asset discovery, and adds a range of security-related features to improve the risk posture of CPS. Gartner believes that by 2025, “70% of companies will deploy cyber-physical systems protection platforms as the first step in their asset-centric security journey.” As described in the Gartner graphic below, when organizations embrace digital transformation and IT/OT convergence, they will need to move towards an asset-centric view of security.

The Gartner report outlines findings, challenges, and recommendations for organizations confronting their CPS security realities for the first time, describes the risks that unprepared and ill-equipped enterprises face, and requirements for CyberPhysical Protection platforms.

Ordr Addresses Visibility and Security of Cyber-Physical Systems

Fortunately, Ordr offers a CPS protection platform that addresses these risks and makes it easy for organizations to see, know, and secure the devices that have been accruing to their enterprise inventories over the years (as well as those ones they didn’t know were connecting and operating on their infrastructure) — including IT, IoT, and OT. In fact, Ordr is named by Gartner as one of the leading CPS protection platform innovators, focused on addressing the unique, asset-centric approach required to protect connected devices and their infrastructures.

Ordr was engineered for the CPS environment, and delivers many security benefits specific to protecting cyber-physical systems, including:

  • Automated asset discovery and classification to gain an accurate view of your CPS attack surface.
  • Identification of vulnerable devices, malicious communications, and active threats to uncover previously unknown risks.
  • Prioritized remediation and mitigation efforts with risk scores calculated for every asset.
  • Accelerated incident response with dynamically created policy to stop malicious communications and protect devices.
  • Improved security with automated policy for NAC and Zero Trust segmentation.

Download a copy of Gartner’s Market Guide for Cyber-Physical Systems Protection Platform with our compliments, simply follow the link. Or to learn more about the Ordr platform and how we can help you protect your CPS assets, get in touch with us directly.

Binding Operational Directive 23-01 can help close a government security gap

 

The Cybersecurity & Infrastructure Security Agency (CISA) recently issued an advisory on a dozen new exploits and vulnerabilities affecting industrial control systems (ICS) from nine different manufacturers. The warning is the latest in a growing body of evidence that critical public infrastructure–things like the power grid, transportation systems and facilities, government buildings, and public safety organizations–will soon become the primary target of threat actors in an escalation of attacks against national economic interests. In fact, some observers believe a shift in strategies in the war between Russia and Ukraine is proof that such an escalation is well underway.

It’s hard to argue that threat actors are not becoming increasingly aggressive and willing to attack targets, even when there might be a human cost. Hospitals and healthcare services providers have seen a sharp increase in attacks over the last three years, and research suggests those attacks are associated with an increase in patient mortality. Even the U.S. Federal Reserve warns that attacks on industrial enterprises and infrastructure could impede economic activity and seriously undermine confidence and stability in national financial systems.

Setting a Good Example

And so, as attention turns toward the hardening of private and public infrastructure against cyberattacks, leaders in Washington, D.C. are trying to set a positive example by updating their own security policies. When the White House issued the Executive Order on Improving the Nation’s Cybersecurity on May 12, 2021, it established the foundation for the government’s strategy to address the protection of a sprawling and complex federal IT infrastructure comprising hundreds of different agencies. Then in early March this year the White House published its National Cybersecurity Strategy to bring the issue into sharper focus.

The Cybersecurity & Infrastructure Security Agency (CISA) took a big step forward when it issued Binding Operational Directive (BOD) 23-01, Improving Asset Visibility and Vulnerability Detection on Federal Networks.

But the work toward improving the federal government’s readiness and resilience against cyberthreats was underway before the release of the National Cybersecurity Strategy. In October of 2022 the Cybersecurity & Infrastructure Security Agency (CISA) took a big step forward when it issued Binding Operational Directive (BOD) 23-01, Improving Asset Visibility and Vulnerability Detection on Federal Networks.

Connected Device Visibility is Critical

BOD 23-01, which had a deadline of April 3, 2023, requires all federal civilian executive branch (FECB) agencies to establish the means for effecting “continuous and comprehensive asset visibility” as a first step in assessing and monitoring cyber risk. CISA did not identify penalties for missing the April 3 deadline, but there are ongoing reporting and improvement timelines to ensure asset inventories are up-to-date. The philosophy behind the directive is sound. Today’s IT estates are complex and include thousands of components operating on-premises and in the cloud. Servers, routers, switches, software, application, services, and all kinds of devices, many of which are practically invisible to traditional IT management systems.

This is especially true for connected devices, including the Internet of Things (IoT), Internet of Medical Things (IoMT), operational technology (OT), and more. And what BOD 23-01 does is acknowledge that, without a complete accounting of every single device that connects to the enterprise—expected or unexpected, and for however long it remains connected—each is a potential vector for attack. Also, when connected assets are unaccounted for, an organization’s configuration management database (CMDB) will be inaccurate, leading to other IT operations and security issues that can put the enterprise at risk. Ordr’s experience with connected device discovery illustrates the wide variety of unexpected devices that can be found operating in some enterprises alongside mission-critical equipment. Vending machines and building controls, Tesla cars and Kegerators, Alexas and Pelotons, all connected to the network and communicating out to the Internet, unmanaged and unknown to IT operations and security.

See IT, Protect IT

You can’t protect what you can’t see, and so device discovery, visibility, and monitoring is vital to maintaining security at a high level. Ordr is not only able to discover and monitor these devices in real-time, but the extensive Ordr Data Lake contains detailed profiles of millions of IoT, IoMT, and OT devices, identifying their purpose and operational profile. That enables security teams to identify devices with vulnerabilities, establish a risk score for every device operating in the network, detect when devices exhibit indicators of compromise, and automate policy creation to accelerate response and prevent attacks targeting connected devices or prevent lateral movement. These capabilities support BOD 23-01’s objective to “make measurable progress toward enhancing visibility into agency assets and associated vulnerabilities… an important step to address current visibility challenges at the component, agency, and [federal civilian executive branch] enterprise level.”

These capabilities support BOD 23-01’s objective to “make measurable progress toward enhancing visibility into agency assets and associated vulnerabilities… an important step to address current visibility challenges at the component, agency, and [federal civilian executive branch] enterprise level.”

It’s good that the U.S. federal government recognizes that maximizing the effectiveness of a cybersecurity program demands a full accounting of every device operating in the network. That is the foundational tenet to Ordr’s mission, and it has been embraced by our customers, including many of the world’s largest healthcare, financial, and manufacturing organizations. And for our customers in the federal government, they had a head start on meeting (and likely exceeding) requirements ahead of CISA’s April 3 deadline.

If your agency or organization recognizes that it has blind spots it needs to address to take a full inventory of every device it has connected to its network, give us a call. We can run a demonstration that can show you every connected device on the network. And with a complete accounting of your connected assets, you can build a plan to see, know, and secure your enterprise.