Advanced Detection and Threat Management for IT and OT

Q: Mobile OT Lab

<div><p>According to the 2024 <em>Fortinet State of Operational Technology and Cybersecurity</em> report, 31% of organisations with OT environments across the globe encountered at least six intrusions in 2023. The complexity of OT systems, and the mix of legacy and new technologies, make detection of cyberattacks a particular challenge.</p><p>TNO is partnering with the Dutch National Cyber Security Centre to design and eventually deploy a mobile OT Lab that enables testing, experiminenting, and collecting of relevant data on partner premises. The project includes an upscaling plan to make the OT Lab accessible to National Critical Infrastructure organisations. In addition to SOC and CSIRT technologies, this lab will facilitate conversations and decision-making between asset managers and cybersecurity teams, and aims to create an innovation ecosystem.</p></div>

Thema:: Cybersecurity

As cyberattacks grow increasingly advanced, standard detection and threat management products do not offer sufficient protection. Rule-based solutions only detect known attacks, and cannot detect zero-day attacks or new, unique AI invasions. In critical operational technology (OT) and highly complex information technology (IT) environments, these disruptions can be devastating.

Protecting critical OT and IT

When a nation-state actor attacks the energy grid, entire cities can grind to a halt. Malicious attacks on public transport or military communication can cost lives. A cyberattack on the drinking water supply can result in widespread shortages. Protecting critical systems from devastating cyberattacks is complex work. And yet, if you are an IT professional or an asset manager working in an IT/OT environment, you likely don’t have the opportunity to cooperate with other internal teams to develop comprehensive solutions.

TNO takes a targeted, two-fold approach to addressing the unique challenges of critical IT/OT systems. First, we offer the essential, innovative anomaly detection technologies and complementary autonmous response solutions to protect your critical systems. We also show you how to effectively use and configure your existing methods and tools, whether developed by TNO or by another party.

Second, we make the connections that count. We facilitate collaboration within organisations, so that the shared priority of cybersecurity takes the unique perspectives of essential internal stakeholders into account. And we facilitate effective collaboration between different organisations working together toward the same goals.

According to the 2024 Fortinet State of Operational Technology and Cybersecurity report, 31% of organisations with OT environments across the globe encountered at least six intrusions in 2023. The complexity of OT systems, and the mix of legacy and new technologies, make detection of cyberattacks a particular challenge.

TNO is partnering with the Dutch National Cyber Security Centre to design and eventually deploy a mobile OT Lab that enables testing, experiminenting, and collecting of relevant data on partner premises. The project includes an upscaling plan to make the OT Lab accessible to National Critical Infrastructure organisations. In addition to SOC and CSIRT technologies, this lab will facilitate conversations and decision-making between asset managers and cybersecurity teams, and aims to create an innovation ecosystem.

Advanced detection technologies

TNO solutions extend beyond rule-based detection systems. We focus on advanced detection innovations with anomaly detection that captures new, highly targeted, or entirely unknown types of attacks. We offer expertise that separates actual security anomalies from background noise or configuration errors. Where appropriate, we employ AI solutions for detection and defence applications.

We accelerate innovation by testing novel detection prototypes (up to TRL level 7) directly in partner environments, tailored to specific partner data, to maximise detections and minimise false positives. Deployment of our prototypes often exposes previously hidden configuration errors to improve overall network hygiene. This makes genuine security anomalies easier to detect. Beyond triggering alerts, our research delivers systems that can explain the root cause of an anomaly, provide insight into the resulting risks, and offer recommended courses of action, whether automated or for staff.

Defending against the unknown

Zero-day attacks use vulnerabilities never exploited before, and no rule-based approach can detect them. In addition, AI systems can launch attacks at greater speed and complexity than human attackers. Detection of these sophisticated threats requires behavioural analysis and anomaly detection.

