Cyber Defense for Operational Technologies
A lightweight protection for critical infrastructure and operational technologies.
Attacks on power grids, transportation systems, manufacturing, and aerospace/defense continue to increase. Organizations face a myriad of risks including safety hazards, financial losses, reputational damage, and threats to national security. Yet, most OT systems lack the necessary defense mechanisms to combat modern cyber attacks. With YOLO, your OT and IT systems are integrated under one unified defense umbrella, providing comprehensive protection and peace of mind. Don't wait until it's too late, safeguard your operations with YOLO today.
Why do operational technologies need special protection?
OT devices do not contain in-built natural cyber protection. Typically organizations will airgap these systems or layer in IT protections such as network packet inspection. While these protections are important, modern adversaries can leap airgaps and evade these protections to reach the OT system boundary. Once an adversary breaches your OT system, it's game over.
OT devices are not visible on your security operations center. Nearly all assets within the purview of security operations are laptops, desktops, phones, servers and to a limited degree Internet of Things devices. Most operational technologies, such as programmable logic controllers (PLCs), building management systems (BMS), industrial control (Industry 4.0), and a myriad of systems in the SCADA/ICS space are simply opaque to modern security practices. For example, information on real-time cybersecurity incidents, malicious in-memory attacks, intrusions, implants and other exploitations are typically unavailable. Most control systems are bound to a physical object or process to the end of its lifecycle and does not benefit from frequent updates and rapid hardware upgrades throughout their lifecycle.
Real Time Telemetry Stream
Nearly all OT systems lack actionable telemetry to guide incident response. Most control systems do not offer real-time cybersecurity telemetry. YOLO provides industry standard Splunk and Elastic Cloud compatible feed data about intrusions, implants, in-memory attacks and other exploitation.
Cyber Incident and Event Logging
Adding YOLO to existing equipment also enables reporting of cyber incidents and events. Current OT system monitoring are typically concerned with the safety, reliability and health of the controls and data flows and not the cyber status of the underlying equipment.
Break the Kill-Chain
Modern attacks against OT relies on multiple attack techniques such as airgap jumpers and sophisticated in-memory implantation. Given the relative low-resources of operational technologies, exploitation relies on chaining slow techniques together that gives defenders time to react--provided a defense is in place.
Automated Recovery
OT systems are responsible for physical things and processes, often within a safety or life-critical context and unlike IT systems, can not halt awaiting human intervention. When YOLO evicts the malicious code, it instantly restores compromised components in milliseconds without disruption of mission operations.
Unified Cybersecurity Defense for SOCs
Security operations centers (SOCs) in modern organizations function as the cyber nerve center with real-time insight into ongoing attacks. Yet, nearly every OT system does not appear and is not subject to the same incident response and compliance rules. YOLO now feeds telemetry directly to the SOC.
How does YOLO protect your Operational Technology assets?
YOLO protects OT systems in two ways: First, it actively prevents attackers from persisting their malicious code within the device continuously and starves the attacker of the time needed to execute their techniques and second, it populates real cyber health status about the OT systems onto the same monitoring platforms used by your cyber defense operations.
To be sure, most OT systems are small footprint, low-resource devices running esoteric real-time operating systems and specialized software. Most of these systems are protected only by air-gapping and network monitoring, which would be considered unacceptable for an IT system much less a mission-critical system. But since heavy-weight controls such as endpoint monitoring are not appropriate for these small systems, they remain unprotected, which is also inappropriate. Instead, YOLO is a new type of OT protection that truly lives within the device without upsetting the delicate balance required to execute the mission of the device.
To be sure, most OT systems are small footprint, low-resource devices running esoteric real-time operating systems and specialized software. Most of these systems are protected only by air-gapping and network monitoring, which would be considered unacceptable for an IT system much less a mission-critical system. But since heavy-weight controls such as endpoint monitoring are not appropriate for these small systems, they remain unprotected, which is also inappropriate. Instead, YOLO is a new type of OT protection that truly lives within the device without upsetting the delicate balance required to execute the mission of the device.
Integration of YOLO begins with identifying the critical program information or sensitive processes within the OT device. Typically this is the control loop, or a vulnerable interface such as the network stack. A software module is installed into the firmware to protect the integrity of the these components.
.svg)
YOLO has a protection loop that continuously restores critical program information back to original state regardless of attack conditions. Just like rebooting an entire OT system will clear malicious code out of memory, placing critical program information under a continuous reset loop will accomplish a similar goal: anti-persistence. The key to the YOLO process is the speed of resets happen at a rate that disrupts an attacker's kill chain but has neglible or no impact to the mission software.
Once an attacker develops their kill chain -- the compromised intermediary machines and people responsible for carrying out the attack -- there is nothing that prevents them from repeating their attack. Therefore, some variability is needed to increase the level of difficulty. YOLO supports relocating or encryption of state information on every cycle.
Markets
YOLO has wide applicability to a variety of markets.
Automotive
Automotive electronic control units (ECUs) are typically manufactured in a distributed ecosystem consisting of tier-1 and tier-2 manufacturers that disassociate design responsibility across multiple entities. While much of the regulatory requirements revolve around safety, the enforced homogeneity creates a perfect environment for cyber threats. These systems perform engine management, transmission control, electric motor control, braking and body functionality. Compromise of these components can have serious safety consequences.
