Digital Bond Labs assess FLIP technology’s unidirectional security

Last month, Digital Bond Labs, a cybersecurity lab focused on finding new security and reliability vulnerabilities in control-system components, performed a security assessment of Waterfall’s FLIP product line. We have great confidence in our solutions at Waterfall, and DigitalBond’s testing verified what we were already convinced of, that the FLIP cannot be transformed into a bidirectional communication channel, nor can it be controlled remotely.

The Waterfall FLIP is type of a hardware-enforced unidirectional security gateway. The technology replicates control system servers to IT networks without enabling anything to move in the opposite direction. When needed, the Waterfall FLIP also replicates servers from IT networks to control networks, for as long as is needed. For example, FLIP products are routinely deployed to replicate historian data out of control system networks nearly continuously, and reverse orientation several times per day so that the FLIP software can fetch anti-virus and other security updates and transmit them to the control system.

Digital Bond’s findings were in line with Waterfalls marketing message for FLIP, stating that:

• It could find no way to transform the FLIP into an interactive bidirectional channel, and that “the FLIP is always a one-way system.”
• IT could find no way to remotely control the FLIP mechanism that reverses direction from either the “inside” or “outside” networks.

Digital Bond concluded that, since the FLIP is unidirectional at all times, and the direction cannot be remotely controlled, “the FLIP is a much stronger security mechanism than a firewall.” Digital Bond Labs’ researchers also concluded that the FLIP “provides a defensive advantage versus. traditional thumb drive data transfers” because the FLIP “provides a single entry point to the control system network that can be hardened and monitored versus thumb drive transfer, which introduces a risk of infection to every system that the thumb drive is connected to.”

Unidirectional security gateways prevent IT security issues from weakening operational technology (OT) security. The verification from Digital Bond Labs serves as assurance that Waterfall solutions are capable of protecting reliability-critical systems and process equipment from security threats. Cyberattacks aimed at control systems have much greater potential consequences than attacks on IT systems. Unidirectional security gateways stop IT network attacks from becoming OT problems.

Waterfall also has FLIP technology solutions for Substations. Learn more on our product page.

January news roundup: Increasing awareness of threats to the power grid

• State of the Union:Finally, an agenda for the 21st century? by Stephanie Condon at CBS News

• Sophisticated hackerstarget the electric industry by Zack Coleman at The Washington Examiner

• Department of HomelandSecurity drops the ball on access control by Tara Seals at Infosecurity Magazine

• UK National Grid underconstant cyberattack by Doug Drinkwater at SC Magazine

The need for stronger critical infrastructure cybersecurity continues to become more evident. Attacks on U.S. and U.K. electric industries continue to increase, and governments are becoming more aware of these problems. President Obama touched on cybersecurity in his State of the Union address, urging Congress to pass legislation that will better protect the nation from attackers. However, his proposals focus heavier on data breach legislation, leaving ample room for improvement when it comes to ICS and SCADA security. Read about these evolving news stories and more in January’s news roundup:

President Obama’s State of the Union address in January hinted at his plans to work on cybersecurity issues. In what is being considered his “21^st century agenda,” Obama includes increasing cybersecurity, as well as investing in security of physical infrastructures. Earlier this month, Obama released a series of proposals to address cyber-related problems. He included in this a plan to enhance government cybersecurity efforts. In his State of the Union address, Obama simply urged Congress to pass the appropriate legislation to prevent cyberattacks. With these plans, he is only scratching the surface of critical infrastructure security.

The growing skills of hackers are challenging security of the electric utility industry. While the energy sector is strengthening its levels of protection, it was the target of 40 percent of cyberattacks in 2013. According to security analysts, the hackers behind these attacks are seeking to inflict serious damage on the energy sector. U.S. officials are warning the industry that the electric grid is quite vulnerable to attacks.

The Government Accountability Office issued a report claiming that the United States Department of Homeland Security (DHS) is not paying enough attention to potential cyberrisks to building and access control systems in federal facilities. The report stated that the DHS has not been addressing risks at nearly 9,000 federal facilities, and that “DHS lacks a strategy that: (1) defines the problem, (2) identifies the roles and responsibilities, (3) analyzes the resources needed and (4) identifies a methodology for assessing this cyberrisk.” The DHS claims that it has not yet created a strategy to deal with this because this issue is slowly emerging.

Parliament member James Arbuthnot made comments that the U.K.’s power grid is under constant attacks from computer hackers. “Our National Grid is coming under cyberattack not just day by day, but minute by minute,” said Arbuthnot. These comments came very soon after the German steel mill attack. However, cybersecurity experts have responded by saying that the energy sector is a common target of attacks. Arbuthnot added that it is the responsibilities of individual companies to make sure they have the proper protection. 

Want to read more industry news? Check out our December news round up.