top of page

Risk Assessments in OT Environments – An Illustration Based on a Recent Attack

A recent attack against Unitronics PLCs, which are widely used in water supply facilities, indicates that threat actors are starting to build skills at targeting specific assets used in industrial and critical infrastructure environments. In this case, Unitronics PLC devices are often exposed on the public internet and feature a default well-known password, making them all too easy prey.

As the NIS2 directive is being implemented in EU and regional countries, it becomes imperative to continuously assess risks, especially where OT technology is used.

CIARA, which stands for Cyber Industrial Automated Risk Analysis, is not just another risk assessment tool; it's a comprehensive solution that integrates seamlessly with OT/ICS environments to provide real-time insights into potential vulnerabilities. With its Virtual Breach & Attack Simulation (VBAS) engine, CIARA leverages the power of Machine Learning and AI to simulate attacks and assess the effectiveness of security controls. This proactive approach enables organizations to quantify risks and prioritize mitigation strategies effectively, ensuring operational continuity and safeguarding critical infrastructure against the ever-present threat of cyberattacks.

See how “Radiflow CIARA Risk Assessment Platform” helped to determine the risk levels of the actual attack involving Unitronics PLCs on the Radiflow blog.

Automated, Data-Driven Risk Assessment

The integration of Radiflow's CIARA into our cybersecurity arsenal offers a significant leap forward in safeguarding OT environments. By simulating potential threats and assessing the effectiveness of security measures, CIARA empowers organizations to stay one step ahead of cybercriminals. The recent attack on Unitronics PLCs is a sobering reminder of the vulnerabilities that exist within critical infrastructure systems. As we embrace the NIS2 directive's call for heightened security measures, CIARA's innovative approach to risk assessment is not just a strategic advantage—it's a necessity. It ensures that our most vital services remain uninterrupted and secure, reflecting a commitment to resilience in the face of evolving cyber threats.


Latest news

bottom of page