enterprisesecuritymag

Kenexis: Providing Safety Standards in the Operational Technology Infrastructure

CIO VendorJim McGlone, CMO
Gone are the days when default firewalls or intrusion detection systems (IDS) kept intruders at bay. The sheer nature of today’s advanced cyber attacks—especially in a niche area like the operational infrastructures of oil and gas, petrochemical, and nuclear power plants—demands the proficiency of an expert. Kenexis is just that; a process safety company, Kenexis provides cybersecurity engineering services to energy and utility firms. “We look into the actual safety critical processes that are volatile, and we design a strategy so that the systems automatically go into a safe state and don’t cause damage to people, environment, and the company itself,” says Jim McGlone, the CMO of Kenexis. A certified industrial cybersecurity professional and a U.S. Navy reactor operator, McGlone says that Kenexis focus is on process safety and industrial cybersecurity, using standards and appropriate systems like SIEMs to assist organizations make their operational environment safe and secure.

They primarily focus on operational technology, given that control systems components are not built like IT infrastructure. Kenexis provides engineering services for process safety systems and industrial control system cybersecurity, to determine process plant scenarios that may require additional protection. The Kenexis team performs vulnerability assessments, penetration tests, and hazards analysis to determine the risks associated with the process plant including cybersecurity threats. Kenexis recommends quality network appliances from reliable companies for their firmware management practices and configuration capabilities. The company serves on several industrial cybersecurity and process safety international standard bodies to improve overall practices globally.

We work with the company to figure out how we are going to get the data from legacy networks and systems without causing any damage to the control network


Additionally, on the practical field, Kenexis’ designs systems compatible with legacy networks and systems for many industries including nuclear power plants. Complying with the security boundaries in a nuclear power plant is not easy for any cybersecurity service provider. The plants are highly protected with strict standards. There are pre-defined rules and regulations that specifically define how the boundaries are to be maintained. Also, the fines for violating the boundaries are substantial. “We work with the company to figure out how we are going to get the data from legacy networks and systems for advanced control and reporting without causing any damage to the control network,” explains McGlone. Kenexis designs the solution using technologies like deep packet inspection, optical diodes, and inline encryption to migrate existing systems to the best security posture.

Kenexis’ core strength lies in its industrial control system experience to design and migrate from existing systems to robust architectures to meet a client’s performance and security requirements. The company follows strict quality control standards and best practices that align with global and local requirements. Kenexis has regional offices in Houston, Abu Dhabi, and Singapore, and they are currently expanding their regional partners. Kenexis submitted a book to its publisher recently based on focusing on the right problem for cybersecurity in industrial facilities. The central theme of the book is to make industrial process cybersecurity focused and practical in an effort to assist organizations in rendering their operations safe, secure, and reliable.