Cyber Security Technology Institute (CSTI) of the Institute for Information Industry Wins "R&D 100 Awards”

Caption: The Cyber Security Technology Institute (CSTI) of the Institute for Information Industry (III) developed "ICSentry Industrial Control Information Security and Threat Analysis Platform", which receives the "R&D 100 Awards”. Pictured are Po-Jen Hsiao, III Executive Vice President (4th from the left), Karen Ho, Director of the Cyber Security Technology Institute (4th from the right), Chang Wen-Tsun, Technical Director of the Cyber Security Technology Institute, (2nd from the right), Huang Ting-Chieh, Group Leader of the Cyber Security Technology Institute (3rd from the left), along with the team members.


Caption: The Cyber Security Technology Institute (CSTI) of the Institute for Information Industry (III) developed "ICSentry Industrial Control Information Security and Threat Analysis Platform" to assist industries in addressing information security risks related to Operational Technology (OT). This system can be deployed in various environments, providing assistance with essential functionalities that the manufacturing industry needs the most, including anomaly behavior monitoring, threat attack detection, and penetration testing, etc.

In recent years, cybersecurity incidents in the manufacturing industry have gradually replaced those in the financial sector as the primary target for hackers to launch attacks and ask for ransom. With the support of the Administration for Digital Industries of the Ministry of Digital Affairs, the Cyber Security Technology Institute(CSTI) of the Institute for Information Industry has developed an internet multi-layered intrusion detection solution specifically designed for industrial control environments and production lines. This solution aims to identify malicious activities and suspicious traffic patterns without compromising the stability and security of production lines. With a focus on the industrial control field, the Institute's cybersecurity technology helps industries mitigate the evolving risks of attacks arising from digitalization, safeguarding critical assets from harm.

With the widespread integration of Information Technology (IT) and Operational Technology (OT) infrastructures, the old settings where the OT system was physically isolated from the environment no longer exist. This integration makes the current settings more susceptible to threats from viruses, worms, trojans, and other malicious software. According to the annual IBM cybersecurity report "X-Force Threat Intelligence Index," the global manufacturing industry has consecutively become the most targeted sector for ransomware attacks for two years. Particularly in Asia, almost half of all reported cyber-attacks have specifically targeted the manufacturing industry, making it a favored target among hackers.

The "ICSentry Industrial Control Information Security and Threat Analysis Platform" Boasts Four Key Features to Identify Malicious Activities within Industrial Control Systems.
Director of the Cyber Security Technology Institute (CSTI), Karen Ho, pointed out that in the past, the manufacturing industry mostly relied on existing IT solutions to address the security issues of industrial control systems. However, there are differences in the aspects of software and hardware architecture protocols, communication protocols, and priority handling between Internet Technology (IT) and Operational Technology (OT). Even with the gradual adoption of more standardized architectures, the effectiveness of defense measures remains limited.

To assist industries in addressing Operational Technology (OT) information security risks, the Cyber Security Technology Institute (CSTI)
leverages years of accumulated information security experience in the field of industrial control systems and has independently developed the "ICSentry Industrial Control Information Security and Threat Analysis Platform." This platform is equipped with essential functionalities such as anomaly behavior monitoring, threat attack detection, penetration testing, etc., which address the specific needs of the manufacturing industry without compromising the stability and security of production lines.

"ICSentry Industrial Control Information Security and Threat Analysis Platform”employs AI analysis technology to provide a comprehensive cybersecurity solution, featuring four key characteristics:

Feature One: Asset Inventory, Ensuring Site Visibility
Addressing the need for Operational Technology (OT) site visibility, the platform adopts the widely accepted Purdue reference model. It performs deep packet inspection to accurately identify device information and present the network topology of the site. Subsequently, it analyzes vulnerabilities and potential threats in production lines based on both IT and OT workflows.

Feature Two: Threat Detection, Identifying Unauthorized Connections
The operation and technical support of Industrial Control Systems (ICS) typically involve remote access. By recognizing various ICS network architectures and employing black and white-listing techniques, the platform detects whether there are unauthorized connections or malicious activities within the system.

Feature Three: Long-Term Monitoring, Providing Real-Time Risk Alerts
Utilizing AI-assisted anomaly traffic analysis technology, the platform automatically establishes a model of normal behavior for production lines. It conducts long-term monitoring and provides real-time interpretation and alerts for specified features exhibiting abnormal behavior.

Feature Four: Penetration Testing, Simulating and Drilling on Intrusion Activities
As global emphasis on cybersecurity requirements continues to grow, the platform can also cater to the demands of the industry's supply chain. By employing intrusion attack simulation techniques to launch red team attack exercises, the platform can not only identify potential threats but also assist organizations in refining cybersecurity strategies, thereby enhancing overall defense capabilities.

Self-developed Information Security Technology Received International Recognition
During the development stage, "ICSentry Industrial Control Information Security and Threat Analysis Platform” participated in the MITRE ATT&CK for ICS international evaluation of industrial control system security products in 2021. The platform achieved outstanding results in aspect such as precise alerting rates, attack behavior detection, network visibility, etc. It competed alongside well-known companies such as Microsoft and Israel's Claroty. This year, the platform once again received recognition for its exceptional performance and was honored with the prestigious global technology award, the "R&D 100 Awards”, which is often referred to as the Oscars of the research and development industry.

The Institute for Information Industry (III) stated, "Technology drives the rapid development of the digital world, making information security extremely crucial. III's goal has always been to develop innovative solutions to help businesses cope with constantly evolving threats. 'ICSentry Industrial Control Information Security and Threat Analysis Platform' has been selected as one of the top 100 research and development technologies that offer innovative solutions to significant social and economic challenges, which properly demonstrates the research and innovation capabilities of our country in the information security technology field of industrial control systems."

Join Hands with Industry Partners to Create Information Security Protective Covers for Industrial control Systems
In addition to continuously advancing detection and prevention technologies, the team of "ICSentry Industrial Control Information Security and Threat Analysis Platform” actively collaborates with manufacturing industries, automation sectors, and cybersecurity companies to develop various functionality integrated information security solutions for industrial control systems through technology transfer. Examples include the Smart Factory Information Security Monitoring Command System, Cybersecurity Management Platform Integrated with Industrial Control Analysis, Operational Technology (OT) Information Security Protection Value-Added Solutions, and Industrial Control AI Threat Detection Augmentation Modules. These collaborative efforts aim to strengthen risk isolation controls, enhance asset threat visibility, and provide real-time protection for critical equipment, addressing various cybersecurity needs.

"ICSentry Industrial Control Information Security and Threat Analysis Platform”is also deployed at the Digital Industry Bureau's Sha-lun Cybersecurity Service Base and the laboratory of Cyber Security Technology Institute (CSTI) for scenario-based attack and defense demonstrations. With the domestic self-developed information security technology capabilities in the industrial control field, the platform team assists and empowers various industries to cope with the increasingly complex network environment and effectively improve the overall information security resilience.
 
【Media Contact】
Cyber Security Technology Institute (CSTI)
Cecilia Wang Tel: (02) 6607-8990 ceciliawang@iii.org.tw
Center for Marketing Strategy (III)
Joy Yen Tel: (02) 6631-8635 joyyen@iii.org.tw
Ying Shen Tel: (02) 6631-8643 yingshen@iii.org.tw
Ester Huang Tel: (02) 6631-8641 estherhuang@iii.org.tw