Download PDF version Contact company

Radiflow, a renowned provider of cyber security solutions for industrial automation networks, announced the launch of CIARA, a major new platform offering Cyber Industrial Automated Risk Analysis (CIARA). The solution helps meet emerging best practice around risk modelling and management using the ISA/IEC 62443 series of standards.

CIARA is the first fully automated tool for assets data collection, data-driven analysis and transparent risk metrics calculation including risk scoring per zone and business process based on business impact. The new platform is a response to the growing digitisation of the production floor (Industry 4.0) that has led to rising tide of cyber threats - while risk assessment processes remain manual tasks that fail to address the full scope of the issue.

Advanced analysis algorithms

CIARA is a next-generation Cyber risk platform intended to support the CISO, Operation manager and other risk stakeholders that act to reduce cyber risk in Industry 4.0 environments using advanced analysis algorithms to automate and manage the entire cyber security risk life cycle.

Threat landscape is changing continuously which means a yearly risk assessment quickly becomes out of date"

The solution adheres to the ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC), which provides framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACSs). In addition, the CIARA reports assist the operators to meet regulations including the EU NIS Directive and elements of NERC CIP Cybersecurity Requirements with additional support for the NIST Cyber Security Framework under development.

Cyber security risks

“Risk assessment is currently a complex and time consuming process that for the most part revolves around spreadsheets and subject matter expertise which is cumbersome and prone to human error,” said Rani Kehat, Radiflow BVP Business Development. “Worse still, the threat landscape is changing continuously which means a yearly or bi-yearly risk assessment quickly becomes out of date - leading to a false sense of security."

"With CIARA, industrial organisations can now perform continuous assessment of their cyber security risks and base cyber security expenditure planning in direct correlation to the potential loss, backed up with quantitative data.”

Digital network models

Yehonatan Kfir, CTO at Radiflow, also highlight the complexity that CIARA helps to overcome, “CIARA automates the process of examining hundreds of the most commonly used security controls, against simulation of hundreds of cyber threat types while modelling against dozens of features for the digital network models including protocols, vulnerability, firmware versions, topology, device type and many others."

CIARA speeds up the risk management process by utilising the structure of ISA/IEC 62443"

"These risk assessments are then factored against common OT risk scenarios including loss of availability, loss of control, damage to property and other. The result is a matrix of potentially tens of thousands of permutations that can’t be analysed by humans while CIARA is able to evaluate it and provide comprehensive reports in a few minutes.”

Threat intelligence feed

CIARA is continually updated with assets data from the field and a threat intelligence feed that is based on multiple sources including the MITRE ATT&CK knowledgebase of adversary capabilities, tactics and techniques.

Ilan Barda, CEO for Radiflow, commented: “For many of our customers that are the new to the area of ICS/SCADA Cyber Security, CIARA dramatically speeds up the risk management process by utilising the methodology and structure of ISA/IEC 62443 – a standard that is likely to become a mandated requirement in the future."

Risk assessment processes

"There is also significant budgetary pressure in the post COVID-19 business environment, and planning capabilities to help better assign scarce resources are another driving force for the adoption of better risk assessment processes,” Barda adds.

CIARA has been BETA tested successfully by several existing Radiflow customers and partners including a top 5 global consultancy firm and is now available for new customers with an easy demo offering.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

Historic Spanish building upgrades security with ASSA ABLOY's SMARTair® wireless access control
Historic Spanish building upgrades security with ASSA ABLOY's SMARTair® wireless access control

Schools present unique challenges for security and access control. But what about a school that is also a heritage site of exceptional value? The Colegio Diocesano Santo Domingo in Orihuela, Spain, is more than just a school. Its historic buildings date to the 1500s, a heritage site as well as a place of learning — with a museum that requires the protection of the same access system. The college buildings are a Resource of Cultural Interest and on Spain’s heritage registry: They must not be damaged. Wire-free electronic locks were the obvious answer.   A wireless solution SMARTair® wireless locking devices now control access through 300 doors around the school. Electronic escutcheons, knob cylinders, and wall readers (including lifts) are connected to intuitive SMARTair software by a network of 38 HUBs. The school chose SMARTair Wireless Online management for their new keyless access system. This powerful management option enables real-time control of access to and around the site, even if the school’s data network is down. Automated emails inform security staff of any incidents, keeping students, teachers, equipment, and precious heritage safe. Real-time key management “The main benefit is the ease of real-time key management — from any place and at any time — via the wireless online management system,” says the school’s IT Manager, Francisco Fernández Soriano. “This increases security for children and for staff because no unauthorised people can enter the school.” In addition to the main entrances and classrooms, access to private spaces is constantly monitored “In addition to the main entrances and classrooms, access to private spaces such as lifts, offices, staff rooms, the church, the museum, the library, and the IT room is constantly monitored.” Scalable modular system Installation of the school’s SMARTair system required minimal work. Some doors date to the 16th century, so major alterations were not possible. “The system was installed without a hitch and also without any disruption to classes,” he adds. Because SMARTair is a modular system, scalability is built in. They can extend or fine-tune their access system when they choose. Indeed, the school’s “SMARTair Phase II” is already under discussion.

