GE-owned Wurldtech, a provider of cyber security products and services for operational technology (OT), has launched a new security solution designed to protect critical infrastructure control systems and assets from cyber attacks.
Wurldtech said the new “OpShield” solution replaces the Achilles industrial firewall, which the company introduced in October 2014.
“In essence, we’ve evolved from securing individual assets to securing entire processes,” Nate Kube, Chief Technology Officer at Wurldtech, told SecurityWeek. “We augmented key DPI functionalities that were pioneered in the Achilles firewall with new capabilities, such as application whitelisting and behavioral analytics,” he added.
Wurldtech, which was acquired by General Electric in 2014, says the platform was designed specifically for operational environments, such as oil & gas, power generation, transportation and other industries, and leverages an Intrusion Prevention System and Intrusion Detection System (IPS/IDS), and provides application visibility & control.
The company says OpShield provides protection at the point where most traditional or next-generation firewalls leave off—typically in a demilitarized zone (DMZ) environment.
Designed to protect embedded systems and industrial assets connected to SCADA, distributed control systems (DCS), and safety systems that communicate in multi-vendor environments, OpShield has a protocol inspection engine that adapts to OT command and protocols and Identifies and alerts or blocks at the application command level.
The security appliances can also help protect unpatched systems with strong perimeter and field defense, and offers centralized management with a network-wide view of alerts and attacks across an industrial network.
“Critical infrastructure assets such as turbines, generators, and nuclear reactors were not necessarily designed to keep up with today’s advances in technology. But the rapid increase of cyber attacks on industrial operations in the past few years clearly demonstrates that securing critical infrastructure is becoming one of the high priorities for companies and organizations,” Paul Rogers, President and CEO of Wurldtech and General Manager of GE Industrial Cyber Security, said in a statement.
“The stakes are high for industrial organizations as attacks on systems that control plants and infrastructure impact safety, business continuity and the environment,” said Sid Snitkin, ARC Advisory Group. “Air-gapping strategies are inadequate, and traditional IT security won’t do the job. It’s critical that operators get OT security right.”
Snitkin’s comments concur with thoughts from Philip Quade, Chief of the NSA Cyber Task Force and Special Assistant to the Director National Security Agency, who in a keynote address at SecurityWeek’s 2015 ICS Cyber Security Conference said that Air Gapping is “overrated.”
“With the advent of the Industrial Internet, operational environments are increasingly connected to a variety of IT networks, which adds complexity and risk,” Wurldtech explained. “Even if not connected to the Internet, critical assets are vulnerable to insider threats and mishaps that can cause disruption and costly downtime. Adding urgency to the issue, nation-state hackers and other malicious actors continue to find new ways to infiltrate networks and applications that underlie critical infrastructure.”