Most of us understand the need for security at the main data center entrance, as we certainly do not want those with unauthorized access touching critical networking equipment. Unfortunately, with so much data—from personal information to intellectual property—now being transmitted and stored via the data center, protecting that information from within is becoming a greater concern than ever before. That’s why bringing security down to cabinet level makes perfect sense. Let’s take a closer look at why.
Internal Threats on the Rise
According to a 2011 survey by Gabriel Group, more than 60% of today’s security breaches are at the hands of company insiders or others with legitimate data center access. That is certainly a scary statistic! Read more
Over the holidays, you likely read or heard about a number of “Top 10” lists. Examples include Top 10 News Stories, Top 10 Books, Top 10 Movies, and Top 10 You-Name-It.
Thinking you would not want to miss out on the top topics about one of your favorite subjects, industrial security, I took a look at what the top articles were for this blog in 2014. I also looked at which cyber security white papers and other documents were downloaded most frequently.
The results show that there were three top themes:
1.The End of Support (EOS) for Windows XP
2.The Dragonfly advanced malware campaign
3.“Cyber Security Big Picture”
The “Cyber Security Big Picture” topic included information on the NIST cyber security framework and cyber security concepts for CEOs.
Finally, particular application areas showed a high area of interest. This included Defense in Depth strategies for oil and gas applications and industrial wireless applications.
If any of these topics are of interest to you, or you want to make sure you didn’t miss any useful content, read on.
Reader visits and content downloads helped us determine
the top cyber security topics of 2014.
Just in case full high-definition resolution isn’t enough, 4K is the next generation resolution that will deliver a whole new level of clarity at roughly four times the resolution of 1080p. Despite limited 4K content currently available to consumers, Samsung, LG, Sony, Panasonic and others are already selling 4K TV sets and widespread adoption is eventually expected. An ABI Research report from last year expects 4K to surpass 10% of North American TV households by 2018.
4K covers two formats that are both supported in the HDMI 1.4 specification – 3840p X 2160p and 4096p X 2160p. While HDMI 1.4 supports 4K resolution, adds an audio channel that enables upstream audio connections, and can deliver 100 Mbps IP-based applications with an added Ethernet channel, there are some cabling and connectivity challenges to consider that include distance limitations, installation and testing. HDBaseT resolves these issues.
Every industry today is under pressure to lower costs yet increase flexibility. A particular example is the electric power industry where on the one hand there are initiatives to increase the two-way communication of data to meet the vision of the smart grid, and on the other hand, keeping costs down is essential.
At the substation level, many are being upgraded to industrial Ethernet communication networks, and as we reported in an earlier blog, that includes incorporating legacy serial devices to keep costs down. Another way to control costs is to address the Ethernet switching needs with a value-priced yet rugged, flexible switch.
Hirschmann has just introduced a new Gigabit Ethernet switch, which is ideal for meeting this need. If you are an engineer or system integrator in need of a substation hardened entry-level switch, this device might be very useful. Plus, it has an additional benefit – it comes with field exchangeable port modules for high flexibility.
Today’s substations are being upgraded for two-way “Smart Grid” communications at a time when utilities face high cost pressures. In this environment, the new Hirschmann GREYHOUND Gigabit Ethernet Switches are ideal.
The malware campaign known as Dragonfly has surprised those of us concerned with industrial cyber security on several fronts. Initially, it was notable as the first malware since Stuxnet in 2010 to specifically target Industrial Control Systems (ICS) components.
Then, research done by Joel Langill of RedHat Cyber, showed that its target was most likely the pharmaceutical industry, rather than the energy industry as initially reported. This represented the first time that a sophisticated attack vector had gone after the discrete manufacturing sector.
Next, although Dragonfly collected information on industrial control systems, it did not harm these systems. Instead, it gathered information for the likely purposes of counterfeiting or competitive intelligence. (It would, nonetheless, be easy for its creators to modify its modules for destructive purposes in the future.)
Dragonfly was also remarkable because of the devious methods and pathways it took to get to the control system. Joel coined the apt term “Offense in Depth” to describe the diversified arsenal of attack vectors it employed.
