The Future of Securing Intelligent Electronic Devices Using the IEC 62351-7 Standard for Monitoring

The presentation discusses the importance of the standard 62351 in ensuring the cybersecurity of smart grids and critical infrastructure. The standard focuses on monitoring and encryption to detect potential attacks and ensure the health status of the network.

• Smart grids allow end-users to be active participants in the network, but pose technical and cybersecurity challenges.
• The standard 62351, particularly part 7, focuses on monitoring and encryption to ensure the cybersecurity of smart grids and critical infrastructure.
• The standard recommends automation vendors to build equipment that provides health indicators about the status of all components in the network.
• The standard allows for active monitoring by design, with the technology ready to receive queries and questions about the network's status.
• Real applications of the standard already exist, and many automation vendors are adopting it.
• Feedback on the presentation is appreciated.

The speaker shares their experience of working in an oil and gas company where they did not allow anyone to install active technology inside the network due to the technology not being designed for active polling. However, the standard 62351 allows for active monitoring by design, making it easier to detect potential attacks and ensure the health status of the network.

Until recently, passive monitoring has been the standard approach for OT networks because of the critical processes these networks support. However, as industrial organizations embrace Industry 4.0 and with the increasing convergence of IT and OT, industrial infrastructure is now exposed to new advanced threats coming from the external perimeter. Addressing this requires OT security solutions that are more effective and efficient. Today there is a better understanding of OT devices and protocols and the availability of dedicated security monitoring protocols. Standards like IEC 62351 define network and system management data object models that can be used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure.This makes it possible for industrial security systems to increase their environment awareness by introducing an active interaction with the devices deployed inside the network. This new approach opens an unprecedented number of detection scenarios not possible before, increasing the detection rate, providing better visibility during an incident and offering a cost-effective solution for distributed scenarios. In this session, Nozomi Networks Co-founder and CPO Andrea Carcano and security researchers from Nozomi Networks Labs will present a live coverage analysis of detecting threats with IEC 62351 and SNMP.