CIARA, the First Cybersecurity Risk Assessment Platform in OT, Arrives in Spain.

CIARA (Cyber Industrial Automated Risk Analysis) is the first fully automated tool for asset data collection, data-driven analysis, and risk metric calculation, including risk assessment by zone and business processes based on economic impact.

This tool was created in Radiflow LTD in response to the increasing digitalization of the industrial environment (Industry 4.0), which has led to an enormous growth of cyber threats, while risk assessment processes remain manual tasks that do not address the full scope of the problem.

CIARA is designed as a cybersecurity tool intended to support the CISO, the operations manager, and other stakeholders who aim to reduce cyber risk in OT environments. It helps manage the entire cybersecurity risk lifecycle using advanced and easy-to-interpret analysis algorithms.

In addition, users of industrial control and automation systems will be able to drastically streamline risk reduction planning to improve the level of cybersecurity and comply with best practices regarding risk management defined in the ISA/IEC 62443 series of standards.

I Industrial Standards

The solution adheres to the ISA/IEC 62443 standards series developed by the ISA99 committee and subsequently adopted by the IEC, providing a framework for addressing and mitigating current and future security vulnerabilities in industrial control and automation systems (IACS).

The CIARA reports help operators comply with regulations, including the EU NIS directive and elements of NERC’s CIP cybersecurity requirements, with additional support from the NIST framework.

Currently, risk assessments are complex, manual, and time-consuming procedures due to the lack of documentation and the need to collect many different types of information. In addition, the results are outdated over time; they are a snapshot in time. However, threats evolve day by day.

With CIARA, a continuous risk assessment can be performed, and cybersecurity investment can be planned based on potential losses that have been calculated using objective data.

I Overcoming Complexity

CIARA automates the process of examining hundreds of security countermeasures, simulating hundreds of possible threats, all against the digital image of the network obtained from the actual physical infrastructure. It automatically manages the following data:

• Assets, protocols, messages, IP addresses, MAC addresses, firmware versions, criticality, zones, conduits, etc.
• Potential vulnerabilities of assets present in the network (CVEs).
• Simulation of attacks based on Mitre ICS and Radiflow’s own.
• Analysis of network behavior and appearance (or disappearance) of communications from the
  network.
• Knowledge of current threats in the area/sector based on Mitre Att@ck.
• Detection of changes in industrial equipment.

With all this data, CIARA is capable of simulating how effective the implemented cybersecurity controls are against known attacks and threats that are occurring, and thus, in a few minutes, be able to assess the level of risk to which one is really exposed based on objective data.
Based on the result of the assessment, CIARA will propose a series of actions to mitigate the risk and will offer different criteria to balance the proposals between protection, compliance with standards, and budget.

Based on these criteria, CIARA automatically prioritizes the security requirements (SR) to be implemented with the aim of maximizing ROI in cybersecurity. Currently, some of the optimization criteria included are:

• Zone Impact: What is the economic impact if a zone fails?
• Tolerable risk: Which zone has the least tolerance to risk?
• Compliance gap: Which zones have the greatest discrepancy between the measures
  implemented and what the standards dictate?

At Logitek, we have created an Industrial Cyber Awareness solution that uses CIARA as a risk analysis and management tool. For more information: