6 Aug 2020

Radiflow, a renowned provider of cyber security solutions for industrial automation networks, announced the launch of CIARA, a major new platform offering Cyber Industrial Automated Risk Analysis (CIARA). The solution helps meet emerging best practice around risk modelling and management using the ISA/IEC 62443 series of standards.

CIARA is the first fully automated tool for assets data collection, data-driven analysis and transparent risk metrics calculation including risk scoring per zone and business process based on business impact. The new platform is a response to the growing digitisation of the production floor (Industry 4.0) that has led to rising tide of cyber threats - while risk assessment processes remain manual tasks that fail to address the full scope of the issue.

Advanced analysis algorithms

CIARA is a next-generation Cyber risk platform intended to support the CISO, Operation manager and other risk stakeholders that act to reduce cyber risk in Industry 4.0 environments using advanced analysis algorithms to automate and manage the entire cyber security risk life cycle.

Threat landscape is changing continuously which means a yearly risk assessment quickly becomes out of date"

The solution adheres to the ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC), which provides framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACSs). In addition, the CIARA reports assist the operators to meet regulations including the EU NIS Directive and elements of NERC CIP Cybersecurity Requirements with additional support for the NIST Cyber Security Framework under development.

Cyber security risks

“Risk assessment is currently a complex and time consuming process that for the most part revolves around spreadsheets and subject matter expertise which is cumbersome and prone to human error,” said Rani Kehat, Radiflow BVP Business Development. “Worse still, the threat landscape is changing continuously which means a yearly or bi-yearly risk assessment quickly becomes out of date - leading to a false sense of security."

"With CIARA, industrial organisations can now perform continuous assessment of their cyber security risks and base cyber security expenditure planning in direct correlation to the potential loss, backed up with quantitative data.”

Digital network models

Yehonatan Kfir, CTO at Radiflow, also highlight the complexity that CIARA helps to overcome, “CIARA automates the process of examining hundreds of the most commonly used security controls, against simulation of hundreds of cyber threat types while modelling against dozens of features for the digital network models including protocols, vulnerability, firmware versions, topology, device type and many others."

CIARA speeds up the risk management process by utilising the structure of ISA/IEC 62443"

"These risk assessments are then factored against common OT risk scenarios including loss of availability, loss of control, damage to property and other. The result is a matrix of potentially tens of thousands of permutations that can’t be analysed by humans while CIARA is able to evaluate it and provide comprehensive reports in a few minutes.”

Threat intelligence feed

CIARA is continually updated with assets data from the field and a threat intelligence feed that is based on multiple sources including the MITRE ATT&CK knowledgebase of adversary capabilities, tactics and techniques.

Ilan Barda, CEO for Radiflow, commented: “For many of our customers that are the new to the area of ICS/SCADA Cyber Security, CIARA dramatically speeds up the risk management process by utilising the methodology and structure of ISA/IEC 62443 – a standard that is likely to become a mandated requirement in the future."

Risk assessment processes

"There is also significant budgetary pressure in the post COVID-19 business environment, and planning capabilities to help better assign scarce resources are another driving force for the adoption of better risk assessment processes,” Barda adds.

CIARA has been BETA tested successfully by several existing Radiflow customers and partners including a top 5 global consultancy firm and is now available for new customers with an easy demo offering.