The Great Wall of China at one time was over 6000 miles long. Designed to protect China against outside invaders, it presented a formidable foe to any would-be attackers. However, the wall was breached three times during its 2000 year history -- and the invaders never had to scale its average 25 feet high walls. They simply bribed a gatekeeper and went through.
Do you realize that despite impressive firewalls, one of the greatest threats to the productivity of many plants today is cyber-attack to both the business network and the control network? Even more surprising is the fact that many of these attacks could come from internal sources, not just the external source which is often expected.
The vulnerability of industrial control systems to cyber-attack has become a critical issue at federal, industrial and corporate levels. The exponential growth in malicious attacks and the significantly increased threat of cyber-terrorism means that organizations must find effective means of protecting these systems.
Frequently Asked Questions:
QUESTION: Everyone knows that cyber-attack is occurring at the business level – however, I’m not convinced that cyber-attack is really happening at the control system level. Do you have any true, documented stories that could prove to me that I need to take this seriously at my plant?
QUESTION: OK, after reading those true stories I’m more convinced that this kind of stuff is really happening. But how does this affect me personally? Isn’t this sort of thing that the existing network firewalls and virus checkers would hopefully prevent? Besides, the control system network isn’t even connected to the external world – wouldn’t the business-level network have a problem long before it could reach the control system network?
QUESTION: Alright, you’ve got my attention here. I’m starting to grasp that cyber-security is a problem that I need to pay attention to, and an existing firewall solution within my plant may not be adequate for protecting the plant control system from external attack, and almost definitely not from internal attack. What’s so special about the Byres Security solution that makes it able to solve these problems?
QUESTION: Let’s face it – even if this product would protect us against some of the cyber-security problems mentioned, budgets are always tight, and certainly we don’t have anything in the budget currently for this kind of solution. Is there any other argument that would help convince my management that the Byres Security solution would be beneficial to our plant?
QUESTION: Looks interesting. So let’s assume that I might have some vulnerabilities at my site, and want to determine whether your Tofino Solution might help me. What do I do now?
----------------------------------------------------------------------------------------------------
QUESTION: Everyone knows that cyber-attack is occurring at the IT level in businesses – however, I’m not convinced that cyber-attack is really happening at the control system level. Do you have any true stories that could prove to me that I need to take this seriously at my plant?
ANSWER: We sure do. However, understand that for every “war story” that you read here, there are probably many dozens that go completely unreported because companies want to keep incidents like this as hush-hush as possible, for obvious reasons. In fact, you probably even know of some at your own plant that went unreported. However, sometimes these things get big enough that they get out to the media. Click the links below for some real-life stories of cyber-security news, and check out the “Can’t Happen At Your Site?” article.
1. Al-Qaeda training for cyber-attack
(http://www.washingtonpost.com/ac2/wp-dyn/A50765-2002Jun26)
2. Continual cyber-attacks on Maryland power plants
(http://www.washingtonpost.com/wp-dyn/articles/A25738-2005Mar10.html)
3. Court Case of Disgrunted Engineer who dumped at least 250,000 gallons of raw sewage onto public areas and the grounds of a Hyatt hotel in Australia
Link: (http://www.austlii.edu.au/au/cases/qld/QCA/2002/164.html)
4. Slammer worm takes down safety monitoring system at Ohio nuclear plant
Link: (http://www.securityfocus.com/news/6767)
5. Fact or Fiction: Teenager hacks into Roosevelt Dam controls?
Link: (http://www.crime-research.org/library/Robert1.htm)
Download: Can’t Happen At Your Site?
----------------------------------------------------------------------------------------------------
QUESTION: OK, after reading those true stories I’m more convinced that I need to take this thing seriously. But how does this affect me personally? Isn’t this the job of the IT people in my plant to take care of? They already use firewalls and virus checkers and things like that. Besides, my control system network isn’t even connected to the external world – there’s a whole other network separating the control system network from the business-level network.
ANSWER: You’d be surprised how often we hear that exact question above. Since most control system engineers let their IT group handle that side of things, they simply don’t know enough to know whether they really are vulnerable or not. And most of the firewalls offer no protection against internal security breaches, which make up an estimated 70% of cyber-security occurrences.
The picture below shows the typical network topology of plants today, as well as all of the various security breaches (in red) that might occur in a typical plant.
Typical Plant Network: Possible cyber-attack problems shown in red text
Some of the Adobe Acrobat .pdf files below offer great education for both the IT department and the control system engineers as far as what is safe and what isn’t as far as cyber-security protection for control and SCADA system networks.
Download: ISA SP99 Cyber-Security Standard article
Download: Myths and Facts behind Control Systems Cyber-Security
Download: Design Secure Networks for Industrial Control article
Download: Good Practice Guide for Firewall Deployment for SCADA and Process Control Networks article
Download: Plan for Network Security article
Download: Securing Your Process Control article
Download: Five Tests for Your System article
----------------------------------------------------------------------------------------------------
QUESTION: Alright, you’ve got my attention here. I’m starting to grasp that cyber-security is a problem that I need to pay attention to, and the IT solution within my plant may not be adequate for protecting my control system from external attack, and almost definitely not from internal attack. What’s so special about the Byres Security solution that makes it able to solve these problems?
