Sophisticated tools help protect legacy industrial systems

Technology can detect network anomalies in early stages of cyber attack

 
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Many crit­i­cal infra­struc­ture sys­tems, such as those that con­trol the elec­tric grid, oil and gas refiner­ies, and trans­porta­tion, are now get­ting linked to the inter­net. That makes them eas­i­er to man­age and main­tain, but also could put them in the line of fire for cyber attacks.
I recent­ly dis­cussed the issues involved in upgrad­ing and pro­tect­ing these crit­i­cal indus­tri­al con­trol sys­tems with Patrick McBride, chief mar­ket­ing offi­cer at Claroty, a start­up that intends to secure the oper­a­tional tech­nol­o­gy net­works that run com­pa­nies’ infra­struc­ture sys­tems. A few big take­aways from our con­ver­sa­tion:

Old sys­tems, new pro­tec­tions

When indus­tri­al sys­tems were built, some­times decades ago, no one con­sid­ered the need for dig­i­tal pro­tec­tions.
“The sys­tems were nev­er designed, espe­cial­ly 10, 15, 20 years ago, with cyber­se­cu­ri­ty in mind,” McBride told me. Their pri­ma­ry design goals were the safe­ty of the work­ers and the resilience of the sys­tems, he said. “Secu­ri­ty wasn’t even an after­thought. It wasn’t a thought.”

Relat­ed sto­ry: Threat of cyber attack on crit­i­cal infra­struc­ture is real, present dan­ger

Now, a new class of tools is com­ing online to help mon­i­tor these lega­cy sys­tems. Using behav­ior analy­sis and anom­aly detec­tion, they are designed to catch intrud­ers ear­ly in the attack life cycle. “Mon­i­tor­ing tech­nol­o­gy is going play a huge part in this envi­ron­ment,” McBride said.

Mish­mash of sys­tems leaves expo­sures

Big indus­tri­al plants are care­ful about what they put on their net­works, but some are putting wire­less and oth­er access points on sys­tems as time-sav­ing tech­niques to gath­er data more effi­cient­ly.

Patrick McBride, Claroty chief mar­ket­ing offi­cer

You’ve got a whole set of over­whelm­ing busi­ness val­ue from pulling data out of those plant sys­tems and being able to pro­vide that infor­ma­tion back to the exec­u­tive,” McBride said.

When orga­ni­za­tions began to rec­og­nize the need for cyber­se­cu­ri­ty, some tra­di­tion­al IT secu­ri­ty ven­dors repur­posed exist­ing tech­nol­o­gy, McBride said.That didn’t work par­tic­u­lar­ly well, because in the indus­tri­al con­trol sys­tems, the net­works speak to oth­er kinds of pro­to­cols.

For exam­ple, there are a lot of Win­dows XP machines in indus­tri­al envi­ron­ments that keep air con­di­tion­ing going, or run chem­i­cal man­u­fac­tur­ing plants and refiner­ies.

Poten­tial for esca­lat­ing indus­tri­al attacks

In Decem­ber 2016, attacks on the Ukrain­ian pow­er grid cut off a fifth of all elec­tri­cal pow­er in the cap­i­tal city of Kiev. The pur­pose­ful take­down was attrib­uted to Rus­sia. The trou­bling fall­out: threat researchers around the world have found indi­ca­tions of the type of mal­ware used in Ukraine on oth­er ener­gy and indus­tri­al com­pa­nies’ net­works, McBride said, show­ing that hack­ers are at least prob­ing for vul­ner­a­bil­i­ties.

But threats from nation-states are only one issue. “There are oth­er cat­e­gories that peo­ple are real­ly start­ing to wor­ry about. If you com­bined the ease at which it is to gain a foothold on these net­works and the rel­a­tive ease you can attack these sys­tems, it’s not hard,” McBride said. “You don’t have to squint too hard to say … ‘Ter­ror­ist orga­ni­za­tions might want to do this or buy exper­tise to help them do that.’”

For a deep­er dive, please lis­ten to the accom­pa­ny­ing pod­cast.

More sto­ries relat­ed to infra­struc­ture vul­ner­a­bil­i­ties:
Hacked sirens should serve as warn­ing that bet­ter infra­struc­ture secu­ri­ty is need­ed
Net­work out­ages point to crit­i­cal tech­ni­cal vul­ner­a­bil­i­ties
Secu­ri­ty of the Inter­net of Things takes on new urgency