Rockwell Set to Acquire Avnet Data Security in Bid for Systemic IIoT CybersecurityJanuary 13, 2020 by Kate Smith
With cybersecurity a major talking point across the news, Rockwell Automation cements a deal to acquire an ICS- and SCADA-heavy security firm.
This week, Rockwell Automation announced that it was acquiring a cybersecurity company, Avnet Cyber and Information Security.
In the company's press release, Rockwell stated that one of the major motivators for this move has been the fact that "legacy physical security strategies are no longer enough to protect production operations." This blunt statement highlights the growing divide between brownfield and greenfield facilities in terms of connectivity and, of course, the closely-related concept of cyber resilience.
What is Avnet?
For those of you with an electrical engineering background and/or a familiarity with that space, it's important to note that this Avnet is a different entity from Avnet, the US-based electronic components distributor. Avnet Cyber and Information Security is an Israeli-based company founded in 1995 with a focus on creating security infrastructure, active security monitoring, and even cyber-attack simulation. The simulations Avnet organizes are designed to test companies' extent security systems through various mock attacks carried out by Avnet's white hat "red team" (a term associated with the aggressors in hacking exercises), not dissimilar from NERC's GridEx power grid security exercises.
So how has Avnet addressed IIoT issues?
What likely interested Rockwell in the company to begin with was their "SCADA and ICS Division" which focuses on securing the eponymous industrial control systems and infrastructure facilities.
A representation of some of Avnet's major industrial sectors: (top to bottom) oil and gas, manufacturing, electric power, and chemical. Images (modified) used courtesy of Avnet Cyber Information and Security
From oil and gas to electric grid power to manufacturing, Avnet has spent 10 years developing security solutions for the industrial space. According to the division's page, their focus has been on securing "SCADA, DCS, EMS, and process control system environments" through a combination of "penetration testing, real-time SCADA / automation systems, and telemetry."
Rockwell refers to Avnet as being a leader in IT/OT or information technology/operational technology. The difference between IT and OT is generally that information technology addresses purely informational data such as communications systems while operational technology is associated with systems that actively control physical processes. These two concepts can be blurred in the industrial space, where most informational systems ultimately serve the purpose of controlling valves, pumps, machinery, or other physical devices.
Arguably, however, grasping the combined role of IT and OT is key to understanding the challenges of security in an industrial setting.
It's increasingly clear that the most prominent companies in the industrial space are investing ever-more millions of dollars into cybersecurity. Security-centric features are ever-more commonplace in the very hardware placed into facilities, such as Honeywell's ControlEdge PLCs.
This could represent an increased demand for security tools from plant managers, control engineers, or government officials. But, whether it's become a focus for a particular plant or not, security is making its way to the forefront of industry through the leaders in the field.
Do you think security should start with the engineers on the ground? Or do you believe it's appropriate that Rockwell, Honeywell, Emerson, and other leaders pave the way first?