The attack (and successful breach) will go unnoticed for longer when cybersecurity monitoring is just one layer removed from the level where a system breach is being attempted, industrial asset owners and operators are finding.
The same can be said for operational health. A misbehaving or drifting sensor may go undetected for a long time - until it goes entirely berserk or begins to cause noticeable damage. Solutions in this category address threats to OT system security and health at the Purdue model's lowest levels, namely Level 0 (Process) and Level 1 (System) (Basic Control and Safety). Getting correct DATA is the common denominator in physical layer solutions. Enterprises can never be sure that their OT devices are acting appropriately and operating efficiently until they get complete and accurate data. As a result, these solutions concentrate on collecting and verifying 100% of OT device data in order to give precise, real-time visibility and analysis of OT asset health and security.
When OT sensors and devices misbehave owing to drift, miscalibration, or other frequent errors, they send erroneous data that cannot be trusted. Bad sensor data affects asset maintenance, replacement, and refurbishment decisions, as well as vital real-time decisions made by local OT controllers. The enterprise faces a considerable risk and cost on both counts.
Cyberattacks on OT systems are frequently preceded by reconnaissance to establish the best time and location for injecting sensor data, manipulating sensor data, tampering with sensor wiring, or attempting to replace a sensor entirely. Cyber reconnaissance and assault activities at L0/1 can only be discovered fast if the sensor data is thoroughly monitored and the sensor is aware of what to look for.
The agent component may be a software/firmware agent put on the device itself, or a network-based agent (hardware or software) installed between sensor assets and the PLC, depending on the solution. The agent form factor has a direct impact on the cost and convenience of implementation of the solution.