The RIPE OT Security Program
If you have been following the news you don’t need any more convincing that the cyber threat against critical infrastructure is real. You don’t need “awareness” from government sources, and you certainly don’t need FUD from security companies. You know what the problem is, and you want a credible solution to protect your assets and your business continuity.
Certainly you also know about the high-level standards and guidelines such as ISO 27001, the NIST Cyber Security Framework, and ISA99. All these frameworks are fine and dandy, but there is only one problem: While they tell you WHAT to do, they are noisily silent on the HOW, leaving the heavy lifting to the asset owner.
This is where The Langner Group’s RIPE OT Security Program steps in. It closes the gap between high-level guidance and concrete implementation with a wealth of step-by-step procedures, policies, templates, and an easy to use management software. By employing RIPE you no longer need to figure out the nitty-gritty of OT security yourself, or outsource to consultants with questionable outcome. RIPE was developed by internationally reputed experts, among them the team that cracked Stuxnet. It is constantly updated based on user experience and the feedback of an independent advisory board to facilitate continuous improvement.
Proven in the field, ready to use
RIPE stands for Robust Industrial Control Systems Planning and Evaluation and includes:
- A concrete cyber security plan for sign-off by management
- Policies for contractors, ICS engineers, operators for all major use cases such as remote access, handling of USB sticks, walk-in laptops etc.
- Detailed configuration rules for networks and systems (conduits, whitelisting, hardening, etc.)
- System procurement criteria
- A detailed training curriculum
- Step-by-step guidelines for producing system inventories, network diagrams, and data flow diagrams
- A detailed guideline for effective workforce management with concrete role descriptions for staff members and contractors
- Step-by-step implementation plan on how to introduce RIPE to existing environments.
All instruments are ready-to-use and can be licensed at a cost lower than what you would pay for having single documents such as policies custom developed.
myRIPE: The Operations Technology Management System
As a powerful software implementation of RIPE we offer the myRIPE Operations Technology Management System. It allows you to manage complex digital OT environments and gives engineers the transparency and visibility that they need.
Major myRIPE features:
- Comprehensive asset and configuration management system (CMDB) for operations technology, easy to use and suitable for everyday use in system maintenance
- Workflow for change management, and history of all configuration changes
- Dynamic mapping of your control networks — create interactive network diagrams with drill-down capability by the click of a mouse
- A workforce management system for role-based management of legitimate OT users, especially contractors
- Role-based display of policies, planning rules, procurement criteria based on user profiles
- Secure file exchange with contractors, avoiding USB sticks and email.
myRIPE features a centralized architecture with a central server supporting multiple plants and locations. Authorized users can access their information using a standard web browser. The powerful data mining features of myRIPE enable stakeholders to achieve complete transparency and synergy effects by analyzing the information of multiple sites.
Prerequisite for the Industrial Internet
The Industrial Internet introduces higher digital complexity and more access routes to critical plant systems. Implementing it without full system understanding and solid concepts for planning is a recipe for failure. Organizations which already admit that they no longer fully understand their digital plant ecosystems because they have “grown organically” without planning and appropriate documentation cannot add new layers of complexity without sacrificing maintainability, reliability, and security.
The only remedy is full transparency of the installed base, and clear rules for expansion. With myRIPE, both are achieved in a modern and easy-to-use software environment that optimally supports OT governance.
Who is using RIPE?
RIPE is industry neutral and is already used in the nuclear industry, the chemical industry, in the water sector and in pharmaceuticals.
As an example, Finnish utility TVO employs RIPE to assure OT security for the Olkiluoto nuclear power plant (three nuclear reactors and an associated final fuel storage facility). The RIPE implementation is monitored by the local nuclear regulator (STUK).
“RIPE strikes the right balance by focusing on transparency and cost effectiveness. As a supplier, RIPE helps us deliver straight to the point information customers need to realize safer ICS designs and sustainable security performance.” — Bryan Owen, OSIsoft
“Frameworks such as the RIPE framework from the Langner Group (…) can help improve and strengthen the resilience of critical infrastructure towards the establishment of solid cyber-informed engineering analyses, practices, and procedures” — Robert Anderson, Idaho National Laboratory
“The RIPE program provides immediate value to an organization with some good step-by-step instruction for mapping your architecture and data flow which is critical to system understanding.” — Michael Assante
“The use of a well-defined framework as the basis for a cybersecurity management system produces better results, with less effort. The Langner Group’s RIPE is an excellent choice, as it addresses all of the essential aspects of such a program.” — Eric Cosman, Principal Consultant OIT Concepts LLC, co-chairman ISA99
More information on RIPE can be found here. Contact us for licensing and pricing details.