April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Protecting the power grid

By Ken Westin

Federal Energy records show that the nation’s power grid is under some kind of physical or cyber attack nearly once every four days. Over the last few years the proportion of cyber security attacks targeting power grids and transportation networks around the world has increased and this problem is particularly acute in the U.S. At a House Intelligence Committee hearing last November, NSA Director Admiral Michael Rogers revealed that several foreign governments had already hacked into U.S. energy, water and fuel distribution systems. While it’s not possible for any organization to guarantee complete cyber security, there are a number of specific actions that can significantly reduce these risks and improve the ability to detect and respond to cyber attacks in progress.

One of the key reasons critical infrastructure cyber attacks are increasing is that these organizations have become easier to compromise. Most industrial control systems use antiquated software and protocols designed primarily for stability and efficiency, not security. None of these systems were designed to be accessed through the modern interconnected networks used in energy organization around the world today. Where ever industrial controls systems touch traditional IT networks, even indirectly, cyber security risks increase dramatically.

Securing the Grid: Essentials

Industrial control networks were not designed to be connected to corporate networks and to the Internet. For example two common industrial Modbus and DNP3 were designed to be both efficient and reliable, with a key goal of avoiding downtime and ensuring systems remained running and stable. Due to the way these protocols were designed they by their very nature do not have any security controls in place like we see with other protocols widely used on the Internet like HTTP. There is no encryption or even authentication mechanisms with these protocols, which makes it very dangerous once connecting an industrial network to a traditional corporate IT network.

Ideally, ICS/SCADA systems should be segmented and remain as isolated as possible from traditional IT networks because many of the ICS systems lack even basic security mechanisms such as authentication and access controls. Often, network segmentation and isolation are often the only viable security options for ICS devices.

NIST SP800-82 R2 is an excellent resource for energy organizations looking to reduce their cyber security risk profile. This document prescribes a defense-in-depth strategy that uses layers of security controls so that the failure of any single control is minimized. The 20 Critical Security Controls (http://www.counciloncybersecurity.org/critical-controls/) can be combined with NIST SP80082 R2 to build a prioritized list of controls to create a “defense in depth” strategy. The first four of the 20 CSC focus on foundational controls that must be in place for a layered security architecture to be effective, so these controls are a great place to start. These basic controls include a complete inventory of hardware devices, a complete inventory of software, a process to maintain secure configurations, and a continuous vulnerability assessment and remediation process.  

The combination of SP800-82 and the 20 CSC are particularly effective for energy organizations when used together. This is because SP800-82 tailors the implementation of the 20 CSC to the unique requirements of industrial environments and their application to Information Technology (IT) and Operational Technology (OT) environments.

Reducing the Attack Surface

Industry research and breach analysis indicates that organized syndicates of cyber criminals are targeting energy organizations by taking advantage of specific features within ICS systems and ‘Trojan-izing’ ICS firmware updates. These groups are also stepping up phishing attacks against engineers and plant personnel in order to gain access to energy networks. These same attacks have been used against  IT environments in the private sector for years and as a result, technology has emerged that can better identify these newer forms of weaponized, highly-evasive malware. Energy organization evaluating these technologies should carefully evaluate vendors and solutions since not all of them are adapted to ICS devices and uptime and reliability requirements.  

The good news is that energy organizations are already grappling with NERC and FERC compliance mandates and these efforts include many security concepts fundamental to an agile, effective security program. Comprehensive cyber security programs for the energy grid that continually reduce cyber security risk and quickly detect any attacks that slip through existing defenses are possible.

The technology solutions and processes necessary to dramatically improve the security of the energy grid are available today; we just need to make the investments necessary that make it happen.

Ken Westin is a security analyst for Tripwire. He is an experienced security researcher and analyst who has worked with law enforcement and journalists to uncover organized cybercrime rings with a special focus on incident detection, forensics and threat intelligence.

 

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...