This page contains a Flash digital edition of a book.
INDUSTRIAL CYBER SECURITY


best-of-breed approach, whereby individual products are used for specific tasks, such as


encryption, anti-virus or data protection. Palo Alto Networks believes it is better to take amore cohesive approach to industrial systems rather than using best-of-breed software or focusing on individual technologies such as sensors ormachine tool software. “A best-of-breed or point solution approach


demands toomuch expertise and toomany disparate devices need to bemaintained and updated. This creates complexity and this is the enemy of security,”Miller explains. According toMiller, a four-stage approach is


needed to cut through the complexity and simplify the route to a secure network:  Stage one: Visibility. This extends the notion of device discovery and knowing what’s connected to the network to include insight into operating systems, applications and network protocols.  Stage two: Reducing the attack surface. This is the core expertise of the subsumed Lightcyber company, which developed considerable expertise in behavioural analysis. Combining such analysis with role-based access control formachines as well as people andmatching protocols such asModbus or FTP to devices and functions enables deep and accurate analysis of transactions that are abnormal. In this case, you’d expect a connected sensor to


transmit very small packets of information using a specific protocol to amonitoring server. Packet size, protocol, direction of transmission and destination anomalies are easily and accurately spotted.  Stages three and four: These concern the prevention of known attacks through the recognition ofmalicious code and the detection of unknown malware using dynamic detection technology and the technique of “sandboxing” – code experimentation usually performed in network firewall appliances.


EMBEDDED SOFTWARE DEVICES Jeff Luszcz, vice-president of productmanagement at Flexera, explains the problemof vulnerabilities on devices such as surveillance cameras that are connected across networks but rely on open source operating systems and software. According to Luszcz, such cameras typically have


full-time high-speed network connections, run embedded Linux and lackmonitoring systems that might alert a user to a hack. Additionally,many of these systems are designed for limited roll-out, or come froma company who has paid limited attention to hardening or security. This combination of powerful networked systems, with easy ability to be breached, allows for botnets to thrive. “The typical embedded Linux systemuses dozens


to hundreds of open source packages.While these components are typically high quality, all software contains defects and over time vulnerabilities in these components are discovered and eventually taken advantage of,” explains Luszcz. Many of these devices are not designed to be auto-updated, and depend on software from


50 /// Environmental Engineering /// October 2017


commercial and open source organisations that have vulnerabilities discovered every few weeks to every fewmonths.


SOFTWARE BILL OF MATERIALS It is becoming best practice to pay attention to a device’s software bill ofmaterials, with special attention to components with known vulnerabilities, as seen in places such as the National Vulnerability Database. By keeping track of the list of components used in the operating system, as well as the application itself, a company can stay ahead of malware authors – especially if they have a rigorous patching systemin place. “The irony is, sometimes that systems update can


be used bymalware authors to spread their malware,” says Luszcz. “This occurs when secrets, such as hard-coded passwords, are shared across multiple devices or device families.”Many current malware systems use this trivial vulnerability to spread themselves, yet as this vector gets locked down,many aremoving to taking advantage of common vulnerabilities.


SOFTWARE COMPOSITION ANALYSIS Today’s IIoT systems designers benefit froma range of products and services – known as software composition analysis (SCA) – that help themkeep track of their use of open source and commercial blocks of code or software by alerting themto new vulnerabilities as they are discovered. This allows the designers to create products that are free from known vulnerabilities when first shipped, and to stay on top of components as they age in the field. Such software contains scanning and workflow


features designed to help technology companies discover,manage, upgrade and comply with their use of open source components. By scanning and comparing the files used on the devices to a database of billions of known open source files, the systemis able to discover usage of third-party components for the purposes of vulnerabilitymanagement as well as open source licence compliance. EE


 Security cameras running on embedded Linux systems send large volumes of information across the network


 To readmore online about industrial internet security, scan the QR code or visit https://goo.gl/kmmM2F


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60