Top Ad unit 728 × 90

Lastes News


Critical infrastructure and Industrial Cyber Security evolve as we move into the Internet of Things

Motivated hackers with an agenda and sophisticated malware that’s been targeting critical infrastructure like nuclear power plants (utilizing numerous 6 figure 0-day exploits, clearly evidencing nation-backed cyber warfare) have accelerated the need for the next generation of industrial cyber security. One can also take these as examples that showcase the wide range of potential threats currently looming over critical infrastructure that supports everyday life in the 21st century. Major players in the business are taking heed and expanding their efforts to adapt their systems.

What’s also incredibly troubling is the fact that widely used cloud service providers -most recently Dropbox- can’t even be trusted to properly secure user data. In the case of the Dropbox leak, user’s emails and password hashes were being stored as several gigabyte plain text files on an employee’s workstation.  And this is just one of the many examples emerging that uncovers how companies have been hiding their embarrassing data breaches and appalling practices.

If prosperous attacks on user data are so prevalent, what’s stopping more resourceful entities from successfully targeting our critical infrastructure?

Nothing. Attacks on critical infrastructure have been a thing for the past decade, but what’s most alarming is that in some sectors the frequency of the attacks has easily doubled in 2016 alone.

In this day and age, no one is truly safe from incentivized, highly skilled hackers with constantly developing collaborative resources at their disposal. With time on their side, all it takes is that one successful breach for the system that had blocked the previous thousand failed attempts, to be compromised. The recently released information on the undoubtedly fruitful hacks against 3 letter agencies like the NSA have shown just how vulnerable anyone is. Companies with billions in resources like Apple, Sony and Microsoft have all suffered constantly at the hands of hungry black hat [and even well-intentioned white hat] hackers.
Industrial Cyber Security
Companies expected to double down on spending for cyber security

Though very expensive, these attacks were not without their lessons. Companies in the trade are frequently augmenting and polishing their security systems, practices and policy’s, at least if they want to remain as a usable option in the field. Even though many compromised businesses find themselves reluctant to divulge to the public any breaches they’ve had, most are (albeit quietly for fear of public backlash) increasing their cyber security budget to mitigate future compromises.

“Cybercrime costs were widely reported in 2015 as costing businesses globally between $400 and $500 billion annually” – comment from J P Morgan.
And it’s been estimated to continue growing to over $2 trillion by the end of 2016. This grim outlook has logically prompted companies to step up their efforts in an attempt to thwart these mounting losses of both assets and public image.

industrial Cyber Security

I will now be focusing on Industrial Cyber Security, its importance in critical infrastructure, what exactly defines critical infrastructure and what it entails.
The US government has singled out the 16 sectors whose systems, networks and assets (either physical or virtual) are so incredibly vital to the economy that their impairment or incapacitation would greatly weaken national security, public health safety, the economy and nation at large.
List of the 16 different sectors that comprise Critical infrastructure and the ICS (Industrial Control Systems) market:

Chemical Sector
Commercial Facilities Sector
Communications Sector
Critical Manufacturing Sector
Dams Sector
Defense Industrial Base Sector
Emergency Services Sector
Energy Sector
Financial Services Sector
Food and Agriculture Sector
Government Facilities Sector
Healthcare and Public Health Sector
Information Technology Sector
Nuclear Reactors, Materials, and Waste Sector
Transportation Systems Sector
Water and Wastewater Systems Sector

Simply taking a glance at this list is enough to see why attacks on any of these sectors would have widespread consequences. Especially with absolutely critical services like energy and transportation where they have the domino-like power to cripple every other critical sector in its wake.
Given the ever increasing demands for interoperability, interconnection and automation there’s really no way to halt the current progress towards the IoT. That includes critical infrastructure as well, and many companies are rolling out new solutions that meet the growing needs of the industrial cyber security industry.

Legacy technology in critical infrastructure is a major hurdle in developing new technologies for the existing systems
When it comes to adopting new technology into existing infrastructure, one of the defining requirements is compatibility with legacy protocols. Due to the great diversity of hardware and implementations in the industry, it becomes necessary for emerging platforms to integrate as many different compatibility layers for these legacy systems into their solutions, so as to be compatible with as much existing infrastructure as possible.
Special SCADA certified software platforms running on top of purpose built x86 hardware (example pictured below) is currently the go to solution in this market; where reliable security will always remain one of the primary goals. Taking into account the existence of nation-sponsored malware like Stuxnet which has demonstrated the vulnerability in PLC’s and current systems, the appearance of hardened appliances custom tailored towards protecting every aspect of critical infrastructure is a logical evolutionary step in these designed for next generation security systems.

Industrial Cyber security
Lanner LEC-6020 -x86 Industrial Cyber Security platform IEC 61850-3/IEEE 1613 compliant

IEC 61850-3, being the communication standard for Electrical substation automation systems, makes this a good example of a next-generation platform purpose-built for the energy sector of ICS. These x86 hardware platforms, architected with industrial cyber security in mind, offer the next step in protecting critical infrastructure. Ruggedized and with a wide-operating temperature range, they have the ability to sit in-between existing automation systems and PLC’s; therefore providing the full spectrum of redundancy, monitoring, integrity checking(i.e. compromised PLC’)s, and automation the developing industry will need in order to implement a properly secure system in this day and age.
Vendors in the industry are coming up with solutions compatible with SCADA standards that provide complete network visibility and malicious activity detection. They are able to provide their solution for the multitude of legacy systems that exist within traditional critical infrastructure by leveraging the flexibility afforded by x86 platforms. Integrating all the different protocols and capabilities into a standard x86 appliance- or better yet ruggedized purpose-built hardware.

In Conclusion:

While 100% secure systems only exist as the nightmare that keeps the NSA up at night, achieving a viable real-word solution through the use of newer technologies, better practices and security policy’s is currently possible. It’s only a matter of when privately owned companies (which make up a majority of the industry) decide to adapt their critical infrastructure for the interconnected world, or risk losing the edge to those that do.
Critical infrastructure and Industrial Cyber Security evolve as we move into the Internet of Things Reviewed by James Piedra on 3:10 PM Rating: 5

No comments:

All Rights Reserved by Lanner - Next-Generation Networks and Cyber Security © 2014 - 2015

Contact Form


Email *

Message *

Theme images by sebastian-julian. Powered by Blogger.