Rockwell invests in cybersecurity for industrial environments

Industrial IoT platform connects OT and IT data, and enables visibility, transparency, and collaboration
Sheila Zabeu -

October 28, 2023

Rockwell Automation, the industrial automation and digital transformation company, has signed a definitive agreement to acquire Verve Industrial, which provides cybersecurity software specifically for industrial environments. The transaction will help expand Rockwell’s offerings with an asset inventory system and a vulnerability management solution.

The Verve Security Center platform makes it possible to carry out real-time inventories of industrial assets, regardless of their manufacturer, identify vulnerabilities and mitigate risks. It was developed to provide security for Information Technology (IT) environments and, at the same time, meet the specific challenges of OT (Operational Technology) installations. It should thus enhance Rockwell’s current offerings in terms of protecting industrial environments.

Verve’s proprietary approach communicates directly with assets, gathering critical information without impacting network performance or interrupting production lines. It then aggregates a wide variety of data sources, including Rockwell partner technologies, into its platform as a “single dashboard” that provides actionable insights so that the highest risk assets can be addressed quickly.

“Our platform has helped customers eliminate thousands of vulnerabilities, and is an important addition to Rockwell’s OT cybersecurity solutions, providing practical intelligence to quickly mitigate cybersecurity risks so that manufacturing facilities can remain up and running,” says John Livingston, CEO of Verve Industrial.

According to the two companies, Verve’s professional services also provide ongoing remediation, along with a strategic roadmap and business case development, further deepening Rockwell’s cybersecurity consulting capabilities. In the future, customers will benefit from capabilities that cover the full range of attacks and from the combined expertise of Verve, Rockwell and Rockwell’s technology partnerships.

The acquisition is subject to customary approvals and is expected to close in the first quarter of Rockwell’s 2024 fiscal year. At the end of the process, Verve will report to Rockwell’s Lifecycle Services segment.

Safety in industrial environments

A recent Rockwell Automation report revealed that attacks on operational technologies (OT) and industrial control systems (ICS) are on the rise, with 60% of the incidents studied resulting in downtime and 40% ending in unauthorized access or data exposure.

The deterioration in cybersecurity is mainly due to the fact that hardware and software are being added to legacy equipment in factories, making it difficult to manage and protect assets in an attack surface that is growing proportionally, increasing the risks of cyberattacks. In addition, the sector faces a significant shortage of resources and talent needed to implement and manage OT cybersecurity programs.

According to the report, in 2022, there was a 2,000% increase in adversary reconnaissance targeting the commonly used Modbus/TCP 502 port, which can give hackers control over physical equipment and disrupt OT operations. It is likely that this growth is not only due to attacks, but also because there are better detection tools and resources available to identify cybersecurity incidents, the study points out. In more than half of TO/ICS incidents, the targets are SCADA systems, with Programmable Logic Controllers (PLCs) being the second most common target. PLCs are industrial computers used to control different electromechanical processes. Broader supply chains were also affected around 65% of the time.

More than 80% of events began due to the compromise of an IT system. With increasing levels of interconnectivity, more OT networks are communicating with the outside world via an IT network, increasing attack surfaces.

In addition, more than 80% of attackers come from outside organizations. So-called “insiders” play an “indirect” role in more than a third of incidents. And this indirect role is played mainly by becoming victims of phishing attacks. Almost 60% of the attackers cited in the study come from groups affiliated with nation states. The most common motives reported are political or financial.

The energy sector recorded three times as many incidents as the second hardest-hit vertical. Although it is a highly sought-after target because of the better chances of ransomware payments, power plants, substations and energy infrastructures are also outdated, without modern security controls.