Protecting TV Stations

I was at a security conference recently, and a representative of a television station approached me. He had seen coverage of the hack of the French television station TV5Monde by ISIS and needed to know what he could do to prevent a similar incident at his own station.

I admit that, when I first saw coverage of the attack on the TV station, I dismissed it as yet another IT network breached that was not directly relevant to Waterfall's focus on industrial control systems.

The security manager from the TV station, though, explained to me that, in fact, the station had a control system and leased network connections for its physical broadcast towers, controlling characteristics of the physical broadcast and, of course, feeding signal into the towers to broadcast. Much of the signal is recorded, but some of it is live.  The station never wants a cyber assault to hijack its signal the way TV5Monde was hijacked, right through what the TV5Monde described as a "very strong firewall."

The more I heard, the more it became clear that this was a classic control system problem. The computer control system controlled the physical broadcast and needed continuous communications with corporate monitoring and billing systems. The system also had occasional needs to pick up new, approved, recorded video content from external sources, and to receive live feeds for broadcast. Unidirectional gateways support continuous monitoring without introducing vulnerabilities that always come with firewalls. The FLIP enables occasional updates of scheduled, recorded material in a queue for broadcast, and a variety of mechanisms support occasional live broadcasts, depending on circumstances of the broadcast and the source of the live feed.

Targeted attacks are everywhere nowadays. It seems not even television stations want to entrust their broadcasts and their reputations to firewalls any more.

April news roundup: The results are in…

Critical infrastructure security was a major topic among analyst firms and researchers in April. If you didn’t stay up to date with the findings throughout the month, we prepared a brief recap for you. Included are findings from Dell’s survey on cybersecurity and a report by the Organization of American States. Read more in this month’s news roundup.

Hacks on critical infrastructure are more common than you think (The Inquirer - April 7, 2015)
In a recent report, the Organization of American States found that hackers commonly seek to destroy major critical infrastructures. The report shows that 54 percent of the 575 companies polled encountered attempts to manipulate control systems. Even more troublesome is that 60 percent of the companies detected attempts to steal data.

Cyberattacks on SCADA and industry double in 2014, says Dell (Fox News – April 8, 2015)
Analysis from Dell’s intelligence network shows attacks against SCADA systems have doubled in the last few years. These attacks on industrial systems can cause more damage than traditional hacking because of the risks they pose to critical infrastructures. Of the attacks that Dell investigated, most were against Finland, the U.K. and the U.S. since industrial control systems are commonly used in these countries. Dell also noticed a rise in point-of-sales malware and attacks on payment infrastructure, leading to some of the highest-profile breaches in history.

Are you prepared? This year's fastest growing security threats (Business News Daily - April 14, 2015)
In a more detailed article about the Dell study, Business News Daily offers some key insights from the results. Attacks against SCADA systems are the third largest security threat that businesses should be planning for in 2015. These attacks often go unreported, and when combined with the U.S.’s aging infrastructure, they present huge security risks.

The U.S.’s energy infrastructure will need major changes, says Obama report (Washington Post – April 21, 2015)
According to a recent report released by the Obama administration, the U.S. electric grid will require major changes to adapt to future national security challenges. The report comes in the wake of new developments to the grid system, increased threats from hackers and climate extremes, among other developments.

Protect cybersecurity spending to avoid attacks on energy infrastructure (Newsweek - April 27, 2015)
According to analysts, defense budget cuts have left the U.K. open to cyberattacks. Ewan Lawson, senior military research fellow at the Royal United Services Institute, recommends increasing budgets for cybersecurity to prevent attacks on energy infrastructure. He also points to the German steel mill attack, which caused massive damage to the plant control system. An additional report by cybersecurity firm Cylance Corporation shows Iranian actors have hacked into critical infrastructures in the U.K., France, Germany and the U.S.

Did you miss March’s critical infrastructure security news? Check it out in last month’s industrial security news roundup.

April 25-26th, 2015 – Waterfall/Area 81 Adds Another Epic Battle to the History Books

The Waterfall/Area 81 Racing team returned to Roebling Road Raceway in Savannah, Ga., for the Jim Stark Memorial Double SARRC/SECS.  Seven years after the team was formed, both Tim and Richard are in the hunt for championships. Tim placed second in SECS both races, while finishing third on Saturday overall and second on Sunday overall. Richard earned first-place finishes both days in SARRC with a fourth overall and a third overall.

Throughout Saturday severe thunderstorms pelted the area including lightning, 80 mile-per-hour winds and 2-3 inches of rain. At the start, Tim passed seven cars before Turn 1 and soon another epic battle between Area 81 teammates would ensue. Each lap, Tim would pull away in the first sequence of turns, only to have Richard threaten in the second half of the course. A disabled car in Turn 1 brought out a standing yellow caution, which thwarted Richard’s plans to pass from Tim’s draft on the front straight. 

Sunday’s race featured sunny skies and expected temperatures into the 90s. Richard qualified on the second row and Tim directly behind on the third row. This time, Richard fended Tim off at the start for five laps until Tim drafted going into the first turn. The teammates resumed their fight, but both encountered lapped traffic. Tim passed two lapped cars deep into Turn 1, leaving Richard to wait to get around. By the time he was able to navigate around the slower cars, it was too late.

