Last week I attended Inductive Automation’s Ignition Community Conference (ICC). Primarily to get smarter on what’s going on in bleeding edge manufacturing, but also to verify and understand why there is a disconnection between manufacturing automation / data operations and OT cybersecurity.
Background
I believe an OT cyber asset inventory is of great value to manufacturing and related data operations. When the OT detection sector began doing demos and proof of concept deployments last decade, it often led to engineers being amazed and thrilled by the asset inventory information. They saw value in this information, even if they didn’t care about security.
It seemed logical that manufacturing systems would have an OT cyber asset inventory application or features separate and better than the OT security products. I’ve been searching for this, and have come up empty.
(Note: OTBase is one exception. It doesn’t do detection, and yet the vulnerability management use case / security still is the primary driver for consideration)
OT Cyber Asset Inventory In Manufacturing
Many of the non-aligned (not RA, not Siemens) luminaries were at ICC, and I took the opportunity to ask them if they had seen an OT cyber asset inventory capability or application outside of the security products (Armis, Claroty, Dragos, Nozomi).
The answer was no. Never.
In theory there is nothing wrong with a detection security product collecting and maintaining the cyber asset inventory. For almost ten years I’ve been predicting that the product would split, because they are two different and complex solutions. There would be cyber asset management (including asset inventory and vulnerability management) products and separate detection/threat intel/incident response support products. The products in these two categories would pass useful data back and forth.
It hasn’t happened, and the discussions at ICC reinforced that it is not imminent.
Connect
The ProveIt part of ICC showed some innovative examples of connecting systems and leveraging AI. For example, an asset owner could connect to the MES and Ignition SCADA and use AI to ask questions about where planned schedules weren’t met and the top five reasons for the variances in various products / lines.
If we, the OT security community and product sectors, are going to be creating and maintaining the OT cyber asset inventory, then we need to start connecting. In the previous example, perhaps the variance only happened on lines with PLC’s running firmware version 4.1. Or maybe certain detected events are correlated to schedule variances.
The good news is AI makes these connections so much easier. There still are issues with AI hallucinations, the need to add meta data, and … Still the future is so bright I gotta wear shades.
Cool Stuff
At ICC Inductive Automation unveiled Ignition version 8.3, and had a number of sessions showing Ignition solutions in action around the world. Good information and impressive, but not what I found to be the cool stuff.
The most interesting part of the event were some of the vendors who took advantage of Ignition’s open architecture and interfaces. The four that caught my attention, and I’m going to get smarter on, in priority order, are
- HighByte
- MaintainX
- Flow
- HiveMQ