GRIMM Cyber is a Michigan-based Cyber TXOne Certified Partner that specializes in cybersecurity across a number of industries. Tom VanNorman is a senior vice president at GRIMM in charge of a cyber-physical business group, working primarily in transportation, medical, IoT, and industrial control systems.
“Everybody with that team has been doing this for decades,” he told us. And they are able to apply their expertise across industries. “The cyber-physical groups do not focus on one industry, we focus on operational technologies. We work in energy, manufacturing, healthcare, etc. But all on the industrial control system side,” he said.
Tom himself brings some 32 years of experience in the field, starting with aircraft control systems for the U.S. Air Force. “I’ve been on the asset owner side, on the engineering side redesigning systems, and I’ve been on the plant owner side,” he explained. “So I understand the struggle of installing new things and the production downtime it can mean.”
With TXOne, Downtime Is Negligible
Most production managers find downtime unacceptable. But with TXOne solutions, downtime is limited to about 10 seconds or less if the network is properly prepared, so it’s not an issue for Tom’s clients.
“I’d been evaluating TXOne technology for probably two or three years. So, when they reached out to me, I was super excited,” he said. “I had also been evaluating other products, and when TXOne got in touch, I jumped on it. Their stuff really does work.” Just as importantly, “It’s easy to deploy.” One example is the unsegmented networks that many of his customers operate.
“We refer to them as flat. You can traverse from one device to another. There’s no segmentation. No or very minimal blocking,” as Tom described. He explained that it’s extremely difficult to segment a live network. Normally, you would need significant system downtime, but it’s just not an option in critical settings.
So, how do you handle it?
“TXOne offers their Edge devices that we can deploy into a network in an organized manner, where we can leave that fabric there, put their devices in it, and start to segment that network without the use of elaborate firewalls and such. So it’s a great bolt-on solution to provide that segmentation without shutting anything down.”
The Biggest Challenges Aren’t Even Technical
Tom has said that the most challenging components of OT cybersecurity aren’t technical but human.
“The hardest thing is getting everybody on the same page and talking to each other,” he said, “from your IT department to your control system engineers, to your technicians and everybody else.” In those cases, Tom finds that the most effective discussions toward a secure OT environment are centered on what can be accomplished, not on cybersecurity and the fear of an attack.
“We want people to understand that this is about the resilience of their network. About uptime, production stability, and increasing the resilience of that network for the lowest cost and adding value at the same time. That’s where it’s easier to get everyone on the same page.”
Surprisingly Uncomplicated Deployment
People looking to secure an OT network may be surprised to find that the most effective solution isn’t software but a series of physical appliances that simply plug into the network and learn what to look for: TXOne’s Edge devices, to be specific.
“They’re small, compact, industrial-hardened devices that are meant to go out in the field,” Tom said. “You can mount them in a control cabinet or a harsh location and just plug your own devices in. If you don’t want it mounted in a harsh location, then mount it in your server room.” He said the smallest device they’ve been using is about 4” x 3” x 6”, and the largest is about 12” x 12” x 2”.
The installation, as he described it, is fairly straightforward.
“Let’s say you had a switched network and two dozen devices on there, and they could all talk to each other. That is not what you want!” he said. “So, we would plug the plants’ assets into the TXOne Edge devices. The assets may be programmable logic controllers (PLCs), or a building’s automation hardware, or the computers with access to the network that we’re trying to protect,” he added.
“In the beginning, the Edge devices allow all the traffic to pass. Then, as we implement the technology, we start segmenting that communication. We would learn what the traffic looks like and who’s talking to who,” he explained. “Then, once we start turning it on, it’s going to block other devices that we have not authorized from talking to it.” In other words, he said, “The traffic is still in that physical network, but now virtually segmented off. The assets lose the ability to talk to one another or respond to communication that has not been authorized.”
Removing Impediments to Action
In the future, Tom anticipates a continued competition between the need to act on OT cybersecurity and the impediments to doing so. And unfortunately, asset owners are not securing things at a fast enough rate. “It’s for a variety of reasons,” he says. “Budgetary. Fear of lengthy downtime. Or it’s just not on their radar.”
But it should be. “We’re getting more ransomware attacks from advanced adversaries. And more regulations after the gas pipeline attack,” he said.
And while GRIMM can certainly help keep customers compliant, “You can’t equate regulation with security,” Tom believes. You have to take these other steps that TXOne makes doable.
“It’s easy, and it works,” he said, referring to TXOne’s Stellar, Edge, and Portable Inspector devices. “When we talk to customers about the simple processes to deploy it, it just makes things a lot less stressful.”
Learn more about GRIMM and its implementation services for TXOne technology at GRIMM Cyber.