“My car had the same shifting issues from the last event, and I wasn’t as fast as I expected to be,” Tim Pierce, driver of Car 18, said. “(Franklin’s car) was definitely the faster car this weekend.”

Franklin said, “It’s no secret that Roebling is my favorite track, and I felt confident all weekend that sufficient speed was in the car. On Saturday, I drafted alongside Tim for at least nine laps every time down Roebling’s front stretch. … On Sunday, I led him for five laps, but we were able to draft by. Going nose-to-tail for lap after lap is why I love racing.”

The team continues its 2015 racing schedule at the SARRC/MARRS Double SARRC/SECS at VIR on May 8 and 9 near Danville, Va. Be sure to stay tuned to www.Area81Racing.com and our Facebook page for updates.

Waterfall, Kuppinger Cole Highlight OT Challenges, Solutions in Webinar

Last month, I joined Martin Kuppinger and Alexei Balaganski in a webinar titled “Industrial Control System Security: Getting a Grip on OT Cyber Security.”

To start the webinar, Kuppinger, founder and principal analyst for KuppingerCole, discussed the challenges presented to securing technology in the modern business. “The computing troika” presented by Kuppinger demonstrates the challenge Internet connectivity presents. Cloud computing, mobile computing and social computing are all driving increased network connectivity. The “Internet of Things” means every “thing” has a CPU and a network connection, and every employee carries with them many “things” and uses these and many more connected “things” all day long.

Balaganski, senior analyst for KuppingerCole, illustrated the differences between IT and OT in terms of their scope, devices and focus. IT security is about confidentiality, authenticity and business continuity. OT security, on the other hand, is focused primarily on defending personnel safety systems and equipment protection systems, and secondarily on defending the correct and reliable operation of the industrial process. This, naturally, means the consequences of failure for IT and OT security systems are far different.

Waterfall then discussed IT/OT integration solutions. The fundamental problem with greater connectivity is that all software can be compromised, such compromise can propagate via network messages and, fundamentally, firewalls forward messages. Firewall are routers with filters – they look at each message and either forward it, or not. Why does it make any sense to forward messages from IT networks, which are constantly exposed to attack from electronic mail and the Internet, to industrial networks, which control costly and dangerous physical processes? Every such message could be an attack.

Unidirectional Security Gateways allow information from industrial networks to travel to corporate networks, where business users and applications can query that data and profit from it, without ever allowing a message or any information at all back into the control system network. Hardware-enforced security solutions allow organizations to access real-time data as necessary, without the possibility of any attack reaching from the Internet or the corporate network through the system to threaten operations.

Listen to the webinar here. When you do, let us know what you think.

March news roundup: Hacks to industrial control systems continue

In case you weren’t able to keep up on this month’s critical infrastructure security news, below is a recap for you. As you’ll see, hacks to industrial control systems are increasing and there was no shortage of them in this month’s news, including attacks to a South Korean nuclear power plant and possible threat to U.S. airports and air traffic control centers. Read more in March’s news roundup:

NorthKorea 'Hacked' South Korean Nuclear Power Plant Operator
South Korea blamed North Korea for hacking and stealing data from one of its nuclear power plants. Blueprints of South Korean plants were posted on Twitter from an IP address located in North Korea. The attacks in question took place in December, shortly after the hack on Sony Pictures. Investigators, however, have found that South Korea’s nuclear plant management was not compromised and no critical data was leaked.

USindustrial control systems attacked 245 times in 12 months
In an ICS-CERT report, it was proven that U.S. industrial control systems encountered cyberattacks more than 245 times in the last year. The report, which covered the 2014 fiscal year, included all cyberattacks received and responded to by ICS-CERT. Fifty-five percent of these attacks showed signs of advanced persistent threats. Also, it should be noted that the energy sector accounted for 79 of the 245 attacks.

Kaspersky:‘A very bad incident’ awaits critical infrastructure
According to Eugene Kaspersky, founder of Kaspersky Lab, cyberterrorism is a looming threat to power grids, water supply systems and other critical infrastructure. The threats against critical infrastructure are increasing and hackers are learning more techniques from the exposure of these attacks. Kaspersky suggests international cooperation between security services may help defend against these attacks.

CyberspaceConflict Growing More Destructive, NSA’s Chief Says
According to NSA chief Rogers, there is a possibility that potential adversaries intentionally left evidence of an ICS hack in order to send a message to the U.S. that it is at risk of a destructive attack. To address the increasing risk of cyberattacks against U.S. organizations, Cyber Command is creating teams to defend military networks and assist commanders with a goal of having 6,200 personnel to operate in the next two years.

YourNext Flight Could Be Hit By a Cyber Attack    
The National Airspace System, which is responsible for controlling U.S. airports and air traffic control centers, is at risk for cyberattacks. According to a new report from the Government Accountability Office, hackers now have the capability to disrupt air traffic control operations. This report also made 17 public recommendations, including provisions to the training of cybersecurity employees.

Do you want to read more industrial security news? Check out last month’s news round up here.