How to securely connect your OT network and ultimately combat cybersecurity issues

Mac Yoon, Director of Strategic Planning

2023-03-08

The complex nature of OT networks, which requires easy interconnection, protocol identification, and protocol conversion, makes security solutions challenging. Even if all the vulnerabilities in a smart factory facility are recognized, it is virtually impossible to check, manage, and resolve them. Therefore, it is important not to respond to all threats, but to think about the parts that are realistically accessible and find solutions.'

The concept of 'Altasia' was born in the wake of the US-China trade war. Altasia refers to a group of countries that are building an alternative Asian supply chain to China's monopoly supply chain. Leading overseas analytical organizations are conducting research at the supply chain level on how to divide and distribute the manufacturing industry supply system concentrated in China to other countries. From this perspective, NAONWORKS analyzes how Korean manufacturing innovation will contribute to the global supply chain and manufacturing industry. We also provide answers to the question of how to systematize and manage complex tasks from the customer's perspective and approach issues technically.

OT, what makes it different?

NAONWORKS has localized its strategy in Korea. Nevertheless, there were many concerns about OT protocol analysis technology. Since the protocols used in production facilities were derived from foreign countries, domestic companies were constrained by the fact that they could only identify and analyze problems by dealing with OT protocols. 

Therefore, NAONWORKS invested generously in a new 'network'. NAONWORKS currently provides security solutions in the public sector of major organizations in certain industries with a share of more than 90%. This is because we believe that the benefits that customers can enjoy by utilizing IT assets (achieving efficient business processes, cost savings, etc.) are determined by how well they utilize the new network. Now, I believe that the data and know-how that NAONWORKS has analyzed 50 to 60 OT protocols used in Korea and adapted them to the domestic environment played a big role in the expansion of the OT field.

In addition, NAONWORKS has carried out various projects based on its OT protocol analysis technology to monitor and control facility movements. From thinking about what role it should play in digitizing the complex environment of the industry to approaching how facilities using various protocols can be utilized in a simplified environment. OT networks have complex characteristics that require easy interconnection, protocol identification, and protocol conversion.

 OT networks are particularly challenging to fulfill. OT networks are different from IT networks where problems can be solved with a little attention. Even if all the vulnerabilities in a smart factory facility are recognized, it is virtually impossible to check, manage, and resolve them. Therefore, it is important not to respond to all threats, but to think about the parts that are realistically accessible and find solutions.

The most cyberattacked industry is manufacturing

 Users make plans to improve work performance and product quality, but many times they encounter results that differ from their plans due to various variables such as the purchasing process and global conditions. In particular, it is very difficult to find threats based on equipment movement alone.

From a middleware perspective, the current trend is to implement optimization strategies that leverage user-controllable factors to assign threats. With so many variables, this is often the most efficient strategy.

 According to the IBM Security X-Force Threat Intelligence Index, manufacturing is the industry with the highest number of cyberattacks at 23%. Advanced malware targeting OT was the most common type of attack (90.6%). Attackers aimed to reduce productivity by shutting down equipment or causing failures. Based on the list of major attack victims, it can be analyzed that the attackers aimed to create a socially dysfunctional effect. It was aimed at the so-called advertising effect.

From connection to protection, the NAONWORKS' way

When it comes to identifying threats and damage, NAONWORKS proposes a system-learning approach. The system learns and catalogs the many protocols utilized in facilities and processes to build a single standard. In other words, many languages into one. This unified language is then used to learn another language. NAONWORKS calls this the NAONWORKS' Way. The NAONWORKS Way breaks down the possible external threats into IT assets, OT networks, etc.

Even within a system that typically deals only with vulnerabilities, it takes two to three years for updated vulnerabilities to be fixed, and there will be many areas that are not fixed. Nevertheless, it is essential for users to perform diagnostics. The idea is to recognize changes in the situation and prepare for and respond to them. We need to find answers from a holistic perspective, from connectivity to protection. NAVER WORKSWE is born out of this idea.

 Normally, when a threat is posed to an OT network, a one-way transmission device is used to respond. In addition, data is not collected in a standardized way, so you can only check how the facility is operating through the HMI screen. NAONWORKS' industrial protocol gateway, CEREBRO-C, converts multiple protocols into a standardized protocol to check for errors and abnormalities in the equipment. If necessary, the data is sent to the cloud to check the status of the facility after conversion to a standardized protocol.

 Since there are few companies in Korea that specialize in OT network security, NAONWORKS entered the field. Currently, it is configured to check and diagnose errors and abnormalities from files to the network end by upgrading to the AhnLab TS engine. Then, it is possible to collect and disseminate each industrial threat data and database it. This makes it possible to prevent or respond to threats to processes and facilities.

Application examples

There is a representative example of NAONWORKS applying the method of converting equipment movements into physical movements to security. It is a technology that is configured to identify abnormalities in oil and gas well processes and facilities in the United States with value flow. In the oil and gas well business, there is a constraint of long physical distance. Since facilities are located in remote areas, management costs are also high.

NAONWORKS calculates the extraction of crude oil through the plunger lift of a well in a remote area with a meter, converts the data into a protocol, and stores it on a server for control and monitoring. From a security perspective, the oil and gas wells were managed by applying various security measures. Since oil and gas wells require field-to-field connectivity, data is collected and sent to the cloud through protocols such as MQTT. In this case, the data was organized in a form that ensured stability and analyzed data for decision-making in the cloud.

The second example is a physical one-way security solution (CEREBRO-DD). The solution is utilized in two areas: secure and non-secure. The reason for the division is the difference in approach.  Let's take an example from the perspective of an Intelligent Transport System (ITS) system.

There is a difference between user Internet PCs belonging to the ward office (non-secure area) and internal network and closed network PCs utilized at bus stops (secure area). The criteria is that the same PC has different security requirements. Security risks arise when you try to secure high work productivity by bringing data from a physically important place to a logically important place. This is done by moving data from an unsecured area to a secure area. The solution is a physical one-way security solution. It is utilized in power generation companies and infrastructure.

Finally, it is the only OT security framework provided in Korea. It is a technology created by fusing AhnLab's IT experience and Naonworks' OT network experience. In particular, it proposes an approach to manage threats to utility facilities that are necessary for core facilities to operate by applying machine learning. NAONWORKS has been thinking from endpoint security to network perimeter security. In conclusion, I think it is important to think about and challenge new approaches in the security field. New approaches may seem difficult and constraining in many ways, but understanding their essence and thinking about how to utilize them will help realize innovation.