Interview with Yishai Shafran, Manager of The Cyber Defense Department at Yanai Engineering
Yishai Shafran is the Manager of the Cyber Defense Department at Yanai Engineering in Israel. His team is responsible for the cybersecurity protection of the company’s industrial enterprise customers
TDE: Thank you so much for taking our questions! Tell us a little about your business and your specific role.
Yishai Shafran: Yanai Engineering is the largest and oldest company in Israel in the field of designing complex electrical systems. The company has been in operation since the 1950s. Our firm has designed and participated in the construction of hundreds of industrial projects across many sectors in Israel and internationally, including power plants, substations, desalination and water treatment plants, renewable energy plants and oil refineries. I manage the company’s cyber defense department. The role of the department is to protect our clients’ industrial systems as they introduce the modern industry 4.0 solutions.
TDE: When did you first realize that you had an issue that needed a digital solution? What was the nature of the problem you set out to solve?
Yishai Shafran: Yanai has been working for several years with its customers on the implementation of modern industrial automation solutions to increase their operational efficiency. We found that most industrial operators find it difficult to manage the cyber-protection of their OT networks as it requires a unique skill set combining expertise in both cybersecurity and operational engineering. Consequently, we decided to setup a cyber-defense department within Yanai to address this challenge in a unique and innovative way.
TDE: What were the challenges you faced at the time as you began the process of evaluating solutions?
Yishai Shafran: Cyber-protecting SCADA systems on OT networks is inherently problematic as the control equipment, controllers and communication protocols were not designed with cybersecurity in mind. Many types of cyberattacks that are no longer relevant to IT networks still threaten OT networks. Most currently-used PLCs do not require a password to connect to the network and do not keep log files. And while penetrating an OT network is somewhat more difficult today because of perimeter IT defenses placed on external connections, once the OT network has been breached it is actually easier for the attacker to execute the attack than it would be in an IT network. Since industrial operators do not want to install active security measures in their real-time networks, most generally use primarily simple and passive methods, such as hardening and implementation of policies However, we quickly realized that OT networks require a real-time monitoring system that can provide early detection so that attacks are blocked right after the network has been breached, but before the attack propagates or any damage is done. Still, many of our customers, while aware of the need for a real-time monitoring system, were citing the difficulty to implement and operate them due to the lack of expertise in both SCADA-specific cybersecurity and in the engineering aspect of the facility and end-equipment.
TDE: What did the final solution look like and what were the broad benefits that it delivered?
Yishai Shafran: After a while, we identified the optimal solution: setting up an external managed SOC service for monitoring customers’ network activity. Remote operation centers have been around for years in the IT field. However none were available for OT/SCADA because operators lacked the required network monitoring equipment and know-how and, therefore, had no logs that could be decoded at the external centers. At the same time, operators are concerned about connecting their critical installations to an external control center, fearing that it will expose them to attacks. We at Yanai solved both challenges by setting up a unique SOC that includes the cybersecurity monitoring products with expert resources and methodologies. This enabled us to adapt a multilayer approach.
One of the main components of our SOC is the threat detection system by Radiflow, a leader in the industrial cybersecurity field, which has already detected several attacks in real-time. Besides, Radiflow tool, we have also implemented a product by Aperio that detects counterfeit data received from thousands of sensors in a typical SCADA facility. This multilayer solution increases the efficiency of our system detecting anomalies in orthogonal views and correlating events to pinpoint the source of the anomaly. In addition, we came up with a unique method of transferring data traffic from customers’ networks in a secure, physically unidirectional way, so that the customer’s network could not be breached over that line of communication. The customer does not need to purchase and implement the tools in its perimeter. Here too, Radiflow’s unique smart probes are used at the customers’ facilities to transfer the data, while filtering and compressing the data to minimize for bandwidth restrictions and prevent network overload. The success of our SOC took even us by surprise! Soon we had numerous customers joining in, realizing that they were finally able to monitor their SCADA systems the same way they monitored their IT networks.
The benefits for the customers were clear: powerful, innovative protection for their OT network, instantly operational, without the need for any investment or implementation of complex products. In many cases, our SOC monitoring service also revealed vulnerabilities in our customers’ OT networks, which provided management the full network visibility they needed to design a comprehensive, step-by-step defense roadmap with the assurance that their network is constantly monitored and secure.
TDE: What were some of the key elements that were responsible for the project’s success? What processes have you found useful for implementing digital technologies?
Yishai Shafran: One of the key factors in the success of the project was Yanai’s familiarity with the customers’ industrial facilities. Their trust in our professionalism helped us acquire our first strategic customers, which in turn brought in new customers that had nothing to do with our traditional engineering services.
In the end, the success of any project boils down to communication.
It is important for our cyber professionals to be able to communicate with the engineers on the customer side and be willing to adapt their outlook accordingly. Another key factor is choosing the right technology partners integrated into our SOC. It was important to us to find partners such as Radiflow who believed in the project and were willing to go the extra mile to fine-tune the initial design for it to succeed.
TDE: What’s next for you on your digital roadmap?
Yishai Shafran: We are currently developing methodologies for dealing with a new breed of attacks that are based on extensive knowledge of engineering, where engineers are part of the attacker team. These attacks hardly create any anomalies, so any damage seems to be caused legitimately. As an example, one of the areas we have been focusing on large transformers used for power transmission and distribution, as well as power-plant transformers. We are also working with Radiflow to optimize the alerting algorithms by incorporating the business logic priorities into the cybersecurity system.
TDE: What’s your go to resource – websites, newsletters, any other – that you use to stay in touch with the explosive changes happening in the digital space?
Yishai Shafran: As part of our engineering work we are members of all major communities relevant to industry 4.0 news and we regularly evaluate the impact of such new technologies on our cyber security solutions We are also members of the news sources about industrial cyberattacks such as ICS CERT. When new information about an attack comes out we make sure to investigate and apply it toward thwarting the next wave of attacks.
TDE: Read a good book lately on digital transformation that you’d like to recommend to us?
Yishai Shafran: I am very interested in the effects and the challenges posed by new technologies, although to be honest, in my free time I prefer to read books about history.