Aerospace and Defense
Avionics and military systems are necessary to the protection of our civilian and national security infrastructure. Control systems, often in the form of line replaceable units (LRUs) are responsible for the navigation, communication and flight control. Cyber attackers in recent years have performed attacks against these systems to cause harm and disruption. In most cases, these LRUs and subsystems are opaque to introspection like other OT systems and will benefit from OT protections.
Energy Services
The energy sector (oil, gas, power generation, renewal energy) relies heavily on OT equipment. Examples of these systems include distributed control systems (DCS), energy management systems (EMS) and advanced metering infrastructure. Just like other high value critical infrastructure, nation-states attacks have ramped up against energy services.
Transportation Infrastructure
Transportation, such as aviation, railways, and maritime is highly reliant on OT systems. These systems control and optimize a myriad of transportation processes, traffic, and ensure safety and security. Air traffic control, train control and vessel traffic management are critical to our nation's infrastructure.
Manufacturing
Automation is the heart of the modern manufacturing economy, and systems such as programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) and industrial control systems (ICS) are endemic for a healthy economy. These systems are aging across decades of operating lifetime and have cybervulnerabilities that are not uniformly addressed.
Utilities
The nation's critical infrastructure includes water, wastewater, and waste management that are all powered by OT systems. OT is required for monitoring and controlling processes vital for the health of our citizens. The utility sector depends on SCADA systems, remote terminal units (RTUs) and metering and monitoring that are all vulnerable to compromise.
Intelligence Community
Some of the key systems used by the intelligence community include geospatial intelligence (GEOINT), signals intelligence (SIGINT) and a variety of operational technologies used in the collection of sensed information. The security and health of these systems are necessary to the defense of our national security.
Instant Response and Recovery
Applying IT protections on OT equipment is inappropriate. These control systems typically don't have the resources to run endpoint security, nor should they. OT systems do not and must not be spending cycles scanning, detecting, identifying, quarantining and awaiting responses. It is also unacceptable to have no protection whatsoever.
Does not spend cycles matching signatures and behaviors
Does not require antivirus databases
Presumes components under protection are always under attack
Constantly restores integrity and denies attackers the oxygen necessary to complete an attack
Lightweight
Operational technologies, particularly the legacy devices, do not have resources to commit towards heavyweight protection. YOLO is a new type of OT protection designed specifically for protecting these systems.
Protection code is in the order of kilobytes
The recovery time is typically measured in milliseconds
Multiple instances of YOLO can operate in the same OT device
Compatible with a variety of RTOS such as RT Linux and VxWorks
Real Time Telemetry
Every laptop, desktop and server in the enterprise environment are instrumented to light up their cybersecurity posture within a security operations center. For the first time, legacy OT devices can emit cybersecurity health metrics and incident data in real time allowing your defensive cyber operations team a single dashboard to work from.
Real-time monitoring of legacy devices
Compatible with Elastic Cloud and Splunk
Delivers security status and alerts for visualization at the SOC
Low bandwidth telemetry link for use in M2M or offshore applications
Deployment
Since many operational technologies are highly differentiated, Chip Scan will work with you to integrate YOLO into your critical systems. In basic cases, an off-the-shelf YOLO module may be available. However, we recommend laying a more sophisticated protection around your critical program information or most sensitive control software. Once integrated, Chip Scan will work with your team on integration of real-time telemetry into your defensive operations.
Talk to us about how we can protect your OT system
YOLO is a new type of OT protection that is appropriate for preventing the compromise of mission critical systems.
Peer Reviewed Whitepapers
YOLO originated at Columbia University and has since been integrated into automotive, UAV and DoD mission systems. The academic research and scientific backing behind YOLO is peer-reviewed and published.
Frequently asked questions
Everything you need to know about the YOLO.
Should OT systems be airgapped?
Yes, mission critical systems benefit from airgapping, however, modern cyber attacks can leverage airgap jumpers to allow an attacker to overcome this protection. Not all operational technologies can be airgapped without breaking the mission functionality.
Aren't industrial control systems already hardened?
Most control systems are based on an RTOS operating system such as VxWorks. Vulnerabilities such as URGENT/11 can arise and manufacturers can also recommend patching just like any other operating system. Unfortunately, these types of systems are typically mission-critical and processes for updating them aren't simple and mostly they don't get updated.Over time, more vulnerabilities will be found leaving these systems exposed.
Do operational systems require protection?
Attacks such as TRITON are being performed by cyber threat actors, and most OT systems are not well protected against modern attacks. Many safety systems, for example, are triple redundant for reliability and safety, but this is not the same thing as cyber hardened.
Does YOLO require heavy resources?
Unlike a IT endpoint system, YOLO does not require anti virus databases, heuristics and heavy resources to operate. In fact, most OT systems don't have the capabilities to do scan and process such information without disrupting their core mission. YOLO uses anti-persistence to break the kill chain.
Can I request YOLO for my DoD system?
Yes! We can work with your program office and help you understand the program protection plan requirements.
Does Chip Scan have a contract vehicle for acquisitions?
Yes! We have an ANTX contract vehicle managed by Navy Information Warfare Center (NIWC).
Level up your security today
Schedule a consultation with us. Let's talk.
Other products we offer
Chip Scan offers proven complementary tools and capabilities for protecting the various layers of your hardware systems.
