As part of our ongoing series of executive interviews for the 2021 ARC Industry Forum, we sat down with aDolus CEO and industry cybersecurity luminary Eric Byres to talk about some of the most pressing problems facing end-users in industrial cybersecurity. Eric was the inventor of the Tofino security appliance, which was the first firewall specifically designed for industrial applications. Eric's current company aDolus tackles a different but no less vexing problem, the vulnerability of industrial systems to supply chain hacks through malware-laden updates and patches similar to what we saw with the SolarWinds attack.
Industry Faces Unique Challenges Preventing Supply Chain Attacks
Industrial applications face some unique challenges when it comes to supply chain attacks. As we saw with the SolarWinds campaign, which has now grown to ensnare several major government agencies and many other private enterprises, the integrity and security of software updates, patches, and other software “components” is critical. Industrial users need a way to validate patches, software and firmware updates, and other software components. The world of industrial automation and critical infrastructure includes thousands of products at the OT level, from hundreds of suppliers, all with various revision levels, all on various operating systems. The influx of standard IT technology into the operating environment only compounds the issue. Today we can add into the mix new generations of industrial edge computing devices, wireless hardware, routers, and switches, as well as industrial IoT platforms and cloud computing platforms, all deployed in environments where uptime is critical, where even one incidence of unplanned downtime can endanger human life or result in significant financial losses.
Given the scope and complexity of this challenge, it makes sense to eliminate the work required to validate and ensure that software components are from a trustworthy source and don’t contain any malicious code, hidden vulnerabilities, instability issues, counterfeit firmware versions, or other potential risks. It would be great to have libraries of known and trusted software components so you can compare the ones that you have to the known trustworthy versions. End users also need a way to break down these libraries so they can have more transparency into who built specific pieces to create a “Software Bill of Materials.” This is exactly what aDolus is doing.
The aDolus FACT Solution
The aDolus FACT solution looks at a wide range of files used in industrial systems and compares them against known good fingerprints (you can find out a lot more at the website) to determine the level of associated risk. In this interview, we ask Eric what aDolus is hearing from their customers about key cybersecurity challenges, how users are driving the convergence of IT and OT cybersecurity organizations, and what aDolus is doing to automate many of the key tasks that must be done to improve the security of industrial systems. You can access the main Forum page with registration and agenda information here if you want to register and view the sessions.