search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
FEATURE SCADA & DATA ACQUISITION


POWER OF PERSISTENT SECURITY: protect your business from cyber attack


Tim Ricketts of M.A.C. Solutions provides useful tips for businesses looking to improve the security of their industrial control systems and protect themselves from cyber attack


I


t’s difficult to think of a phrase in the past year that brings more of a feeling of


dread to an organisation than ‘cyber- attack’. Add the word ‘advanced’ to this and it all seems much more of a hopeless task of trying to defend against it. However, these attacks have only


become more advanced in terms of the parties that have been conducting the attacks and the targets they are seeking to exploit or damage. Take, for example, the attack on the Ukraine Power Station in 2016 which left 230,000 people in the dark and without power for six hours. Officially, this was the first reported cyber-attack against a nation’s power infrastructure with the attack vector being the SCADA system. The attack has been an important lesson to those companies wishing to improve their cyber security systems and acts as a stark warning for those who do not. The following trends


have emerged: Use the data that is available to you well before the attack occurred. Spikes in network traffic would have been seen from the updates made to device firmware. This would have been an early warning indicator that something was wrong. The success of the attack pivoted


around this mistake. Consider your engineers access to the system eg are all of the entry points needed? If so, have they been secured with


the correct level of protection? Use up-to-date anti-virus definitions to


catch known malware. Learn about your usual alarm events and monitor for abnormal events within the


process and control system. The attacker will be persistent,


conducting reconnaissance for months. Taking an evolutionary approach to your network security ensures that you will be ahead of the attacker.


STAKES HAVE CHANGED


The stakes have changed but the defences have not; therein lies the problem. The typical industrial control network may appear to have the greatest of all protection – air gapping. This physical network separation is now the status quo across industry and rightly so. As the defence has changed now so


14 SPRING 2017 | IRISH MANUFACTURING


deemed to be secure. If your question as a business is still: what extra training do I need for my staff to combat this threat? then your security is already compromised but not for the reason you might think. The key trend across all attack vectors in


all industries is that people are the problem: password capture, insecure connections, phishing emails and the USB stick in the car park. These attacks play on one human instinct: curiosity. For this reason alone you cannot rely solely on the fact that your staff have been trained.


PERSISTENT SECURITY The methodology of persistent security is to assume the worst and therefore be at the forefront of the defensive evolution for your process and control system. It requires building an eco-system in


which you have full visibility of your weaknesses in order for you to stay ahead of the attacker. To do this you must firstly contain your


has the attack vector. Malware that is created to destroy a SCADA system, for example, will lay dormant until it finds its target, moving from phone to USB stick to laptop, using its host as a means of transport until it finally meets its end destination – your process and control equipment. The damage is done.


AIR GAPPED SYSTEM The dormant malware that evaded your corporate firewalls and personal device protection is now on an air gapped system, one that will likely have an out of date firewall due to the very reason it was


TOP 10 DISCOVERIES MADE WITHIN WEEKS OF USING PERSISTENT SECURITY


1. Clear text/weak passwords 2. Illegal remote connections to OT 3. Unexpected/unknown devices in the network 4. Misconfigured PLCs 5. Operational malfunctions 6. Generic and targeted malware 7. Manufacturer vulnerabilities 8. Multiple wireless access points 9. Direct Internet connections 10. Exploitable attack vectors


Quickly patching insecure access points and understanding your vulnerabilities may deter the opportunistic attacker


network, ensuring that access to critical systems is planned, logged and audited. The access that is granted must be controlled. End device protection technology such as Sheep Dip USB Device protection must be implemented so that end devices are protected from internal tampering or accidental exposure to malware; those devices that may have already been exposed to malware can be detected using the latest definitions without having to ever expose them to the Internet. Once you can be confident that your devices are secure, monitoring of your network is fundamental to understanding your weaknesses and offers the potential to expose existing breaches that may have occurred months previous. Quickly patching these insecure access


points and understanding your vulnerabilities may deter the opportunistic attacker. To do this effectively a product such as CyberX can be used to automatically gather usual network traffic, logs, control events and then use this as a basis for detecting anomalous activity.


M.A.C. Solutions T: 01527 529774 sales@mac-solutions.co.uk www.mac-solutions.net





Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36