Why Sentryo

Cybersecurity pioneering

Sentryo is pioneering the market for cybersecurity protection for machine-to-machine networks and critical industrial systems, aka the Industrial Internet

Today
Industrial Automation

today

Tomorrow
Industrial Internet of things

tomorrow

The Industrial Internet covers machine-to-machine networks and cyber-physical systems which interact with the physical world. It stretches from command and control networks (ICS or SCADA) to the upcoming Industrial Internet of Things whose nervous system will be digital and software based.

It’s a cross sectors paradigm which has many different names: Industrie 4.0, Smart Cities, Smart Grids, eHealth… In all cases, our daily lives will rely on these smart technologies.

Managing cyber risks in a highly volatile world

1 – Industrial Internet Vulnerable

  • Industrial Control Systems (ICS) used to be closed and proprietary. They were designed to last for 10 to 20 years. They were not originally designed with cyberrisks in mind
  • ICS are now more open, becoming integrated with IT and external business partners while relying more and more on IT standards making them highly vulnerable to cyberrisks.
  • Security incidents are skyrocketing.  Malwares like Havex, Blackenergy or Dragonfly now specifically target ICS.

why1

why2

2 – IT solutions do not fit

  • IT cybersecurity solutions are designed to focus on confidentiality and to block any suspicious activities
  • They are intrusive, require network architecture changes, and do not fit industrial environment and standards
  • Unfortunately, IT cybersecurity products are generating too many false positives: a legitimate and mandatory network behavior would be seen as an attack, resulting in process downtime

3 – There is no cybersecurity culture

  • Industry people, Control Engineers & Operators, are all about safety: protect processes and people against hardware failure or environmental casualties. Fighting against malicious people is very different.
  • As a result, Cybersecurity is not part of Operational Technologies culture.
  • Authorities issued new regulations demanding critical infrastructure operators to implement cybersecurity best practices.

why3

Threat Examples

WIRED – Jan 8th 2015

‘A cyberattack has caused confirmed physical damage’.

According to the German BSI, hackers had struck an unnamed steel mill in Germany. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in ‘massive’ damage.

BLACKHAT 2015

‘Hackers demonstrate full remote control of a modern car’.

Experts tend to agree that car hacking is one of the most serious vulnerabilities of this new hyper­connected world. Cars now incorporate a range of technologies such as Adaptive Cruise Control, which can control the throttle, brakes and steering of the vehicle. Hacking experts Chris Valasek and Charlie Miller thrilled the crowds with their exploits in gaining remote control of everyday Jeep vehicles.

ICS CERT – Dec 10 th 2014

‘SCADA software hacked to penetrate customers networks.’.

Experts has identified a sophisticated malware campaign that had compromised numerous industrial control systems (ICSs) environments They have found multiple variant of the Black Energy malware. Analysis indicates that this campaign has been ongoing since at least 2011. Multiple companies have identified the malware on SCADA stations from various vendors