Frequently Asked Questions

The Security Appliance can be deployed on a network tap, a switch SPAN port, or inline. Physical network segmentation and threat blocking are only possible with the Security Appliance deployed inline. The Signal-Integrity Sensor is wired directly on electrical contacts or on a signal splitter.

When used inline in the OT network, the Security Appliance can be configured to “fail-open” or “fail-closed”. Fail-open means the device continues to pass all traffic with no network impact in the event of device failure or full power loss. The fail-open configuration is typical within industrial environments. The fail-closed configuration is more typical in defense environments.

Yes, the Mission Secure Platform is rated for deployment in hazardous locations and has achieved UL Class 1 Division 2 certification and ATEX Directive 2014/34/EU certification.

Typically, there is one local Security Management Console deployed at each site or location. However, in some scenarios, the Security Management Console is used to manage distributed physical sites or locations.

Typically, no. In most cases, the Signal-Integrity Sensor is deployed on truly mission-critical assets and processes, but we can assess your environment together to make that determination.

The Signal-Integrity Sensor supports three distinct pairs of input data acquisition channels. This includes 2 x 0-10V analog, 2 x 4-20mA analog, and 2 x 0-51V digital binary (voltage above 2V registers as 1). While providing a wide diversity for connectivity, the configuration typically will only allow two signal lines to be monitored per device.

This is entirely dependent on the network architecture. Segmentation is a way to isolate the various sub-systems in a control system. A segment or security zone is usually identified based on a grouping of logical or physical assets that share common security requirements based on factors such as criticality, consequence, logical function, and/or physical location.

The Security Appliance offers many of the same benefits of an industrial firewall, including robust industrial design, network segmentation into security zones per ISA/IEC 62243 (or similar standards), network protection, and threat detection. 

Unlike most industrial firewalls, however, the Security Appliance functions as part of the larger Mission Secure Platform, and also provides asset and communications visibility, doesn’t require lots of expensive add-ons, is purpose-built at a price point that makes sense for wide deployment and control in OT networks, and is offered with full 24/7 managed services. Combined with the rest of the components, the Mission Secure Platform offers complete visibility, segmentation, protection, and patented signal-integrity monitoring.

From a Visibility perspective, the Mission Secure Platform currently uses passive asset and communications discovery techniques.

New software releases for the Mission Secure Platform components are deployed through the Security Management Console and can be deployed without traffic loss in the OT network.

The Mission Secure Platform has been pen-tested by multiple organizations including Lockheed Martin, Millennium Corporation, and the Arizona Cyber Warfare Range for both the functional and component robustness of the platform’s ICS protections. Report is available upon request.

Mission Secure supports the following protocols and we are constantly adding to the list through regular software updates and on an as-needed basis for new customer environments: 

Modbus/TCP, DNP3, DCR/RPC, DHCP, DNS, FTP, HTTP, IMAP, IRC, KRB, MySQL, NTLM, POP3, RADIUS, RDP, RFB, SIP, SMB, SMTP, SNMP, SSH, SSL, XMPP, and MQTT. Others in process include CIP, CIP: EtherNet/IP, OPC UA, BACnet, EtherCAT, PROFINET.

No, the Mission Secure Managed Services are an optional service available to all customers but are not required for any Mission Secure Platform customer.

Both remote incident response support and on-site incident response support are available to Mission Secure’s Managed Services customers. Remote incident response support is included in the Managed Services subscription up to 100 hours per subscription year. Additional hours of remote incident response support can be purchased if required.

On-site incident response support is available upon request at an hourly charge plus travel and expenses.

Yes, Mission Secure provides on-site cybersecurity risk assessments. These assessments focus on understanding OT network exposures and related cybersecurity risks that, in the event of a cyber incident, could lead to operational disruption.