Maintaining Control in the Cyberwarfare Age
The demand for more automated control over our environment has created a boom in the industrial control market.
By John Suzuki
The demand for more automated control over our environment has created a boom in the industrial control market. With the consistent reduction in network infrastructure costs and the ability to tunnel industrial control protocols such as MODBUS over Internet Protocol (IP), the control industry has embraced the cyber age with open arms. With this growth, a dark side has started to emerge, namely cyberwarfare.
Previously unknown industrial control systems have become targets in the cyberwarfare age. Recent viral threats such as Stuxnet and Flame have demonstrated that the world has entered an era of cyberattacks that threaten to penetrate and sabotage critical control and monitoring systems, giving cyber attacks the power to create real-world impacts. For utilities, the threat has become so acute that analysts at Pike Research predict spending on cyber security for smart grids will top $14 billion by 2018.
Especially at risk are older control systems. These systems weren't designed to be networked together, accessible to the world with no cyber protections. Newer smart meters may have some built-in protection, but whether that protection is sufficient is another matter. Recent research presented at the 2012 B-Sides security conference in Las Vegas found that even smart meters that have implemented some level of cyber security are vulnerable to cyber attack.
As the industry knows, the root of the problem is in the dilemma faced by all security controls: how do you provide effective security without having a negative impact on operations? The control system can be lost because of a cyber attack, and the protection gained from security controls can reduce the efficiency of a networked control system. With the introduction of IP networks into industrial control systems, these systems have become even less secure. This may seem like a strong statement, but IP networks are purposely designed to allow anyone to communicate with anyone, using open-standard protocols. Now everyone with a computer can speak a similar language to your control system, and, using standard IP networking techniques, discover your facility's topology, what software you're running and what services are available. This information can't be locked away in a filing cabinet; it's freely available to anyone able to ask for it. This is why cyber security controls are important.
The most common defensive techniques used in the industrial control sector are also the simplest ones, such as air-gapping and encryption. But, these single-layer defenses are also the most brittle and can give a false sense of security. Stuxnet, for example, found its way onto Iran's air-gapped system. Even networks that use encryption can harbor back doors unknown to users and unprotected by that encryption, which can be exploited by skilled and determined attackers who systematically and relentlessly seek out a target's weak points.
The best deterrent is Defense-in-Depth (DID), a multilayered approach that requires a cyber attacker to overcome multiple, complementary levels of protection. In this scenario, a control system could be shielded by secure authentication, encrypted communications, firewalls with deep packet inspection, and physical security with automated intrusion detection.
A successful example of DID is EnergyGuard, a real-time energy management system from 3eTI, an Ultra Electronics company in Rockville, Md. EnergyGuard was developed in response to Department of Defense (DoD) requirements for a smart, wireless power management system that also incorporates military-grade cyber security sufficient to pass stringent validation and network assurance from authorities such as the US Navy. Recently, 3eTI was contracted by the Navy to implement an Enterprise Industrial Controls System (EICS), based on its EnergyGuard and VirtualGuard systems; VirtualGuard is a secure wireless intelligent video network system that enables critical infrastructure protection and connects remote sensors to security operations centers to facilitate alerts, response and analysis of security events. The EICS implementation integrated the Naval District Washington's (NDW's) legacy direct digital controls (DDCs) and supervisory control and data acquisition (SCADA) systems into a secure enterprise network. The Navy's goal was to comply with a government-wide requirement that federal agencies reduce energy consumption by 30 percent between 2003 and 2015, which required determining usage patterns of Navy buildings and bases, and then remotely controlling infrastructure equipment to minimize energy usage.
The solution had to meet an array of technical specifications, including validated effectiveness in supporting legacy controllers using standard protocols such as BACnet, as well as middleware-supported legacy protocols. It also had to integrate legacy systems with nearly obsolete programmable logic controllers (PLCs); offer recommendations for secure enterprise connectivity of the affected buildings; implement a US government computer security standard, Federal Information Processing Standard (FIPS) 140-2, and Institute of Electrical and Electronics Engineers (IEEE) 802.15.4 sensor network capability to provide a low-power wireless sensor interface for input control system (ICS) input/output devices; and integrate local command and control servers.
3eTI's EnergyGuard met the requirements out of the box and was fully integrated and easily deployed. It also included an intuitive graphical user interface (GUI) for monitoring, control, and data storage and retrieval. EnergyGuard scales to facilities of all sizes through a plug 'n play interface, supporting legacy and current industrial protocols, and allows technicians to meet current needs while planning for the long term.
EnergyGuard uses a five-level DID architecture that begins with device authentication. Software certificates are used to identify devices and are valid for specific connections. Should an attacker steal or copy the certificate, it could not be reused elsewhere because the person would need the physical 3eTI EtherGuard Encryptor module, which uses 3eTI's proprietary DarkNode technology that cannot be pinged, hacked or compromised to complete the authentication. The EtherGuard module also provides FIPS 140-2 Level 3 validated encryption, which prevents outside attackers from infringing on communications or hacking into the device. Should the attack come from inside the network, the EtherGuard module includes a firewall with deep packet inspection capabilities. This limits which devices can communicate and what they can say, preventing an attacker from commanding the device to perform abnormal operations. The controller within the EnergyGuard has an enhanced validated configuration that is protected against manipulation, preventing an attacker from changing its operation. Finally, EnergyGuard includes physical security controls to prevent access and alert in cases of approach and tampering.
Because cyberwarfare has become the newest weapon in conflict between nations, and because a country's critical and industrial infrastructure will be primary targets, it is appropriate that military-grade cyber security has become available for the commercial sector. While no solution is foolproof, products that have passed DoD requirements offer users more confidence in the security and reliability of their network defenses. It is vital to remember there is no one-size-fits-all solution. Every user has unique needs that must be determined by a risk management analysis that judges the fine line between security requirements and the need for operational utility efficiency. Systems such as EnergyGuard demonstrate it is possible to have secure devices without compromising efficiency.
About the author: John Suzuki has more than 20 years of telecom industry experience and has developed and executed sales and marketing strategies for technology-driven companies. Before joining the company, Suzuki was senior vice president of sales for EFJohnson Technologies, where he led that organization's public safety sales efforts in the federal, state and local government sectors. Suzuki also spent 15 years with Ericsson, where he had several sales and marketing management positions in the US and Canada. Suzuki has a bachelor's degree in science, electrical engineering from the University of Ottawa and a master's degree in business administration from Duke University.