TNO develops detection systems that analyse fundamental system behaviour, rather than relying only on signatures. We analyse an organisation’s data to uncover critical alert needs and develop detection algorithms based on behavioural analytics to identify anomalies or AI-driven attacks. For example, by detecting anomalies in relation to Programmable Logic Controller (PLC) communication, we can provide human operators, who control physical processes including pumps and motors, with the insights they need to respond to cyber threats safely and with trustworthy information.

In the NEWS project, TNO, the Dutch Ministry of Defence, and other partners have jointly developed an innovative decentralised monitoring system for cyber threats on naval vessels. With fewer personnel on board, a smart, layered approach to monitoring and detection is essential.

TNO developed an architecture and demonstrator that enables the collection, filtering, analysis, storage, and distribution of relevant log data from classified military networks on board. In addition to early detection technologies, TNO also supported the development of specific response activities in the event of a breach, and conducted research into how this approach can be applied in other branches of the armed forces. To prioritise people and process, three new roles were defined for on-board cybersecurity.

Integrated innovation management and project orchestration

TNO has developed methodology for innovation projects that enables an exponentially higher innovation success rate than is the standard. Our services extend beyond pure technology to address the crucial human aspects of effective defence strategies. Our highly collaborative project methodology enables our partners to work alongside us as integral team members in the innovation process.

TNO acts as a sounding board for organisations, whether your organisation has a CISO or not. To achieve maximum impact, we help assess organisational risk and facilitate decision-making for the allocation of time and funding for cyber security across people, processes, and technologies. We foster the connections between critical organisational silos, such as asset managers who control funding and operational risks, and cybersecurity staff, responsible for secure digital implementations. By engaging managers, engineers, and analysts in the innovation process, we increase their awareness and stimulate their critical thinking about new threats. Long after our project ends, organisations can maintain a strong, threat-conscious defence team.

Large, agile organisations experience fundamental tension points that can interfere with effective cybersecurity solutions. Departmental silos, fragmented security responsibilities, and other organisational challenges must be overcome. TNO proposes organisational solutions that include boundary spanning and short-cycled cyber improvement programs. These process-focused solutions facilitate unified decision-making and manage the operational rhythms of improvement projects. Read the full report here.

The Dutch Tax Authority (Belastingdienst) is increasingly dependent on IT and digitalisation. It is also an attractive target for cyber attackers, such as those engaged in espionage or seeking financial gain. TNO is developing first-line security monitoring and detection innovations, including AI-based concepts and technologies, for this critical service.

We are conducting in-depth research validated on large, operational data sets instead of synthetic data. Working side-by-side with the Tax Authority’s Security Operation Centre (SOC), we developed innovations in anomaly detection, device identification, multi-stage attack detection, DNS tunnelling detection, and LLM-assisted advisory tools. In a separate but related project, we are developing a proof of concept for detecting ransomware intrusions on file shares, based on Shannon entropy changes, to better understand and anticipate novel threats.

Take the essential first step

Effective detection and threat management is highly complex. Your organisation needs deep insight into the threat landscape, and the particular vulnerabilities of your complex IT and OT infrastructures to both select the right solutions and stimulate analysts to remain engaged. In addition, the right collaborations between your asset managers and IT teams ensure complete and effective solutions. TNO offers the expertise to ensure the right detection and threat management approach. Contact us to learn how to effectively protect your critical systems and society at large.

Contact us

Skip navigation (Contact us)

Erik Meeuwissen

Functie:
Senior consultant
Erik Meeuwissen is a senior consultant and leads TNO's Security Monitoring & Detection team. The team has a track record on cyber attack detection in company networks and is broadening its scope to OT. To counter advanced and targeted attacks, anomaly detection is a key ingredient. The team is active in different sectors including government and financials.

More about Erik
- Standplaats:
  Den Haag - New Babylon
- Email:
  Email Erik

Back to navigation (Contact us)

Get inspired

33 resultaten, getoond 1 t/m 5

Cybersecure AI and Emerging Technology

Informatietype:: Article

TNO drives the future of secure AI - researching, designing, and testing cutting-edge cybersecurity solutions for next-gen products, systems, and services.

over Cybersecure AI and Emerging Technology