One of the best parts of the Belden Industrial Ethernet Infrastructure Design Seminar was the lively presentation given by two of Belden and Tripwire’s top experts on industrial cybersecurity:
If you are not familiar with Tripwire, the company provides advanced threat, security and compliance solutions for more than 9,000 organizations, including nine of the top 10 utilities in the U.S. Tripwire was acquired by Belden earlier this year and is an important part of our increased focus on network security solutions.
In their Design Seminar presentation David and Jeff spoke about the nature of cybersecurity incidents occurring in industrial networks today. They went on to discuss a 1-2-3 approach to securing industrial networks. Find out about this approach and how Belden and Tripwire products contribute to it.
David Meltzer of Tripwire (on the left) and Jeff Caldwell of Belden (on the right) discuss ICS Security at the Belden Design Seminar.
The vast majority of cyber incidents on industrial networks are unintentional, resulting from:
An example of this type of incident was the manual shutdown of the Browns Ferry Nuclear Power Plant in 2006. Redundant drives controlling the recirculating water system failed due to “excessive traffic” on the control network. Network traffic between two different vendors’ control products was the likely cause. The facility remained offline for 2 days, and $600K of revenue was lost.While only about 20% of incidents are intentional, those from external hackers have become more and more sophisticated. ICS-CERT estimates that 55% of such ICS attacks come from Advanced Persistent Threats (APTs). APTs are carefully crafted attacks against a focused target that are designed to be effective over an extended period of time. Classic examples of such attacks on industrial systems are Stuxnet, Flame and the Dragonfly malware campaign.
In order to protect availability, Belden has developed a 1-2-3 approach to industrial cybersecurity:
At a high-level our portfolio of industrial networking solutions contributes to these three levels of protection as follows:
Where are you in implementing cybersecurity measures? What are your challenges? I look forward to hearing from you?