Monday, April 13, 2015

Waterfall, Kuppinger Cole Highlight OT Challenges, Solutions in Webinar

Last month, I joined Martin Kuppinger and Alexei Balaganski in a webinar titled “Industrial Control System Security: Getting a Grip on OT Cyber Security.”

To start the webinar, Kuppinger, founder and principal analyst for KuppingerCole, discussed the challenges presented to securing technology in the modern business. “The computing troika” presented by Kuppinger demonstrates the challenge Internet connectivity presents. Cloud computing, mobile computing and social computing are all driving increased network connectivity. The “Internet of Things” means every “thing” has a CPU and a network connection, and every employee carries with them many “things” and uses these and many more connected “things” all day long.

Balaganski, senior analyst for KuppingerCole, illustrated the differences between IT and OT in terms of their scope, devices and focus. IT security is about confidentiality, authenticity and business continuity. OT security, on the other hand, is focused primarily on defending personnel safety systems and equipment protection systems, and secondarily on defending the correct and reliable operation of the industrial process. This, naturally, means the consequences of failure for IT and OT security systems are far different.

Waterfall then discussed IT/OT integration solutions. The fundamental problem with greater connectivity is that all software can be compromised, such compromise can propagate via network messages and, fundamentally, firewalls forward messages. Firewall are routers with filters – they look at each message and either forward it, or not. Why does it make any sense to forward messages from IT networks, which are constantly exposed to attack from electronic mail and the Internet, to industrial networks, which control costly and dangerous physical processes? Every such message could be an attack.

Unidirectional Security Gateways allow information from industrial networks to travel to corporate networks, where business users and applications can query that data and profit from it, without ever allowing a message or any information at all back into the control system network. Hardware-enforced security solutions allow organizations to access real-time data as necessary, without the possibility of any attack reaching from the Internet or the corporate network through the system to threaten operations.

Listen to the webinar here. When you do, let us know what you think.

Thursday, April 9, 2015

March news roundup: Hacks to industrial control systems continue

In case you weren’t able to keep up on this month’s critical infrastructure security news, below is a recap for you. As you’ll see, hacks to industrial control systems are increasing and there was no shortage of them in this month’s news, including attacks to a South Korean nuclear power plant and possible threat to U.S. airports and air traffic control centers. Read more in March’s news roundup:

NorthKorea 'Hacked' South Korean Nuclear Power Plant Operator
South Korea blamed North Korea for hacking and stealing data from one of its nuclear power plants. Blueprints of South Korean plants were posted on Twitter from an IP address located in North Korea. The attacks in question took place in December, shortly after the hack on Sony Pictures. Investigators, however, have found that South Korea’s nuclear plant management was not compromised and no critical data was leaked.

USindustrial control systems attacked 245 times in 12 months
In an ICS-CERT report, it was proven that U.S. industrial control systems encountered cyberattacks more than 245 times in the last year. The report, which covered the 2014 fiscal year, included all cyberattacks received and responded to by ICS-CERT. Fifty-five percent of these attacks showed signs of advanced persistent threats. Also, it should be noted that the energy sector accounted for 79 of the 245 attacks.

Kaspersky:‘A very bad incident’ awaits critical infrastructure
According to Eugene Kaspersky, founder of Kaspersky Lab, cyberterrorism is a looming threat to power grids, water supply systems and other critical infrastructure. The threats against critical infrastructure are increasing and hackers are learning more techniques from the exposure of these attacks. Kaspersky suggests international cooperation between security services may help defend against these attacks.

CyberspaceConflict Growing More Destructive, NSA’s Chief Says
According to NSA chief Rogers, there is a possibility that potential adversaries intentionally left evidence of an ICS hack in order to send a message to the U.S. that it is at risk of a destructive attack. To address the increasing risk of cyberattacks against U.S. organizations, Cyber Command is creating teams to defend military networks and assist commanders with a goal of having 6,200 personnel to operate in the next two years.

YourNext Flight Could Be Hit By a Cyber Attack    
The National Airspace System, which is responsible for controlling U.S. airports and air traffic control centers, is at risk for cyberattacks. According to a new report from the Government Accountability Office, hackers now have the capability to disrupt air traffic control operations. This report also made 17 public recommendations, including provisions to the training of cybersecurity employees.

Do you want to read more industrial security news? Check out last month’s news round up here.