Velta Technology is a TXOne Certified Partner that provides digital safety and security for industrial environments. Founded in 2018, Velta Technology has assembled a multi-disciplinary team of industrial manufacturing and critical infrastructure experts who combine more than 100 years of experience securing ICS/OT environments.
“The customers that we work with range from Fortune 100 enterprises with global footprints to regional clients,” said Craig Duckworth, President and CEO of Velta Technology. “We have clients in food and beverage, critical infrastructure, consumer packaging goods, across all industries, really,” he added. “We understand the IT side, but our focus is everything on the OT side, the industrial networks.”
Velta Technology’s professional services range from table-top discussions of what might happen in a cybersecurity emergency, to helping drive internal alignment and awareness of cybersecurity on the OT side, to providing ICS/OT-specific SOC services. Many engagements begin with a three-week visibility study. “We see everything from PLCs talking to the internet, which is very bad, to communications across plants that should have no communication at all,” Craig said.
The Importance of OT-Centric Partnerships
Velta Technology has formed strategic partnerships with some of the world’s leading industrial technology companies. According to Craig, “We work with technologies that are uniquely positioned for industrial networks. So as we look for partnerships, we’re seeking technologies to supplement and augment our own product offerings and skillset.”
“We sought them out at the beginning,” he said, referring to TXOne Networks’ emergence in the market. From a service delivery standpoint, Velta Technology honed in on the fact that “TXOne and its products are OT-centric, purpose-built, and non-harmful to ICS/OT networks.”
Velta Technology began looking at TXOne’s technology, understanding what it does and how it played within the OT space. “We reached out, made contact, and got their technology into our lab. We started vetting it and realized the powerful tool that it was and how we could leverage it to augment other tools that were already there.” TXOne was, in Craig’s words, “a very natural fit” for Velta Technology and its clients.
Security Was Never the ICS Priority
Industrial networks were built to prioritize production, not security. “Most OT environments are 15, 20, 50 years old,” Craig said. “Those machines were not made with security in mind. You can’t put traditional endpoint protection on those devices, they’re not designed for it.”
Of course, it’s always tempting to just say replace legacy technology with the latest, as they do in IT networks. But that’s due to the nature of IT tech. In industrial networks, it’s probably not even feasible, as replacement means downtime and cost. As Craig explained, “To take a plant, packaging line, or another process offline to do a replacement might be a few days to a few weeks. You could be at a loss of $150,000 an hour or more in production for that downtime.” And that doesn’t account for the purchase of the new equipment itself, plus the cost to install and configure it. “It isn’t a viable option for most organizations,” he said.
Today’s more modern industrial tech might not be up to the task, either. According to Craig, OEM manufacturers may take three years to build a piece of equipment, during which time they’ll lock down the technology, settle on a firmware version, and put it in the device. “By the time they build it, ship it, and install it at a client site,” he said, “it’s already three years old, and its vulnerabilities are very large.”
Bridging the Gap Between OT and IT
In many organizations, cybersecurity, whether for the IT network or industrial systems, is the responsibility of the IT security team, especially since a dedicated OT security team may not even exist. Unfortunately, many IT security teams are simply unfamiliar with the differences between IT and OT security requirements or even unaware that differences exist. “Very often, the first thing they say is, ‘We’ve got tools for that. We can handle that. Our SIEM, SOAR or firewall – we’ll just use them.’” But, as Craig advises, “It’s not that easy.”
Getting the attention of IT security teams and leaders to talk about the unique dangers that a compromised OT network presents — and the need to address them — has traditionally been challenging, but that’s starting to change, according to Craig.
“OT security issues are getting more attention now,” he said. “We are seeing a shift from the SEC (Securities and Exchange Commission) for publicly traded companies. They are looking at compliance issues, regulatory issues, and reporting breaches within a certain amount of time. And they are looking to tie compensation at the C-level and the Board to the organization’s cyber hygiene.”
Insurance carriers have also become heavily involved in cybersecurity, Craig said, either issuing or denying coverage based on the cyber hygiene of the industrial networks. “Before, they were looking strictly at the enterprise side. Then, in the last few years, ransomware started coming into play, and organizations were being shut down from their operational side.”
But it’s not just insurance or regulatory requirements that should be driving OT security upgrades. It’s unplanned shutdowns, possible loss of human life, environmental disaster, and long-term damage to the business. “Everything the entire organization has worked for could be stolen from it in a data breach,” he said.
Under those circumstances, he believes, “If companies are not exercising the same amount of due diligence and care in their industrial networks as they are in the enterprise, they have to ask themselves, why not?”
How TXOne Helps Protect Velta Technology’s Clients
TXOne’s ICS/OT-centric technology helps protect the assets Velta Technology’s clients can’t replace as well as newly arrived assets. “One thing that TXOne is providing that no one else offers is OT-centric endpoint protection,” Craig said. “They have technologies that allow the client to protect the environment today, manage the Windows devices out there, the legacy and the newer assets. And what’s going to be implemented.”
The Future State of ICS/OT Cybersecurity
Craig believes that industrial cybersecurity is now in its infancy, both in terms of where it needs to be and where most organizations currently are. But he thinks change is inevitable. “We’re going to see more governance and regulatory oversight. More insurance carriers driving the narrative up to the Board and the C-suite,” he said. “And organizations will begin to mature.”
But he also believes that the industrial side of organizations must and will begin owning the problems. “The process control engineers, the industrial and OT teams, they can’t just wait for IT,” he said. “All the assets on the industrial side are owned by OT. The solution should be as well.”
Learn About TXOne
Learn more about Velta Technology and its suite of services that support TXOne solutions at Velta Technology Solutions.