Sushila Nair, Product Manager, Managed Security Solutions Group, BT Global Services
A company’s most important assets are its network, applications, customer data, and reputation. These important assets are all, predictably, prime targets of attack from viruses, Trojans, and other intrusions sent by amateur hackers and, with increasing frequency, organized criminals.
Firewalls, IDSs, IPSs, and anti-virus software can go a long way to protect against such attacks, but this type of protection alone can never be enough. The only way to ensure effective defense is through vigilance: fast, accurate detection and response to stop the attacks that get past perimeters. Vigilance is a company’s most important and first line of defense. The only way to be truly vigilant against attacks is through real-time monitoring.
Organizations that use Industrial Control Systems (ICS) like SCADA (Supervisory Control and Data Acquisition), EMS (Energy Management Systems), DMS (Distributed Management Systems), DCS (Distributed Control Systems) and other control systems face some particular challenges. For this article, the term “SCADA” will be used to describe all industrial control systems used in a variety of industries. For example, utility companies use industrial control, or SCADA systems, to help manage electrical grids and power generation, manufacturers use them to manage factory floor equipment.
Traditionally, SCADA systems have run on radio and serial network connections. Now, however, many organizations are running them over IP networks to boost performance and save money. SCADA systems running on IP networks have the following issues:
- SCADA systems can be extremely sensitive to routine vulnerability scanning
- Patches will often break the SCADA application and therefore cannot be applied
- Vendors of the SCADA system often do not verify the latest security patches
- Standard IDS does not look for SCADA specific attacks
- SCADA engineers often do not have experience with IP security issues
In addition, because cybersecurity is not a core competency of control system vendors, the task of securing industrial control and SCADA networks is generally left up to the end-user. The gap between IT departments and the individuals in charge of the SCADA networks is both political and technical. Organizations that are part of the critical infrastructure, such as energy, have been forced by regulations to take appropriate security measures. The magnitude of the impact that an interruption can have on key services, such as flight control or regional power grid, is far greater than the potential impact to a downed office network. Industrial control systems have unique requirements and therefore need Network and Host IDS with custom signatures created to detect exploits in these networks.
Industrial control networks have largely been protected through their inaccessibility and the fact that, until recently, most were not IP enabled. The dynamics of industrial control systems are changing, especially in manufacturing where government regulations have not required the installation of suitable security control mechanisms, which has resulted in a noticeable increase in the presence of malware. Most well known IDS/IPS vendors have been responsive – they’ve have used digital bond signatures and have made SCADA-aware signatures available for their platform.
However, the lack of a central monitoring framework means attacks are not easily detected. Even the fixes available to organizations with large-scale SCADA systems are less than ideal, with most solving their ICS monitoring requirement in isolation, rather than as part of system-wide perspective on security. This results in a fragmented view of their organizational risk. The footprints of the attacker are undoubtedly scattered within both the corporate and industrial control systems and, without a holistic picture, it is easier for the attacker to escape undetected.
The solution lies in a holistic approach to monitoring, combining corporate monitoring data with industrial control system log data to enable a comprehensive picture of an attack to be painted. To learn more about BT MSSG’s SCADA Solutions, powered by BT Counterpane, click here.
