When I started Tofino Security in 2006, my two goals were to make industrial cyber security easy to deploy and better suited for the real needs of mission critical networks. Our first generation products went a long way in doing that, but like any initial offerings they reflected a limited feedback loop from users in the field.
Today I am proud to say that we have integrated lessons learned over the last eight years to deliver Tofino 2.0, our next generation of industrial cyber security solutions.
Tofino 2.0 is a suite of products and services that includes:
- A new set of security appliances—the Tofino Xenon product line
- A new software tool—the Tofino Configurator 2.0
- A new Deep Packet Inspection Loadable Security Module (LSM)—the Tofino EtherNet/IP Enforcer
All products are now integrated with online licensing systems, plus made-to-order manufacturing. I believe this combination makes it extremely easy for control systems professionals to deploy ready-to-go cyber security solutions that work.
While normally my articles are designed to help educate you on industrial security topics, I hope my enthusiasm for Tofino 2.0 will convince you to read further and find out how this new generation makes implementing security on the plant floor both flexible and simple.
Introducing our new Tofino Xenon family of state-of-the-art security appliances
Editor’s Note: This article was contributed by Ernie Hayden of Securicon LLC, an expert in industrial controls security, especially for the power utility industry.
About 6 months ago I wrote an article for this blog about the NIST Cybersecurity Framework. The article described how the framework came to be, what it is, what it is supposed to do and what you should do about it.
If you have any interest in industrial cyber security you will want to download the latest version of the framework and have it on hand for reference. If you are in one of 16 critical infrastructure industries (shown in a table in this earlier article), or if you rely on any of them for your success, your organization needs to go one step further and become familiar with its content.
In this article I am going to discuss the newly revised ICS Security Guideline – NIST 800-82 Rev. 2 – and offer some useful thoughts on it.
If you are a regular follower of this blog, you’ve probably noticed that I haven’t been writing much in the past few months. I just have been too busy, traveling and speaking at some really great security conferences.
The most recent and the most informative (for me at least) was the International NCSC One Conference 2014 at the World Forum in The Hague. This is a massive and well organized event run by the Netherlands National Cyber Security Centre, the Dutch equivalent to the US-CERT. Close to 950 people listened to my talk on “The Internet of Insecure Things”
During NCSC One I heard some great talks on the state of encryption technology today, SCADA Security consortium and foreign APT threats. But the highlight was the plenary speech by Jon Callas on the second day entitled “Security and Usability in the age of Surveillance”. Jon’s talk focused on Bring Your Own Device (BYOD) security, but it raised some questions that are core to cyber security in the 21st century.
If you’re not familiar with the BYOD security debate and want to get some background, check out my blog on the topic – The iPhone is coming to the Plant Floor – Can we Secure it?. The short version is that the BYOD controversy revolves around the possible security issues that arise when employees use their personal mobile devices to access privileged company resources.
A common example is using your iPhone to access your company’s email system – does this increase or decrease corporate security?
What’s protecting your business from today’s latest security threats? If you’re relying on a single defense – your company, communications network and sensitive data are open to attacks by cyber criminals and hackers. Even a well-designed solution can malfunction or be bypassed.
To keep critical business processes up and running, a layered approach to security is far more reliable. At Belden, we encourage our customers to employ multiple security measures through a “Defense in Depth” approach.
Defense in Depth was originally used as a military strategy by the Romans. For security purposes, it means each layer of protection is designed to address a specific type of threat. If one security measure is bypassed or fails, the next layer steps in to defend the system.
Companies can be exposed to a variety of different security threats. Some are intentional, such as disgruntled employees, computer malware or information theft. Many others, however, are accidental – including employee mistakes or misconfiguration errors. No matter the aim, it is vital that businesses have a defense prepared for all possible threats.
Belden’s expertise helps protect critical assets from intrusion or manipulation. With a portfolio of security solutions designed for various mission-critical industries – from data centers to city wastewater plants to commercial buildings – Belden provides companies with a pragmatic approach to cyber and physical security.
Adoption of Industrial Ethernet has delivered many benefits to you, from enhanced visibility into your manufacturing operations to simplified network infrastructures and many things in between. Unfortunately, there is a downside to all this “connectedness” – a risk of malware or in extreme cases cyber attacks. Therefore, it is imperative you invest in protection mechanisms to reduce this risk. I recommend a philosophy called “Defense in Depth”, which utilizes a layered security model that may include Policies & Procedures, physical security, network security, PC security, and device security. By implementing multiple layers – types – of security simultaneously, you present a difficult defense for a hacker or piece of malware to penetrate. Read more
Editor’s Note: This is an excerpt from the Practical SCADA Security blog at Tofino Security.
In last week’s blog, Professor Paul Dorey recently presented a paper about the seven important lessons the IT world has learned in managing Advanced Persistent Threats (APTs). In this article, I will discuss lessons #2, #3 and #4, and how to apply these lessons to ICS and SCADA security.
APTs have been discussed in some depth in previous blogs, so if you aren’t familiar with the concept (or need a review) check out Part #1 of this series. If you want real world examples of APTs, especially ones that have impacted the energy and chemical industries, browse some of my previous blogs on Nitro, Night Dragon and Duqu. Read more
Recently a very complex worm called Flame has been discovered attacking companies in the Middle East, and it is an excellent example of what security experts call an Advanced Persistent Threat (APT). Figuring out how to defend against APTs is a major focus in the IT security world.
Now while Flame was busy attacking the Middle East, I was in Abu Dhabi at the International Cyber Security Forum for Energy and Utilities, listening to a talk by Paul Dorey called “Advanced Persistent Threats – A Real Problem with Real Solutions” (you can download his presentation at the end of this article). Paul’s talk focused on security for the IT industry, but there were important lessons on managing attacks in the ICS / SCADA world. I will focus on one of those lessons in today’s blog. Read more
With the recent proliferation of cyber attacks, it has become increasingly clear that no business or industry is safe from attack. It is well documented that cyber security threats continue to rise. While these threats once seemed to be mostly limited to attempts to access financial data, recent data indicates that cyber attacks now cut across all business sectors. Security vendor Symantec recently revealed that 75% of enterprises on a global basis witnessed some form of cyber attack during 2009. Read more
Recently I wrote about one of the fundamentals of industrial cyber security, which is the concept of Defense in Depth.Today I am going to write about another foundation concept, which goes hand-in-hand with Defense in Depth, and that is using ANSI/ISA-99 Standards to improve control system security.
Factors that have degraded Control Network Security
There are two opposing trends impacting control network design today:
- The trend toward greater “interconnectedness” of control systems with enterprise systems as organizations seek increased business productivity and as they increase the use of Ethernet-TCP/IP technology.
- The trend to isolate control networks as an attempt to block advanced malware threats such as Stuxnet.
How does a controls engineer deal with the conflicting requirements of more integration and more isolation? My advice is to accept and plan for high integration with business systems, and to dismiss the idea that control systems can be isolated. Read more