The Nozomi buyout is good news for the OT network security industry. However, it also carries baggage. A control system vendor buying a cybersecurity monitoring system may limit support to that cybersecurity vendors’ existing systems, as well as potential impediment to providing new OT monitoring systems to non-Mitsubishi control systems. Independent of the buyout, the generic shortcoming of OT network monitoring systems continues to be assuming the untrusted Level-0 input data is valid. Nozomi, like the other OT network monitoring vendors, monitor Ethernet packets as they assume Level-0 devices (e.g., process sensors, actuators, etc.) are uncompromised, authenticated, and correct. The physical characteristics monitored by the Level-0 devices provide critical indications of process and sensor health. However, the data that provides those indications are filtered out before the Ethernet packets are created so this information is gone before it gets to Nozomi or other OT network monitoring systems. Once this information is gone, it can’t be recreated. As a result, the Level-0 data input to the network monitoring systems are untrusted and can’t provide indications of process or process sensor health.
Mon, Sep 22
The Mitsubishi purchase of Nozomi Networks: what could go wrong
2
1 reply