The digital age has ushered in a new era of industrial operations, where interconnected systems and technologies have revolutionized manufacturing processes. However, with this advancement comes the heightened risk of cyber threats that can disrupt critical infrastructures. Our society, economy and critical infrastructures have become largely dependent on computer networks and information technology solutions, making them vulnerable to cyber-attacks. The interconnections of modern commerce and the difficulty in attributing cyberattacks blur the lines between what is simply one company’s problem and what is a national security crisis.
Amidst this landscape, Alexandro Fernandez, the Latin America Regional Director at TXOne Networks, has emerged as a leading figure in the realm of industrial cybersecurity. With an unwavering commitment to protecting Operational Technologies (OT) in industrial environments, Fernandez has spearheaded initiatives to ensure the smooth and secure functioning of key industries across the region.
Alexandro Fernandez is leading the charge in industrial cybersecurity. His expertise and dedication enable partnering companies to navigate the complex realm of industrial cybersecurity, safeguarding critical infrastructures and operational technologies. With a commitment to tailored solutions, continuous innovation and industry collaboration, Fernandez and TXOne Networks remain at the forefront of protecting industrial environments in Latin America and beyond. Let’s delve into the specifics of how Mr. Fernandez is transforming cybersecurity in Latin America and stepping into more secure industrial operations.
Industrial Cybersecurity and its Crucial Role
Industrial Cybersecurity is a set of processes, practices and technologies designed to manage the cyber risk of industrial cyberspace derived from the use, processing, storage and transmission of information used in the industrial infrastructures of organizations, considering people, technology and the processes followed for the use of Operating Technologies (OT).
Industrial cybersecurity must consider the need to complement itself with its equivalent versions with other security practices, such as environmental security, physical security, safety and equipment, without neglecting the value of the technological heritage of industries, understanding as such those tangible and intangible assets derived from intellectual work such as an idea, an invention, an industrial secret, a process, a program, data, formula, patent or trademark, this heritage being the main asset to be protected by industries.
In today’s world, the importance of industrial cybersecurity cannot be overstated, and it has become a critical aspect for several key reasons; here are 3 of the most important:
Critical Infrastructure Protection: Ensuring the protection of critical infrastructure is paramount to maintaining essential services and national security. He says, “It is known as all that technological infrastructure that is necessary for an entire country to have basic services such as water, energy, communications, nuclear, transportation, emergency services, public health, and manufacturing systems among others, and national security.” Mr. Fernandez recognizes the significance of safeguarding these infrastructures against cyber threats.”
Regulations and Compliance: Numerous countries have established national cybersecurity strategies and regulations that encompass the protection of critical infrastructure, as well as cybersecurity policies and other regulations directed at specific sectors such as those related to energy (Generation, distribution) and transportation (Air, maritime, railway). Mr. Fernandez understands the importance of complying with these regulations and ensuring industrial companies adhere to the cybersecurity policies specific to their respective sectors, such as energy and transportation.
Digital transformation/Industry 4.0: With the advent of Industry 4.0 and digital transformation initiatives, industrial companies aim to enhance their production processes, efficiency and maintenance practices, minimize losses, be more efficient in terms of equipment maintenance, workshop floor management, etc., but to achieve all this it is highly recommended that industrial companies should cyber protect these industrial environments. However, embarking on this journey necessitates robust cybersecurity measures. Mr. Fernandez emphasizes the need for industrial companies to fortify their cyber defenses before undertaking digital transformations, safeguarding against potential cyberattacks.
Continuing on this, he shares, “Before starting the journey that leads them towards a successful digital transformation and that does not leave “doors open” for possible future cyber-attacks.”
Staying Ahead: Understanding Threats and Vulnerabilities
To remain at the forefront of industrial cybersecurity, Alexandro Fernandez diligently stays abreast of the latest threats and vulnerabilities in industrial environments. He emphasizes, “There are different mechanisms to be updated and notified regarding the latest threats and vulnerabilities in industrial environments. Some of these mechanisms can be found, for example, in the bulletins published by CISA or in other industrial cybersecurity communities such as the ISA (International Society of Automation), manufacturers of industrial cybersecurity solutions, among others.”
He leverages various mechanisms to stay updated, while additionally, Mr. Fernandez relies on threat intelligence services and interactive maps, such as TxOne’s Threat Atlas, to gain real-time insights into cybercriminal activities targeting industrial environments.
He says, “There are also companies that provide Operational Technologies (OT) threat intelligence services through specific reports that are issued. We can also find interactive maps (such as TxOne’s Threat Atlas) that illustrate valuable information on cybercriminal activity that shows some of the cyber-attacks in industrial environments in real-time.”
Identifying and Assessing Security Risks
Mr. Fernandez emphasizes the significance of employing a structured methodology to identify and assess security risks in industrial environments. While adapting to each industrial company’s unique requirements, he recommends following the steps outlined in the ISA /IEC 62443-3-2 standard. The steps outlined by Fernandez include:
“Perform a High-level cybersecurity assessment: Identifying the SuC (System under consideration) by reviewing system architecture diagrams, inventory company policies, regulations and risk tolerance related to this SuC.
Perform an initial cybersecurity risk assessment: Use existing PHAZOPs (Hazard and Operability study) and other relevant risk assessments like cyber maturity reviews, LOPA (Layers of Protection Analysis) reviews, Audit reports, etc., and corporate risk matrix to identify potential risks and to use them as a starting point and to gain an initial understanding of the worst case risk scenario for the SuC, to present in terms of impacts to health, safety, environmental, business interruption, production loss, product quality, financial, legal, regulatory, reputation among others.
