rolex
SSupported by cloud hosting provider DigitalOcean – Try DigitalOcean now and receive a $200 when you create a new account!

FoxGuard Solutions Delivers Innovative Solutions For Critical Infrastructure Markets

Listen to this article

FoxGuard Solutions offers a complete Patch and Update Management Program covering information technology (IT) and operational technology (OT), including asset identification, analysis, availability reporting, validation and deployment to ensure that customers are secure and compliant.

Below is our recent interview with Michael Trautman, Vice President & Chief Technology Officer at FoxGuard Solutions:

Michael Trautman

Q: Michael, could you provide our readers with a brief introduction to FoxGuard Solutions?

A: Our business was established in 1981 as Comprehensive Computer Solutions (CCS-Inc.) which delivered IT hardware and services to local businesses. FoxGuard Solutions was established in 2009 as a subsidiary to address the cybersecurity and compliance needs of our customers in the energy industry. In 2014, CCS-Inc. merged with FoxGuard Solutions to capitalize on brand recognition built by FoxGuard in target industries. FoxGuard consists of two business units – Cyber Security and Computing. We design, manufacture and integrate innovative computing, cyber security and regulatory compliance solutions used in critical infrastructure markets.

FoxGuard SolutionsRecommended: Mosio Announces The Launch Of Clinicoin, The Largest Cryptocurrency-Based Health And Wellness Community

Q: You’ve recently presented your project for the US Department of Energy Cybersecurity for Energy Delivery Systems program; tell us about it.

A: FoxGuard Solutions, Inc. recently completed a multi-year project to create a safer national power grid by simplifying the process of patching and updating energy delivery control system devices. The solution is the result of a $4.3 million Cooperative Agreement awarded in 2013 from the U.S. Department of Energy’s Cybersecurity for Energy Delivery Systems (CEDS) division.

“This is exactly why FoxGuard Solutions exists and this is where our team excels,” FoxGuard President & CEO, Marty Muscatello, said. “The solution developed comprises several elements that can each stand alone to improve security posture and, when integrated, provide a comprehensive solution to meet energy sector patch and update needs.”

Believing the nation’s security, economic prosperity, and the well-being of its citizens depends on reliable energy infrastructure, the DOE solicited FoxGuard Solution’s expertise to research, develop and demonstrate technology and techniques to identify and verify the integrity of updates and patches for energy delivery systems software, hardware and firmware, while facilitating the deployment of those updates.

Patching and updating equipment and networks for cybersecurity is time intensive and can be risky because updates can stop system processes. Our patch aggregation solution reduces the risk to energy delivery providers. Centralized patching simplifies compliance, resource and scope burdens ensuring that security patches are not overlooked by
delivering them in a timely manner.

The Patch and Update Management Program accommodates third party and legacy components supporting both traditional Information Technology (IT) found in industrial control system environments as well as Operational Technology (OT) devices. Traditionally collecting baseline information (vendor, version, model number) from devices such as programmable logic controllers (PLC’s), relays, remote terminal units (RTU’s) and sensors was completed through the manual curation of the data from plant or substation floor walk downs. Utilizing this program, the end user can collect baseline asset information from Operational Technology (OT) devices in a safe and reliable way that does not impede service. The information collected is stored on premise within the electric utility and the anonymized asset data is shared with FoxGuard’s Asset Analysis Tool; allowing the consolidation and normalization of large amounts of data for patch reporting. Security patches, along with vendor provided hash files, are reported out of the data aggregator service. The most recent product enhancement automates Patch Gap reporting, providing a quick and efficient process to notify end users which security patches need to be installed in order to bring a device completely up to date. Lastly, we built a Validation Training Program for end user utilities modeled after similar successful programs that have been executed for more than ten years for OEM partners.

Q: Tell us more about your cyber security products?

A: Our cyber security offering was born back in 2004 when one of our large customers, who purchased customized industrial computers from us, had asked if we could help them address a malware issue found at one of their international customer’s energy utility sites. They needed a way to deliver validated patches to the site that would deploy in a scripted manner to ensure the system continued to function properly post-installation. We built the required tools and processes, then patched many machines throughout the customer’s infrastructure. While we were at site, we would perform antimalware remediation, system cleanup and hardware upgrades.

As time progressed, technology advanced, systems became more interconnected and the threat level rose. In 2008, the Federal Energy Regulatory Commission issued order 706 which approved mandatory reliability standards for critical infrastructure protection resulting in what became known as the NERC CIP standards. These standards require “certain users, owners and operators of the Bulk-Power systems to comply with specific requirements to safeguard critical cyber assets.” This order required that certain utilities establish a patch management program for “tracking, evaluating, testing and installing applicable cyber security software patches for all cyber assets” within scope. The order also required that these utilities begin to implement other cyber security best practices commonly used in the IT world, but not in the operations (OT) world. We saw an opportunity to address this market need and built out product offerings including patch management, integrated security solutions and security services.

We have built full featured security and compliance programs for several of the largest energy equipment vendors in the world. Through those programs, we have deployed solutions at hundreds of sites in over 30 countries throughout the world. We are also working directly with energy utilities to assist them in building their patch management programs across their infrastructure. We have seen great demand for these solutions in the electric utility market as cyberattacks involving malware such as StuxNet and Shamoon create more awareness and as compliance standards continue to increase the scope of assets that need to be addressed.

We also see the need for patch management and cyber security solution and program development in other critical infrastructure markets and are in research and development mode on those right now.

FoxGuard SolutionsRecommended: Cartika Added New Ability To Migrate Any Environment To Cartika Infrastructure And Managed Services

Q: What industries do you serve?

A: With 36+ years of experience in designing and manufacturing PC-based HMIs for industrial control systems, FoxGuard Solutions is well-versed in the needs of the energy industry (including electricity, fossils, renewables, and nuclear). FoxGuard can minimize vulnerabilities and downtime, as well as aid in maintaining compliance with NERC CIP standards. If needed, FoxGuard can also design solutions integrated with supervisory control and data acquisition (SCADA) software.

We are taking our lessons learned and experience to solve the cyber challenges in other industries such as Building Automation Systems, Oil and Gas, and Manufacturing. We were recently awarded a grant from the Department of Defense to develop a cybersecurity platform for energy management and control systems. The program is targeted at protecting military installations across the world from cyber-attack.

Q: What are your plans for the future?

A: Cyber security is a matter of national security at this time and that won’t change anytime soon considering the growing number of connected devices. We are continuing to work closely with businesses in critical infrastructure to develop products and services to aid with securing their assets and assisting with relevant compliance requirements.

Activate Social Media:
Facebooktwitterredditpinterestlinkedin
,
Mercedes-Benz-EQS