Today, we are releasing the final two parts of our white paper on Dragonfly. These are Part C – Assessing the Consequences and Part D – Defending Industrial Control Systems. These analyses reveal another concerning aspect of Dragonfly, in particular how “usual” security solutions would not have defended against it. Thankfully though, there are techniques and products available to defend against it.
The Dragonfly malware campaign used devious Offense in Depth techniques to access control systems. While “usual” security solutions would not have defended against it, there are techniques and products that would have been effective.
In the world of broadcasting, we generally think of two different environments:
The indoor studio with sets and control rooms and the outside location where actual sporting and other events take place.
Inside the broadcasting studio, fibre is used to connect broadcasting equipment such as cameras, storage equipment, editing appliances and playout devices.
While there are always concerns in the studio about fibre being subjected to flexing, twisting and abrasion as it is coiled up on the floor, handled by multiple users or dragged across the studio from one filming area to the next, today’s heavy-duty rugged fibre optic cable is specifically designed to withstand these environments. And when it comes to temperature, the studio is considered a controlled environment that normally stays in the 20˚C to 26 ˚C room temperature range. But happens when we move outside? Read more
With an explosion of connected devices, there is no shortage of data being transmitted and stored via optical networking in the data center. However it’s not just the amount of data—it’s also how that data is being used. And that can be summed up with one word – sharing. Ever-growing data sets are being shared across multiple vendor applications. In the massive high-density virtualized environments of cloud computing, this is driving more east-west server traffic. As the age of the “Internet of Things” come to fruition, the I/O portion of the equation will evolve like never before. With all this change on the horizon, what does this mean for the cabling infrastructure inside the data center? Should it be all singlemode or is OM4 multimode the best bet? Read more
Editor’s Note: This article was contributed by Tim Wallaert, our marketing director responsible for the Energy sector.
A huge amount has been written about the “Smart Grid” in recent years and most of it leads you to believe that every substation is communicating using high-speed Ethernet between all of its various components. But let’s face it – utilities don’t replace anything until it’s absolutely necessary.
The intelligent electronic device (IED) that was installed 15 years ago to monitor the status of the transformer is still out there. No one is even going to think about upgrading that IED until it or the transformer fails. This means the outdated serial port on the IED is going to be the main way to communicate to that device for quite a long time.
This begs the question of how to incorporate serial communication devices into a modern Ethernet infrastructure. Today, we’re going to take a look at this critical, and often times overlooked, issue.
Combining old and new – today’s electrical grids must support old serial devices and
integrate new technologies, such as energy from renewable resources.
Editor’s Note: This article was contributed by Julia Santogatta, Belden’s director responsible for wireless initiatives, with expertise from Daniel Wade, Chief Architect-Wireless Products and Jeffrey Caldwell, Chief Architect-Security.
In Part 1 of this article, I introduced the Golden Rule of Industrial Wireless Security – Deploy Securely, Monitor Regularly. Following this rule ensures that unwanted access to your wireless LAN and the rest of your network does not occur.
But, how do you deploy securely?
While you may fear that industrial wireless is insecure, today’s reality is different.
By using current equipment and following our special Golden Rule, it is possible to design a robust and secure wireless application.
These days, most cyber security articles talk about using Defense in Depth, or a layered approach to securing industrial networks. This means using a variety of defenses at various points in the system to protect the network or contain threats. The idea of layering, and the resulting benefits, is no different in wireless applications.
By implementing measures to address these seven key questions you will be building layers of protection that contribute to the best practice of Defense in Depth. Let’s take a look at the questions in detail.
Editor’s Note: This article was contributed by Mark Wylie, a Belden manager with many years of experience working in both the controls and IT domains. He is responsible for our Industrial Ethernet Infrastructure and Certified Industrial Network programs.
There are many reasons to update your network from an ad hoc design to an industrial Ethernet infrastructure. One of them is that it allows you to separate applications that generate high volumes of traffic, such as physical security systems, from other network applications such as control systems.
Good network segmentation groups devices used for a common purpose or with common cyber security requirements into segments, making network management and expansion easier.
Today, I am going to take a look at how to integrate physical security systems that include cameras, video servers, client viewing stations and other equipment into a well-designed industrial Ethernet network.
Physical security systems often include numerous outdoor video cameras with high bandwidth transmission requirements.