City of Raleigh

Herausforderungen

The team realized that network traffic monitoring only provides a piece of what’s needed to secure their ICS environment. Accordingly, they were interested in adding an active detection component that could work alongside passive network monitoring to provide critical information about the ICS environment that cannot be gathered solely by listening to network traffic.

Lösung

After a thorough RFP process, Steve Worley, SCADA security manager for the City of Raleigh, selected Tenable OT Security. “We chose Tenable OT Security for its unique ability to monitor, proactively detect and alert our staff to any changes made to our industrial control systems that could impact their integrity and proper operation,” says Worley. 

• Gain visibility with rich context
  Tenable OT Security's patented active detection technology enabled Raleigh’s SCADA engineers to achieve complete security coverage. Die Lösung erfasst, klassifiziert und fragt alle ICS-Assets und -Geräte ab – auch solche, die nicht im Netzwerk kommunizieren.Dank der nativen Abfrage von Geräten wird der Netzwerkbetrieb in keiner Weise beeinträchtigt.Darüber hinaus wurde die Genauigkeit von Warnmeldungen durch Detailinformationen zum Asset-Bestand und einen erweiterten Warnmeldungskontext verbessert, was letztlich die Effizienz und Produktivität des Sicherheitsteams erhöht.
• Control and track all devices
  Tenable OT Security automatically maps all controllers and devices on the network, documents their configuration and provides in-depth visibility into their state. Die Bestandsdaten bieten eine einzigartige Asset-Informationstiefe – Firmware- und Betriebssystemversionen werden ebenso nachverfolgt wie interne Konfiguration, ausgeführte Software und Benutzer, Seriennummern und die Backplane-Konfiguration von PCs und industriellen Steuerungen.
• Stay secure with real-time alerts
  In addition to the ability to log into a dashboard, Tenable OT Security provides real-time alerts for Raleigh with detailed contextual information gathered from devices, including data about suspicious activities and unauthorized changes. This information enables engineering and security to work together quickly, helping them identify the source of potential problems and mitigate risks.
• Comply with regulations through documented audit trails
  Tenable OT Security provides a comprehensive audit log detailing all engineering activities related to the devices. By capturing the who, what, when, where and how, the audit trail gives the security team full situational awareness, empowering them to quickly pinpoint problems and remediate accordingly.

Impact

Since implementing Tenable OT Security, Worley has gained full visibility into any change on his OT network and streamlined compliance efforts.

• Speed and efficiency
  Given the size and complexity of the SCADA environment, automated asset discovery was a must-have requirement. “Within minutes of installing the Tenable.ot solution, we could automatically collect and display huge amounts of data on our network that would have taken weeks to gather manually,” says Worley. The automation provided asset names and IP addresses, MAC addresses and the like, which are useful for network management. Everyone on Worley’s team could see these details, as well as access the asset map via the Tenable OT Security dashboard.
• Stronger security with situational awareness
  
  The fact that Tenable OT Security offered both passive and active components provided real value for the City of Raleigh. Specifically, the ability to actively query PLCs and learn what programming changes had been made, including versioning history, was a major advantage. “Prior to Tenable OT Security, we didn’t really have a way to get that version information as changes were made. Now, we have a timestamp on when the changes are made and we can determine who made those changes and hold them accountable,” explains Worley. This was particularly relevant for monitoring the activities of any third-party contractor or systems integrator who makes changes to PLCs on a regular basis.
• Regulatory compliance and expert support
  With the detailed audit trails and the support of Tenable engineers, Worley’s team smoothly deployed the Tenable OT Security solution within its public utilities’ ICS/SCADA network. The initial system was up and running on the first day, providing the City of Raleigh’s team with all the data they needed to both meet the requirements and maintain complete visibility and control over all industrial operations.

Fazit

Using Tenable OT Security, the City of Raleigh now has a comprehensive view of their cyber risk across their OT infrastructure.

The solution also provides automated asset discovery and management, which is key in boosting team efficiency and productivity. The manual processes previously used for inventory management were both time-consuming and error- prone, making it difficult to maintain an accurate inventory of ICS assets, which is crucial for risk assessment and regulatory compliance.

The automated asset management combined with the passive detection, active querying and full audit trail of any change to their network are critical capabilities for their operational reliability and safety. Together, they enable IT and OT managers alike to plan maintenance schedules, track changes made to devices, restore misconfigured devices and comply with new regulations.