Asking small municipalities to defend themselves against nation-state adversaries is a tall order, but it all begins with the basics of cybersecurity — the “blocking and tackling” — Steve Worley, SCADA security manager for Raleigh, NC, tells CSO. That means network monitoring. Knowing what’s happening on your network is critical to responding to any undesired activity. However, operational technology (OT) network monitoring tools lag far behind traditional IT solutions, which aren’t a good fit for industrial control systems.
In addition to network monitoring, Worley wanted the ability to actively query programmable logic controllers (PLCs) at water treatment plants to discover any changes in programming logic — by an employee, a systems integrator, or a malicious third party.
Rather than develop a solution in-house, he chose to deploy the Indegy network monitoring tool. “We were looking to have more robust network monitoring for our network that spans across a large area of the county,” he tells CSO.
Worley considered developing a solution in-house using open source tools, but concluded that would be too time-consuming. The city published an RFP and considered their options. “We looked at all the major vendors in the realm of network monitoring of SCADA/ICS networks,” he tells CSO by email. “Indegy’s active monitoring of the PLCs and network was a major part of the decision to go with them.”