Global engineering and industrial technologies group ABB and enterprise cybersecurity subsidiary company IBM Security on October 15 announced a collaboration focused on connecting cybersecurity and operational technology (OT).
The first result of this collaboration resulted in ABB developing a new OT security event monitoring service that combines ABB’s process control system domain expertise with IBM Security’s security event monitoring portfolio to help improve security for industrial operators.
"Industrial control system environments are increasingly targeted in cyberattacks. IBM's latest X-Force Threat Intelligence Index found that attacks on industrial and manufacturing facilities have increased by more than 2 000% since 2018," the companies said in a statement.
Additionally, to better connect OT data with the broader information technology (IT) security ecosystem, ABB has developed a new offering that allows security events from ABB to be sent to IBM’s QRadar security information and event management platform.
The ABB solution was designed according to a reference architecture jointly developed by ABB and IBM. It provides the domain knowledge needed to swiftly react to security incidents related to process control, and is especially suited for complex industrial processes in industries such as oil, gas, chemicals and mining.
The new event-collection-and-forwarding software that enables this integration is currently being used by early-adopter customers and will be made broadly available by ABB in the coming months.
"This collaboration marks the first time that OT data and process industry domain expertise is being brought directly into a security information and event monitoring (SIEM) system, allowing threats to be managed as part of an organisation’s broader cybersecurity operations and strategy."
ABB’s collaboration with IBM makes it possible to analyse process control events in the context of security and impact to the operational environment, delivering strong improvement in our OT cyberthreat visibility across the board, said ABB Industrial Automation Cyber Security Service global manager Robert Putman.
"Disruption of production owing to a cyberattack or technical glitches can be costly in terms of lost production and damage to physical assets. Most mature operational monitoring is focused on the performance of the asset, whether a gas turbine for electricity, a drive system used to crush ore, or simple monitoring of pollution output from a chemical facility."
The new offering allows data-collection-and-forwarding technology to harvest event log details from ABB process control systems and to share this information with IBM Security QRadar, which uses automation and artificial intelligence to help identify security anomalies and potential threats.
"We see the integration of these solutions as bringing market-leading capabilities together for a singular view of OT security,” said IBM Chemicals, Petroleum & Industrial Products CTO Dr Andreas Kühmichel.
"With more comprehensive OT and IT security visibility, clients can reduce the risk of production being suddenly interrupted owing to a security event, which can result in costly downtime and broader risk to the company.”
The ABB and IBM technologies involved in this solution are designed on open platforms allowing them to operate on the edge and be deployed easily across hybrid cloud environments spanning on-premise, private or public clouds. The joint solution is designed to ensure that security processes operate via automation and do not disturb industrial workflows.
The security analysis in QRadar operates through a use-case library, which automatically flags incidents and triggers corresponding alarms.
The two companies plan continued collaboration in the realm of OT security, in order to develop new capabilities and offerings that address customer challenges in this space, the statement concluded.