Rockwell Automation bolsters cybersecurity arsenal with acquisition of Verve Industrial Protection
Leading into its Automation Fair event in Boston, Rockwell Automation has signed a definitive agreement to acquire Verve Industrial Protection, a cybersecurity software and services company that focuses specifically on industrial environments.
Attacks against operational technology (OT) and industrial control systems (ICSs) are on the rise, with 60% of the incidents resulting in operational disruption, according to a research report, āCybersecurity Incidents in Industrial Operations,ā conducted by Rockwell Automation and the Cyentia Institute. The study analyzed more than 100 cybersecurity incidents in industrial environments.
As companies add hardware and software to legacy equipment, attack surfaces expand, increasing opportunities for cyber attacks. The Verve Security Center platform is designed to enable real-time asset inventory, vulnerability management and risk remediation that could strengthen Rockwellās current offerings and address these issues.
āThe foundation of OT cybersecurity starts with visibility into assets,ā says Matt Fordenwalt, Rockwellās senior vice president, lifecycle services. āYou canāt protect what you donāt know you have. This continues to be a critical challenge for manufacturers. With the Verve acquisition, our customers can quickly assess their assets, prioritize risk and apply countermeasures to mitigate vulnerabilities, all within a single platform. The addition of Verve to our suite of solutions allows customers to further build resiliency and continuously improve the security, safety and availability of their operations.ā
So, where does Verve fit into the extensive portfolio already amassed by Rockwell Automation?
āRockwell already has FactoryTalk AssetCentre, which is an inventory software that manages assets and asset updates,ā explains Tobey Strauch, an independent principal industrial controls engineer in Fremont, California. āPerhaps they have plans of developing that further. Rockwell also owns Maverick, but that does not mean that Maverick must install Rockwell programmable logic controllers (PLCs). Recently Rockwell has acquired some data-center type companies and cloud-computing companies.ā
Verveās skill set includes network hardening and understanding the threat development in the operational-technology (OT) realm, continues Strauch. āMy assumption is that Rockwell wants to be able to offer that skill set to its already broad customer base,ā she notes. āPlantPAx was introduced in 2008. Picture 15 years of customers in a broader scope than just PLCs, and they have a concern for cybersecurity.ā
There are also government guidelines and regulations, Strauch points out. āRockwell has products supporting water and energy, which means they must be accountable to National Institute of Standards and Technology (NIST) changes and government demands,ā she explains. āCybersecurity has a legal aspect that OT people are not accustomed to. Companies do get charged for breaches.ā When a breach occurs based on a manufacturerās card, it could be held liable.
The Verve Security Center platform was built to provide IT-level security while addressing the unique challenges of the OT environment. At the center of the Verve platform is an asset inventory system that recognizes all industrial assets, regardless of manufacturer. Verveās proprietary approach communicates directly with the assets, gathering critical information without impacting network performance and interrupting production. It then aggregates a wide range of data sources, including Rockwellās partner technologies, into its platform to provide actionable insight for customers to address the highest risk assets.
Over three decades, Owens has cautioned companies against allowing acquisitions to divert focus from the core needs of critical infrastructure cybersecurity. "In my experience, agility is key," he stresses. "The acquisition must not hinder Verve's swift innovation in addressing emerging cybersecurity challenges. Clear communication is paramount. Rockwell and Verve must commit to ongoing support, innovation and addressing specific challenges in critical infrastructure."
Verve professional services also provide ongoing remediation, along with strategic roadmap and business case development, which could further deepen Rockwellās cybersecurity consulting capabilities.
āWe are excited about the opportunity to join Rockwell, the leader in industrial automation and digital transformation, to further secure manufacturersā assets around the world,ā says John Livingston, CEO of Verve Industrial. āOur platform has helped clients mitigate thousands of vulnerabilities and is an important addition to Rockwellās OT cybersecurity solutions, providing actionable intelligence to quickly mitigate cybersecurity risks, so that manufacturing facilities can stay up and running.ā