IIoT and Utilities
Industrial Control Systems (ICS), the utility grid, and the Industrial Internet of Things (IIoT) tie together a wide range of devices and services, including many that are in the class of critical infrastructure. This growing number of endpoints connected to the Internet increases the cyber-attack surface - each class of endpoints and their cloud service provider infrastructure introduce new vulnerabilities and attack vectors.
Unique and Scalable Solution
BlackRidge Transport Access Control (TAC) is well suited to protect distributed endpoints and their cloud services, given it works end-to-end across network and cloud boundaries, and that TAC works well in undefined topology networks. BlackRidge segments and isolates SCADA and IIoT devices and the cloud infrastructure that manages them, blocking scanning, discovery, and access from all unidentified and unauthorized devices and systems. It closes attack vectors by allowing only authorized and authenticated inbound and outbound network sessions.
BlackRidge TAC operates prior to a session or connection being made, effectively taking critical infrastructure networks and IIoT devices off an attacker’s map. BlackRidge can be flexibly deployed on a device or in a hub architecture to communicate identity on behalf of individual IoT sensors or SCADA devices. This supports both new and legacy environments, providing scalability that support millions of devices. Also low computational requirements allow many integration options with low power consumption.
The key value that BlackRidge provides includes:
- Stops cyber-attacks and unauthorized awareness: BlackRidge provides a new and fundamental solution to protect against advanced persistent threats and attacks, by deflecting unnecessary and unwanted traffic. This efficiently and effectively stops the kill chain, preventing potential and even unknown attacks.
- Regulatory compliance: Utilities and critical infrastructure operators live with increasing regulatory compliance requirements. NERC CIP standards, as an example, were issued for the identification and protection of critical assets required to maintain the bulk power system’s operational integrity. BlackRidge can not only protect those critical assets, but also the connections made to those assets with an identity-based access model.
- Privacy: The connection of utility systems and IoT devices means an increased level of information sharing to many interested parties. This must be tempered to effectively secure boundaries for access to sensitive information. BlackRidge proactively discards unauthorized traffic from entering or leaving a network - only authenticated connections are allowed to proceed.