Wednesday, December 9, 2015

November news roundup: Why the energy sector is at the heart of cybersecurity discussions

In the wake of the ISIS-perpetrated Paris attacks and cyber threats against the U.K., government agencies are stepping up cybersecurity in a bid to detect and defend their critical infrastructure against a cyberattack by ISIS or other hacker groups. At the top of that list is the energy sector. Cybersecurity leaders from several countries have stated their concerns about a cyberattack against the power grid, refineries and oil or gas pipelines, and many of these infrastructures show serious vulnerabilities. For more on these and other stories that captured our attention last month, see our news roundup below. 

Marty Edwards, head of the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), recently spoke with Control Design about security vulnerabilities with IIoT. From unsecured Ethernet on system processors to using store-bought DSL routers to remotely monitor system remote facilities to BYOD, vulnerabilities are rampant. Edwards advises control systems designers to carefully weigh the advantages of connectivity against the potential risks.

Mixing ERP and production systems: Oil industry at risk, say infosec bods (TheRegister, Nov. 18, 2015) Security researchers from ERPScan described at Black Hat Europe how to hack into SAP systems and launch attacks at and take over industrial control systems in the oil and gas sector. “…insecure setups might be exploited to interfere with operational processes and lead to disruptions in production or even sabotage.” This is possible because there is a connection between the control system network and the ERP system through a firewall.

Michel Coulombe, director the Canadian Security Intelligence Service (CSIS), revealed his view that a cyberattack by ISIS or other extremist groups on the country's "critical infrastructure" is "a major threat;” however, others point to major gaps in Canada’s cybersecurity strategy, specifically related o critical infrastructure, such as pipelines.

According to a new report by the Government Accountability Office (GAO), of the 15 critical infrastructures examined, 12 were overseen by agencies without proper cybersecurity metrics or formal methods to essential to protect networks from cyberattacks. These findings may add fuel to the argument that critical infrastructure industries should be required to share cybersecurity data with the government.

The Defense Advanced Research Projects Agency (DARPA) announced the development of a new system designed to support the nation’s electric grid defenses. Called Rapid Attack Detection, Isolation and Characterization (RADICS), the system will detect and automatically respond to cyberattacks on U.S. critical infrastructure. Exact details of what the RADICS system will entail were not disclosed, but the agency will hold a Proposers Day on Dec. 14 to detail it further.

If we’ve learned nothing else in this business, it’s that cyber capabilities evolve slowly. Motive, however, can change in an instant. For organizations like ISIS, motive is in strong supply and the cyberattack capabilities necessary to wreak real havoc can be bought. We cannot sit idle while ISIS or other groups plot against our most critical infrastructures. Our very way of life depends on them.

For more on how our better-than-firewalls unidirectional gateway technology can improve critical infrastructure security, visit our resources page.

Monday, November 23, 2015

Frost & Sullivan recognizes Waterfall Security Solutions for Customer Value Excellence through Technology Convergence for 4th consecutive year

For the fourth year in a row, Frost & Sullivan has recognized Waterfall with a Customer Value Excellence through Technology Convergence award.

This honor is awarded to a company that exhibits exceptional technology convergence impact and customer impact, proving the company’s ability to have consistent growth potential, ROI benefits and a significant impact on the security industry.

Ashay Abbhi, senior analyst at Frost & Sullivan, said, “Frost & Sullivan considers Waterfall’s pioneering solution to potentially become the standard in cybersecurity across industries, brought about by its disruptive technological convergence to secure the most vulnerable and sensitive point of attack – the data.”

Highlighted in the solution assessment is Waterfall’s Application Data Control (ADC) solution, which provides fine-grained policy controls for data in motion through Waterfall’s Unidirectional Security Gateway and FLIP products. The ADC add-on provides in-line controls for data movement, content restrictions, in-line anti-virus scanning and other/custom scanning and verification of files, BLOBs and any suspect or sensitive content. ADC controls can be applied to support data exfiltration prevention as well as powerful controls over data permitted back into critical networks.

“Waterfall enables safe IT/OT integration while ensuring the amalgamation of data from these silos is secured and the vulnerability removed by moving the data in only one direction instead of the customary bidirectional movement,” Abbhi added.

We’re honored to have earned Frost & Sullivan’s recognition once again. This award is testament to the needs for stronger-than-firewall security solutions for industrial control systems and further validates our product and commitment to safeguarding these important assets.

To learn more about our technology and how it protects ICS, visit our Resources page.

Wednesday, November 18, 2015

Waterfall/Area 81 Racing Team post two SARRC wins at VIR Goblins Go to end season

The Waterfall/Area 81 Racing team ended its 2015 season with the grit and dedication we’ve come to expect, pulling out two wins as it participated in its last South Atlantic Road Racing Championship (SARRC) race. Both Area 81 F1000 cars had to move at lightning speed to prep for the “Goblins Go” race at the Virginia International Raceway after a busy three weeks racing in Daytona, Florida and Bloomingdale, Georgia.

It was a busy and successful racing season for the Area 81 team with multiple wins and several personal bests. In the final race of the season, Richard Franklin, Car 81, qualified on the outside Front Row and F1000 pole position in the first race. He was in the lead almost throughout the entire race and improved his best lap time by two seconds. However, Sunday’s race brought about recurring electrical issues as his Stohr F1000 came to a stop on the warm-up lap due to battery failure.

“Missed opportunities and mixed emotions pretty much sums up my weekend at VIR,” said Franklin. However, he added, “Improving my personal best lap time by nearly two seconds at VIR was very exciting.”

Despite being slowed by lapped traffic throughout the race, Tim Pierce, Car 18, gained three positions to finish a strong second and third overall during race 1. In race 2, he had better luck, finishing in first place for the F1000 class.

“During the race my car handled very well, but I was unable to get adequate drive out of the turns due to a slipping clutch, and I was lucky to pull out the win,” said Pierce. “My car is due for a fresh engine over the winter, so we’ll be ready come March.”

The short turnaround time between races had an effect on the Area 81 team, leaving little time to fully address mechanical difficulties. The team will be taking some time off through the holidays to make the necessary repairs to their cars and further develop their F1000’s. Stay tuned to Waterfall's blog, as well as and the Area 81 racing Facebook page for updates on the 2016 season.