How to Support ICS/OT Professionals: Ceritas’ New Take on Cybersecurity

We’ve talked quite a bit about the complex nature of the microelectronics supply chain and hardware security, so now we’d like to discuss the professionals charged with managing that security – the ICS/OT security professionals who stand watch to protect critical assets underpinning our personal and professional lives.

We’ve found that ICS/OT professionals do not have the resources they need to protect against hardware and firmware threats. These professionals are managing the best they can by primarily using products to monitor network and software security. They have had nowhere to turn to help them identify whether their physical ICS/OT equipment is vulnerable to cyber threats… until now. With Ceritas, technical and security professionals are armed with the information they need to secure their ICS/OT hardware infrastructure.

To illustrate this, let’s consider one product in the Ceritas database – the Lenovo ThinkPad T480. This particular laptop is affected by 12 total vulnerabilities: two related to the BIOS, one in the SMI callback function, and nine related to the Intel i7-8650u processor. To mitigate these 12 vulnerabilities, Ceritas has outlined 4 key mitigation actions required. With the click of a button, a security professional can view the product and its key components, the overall security rating, and the key action steps required to secure the device.

Without Ceritas, ICS/OT security professionals would need to map out the key components across all equipment in their tech stack, then comb through vulnerability alerts to determine which vulnerabilities affect both the end products and components within their tech stack. Next, they would need to assess the overall severity level for each piece of equipment to prioritize action, and then research the specific mitigation steps required. This level of effort is so unrealistic that these professionals have no viable course of action except inaction.

Ceritas solves a key pain point by organizing the equipment inventory and providing a risk rating for every piece of equipment based on known and anticipated vulnerabilities. Now, at a glance, an operator can quickly view equipment requiring action. Ceritas also stays on top of new and emerging threats to deliver the threat information affecting critical hardware and firmware that pertains specifically to that operators’ inventory. If a piece of equipment is high-risk, Ceritas provides the details with mitigation steps.

Ceritas recognizes the urgency of conducting continuous hardware vulnerability management and helps professionals go from the occasional security review to a rapid, always-on audit that can be checked anytime, anywhere.