ANSWER: Without fail, this is the question that every single user ultimately asks us – why take a look at the Byres Security solution when you already have protections put in place by the IT department? Here are four high-level reasons for you to seriously consider:
- Control System Cyber-DNA : Because of the unpredictability and variability that the typical IT person must deal with, security in the typical IT world is defined by what is deemed to be “bad”, and these things are changing all the time. Most IT firewalls operate from a rule-exclusion topology – specific rules are put in place that define what can’t happen. Even if you are overly aggressive with a typical IT firewall, there still are a variety of points of attack that could occur internally, where 60-70% of cyber-security problems occur. Since the IT world has no real “normal”, the typical solutions used there don’t quite fit in the control world, where things are relatively static and highly predictable. Rather than defining the rules by what things are “bad”, the Byres Security system was designed with a control system in mind – you define what is “good”, and all else is an anomaly that is “bad”. The Byres Security solution also utilizes a firewall solution, but also utilizes smart software that was designed to “learn” what normal control system operation (its “DNA”) looks like as far as bandwidth usage, CPU time, and files accessed/changed. If anything at all differs from what is determined to be the normal “control system DNA”, it immediately gets alarmed and prevented.
- Legacy Computer Problems : In a typical control system you can quickly find yourself with legacy computers or operating systems. You want to put cyber-protection on the computer, but the CPU may be too slow, or perhaps the operating system cannot support the latest version of Norton or McAfee software. In addition, you often find that identified security patches or updated service packs for the operating system may not be compatible with the control system software, or may not be allowed because the system is validated. The Byres Security system protects against all of the identified security problems, so you can rest easy that you don’t need to update the operating system to have full security protection.
- Bandwidth/CPU Constraints : Many of the solutions that the IT department put in place in plant networks and computers can eat up a significant level of bandwidth and CPU time. In a control system, operators simply cannot risk having to wait for a virus-checker to do its job before they can toggle a steam valve, or divert dangerous chemicals from one tank to another, or a variety of other potentially emergency actions needed in dangerous situations. The Byres Security solution was designed with control systems in mind, such that it never utilizes more than 3% of the CPU or bandwidth. This ensures that mission critical operations are always readily available.
- All-in-one Protection : Most common security firewalls provide one or two types of protection against external influences, and often no protection against internal problems. Internal problems might include a contractor plugging his laptop into the system and unintentionally (or intentionally, in some cases) downloading a virus or malicious file. The Byres Security solution supplies multiple levels of protection for a unified threat management solution.
- Perimeter Protection via hardware firewall for Ethernet ports to control who has access to what
- Virtu al Private Network (VPN) Protection to allow protected remote access to the control system via encryption tunneling
- Network Intrusion Detection/Prevention to ensure all traffic content is examined for malicious code such as Trojans or worms
- Virus Protection for detecting viruses embedded in traffic
- Anom al y Detection for learning what the custom “DNA” of the control system and detecting anything that is different from normal, such as the installation of unauthorized software like time bombs or personal-use software
- Performance Monitoring for checking critical HMIs and clients for key performance indicators to prevent system crashes and slowdown
- Network Monitoring for preventing the usage of unauthorized devices on the network or unauthorized traffic such illegal file-copying
----------------------------------------------------------------------------------------------------
QUESTION: Let’s face it – even if this product would protect us against some of the cyber-security problems mentioned, budgets are always tight, and certainly we don’t have anything in the budget currently for this kind of solution. Is there any other argument that would help convince my management that the Byres Security solution would be beneficial to our plant?
ANSWER: Absolutely. A cyber-attack on a control system could affect reliability, availability, or performance of the various pieces. The Byres Security system is designed to observe any potential changes that could occur in one of those things, as well as providing a change management log for troubleshooting purposes. For instance, on the links below will find some very memorable control system failures that could have potentially been avoided had a Byres Security system been present to detect an anomaly that affected the reliability of the systems.
1. Northeastern United States’ August 2003 blackout partially caused by unresponsive SCADA system, resulting in operators not being alerted that a problem had occurred
Specific SCADA writeup: ( http://www.securityfocus.com/news/8016 )
Full NERC Report (see page 32 for SCADA info) ( ftp://www.nerc.com/pub/sys/all_updl/docs/blackout/NERC_Final_Blackout_Report_07_13_04.pdf )
2. Olympic gasoline pipeline ruptures in state of Washington due to unresponsive SCADA system, resulting in multiple deaths, $45 million in property damage, a $36 million fine, and the pipeline managers going to jail
Full writeup ( http://www.ntsb.gov/publictn/2002/PAR0202.pdf)
Sentences and fines ( http://www.usdoj.gov/usao/waw/press_room/2003/jun/olympic.htm )
----------------------------------------------------------------------------------------------------
QUESTION: Looks interesting. So let’s assume that I might have some vulnerabilities at my site, and want to determine whether your Tofino Solution might help me. What do I do now?
ANSWER: Contact us at Neal Systems, your local Byres Security solution provider, to set up an evaluation or get answers to any more questions you might have. Byres Security security consultants have a background in IT, control systems, and security. An evaluation from a Byres Security security consultant could help to alert you to vulnerabilities that might already exist, like open ports, physical contractor access, virtual private networks, unauthorized modem availability, network setup/topology problems, as well as potential issues with remote access, wireless access, or unauthorized software loaded on network computers.
