By Gregory Hale
Anomaly detection has been an ongoing trend throughout the manufacturing automation sector for the past few years and now a supplier that employs embedded cybersecurity throughout its system is now able to continuously monitor the controller’s network and system to detect intrusions and potential malicious behavior.
Bedrock Automation said its Open Secure Automation (OSA) firmware will include intrinsic anomaly detection (AD). Bedrock OSA AD will be available as standard integrated functionality that continuously monitors the controller’s network and system time to detect intrusions and anomalous behavior.
“Prevention and detection is what it is all about,” said Albert Rooyakkers, Bedrock founder and chief executive. “Detection is the critical level that takes on the devil.”
“There are two real fundamentals around security strategy. One is prevention which is a whole series of best practices associated with that and good technology. The other is detection. You want to know if someone is trying to compromise your system. That will allow you to act proactively and take offensive steps. Like if you have a port scan detection and you detect someone is trying to scan your ports on your controller. You know if someone has dug that deep into your control network you know someone is doing something that may be malicious. You want want to log those port scans, alarm the port scans and source the IP of the port scan so you can take the offensive measures to stop that from happening.”
Anomaly detection has always been a part of Bedrock’s plan.
“You can now have a defensive and offensive strategy at your facility,” Rooyakkers said.
It is one thing to have the cyber secure defensive aspect of a control system, but understanding when an attack is occurring gives users added visibility to stay on top of the entire system.
The anomaly detection platform includes:
• Dynamic port connection monitoring, which records all attempts to connect any controller or communication point and captures identifying information on the intruder
• Network port scanning, which detects if hackers are scanning for open ports that might provide access to the control network
• System time monitoring, which detects attempts to manipulate log files to conceal malicious activity
• Cryptographic controller engineering key lock, which permits only users with valid user credentials to change the configuration and operation mode of the controller and records all access
• Intrusion event logging, which records all detected anomalies and reports them to SCADA software through OPC UA and standard database access for historian, alarming, and trending functions. Additionally, a tri-color status LED on the faceplate of Bedrock Controllers provides indication locally whenever an intrusion is detected.
Bedrock AD will be standard on all Bedrock systems and is available as a firmware upgrade, which is backward compatible to any previous system, Rooyakkers said.