Zoning and Conduit Classification: Group the IACS (Industrial Automatization Control Systems) and related assets into zones and conduits critically with the intention of classifying those assets.
Perform a detailed cybersecurity assessment for each zone & conduit: Identifying threats and vulnerabilities, determining consequences and impacts, and determining the security level (SL-1, SL-2, SL-3, SL-4 according to IEC 62443) to be achieved. Then identify and evaluate existing controls/countermeasures, define a risk threshold, calculate residual risk and very importantly try to verify that those risks are below the defined risk appetite.”
Implementing these steps enables organizations to gain a comprehensive understanding of their OT cyber risks.
Tailored Solutions for Partnering Companies
One of Mr. Fernandez’s key objectives is to provide tailored solutions that meet the specific needs of partner companies. He shares, “I focus on understanding two main topics; The first one is related to the general thoughtful of the operating technologies (OT) that support industrial processes and that can affect the discontinuity of those industrial processes.” Based on this knowledge, Mr. Fernandez proposes high-level designs that align with the company’s business objectives, focusing on the operation and cyber protection of their OT.
He also explains, “Once the above is done, I propose a high-level design of how our solutions can help the company meet its business objectives related to the operation and cyber protection of the operational technologies that manage the industrial processes.”
Moreover, Mr. Fernandez ensures that the solutions are validated through demos and proof-of-concept testing to meet the technical requirements of clients. This process culminates in the formalization of projects that address the unique needs of each partnering company.
In his words, “As part of the process, the next step is to execute a Demo and a Proof of Concept of our solutions to validate that our solutions meet the technical requirements of our clients.”
Protecting Protocols and Ensuring Operational Continuity
Continuity Industrial protocols and control commands play pivotal roles in industrial cybersecurity, as they govern the operation of industrial processes. Mr.
Fernandez emphasizes the importance of understanding these protocols depending on each industry; for example, we have those related to the health sector, such as HL7 or DICOM, to mention the most important. There are also other protocols that are used in factory automation, such as ModBus, CIP, S7 Comm, and OPC-UA, or we also have others widely used in the energy sector, such as DNP3, IEC-61850, among others, and these should be protected against unauthorized modifications that could potentially disrupt operations.
One of the most important points to consider in some of these protocols are the control commands that can be executed since an attacker can modify an instruction and can cause damage to an industrial process. To achieve this, TXOne Networks’ EDGE IPS (Intrusion Prevention System) enables the configuration of specific rules that prevent unauthorized changes at the command level, ensuring the continuity and integrity of industrial processes.
Balancing Security and Operational Efficiency
Maintaining smooth and efficient operations while prioritizing security is a critical challenge in industrial cybersecurity. Mr. Fernandez recognizes the paramount importance of operational continuity and tailors solutions to minimize intrusion while adequately addressing cyber risks. By considering factors such as operational technologies, existing cybersecurity controls, and asset criticality. Mr. Fernandez designs solutions that strike a balance between security and operational efficiency, ensuring uninterrupted processes.
The most important objective for an industrial environment is to maintain the continuity of the processes, which implies and covers many aspects; therefore, it is relevant to understand the operation technology that is required to operate those industrial processes, the industrial network, the existing cybersecurity controls (if they exist), the criticality of the asset and from there propose a solution that can be the least intrusive possible, the most adequate to minimize cyber risks and that has as priority number one to maintain the operations up and running.
Incident Response: A Proactive Approach
Mr. Fernandez underscores the significance of having robust incident response mechanisms in place. He says, “It is essential that industrial companies have mechanisms and processes when it comes to incident response, as today you cannot afford not to have them.”
He advocates for the adoption of industrial cybersecurity incident response policies, engaging experienced cybersecurity companies well-versed in industrial environments. By ensuring an understanding of operating technologies and their relationship with industrial processes, organizations can effectively manage and respond to cybersecurity breaches.
Navigating the Latin American Regulatory Landscape
In Latin America, the regulatory landscape for industrial cybersecurity is still evolving. While countries like Chile, Colombia and Brazil have made strides in establishing specific regulations for protecting critical infrastructures, other nations are yet to develop comprehensive cybersecurity strategies. In these nations, specific regulations focused on the protection of the national electricity sector are mandatory and relatively mature. Mr. Fernandez acknowledges the progress made by certain countries in the region while highlighting the need for broader cybersecurity strategies and initiatives across Latin America.
Some other initiatives related with the protection of critical infrastructures across Latin America, for example the “PNCS: Política Nacional de Ciberseguridad” in Chile, the “Programa Nacional de Infraestructuras Criticas de Información y Ciberseguridad” in Argentina, the “Política Nacional de Segurança de Infraestruturas Críticas – PNSIC” in Brazil, the “Ley de Ciberdefensa No. 30999” in Peru and some others in countries like Colombia.
Integrating Solutions with IT and OT Systems
TXOne Networks’ solutions seamlessly integrate with existing IT and OT systems in industrial environments. Understanding the diverse OT protocols used in various industries, Mr. Fernandez ensures the protection of legacy operating systems and addresses technical vulnerabilities through their “Virtual Patching” mechanism. The solutions also facilitate the export of results in formats compatible with other IT cybersecurity solutions, enabling efficient integration with the existing ecosystem.
How do you plan to continue innovating and improving your solutions in the coming years, given the constantly evolving cybersecurity landscape?
Mr. Fernandez and TXOne Networks prioritize continuous innovation and improvement of their solutions. With a robust research and development team, they invest in enhancing their technology stack, innovating products and adapting to the evolving threat landscape. Client feedback and collaboration play an integral role in their innovation process, ensuring their solutions effectively address the ever-changing cybersecurity challenges faced in industrial environments.