November 4, 2020
ABB and IBM have recently announced a collaboration focused on connecting cybersecurity and operational technology (OT). As a first result of this collaboration, ABB has developed a new OT Security Event Monitoring Service1 that combines ABB’s process control system domain expertise with IBM’s security event monitoring portfolio to help improve security for industrial operators.
Industrial control system environments are increasingly targeted in cyber-attacks. In fact, IBM’s latest X-Force Threat Intelligence Index found that attacks on industrial and manufacturing facilities have increased by over 2,000% since 2018.
To better connect OT data with the broader IT security ecosystem, ABB has developed a new offering that allows security events from ABB to be sent to IBM’s security information and event management platform known as QRadar.
The ABB solution was designed according to a reference architecture jointly developed by ABB and IBM. It provides the domain knowledge needed to swiftly react to security incidents related to process control, and is especially suited for complex industrial processes in industries such as oil, gas, chemicals and mining. The new event collection and forwarding software which enables this integration is currently being used by early adopter customers and will be made broadly available by ABB in the coming months.
This collaboration marks the first time that OT data and process industry domain expertise is being brought directly into a Security Information and Event Monitoring (SIEM) system, allowing threats to be managed as part of an organization’s broader cybersecurity operations and strategy.
“ABB’s collaboration with IBM makes it possible to analyze process control events in the context of security and impact to the operational environment, delivering strong improvement in our OT cyber threat visibility across the board,” said Robert Putman, Global Manager of Cyber Security Service for Industrial Automation at ABB.
Disruption of production due to a cyberattack or technical glitches can be costly in terms of lost production and damage to physical assets. Most mature operational monitoring is focused on the performance of the asset, whether it be a gas turbine for electricity, a drive system used to crush ore, or simple monitoring of pollution output from a chemical facility.
The new ABB offering allows ABB’s process control system data collection and forwarding technology to harvest event log detail from ABB process control systems, and share that information with IBM Security QRadar, which uses automation and artificial intelligence to help identify security anomalies and potential threats.
“We see the integration of these solutions as bringing market-leading capabilities together for a singular view of OT security,” said Dr. Andreas Kühmichel, CTO, Chemicals, Petroleum & Industrial Products, IBM. “With more comprehensive OT and IT security visibility, clients can help reduce the risk of production being suddenly interrupted due to a security event, resulting in costly downtime and broader risk to the company.”
The ABB and IBM technologies involved in this solution are designed on open platforms allowing them to operate on the edge and deploy easily across hybrid cloud environments spanning on-premise, private or public clouds. The joint solution is designed so that security processes operate via automation and do not disturb industrial workflows. The security analysis in QRadar operates through a use case library, which automatically flags incidents and triggers corresponding alarms.
The two companies plan continued collaboration in the realm of OT security, in order to develop new capabilities and offerings that address customer challenges in this space.