| |
The Offshore Technology Conference (OTC) is on in full force right now and Belden’s booth (7236) has been busy. Liaising with our booth staff I have heard that safety and security are hot topics with attendees this year. Well here is a topic they should know about, that is, why offshore networks need SCADA security with Deep Packet Inspection (DPI).
Let me give you some context. The critical systems managing production and safety on offshore platforms are largely based on legacy SCADA and Industrial Control System (ICS) products and protocols. Many of these products are decades old and were never designed with security in mind. Yet nowadays they are connected to other systems using Ethernet and TCP/IP. That has been great for efficiency but it exposes mission critical production systems to malware. Read more »
The boss showed up and said, “Learn what you can,
‘cause you are in charge of our security plan.
I know nothing about it and neither do you,
There’s no budget, no team… it’s just me and you!
Please do your best with it, we have to win,
‘cause our company’s toast if the bad guys get in.”
I looked for a guru, but couldn’t find him,
So I settled for drinks with my co-worker Jim.
Jim said, “Son, there’s a lot about s’curity to know
So listen to me, ‘cause my plan’s ready to go!
There’s DHS, INL and ICS-CERT,
They’re government types… their advice won’t hurt.
And standards like NERC-CIP, ISA and IEC,
With simple advice for you and me.
Learn the bad guys like Stuxnet, Duku and Flame,
And a bunch of other bugs that I just couldn’t name.
We’ll use defense-in-depth, they’re layers you surely see,
You stack your defense for the best security.
There’s policy, procedure, computer, device
And network layers that’ll make ‘em think twice.
The best combination will beat their attack.
They’ll leave us alone and find others to hack.
You’ll need firewall, antivirus, whitelisting too,
And SIEM, encryption and a patch management crew.
For protocol help, you’ll need deep packet inspection,
With encryption, detection and error correction.”
Exhausted, I gasped, “How can I do it all?”
Jim said, “Don’t make this hard, just give Belden a call!”
Google gave interviews over the holidays discussing the top searches done by people in various countries in 2012 (Google Zeitgeist 2012). “Zeitgeist” is “spirit of the age or spirit of the time” and it is interesting to see that for the U.S. the top search for the year was for Whitney Houston, while in Germany it was for EM12 (European football championships) and in Australia it was for Gangnam Style. In a quick review only Canada and Australia included most searched categories for beer, with Molson topping the list in Canada and XXXX (pronounced four X) topping the list in Australia. Read more »
Editor’s Note: This article was contributed by Laura Mattson, marketing specialist.
Early in 2012 Eric Byres wrote a blog article predicting what he thought would happen in 2012 with regards to SCADA and ICS security. I went back to his blog and highlighted the four main predictions he made. Then I asked him to rate himself on each one. Read more »
This is an excerpt from the Think Forward blog by Ernie Hayden at verizonbusiness.com.
In a move that may be helpful for critical infrastructure asset owners, on July 23 the Industrial Control Systems Joint Working Group (ICSJWG) published a new document on a framework for disclosing Industrial Control System (ICS) vulnerabilities.
Common Industrial Control System Vulnerability Framework
Industrial Control Systems Joint Working Group (ICSJWG), which was established by the U.S. Department of Homeland Security Control Systems Security Program, published the document – Common Industrial Control System Vulnerability Framework. The document was developed with the intention of providing consensus-based guidance to vendors and system integrators in helping them create ICS vulnerability disclosure policies. Read more »
Smart grids collect a wealth of intelligence, beginning at the edge with Intelligent Electronic Devices (IEDs) that collect valuable information such as fault location, relay targets and customer usage in increasingly fine granularity which then is transmitted to the central control area to support the smart grid. Protective relays, meters, remote terminal units, LTC/regulator controllers, and predictive maintenance equipment also are becoming rich sources of data that can be made readily available to remote users. This new information requires increased communications bandwidth and a secure strategy for transporting the information to its destination points throughout the utility.
As power utility stakeholders address the challenges of creating end-to-end security for their smart grids, operations groups can benefit from a “Zones of Protection” strategy protection relay engineers have employed for some time to keep utility grids and equipment safe from fault and system unbalances. Read more »
This is an excerpt from the Practical SCADA Security blog at Tofino Security.
Last week I discussed how security experts and ICS / SCADA vendors are giving up on the dream of the air gap as a viable security solution for the modern control system. Unfortunately, it is still all too easy to believe your control system is isolated.
Recently I had a very enlightening conversation with a control engineer who thought his system was air gapped. Read more »
Last week I updated my air gap blog from 2011. I noted some companies (like Siemens) no longer mention air gaps. Then to keep things balanced, I added new examples of consultants that support the air gap theory. In particular, I selected this quote from Paul Ferguson at Trend Micro:
“I’ve written about SCADA issues in the past, but one issue that I’ve consistently tried to emphasize is that critical control systems should never, ever interact nor interconnect with Internet systems in any way, shape, or form. There’s a good reason for this, and it’s always been referred to as the “Air Gap” Principle.” Read more »
Editor’s Note: This is an excerpt from the Practical SCADA Security blog at Tofino Security.
In last week’s blog, Professor Paul Dorey recently presented a paper about the seven important lessons the IT world has learned in managing Advanced Persistent Threats (APTs). In this article, I will discuss lessons #2, #3 and #4, and how to apply these lessons to ICS and SCADA security.
APTs have been discussed in some depth in previous blogs, so if you aren’t familiar with the concept (or need a review) check out Part #1 of this series. If you want real world examples of APTs, especially ones that have impacted the energy and chemical industries, browse some of my previous blogs on Nitro, Night Dragon and Duqu. Read more »
Recently a very complex worm called Flame has been discovered attacking companies in the Middle East, and it is an excellent example of what security experts call an Advanced Persistent Threat (APT). Figuring out how to defend against APTs is a major focus in the IT security world.
Now while Flame was busy attacking the Middle East, I was in Abu Dhabi at the International Cyber Security Forum for Energy and Utilities, listening to a talk by Paul Dorey called “Advanced Persistent Threats – A Real Problem with Real Solutions” (you can download his presentation at the end of this article). Paul’s talk focused on security for the IT industry, but there were important lessons on managing attacks in the ICS / SCADA world. I will focus on one of those lessons in today’s blog. Read more »
|
|
