Paul Feldman, director of Midcontinent ISO, and Dan Hill, board member for the New York ISO, recently published “Cybersecurity: IT vs. OT, and the Pursuit of Best Practices” in the January 2016 edition of Electricity Policy. The article reviews the state of control system security in the power grid and makes recommendations to improve security. A central recommendation in the article is that “it’s time for transmission and distribution companies to install unidirectional gateways between their SCADA/OT networks and their business networks.” At Waterfall Security, we are steadfast in maintaining that increased use of unidirectional security gateways will measurably improve the security and the reliability of the Bulk Electric System. It is rewarding to see these experts agree.
In their article, Hill and Feldman review ongoing efforts by the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) to have industry regulations reflect the current threat landscape. The authors point out that cybercriminal sophistication has outpaced the resulting regulations, and observe that:
“(A) special methodology to bridge IT and OT/ICS systems is now required in all nuclear plants,” the two authors wrote. “That methodology employs a hardware-based unidirectional gateway … to move data from the OT/ICS network to the IT/business network on a real-time basis.”
The article goes on to explain that using a unidirectional security gateway eliminates the threat of network attacks moving from an IT network into an industrial control system (ICS) network.
“Firewalls are also becoming more sophisticated and more complicated to manage,” the authors write. They continue, pointing out that “It’s an arms race between the firewall providers and attackers. Separate from the arms race, but related to whether the good guys or the bad guys can develop sophisticated software faster, there is also the bug issue. Firewalls are enabled by software, and software often contains bugs.” Firewalls are simply not adequate to deflect modern attacks on industrial control systems.
Hill and Feldman point out that adequate, modern ICS security is very different from doing the minimum to avoid a fine. Unidirectional security gateways eliminate the threat of remote-control and other network attacks from business networks and from the Internet. Eliminating these threats entirely is far more effective than continuing a cat-and-mouse battle with attackers.