Hanwha Techwin America’s Wisenet Q series 4MP cameras safeguard Anaheim Union High School District (AUHSD)
Hanwha Techwin America’s Wisenet Q series 4MP cameras safeguard Anaheim Union High School District (AUHSD)

Hanwha Techwin America, a global supplier of IP and analogue video surveillance solutions, announced that Anaheim Union High School District (AUHSD), one of the largest school districts in California, has strengthened its security infrastructure with a district-wide solution that includes 1,250 Hanwha Techwin Q series cameras across 20 different locations. Anaheim Union High School District Located just outside of Los Angeles, AUHSD is a public-school district serving portions of the Orange County cities of Anaheim, Buena Park, Cypress, La Palma and Stanton and has an estimated 2,900 employees in 20 different facilities. In total, it serves approximately 29,000 students from grades 7 to 12. Despite its size and expanse, the district was lacking a robust security camera system that could allow administrators to monitor or document incidents on campus. “Other than a few sites with some DVR-based systems, we did not have any security cameras,” explained Erik Greenwood, Chief Technology Officer for AUHSD. IP security cameras installed AUHSD decided to strengthen its security infrastructure with a district-wide solution Additionally, as the district continued to grow, so did the seriousness of some of its security issues. After several security incidents and school shootings at other campuses across the U.S., the district faced mounting concerns from the community. AUHSD decided to strengthen its security infrastructure with a district-wide solution that would include IP security cameras at its centre. AUHSD officials collaborated with school principals, administrative staff, and local police departments to identify key areas where cameras should be placed, such as gathering points for students and the buildings’ main entrances and exits, as well as what specifications the system should have to produce viable footage for law enforcement. Wisenet Q series 4MP cameras The district brought on CA-based integrator, HCI Systems Inc., which recommended Hanwha Techwin’s QNV-7080R 4MP Network IR Vandal-Resistant Cameras. The Wisenet Q series 4MP cameras enable high-resolution monitoring with clear images, and the innovative hallway view feature maximises the area of surveillance in narrow locations, such as school corridors. In addition, these Q series cameras are equipped with IR function, enabling clear, sharp images in dimly lit environments and during the night. Robust set of technical specifications According to Greenwood, the Hanwha cameras were chosen as the key part of the system for several reasons. He said, “We had a very robust set of technical specifications in our RFP, and the image quality, frame rate and light specifications of the Hanwha cameras matched our requirements.” In addition to their rich feature set, the Hanwha camera configuration presented a streamlined solution. Greenwood further stated, “We didn't have a large quantity of different camera models which meant we didn’t need to keep stock of all sorts of lenses and other accessories. The committee liked that approach from a troubleshooting and ongoing maintenance standpoint.” Vandal resistance  The vandal-resistant features of the Hanwha cameras were also a big factor in their decision process The vandal-resistant features of the Hanwha cameras were also a big factor in their decision process since the camera domes can easily be cleaned or swapped without having to replace the entire camera. The Hanwha cameras were installed throughout the district in entrances, exits, exterior restroom doors, staff work areas and in general meeting areas. They are helping the district keep eyes on campus vandalism, graffiti, any other potential threats and, in some cases, even monitoring certain personnel issues, such as inappropriate use of school equipment. Campus surveillance When an incident is reported, administrators can quickly access and review the security footage to see what happened. In all, Greenwood said, “It's been a great project that involved everyone and the new cameras have some great qualities.” Now that the installation is complete, AUHSD is taking a closer look to see where there may still be some blind spots and exploring where they might benefit from potential expansion.

