Tuesday, July 21, 2015

Waterfall/Area 81 team succeeds despite inclement weather on Fourth of July weekend

A short trip away from its headquarters in North Carolina, the Waterfall/Area 81 Racing team traveled to Roebling Road Raceway in Savannah, Ga., for the SECS.

Richard Franklin, driver of car 81, planned to use these races to prepare for October’s SARRC Invitational Challenge Championship race; Tim Pierce, of car 18, planned to do the same for the 2015 Runoffs in September. This boded well for the team on Saturday, as it qualified third and fourth overall. Franklin finished first in SARRC and Tim finished second in SECS.

However, Sunday’s races were cancelled due to unstable weather.

“The whole team weathered the storm and sacrificed its comfort and well-being to get the car to the grid. We would not be successful without these efforts,” said Pierce.

Franklin added, “Hopefully, those who showed up on grid will receive Championship points for their efforts.”

All in all, it was a productive weekend for the team, proving once again that it can continue to capture Championship points among unforeseen circumstances.

The team continues its 2015 racing schedule at Charlotte Motor Speedway for the Daylight-into-Dark Double SARRC/SECS on Aug. 15 and 16. Be sure to stay tuned to www.Area81Racing.com and our Facebook page for updates.

Thursday, July 16, 2015

Digital Bond Labs assess FLIP technology’s unidirectional security

Last month, Digital Bond Labs, a cybersecurity lab focused on finding new security and reliability vulnerabilities in control-system components, performed a security assessment of Waterfall’s FLIP product line. We have great confidence in our solutions at Waterfall, and DigitalBond’s testing verified what we were already convinced of, that the FLIP cannot be transformed into a bidirectional communication channel, nor can it be controlled remotely.

The Waterfall FLIP is type of a hardware-enforced unidirectional security gateway. The technology replicates control system servers to IT networks without enabling anything to move in the opposite direction. When needed, the Waterfall FLIP also replicates servers from IT networks to control networks, for as long as is needed. For example, FLIP products are routinely deployed to replicate historian data out of control system networks nearly continuously, and reverse orientation several times per day so that the FLIP software can fetch anti-virus and other security updates and transmit them to the control system.

Digital Bond’s findings were in line with Waterfalls marketing message for FLIP, stating that:

  • It could find no way to transform the FLIP into an interactive bidirectional channel, and that “the FLIP is always a one-way system.”
  • IT could find no way to remotely control the FLIP mechanism that reverses direction from either the “inside” or “outside” networks.

Digital Bond concluded that, since the FLIP is unidirectional at all times, and the direction cannot be remotely controlled, “the FLIP is a much stronger security mechanism than a firewall.” Digital Bond Labs’ researchers also concluded that the FLIP “provides a defensive advantage versus. traditional thumb drive data transfers” because the FLIP “provides a single entry point to the control system network that can be hardened and monitored versus thumb drive transfer, which introduces a risk of infection to every system that the thumb drive is connected to.”

Unidirectional security gateways prevent IT security issues from weakening operational technology (OT) security. The verification from Digital Bond Labs serves as assurance that Waterfall solutions are capable of protecting reliability-critical systems and process equipment from security threats. Cyberattacks aimed at control systems have much greater potential consequences than attacks on IT systems. Unidirectional security gateways stop IT network attacks from becoming OT problems.

Waterfall also has FLIP technology solutions for Substations. Learn more on our product page.

Tuesday, July 14, 2015

June news roundup: How safe is the U.S. power grid?

Are the U.S. power grid and other critical infrastructures safe from cyberattacks? According to recent news and research, the answer is no. Reliance on the power grid is increasing, as are the threats that plague it. Read the latest on the risks to U.S. critical infrastructure below in this month’s news roundup.

A Critical Threat (SC Magazine UK, June 30)
Attacks to Iran’s nuclear plants and last year’s attack on a German steel mill prove the level of damage that can be done with little effort. Critical infrastructure can easily be penetrated; therefore, SCADA devices that aren’t secure are causing growing concern. These threats are fueling global legislation.

According to former Secretary of Defense William Cohen, the U.S. power grid is becoming increasingly vulnerable to terrorist attacks. These attacks, he stresses, are likely to be cyberattacks, which have the capability to completely shut down the power grid. Furthermore, the American Society of Civil Engineers (ASCE) did a formal review of the U.S. power grid, which resulted in a barely passing grade of D+. This grading shows that U.S. critical infrastructure is in poor condition with a strong risk of failure. That being said, there is not enough attention or funds dedicated to secure the power grid.

Attacks on industrial control systems and SCADA systems are increasing at a rapid rate. According to a recent survey by the SANS Institute, more than 30 percent of respondents said their organizations’ control systems have been breached. Of those, 17 percent acknowledged six or more breaches so far this year alone.

Has the Obama administration done enough to protect the U.S. power grid? A former CIA director says no. According to R. James Woolsey, the country has done a poor job protecting the critical infrastructure that includes the Internet and the power grid. He proposes a few reasons as to why security has not been a high priority in the U.S., including the administration’s lack of focus on this issue. He says that the U.S. power grid has 18 critical infrastructures, with 17 of them relying on electricity. If the entire power grid is hacked, so many things are at risk: food, water and even lives.

Will America’s Power Stay On? (Homeland Security Today, June 13)
Aside from the risk of cyberattacks, security and energy experts are also warning that the U.S. power grid is equally vulnerable to natural factors that could result in outages across the country. According to a recent Johns Hopkins University study, there are shortcomings across all 50 states, such as variations of standards and lack of accountability at the national level. The report states that these shortcomings, if not addressed soon, could be exposed on a much larger scale. The North American Electric Reliability Corporation (NERC) has failed to produce enforceable standards and, as a result, outages will likely occur.

Want more critical infrastructure news? Read last month’s news roundup