Rockwell Automation bolsters cybersecurity arsenal with acquisition of Verve Industrial Protection

Remember that Rockwell Automation is a technology company and only makes PLCs as part of an umbrella that supports manufacturing systems, notes Strauch. “Rockwell also has a manufacturing execution system (MES), supervisory control and data acquisition (SCADA) and other technologies, as well as partnerships with Cisco that mean they must be concerned with the security aspect of their customers’ worlds,” she explains. “PlantPAx made Rockwell a distributed-control-system (DCS) provider, which means the scope of its reach is past the machine.”

Verve’s skill set includes network hardening and understanding the threat development in the operational-technology (OT) realm, continues Strauch. “My assumption is that Rockwell wants to be able to offer that skill set to its already broad customer base,” she notes. “PlantPAx was introduced in 2008. Picture 15 years of customers in a broader scope than just PLCs, and they have a concern for cybersecurity.”

There are also government guidelines and regulations, Strauch points out. “Rockwell has products supporting water and energy, which means they must be accountable to National Institute of Standards and Technology (NIST) changes and government demands,” she explains. “Cybersecurity has a legal aspect that OT people are not accustomed to. Companies do get charged for breaches.” When a breach occurs based on a manufacturer’s card, it could be held liable.

The Verve Security Center platform was built to provide IT-level security while addressing the unique challenges of the OT environment. At the center of the Verve platform is an asset inventory system that recognizes all industrial assets, regardless of manufacturer. Verve’s proprietary approach communicates directly with the assets, gathering critical information without impacting network performance and interrupting production. It then aggregates a wide range of data sources, including Rockwell’s partner technologies, into its platform to provide actionable insight for customers to address the highest risk assets.

“With three decades in the field, I know that seamless integration is paramount to avoid disruptions to critical system security," notes Kevin Owens, CEO of CyberStorm Defense in the northwestern United States. Prior to founding CyberStorm Defense, Owens was senior research engineer at Schweitzer Engineering Laboratories in Spokane, Washington, where he worked after spending more than 10 years as engineering leader for the U.S. Department of Defense.

Over three decades, Owens has cautioned companies against allowing acquisitions to divert focus from the core needs of critical infrastructure cybersecurity. "In my experience, agility is key," he stresses. "The acquisition must not hinder Verve's swift innovation in addressing emerging cybersecurity challenges. Clear communication is paramount. Rockwell and Verve must commit to ongoing support, innovation and addressing specific challenges in critical infrastructure."

Verve professional services also provide ongoing remediation, along with strategic roadmap and business case development, which could further deepen Rockwell’s cybersecurity consulting capabilities.

“We are excited about the opportunity to join Rockwell, the leader in industrial automation and digital transformation, to further secure manufacturers’ assets around the world,” says John Livingston, CEO of Verve Industrial. “Our platform has helped clients mitigate thousands of vulnerabilities and is an important addition to Rockwell’s OT cybersecurity solutions, providing actionable intelligence to quickly mitigate cybersecurity risks, so that manufacturing facilities can stay up and running.”