Radiflow launched CIARA, a new platform offering Cyber Industrial Automated Risk Analysis (CIARA). The solution helps meet emerging best practice around risk modelling and management using the ISA/IEC 62443 series of standards.
CIARA is a fully automated tool for assets data collection, data-driven analysis and transparent risk metrics calculation including risk scoring per zone and business process based on business impact. The new platform is a response to the growing digitization of the production floor (Industry 4.0) that has led to rising tide of cyber threats – while risk assessment processes remain manual tasks that fail to address the full scope of the issue.
CIARA is a next-generation Cyber risk platform intended to support the CISO, Operation manager and other risk stakeholders that act to reduce cyber risk in Industry 4.0 environments using advanced analysis algorithms to automate and manage the entire cybersecurity risk life cycle.
The solution adheres to the ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC), which provides framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACSs).
In addition the CIARA reports assists the operators to meet regulations including the EU NIS Directive and elements of NERC CIP Cybersecurity Requirements with additional support for the NIST Cyber-Security Framework under development.
“Risk assessment is currently a complex and time-consuming process that for the most part revolves around spreadsheets and subject matter expertise which is cumbersome and prone to human error,” said Rani Kehat, Radiflow BVP Business Development. “Worse still, the threat landscape is changing continuously which means a yearly or bi-yearly risk assessment quickly becomes out of date – leading to a false sense of security. With CIARA, industrial organizations can now perform continuous assessment of their cyber-security risks and base cybersecurity expenditure planning in direct correlation to the potential loss, backed up with quantitative data.”
Yehonatan Kfir, CTO at Radiflow, also highlight the complexity that CIARA helps to overcome, “CIARA automates the process of examining hundreds of the most commonly used security controls, against simulation of hundreds of cyber threat types while modelling against dozens of features for the digital network models including protocols, vulnerability, firmware versions, topology, device type and many others. These risk assessments are then factored against common OT risk scenarios including loss of availability, loss of control, damage to property and other. The result is a matrix of potentially tens of thousands of permutations that can’t be analysed by humans while CIARA is able to evaluate it and provide comprehensive reports in a few minutes.”
CIARA is continually updated with assets data from the field and a threat intelligence feed that is based on multiple sources including the MITRE ATT&CK™ knowledgebase of adversary capabilities, tactics and techniques.
Visibility and planning
Ilan Barda, CEO for Radiflow, commented: “For many of our customers that are the new to the area of ICS/SCADA Cyber Security, CIARA dramatically speeds up the risk management process by utilising the methodology and structure of ISA/IEC 62443 – a standard that is likely to become a mandated requirement in the future.”
“There is also significant budgetary pressure in the post COVID-19 business environment, and planning capabilities to help better assign scarce resources are another driving force for the adoption of better risk assessment processes,” Barda adds.