"... deploying systems and technologies that can monitor control systems to detect malicious activity and facilitate response actions to cyber threats is central to ensuring the safe operations of these critical systems. 


The Federal Government will work with industry to share threat information for priority control system critical infrastructure throughout the country."


---National Security Memorandum on Improving Cybersecurity

for Critical Infrastructure Control Systems

Industrial Packet Aggregators for ICS/OT

Keysight’s industrial network packet aggregator solves the challenge of getting visibility into remote sites with harsh environments, such as power substations, mining sites, and other unique locations that have a wide range of environmental requirements.


When used with Keysight’s Copper and Flex Tough Taps, the Vision T1000 aggregates multiple input streams into multiple aggregated output streams-- optimizing scarce tool port requirements within your substation.


The Vision T1000 filters out unwanted traffic based on packet headers, eliminating unwanted traffic such as CCTV video feeds. The Vision T1000 also load balances traffic, optimizing usage of monitoring tools. It’s built with an easy-to-use GUI interface, so most functions are just a few clicks away.


Keysight’s industrial network packet aggregator is TAA Compliant, independently certified for harsh operating environments, and supports either AC or DC power requirements.

Copper Tough Taps for ICS/OT

Keysight’s industrial visibility solutions interoperate with our enterprise visibility solutions. Together they create a complete portfolio of copper and fiber solutions for out of band (‘OOB’) network monitoring tools for security and performance. Tough Taps give you the visibility you need to enable security in your ICS environment.

Keysight’s Industrial Copper Tough Taps are TAA Compliant, independently certified, and purpose-built to meet requirements to operate where you need them, in extreme operating temperatures.

The 10/100/1000Mbps Copper Tough Tap is a secure tap device which can operate in three modes: (1) simple tap, (2) 2:2 packet replication (breakout on aggregation mode) or (3) 2:1 packet replication (aggregation mode). When operating in aggregation Mode, the Copper Tough Tap sends copies of the aggregated traffic through two monitoring ports, allowing for a primary and secondary tool.

Copper Tough Tap supports Power over Ethernet (PoE) pass through, and have physically air gapped monitor ports for intrusion protection. Copper Tough Taps fail-to-wire to continuously pass traffic even if the tap loses power.

A TAA Compliant Power Rack for Tough Taps can be purchased to power up to 16 copper Tough Taps with fully redundant power source supply (dual-redundant). The Industrial power supply rack can support 48V DC or 110-220V AC input power, and support up to 32 x 5VDC powered devices. TAA Compliant, the 19” rack mount supports both AC and DC DIN mountable power supply convertors available separately from Keysight.

Fiber Tough Taps for ICS/OT

Keysight’s Tough Taps give you the visibility you need to enable security in your ICS environment.

Keysight’s Industrial Tough Taps are optimized for “Run to Fail” fiber networks with both old and new fiber modes often seen in remote substations.

Available in two models:

  • 1G OM1 multimode fiber for older networks, and 
  • OM5 multimode fiber for everything else

Flex Tough Taps are compatible with monitoring devices from all major manufacturers, including protocol analyzers, probes, intrusion detection systems, and ICS cybersecurity tools, and are protocol agnostic.

Flex Tough Taps are TAA Compliant and compact, with each module holding 4 taps in one DIN mountable housing. Flex Tough Taps are deployed at any inline connection on the network, have no IP address, don’t drop packets, and add no additional overhead or management burden to network devices like SPAN ports do.



"We cannot address threats we cannot see; therefore, deploying systems and technologies that can monitor control systems to detect malicious activity and facilitate response actions to cyber threats is central to ensuring the safe operations of these critical systems.”


---National Security Memorandum

Why your ICS/OT SCADA architecture needs Visibility 

There was a time when keeping your ICS environment physically off the enterprise network was a major component of the ICS cybersecurity strategy.

And for years, it worked.

But in a world where just about everything is connected to the internet, that time has passed. Because hackers have already proven that the physical air gap can neither prevent malware intrusion, nor identify malware once it gets inside your network.

A strong cybersecurity strategy for ICS must now include the ability to see what network traffic is flowing inside your entire network; both the IT enterprise network, and the OT operational technology network. And we call that, Network Visibility. Why?

Because you can’t protect what you can’t see. 

Read Network Monitoring for Tough Spots


Ensuring Cybersecurity Compliance for Electric Power Industry

Operational technology (OT) networks and Industrial Control Systems (ICS) are increasingly interconnected with IT networks. This interconnectedness has increased the ICS/OT attack surface due to:

• Proprietary appliances and sensors

• Malware insertion via dedicated attacks to take control of critical infrastructure by criminal and nation-state actors

• Third-party remote access for contractors that may have lax security processes

NERC CIP are mandatory security standards for high-voltage electric transmission and power generation. CIP-005, CIP-007, and CIP-010 require utilities to collect and archive network traffic data at the plant and substation level. Network taps can be placed in power plants and substations at multiple levels of the SCADA network. Unlike Span ports, Network Taps don't drop packets, don't need programming, and can be installed where you need them.

IT and ICS/OT Cybersecurity Convergence

It's become almost commonplace to hear pundits speak about the convergence of IT and ICS/OT cybersecurity. But how in the world would hacking something like a company's public facing website, impact revenue through the disruption of service delivery?

Good question.

When a website offering pay as you go utility services was hacked, customers lost the ability to prepay their electricity, which effectively turned out the lights. Because prepaid services are offered for a wide range of services, from cellphones to cloud storage they're just one more reason why ICS/OT teams are joining their IT counterparts, in a converged security strategy to secure the IT/OT environment.

With the sudden increase in work from home and the resultant surge in digital business transformation, are you ready?

Read Is IT Ready for OT and the Industrial IOT?

Taps vs SPANS


Costs, Coverage, Choices

And Why you Need Choices for Every Location in your ICS/OT environments

Partnerships to Fortify your ICS/OT Network

Digital business transformation allows enterprises to continue business as usual through increasingly unusual times. Fortify your IT and OT networks now before unwelcome intruders seize control of your IIoT assets. Partner with Keysight and gain market-leading end-to-end insights to innovate, transform, and win in fortifying your Industrial IoT.

Iot Security Assessment

Want help or have questions?