Thursday, January 22, 2015

Schneider Electric Accredits Waterfall’s Unidirectional Security Gateways as “Technology Approved”

Last June, Waterfall Security was welcomed into the Schneider Electric Collaborative Automation Partner Program (CAPP) to bring our stronger-than-firewalls Unidirectional Security Gateways to Schneider Electric customers in nearly 200 countries to ensure the safety and reliability of control system networks. Since joining the program, we have expanded our suite of hardware-enforced security solutions to include Waterfall for ClearSCADA, which securely integrates Schneider Electric ClearSCADA systems and corporate networks, with additional solutions under development. And now, Waterfall’s Unidirectional Security Gateways have passed the vigorous testing of the Schneider Electric interoperability labs to be accredited as “technology approved.”

Schneider Electric is embracing evolving best practices in critical infrastructure cybersecurity to offer customers sophisticated, hardware-enforced protections to ensure the safety and reliability of critical control systems. Accrediting Unidirectional Security Gateways as technology approved gives Schneider Electric customers additional options to strengthen their defense-in-depth cybersecurity programs. Waterfall technologies, such as the award-winning FLIP™, are compatible with Schneider Electric solutions, and facilitate the safe and secure integration of IT and OT networks while protecting critical systems from attacks ranging from garden-variety malware to the most sophisticated targeted attacks.

Cyberattacks against critical infrastructure are a very real threat. Just last month it was disclosed that a German steel plant suffered a cyberattack, resulting in massive physical damage to a blast furnace. This incident exemplifies the dangers of connecting vulnerable OT networks to the Internet – either directly or indirectly – and so opening a door for hackers to compromise critical systems. While the demands of modern day business operations calls for network integration to enable real-time insight into control system networks, this integration must be done with worker and citizen safety in mind.

Schneider Electric’s commitment to best-in-class cybersecurity solutions speaks volumes to their dedication to customers. We have great expectations for strengthening our partnership with Schneider Electric, and furthering our mutual goals of improving the cybersecurity posture of critical infrastructure sites across many industries.      

Want to learn more about our partnership with Schneider Electric? Check out Waterfall CEO and co-founder Lior Frenkel’s guest post on the Schneider electric blog.    

Tuesday, January 13, 2015

December news roundup: Critical infrastructure cyberattacks overshadowed by Sony data breach

In what was one of the biggest cybersecurity stories of 2014, Sony Pictures fell victim to a major data breach where terabytes of information was stolen that was then slowly leaked to the public over the course of weeks. The ensuing scandal over embarrassing executive emails and the revelation that North Korea may have been the culprit, spurring fears of cyberwar, dominated the December headlines. It overshadowed other important industrial cybersecurity stories with implications for the state of the industry as we head into 2015. These stories included the disclosure of a cyberattack against a German steel mill that caused massive damage to a blast furnace, and the discovery of a computer worm that was removed from devices connected to industrial control system (ICS) networks at a South Korean nuclear operator. Read about these developing stories and more in this month’s news roundup:

The German Federal Office for Information Security (BSI) disclosed in its annual report a cyberattack against a steel mill blast furnace, causing massive physical damage. Hackers were able to infiltrate the plant by stealing the credentials of employees that had access to control system networks. This is a major cyberevent, and serves as a wake-up call for the evolving capabilities of modern-day adversaries as it is one of the best examples of how a cyberattack can be a threat to safety and reliability.

When investigating a non-critical data breach from earlier in the month, a South Korean nuclear facility discovered a computer worm on certain devices that were connected to control system networks. While no control systems were compromised by the virus, it underscores the security concerns of IT corporate networks with critical OT networks. Any control system network connected directly or indirectly to the internet must have security defenses in place to ensure the continued safety and reliability of protected systems.
In what would surely require a re-write of industrial cybersecurity history, Bloomberg reported that a cyberattack was behind a Turkish oil pipeline fire in 2008. If the report is accurate, then the incident took place two years before the infamous Stuxnet worm damaged centrifuges at an Iranian nuclear facility. The Turkish oil pipeline event would be one of the earliest-known examples of a high-impact cyberattack on critical infrastructures. For the world, it’s just another reason why cybersecurity is just as important as physical security.

Iranian hacker activity has picked up around the globe, compromising computer networks, government agencies and critical infrastructure sites in the U.S. in a campaign called “Operation Cleaver.” While Iranian hackers are nothing new, the story offers evidence that the threats out there are real and they need to be taken seriously. With new recruits coming in daily, our adversaries and their capabilities keep getting stronger. Critical infrastructures need to keep strengthening their defenses as well, including the latest best practice, stronger-than-firewall protections, to stay one step ahead.

Want to read more industry news? Check out our November news roundup