In recent years, executives at Schneider Electric noticed an uptick in demand from their industrial clientele for cybersecurity assistance with industrial control systems. To meet customer needs, the company has made ICS cybersecurity a high priority internally while also forging relationships with cyber vendors such as McAfee and the startup Claroty in 2014 and 2017, respectively. Now, Schneider Electric is partnering with endpoint security specialist Cylance to further beef up its security offerings and enhance its cybersecurity-based consulting services. “Simply put, we are upping our game,” Norm Thorlakson, VP HMI & Supervisory at the company.
Across verticals, industrial professionals share similar concerns concerning ICS cybersecurity. “They have all the same sound bites in the back of their head,” Thorlakson said. “They don’t want to be the next victim of an attack like Stuxnet or WannaCry.”
For Cylance, the partnership expands its footprint in the operational technology domain. While the company counts industrial control systems and IIoT as core focus areas, much of its work on industrial cybersecurity has been from an IT perspective. “Our technology is very well suited for the OT environment, and we have experience since the beginning at Cylance with ICS security being a part of our consulting practice,” explained Craig Whetstone, Cylance, director of OEM. The company, however, traditionally shied away from deploying its software on sensitive industrial control systems involving mission-critical processes. “We don’t want to be in a solution where we disrupt those systems inadvertently, so it is kind of necessary to work with vendors like Schneider Electric to validate our solution in that environment. Whetstone said.
The two companies anticipate the partnership will lead to a higher number of industrial companies adopting machine-learning and AI-based security tools to the OT realm, where they can help prevent cyberattacks from occurring, which tends to be substantially less expensive than responding to an ongoing attack. The cost of unscheduled downtime alone can be staggering in industrial environments.
Complicating matters, ICS cybersecurity has a unique set of priorities, which can limit the extent that best practices from IT can be applied to industrial environments. “The OT space is built on the need for constant communication without challenge,” Thorlakson said. “If I have a critical process running at submillisecond speed, I can’t continually have a challenge set up by a database to check for authorization, user credentials, etc. whereas on the IT side, I can.”
Whetstone said Cylance’s AI- and machine-learning-based tools are well-suited to addressing these unique requirements, while also helping to secure devices that aren’t compatible with traditional anti-virus and anti-malware software. “We can deploy our product into these OT environments where they are disconnected and very sensitive to performance impact,” Whetstone said. The company’s CylancePROTECT software doesn’t use signatures or require updates to maintain effectiveness. “We update our core machine-learning detection that we provide about once every six months,” Whetstone said. “Once Cylance is deployed into the environment, it can run autonomously for extended periods of time even if that machine-learning model is not updated right away, the efficacy of that model degrades very slowly over time.” In contrast, traditional anti-malware software relies on routinely updated signatures to remain effective.
In the long run, the leadership of both Schneider Electric and Cylance expect their partnership and mutual engagement with industrial clients will extend their grasp of industrial cybersecurity to the extent the two firms can provide more meaningful guidance. “We have been having these open-ended conversations on the OT side where we get questions like: ‘Help me understand what I need to care about,’ ‘Help me understand what other people are doing,’” Thorlakson said. “I would anticipate the conversation will go to the point over the period of 2018 and 2019 to: ‘What is my cybersecurity roadmap?’” Answers to any of those questions are not simple, Thorlakson acknowledged. “We are also on our journey. We seek to learn from our engagement with Cylance and our clients.”