Wire-free, mobile first and data rich? The future of access control is within almost anyone’s reach
Wire-free, mobile first and data rich? The future of access control is within almost anyone’s reach

The 2020s will be a wireless decade in access control, says Russell Wagstaff from ASSA ABLOY Opening Solutions EMEA. He examines the trends data, and looks beyond mobile keys to brand new security roles for the smartphone. The benefits of wire-free electronic access control are well rehearsed. They are also more relevant than ever. A wireless solution gives facility managers deeper, more flexible control over who should have access, where and when, because installing, operating and integrating them is easier and less expensive than wiring more doors. Battery powered locks Many procurement teams are now aware of these cost advantages, but perhaps not their scale. Research for an ASSA ABLOY Opening Solutions (AAOS) benchmarking exercise found installation stage to be the largest contributor to cost reduction. Comparing a typical installation of battery-powered Aperio locks versus wired locks at the same scale, the research projected an 80% saving in installers’ labour costs for customers who go cable-free. Battery powered locks all consume much less energy than traditional wired locks Operating costs are also lower for wireless: Battery powered locks all consume much less energy than traditional wired locks, which normally work via magnets connected permanently to electricity. Wireless locks only ‘wake up’ when presented with a credential for which they must make an access decision. AAOS estimated a 70% saving in energy use over a comparable lock’s lifetime. Find out more about wireless access control at ASSA ABLOY's upcoming 29th June webinar Deploying wireless locks In short, every time a business chooses a wireless lock rather than a wired door, they benefit from both installation and operating cost savings. A recent report from IFSEC Global, AAOS and Omdia reveals the extent to which the advantages of wireless are cutting through. Responses to a large survey of security professionals — end-users, installers, integrators and consultants serving large corporations and small- to medium-sized organisations in education, healthcare, industrial, commercial, infrastructure, retail, banking and other sectors — suggest almost four locations in ten (38%) have now deployed wireless locks as a part or the whole of their access solution. The corresponding data point from AAOS’s 2014 Report was 23%. Electronic access control Electronic access control is less dependent than ever on cabling Without doubt, electronic access control is less dependent than ever on cabling: Even after a year when many investments have been deferred or curtailed, the data reveals fast-growing adoption of wireless locks, technologies and systems. Is mobile access control — based on digital credentials or ‘virtual keys’ stored on a smartphone — an ideal security technology for this wire-free future? In fact, the same report finds mobile access is growing fast right now. Among those surveyed, 26% of end-users already offer mobile compatibility; 39% plan to roll out mobile access within two years. Before the mid-2020s, around two-thirds of access systems will employ the smartphone in some way. The smartphone is also convenient for gathering system insights Driving rapid adoption What is driving such rapid adoption? The convenience benefits for everyday users are obvious — witness the mobile boom in banking and payments, travel or event ticketing, transport, food delivery and countless more areas of modern life. Access control is a natural fit. If you have your phone, you are already carrying your keys: What could be easier? IBM forecasts that 1.87 billion people globally will be mobile workers by 2022 Less often discussed are the ways mobile management makes life easier for facility and security managers, too. Among those polled for the new Wireless Access Control Report, almost half (47%) agreed that ‘Mobile was more flexible than physical credentials, and 36% believe that mobile credentials make it easier to upgrade employee access rights at any time.’ IBM forecasts that 1.87 billion people globally will be mobile workers by 2022. Workers in every impacted sector require solutions which can get the job done from anywhere: Access management via smartphone offers this. Site management device The smartphone is also convenient for gathering system insights. For example, one new reporting and analytics tool for CLIQ key-based access control systems uses an app to collect, visualise and evaluate access data. Security system data could contribute to business success. The app’s clear, visual layout helps managers to instantly spot relevant trends, anomalies or patterns. It’s simple to export, to share insights across the business. Reinvented for learning — not just as a ‘key’ or site management device — the phone will help businesses make smarter, data-informed decisions. The smartphone will also play a major role in security — and everything else — for an exciting new generation of smart buildings. These buildings will derive their intelligence from interoperability. Over 90% of the report’s survey respondents highlighted the importance of integration across building functions including access control, CCTV, alarm and visitor management systems. Genuinely seamless integration They offer greater peace of mind than proprietary solutions which ‘lock you in’ for the long term Yet in practice, stumbling blocks remain on the road to deeper, genuinely seamless integration. More than a quarter of those polled felt held back by a lack of solutions developed to open standards. ‘Open standards are key for the momentum behind the shift towards system integration,’ notes the Report. As well as being more flexible, open solutions are better futureproofed. Shared standards ensure investments can be made today with confidence that hardware and firmware may be built on seamlessly in the future. They offer greater peace of mind than proprietary solutions which ‘lock you in’ for the long term. Open solutions and mobile management are critical to achieving the goals which end-users in every vertical are chasing: scalability, flexibility, sustainability, cost-efficiency and convenience.