One of the best parts of the Belden Industrial Ethernet Infrastructure Design Seminar was the lively presentation given by two of Belden and Tripwire’s top experts on industrial cybersecurity:

  • David Meltzer, Chief Research Officer of Tripwire
  • Jeff Caldwell, Chief Architect-Security at Belden

If you are not familiar with Tripwire, the company provides advanced threat, security and compliance solutions for more than 9,000 organizations, including nine of the top 10 utilities in the U.S. Tripwire was acquired by Belden earlier this year and is an important part of our increased focus on network security solutions.

In their Design Seminar presentation David and Jeff spoke about the nature of cybersecurity incidents occurring in industrial networks today. They went on to discuss a 1-2-3 approach to securing industrial networks. Find out about this approach and how Belden and Tripwire products contribute to it.

ICS-Security-Belden-TripwireDavid Meltzer of Tripwire (on the left) and Jeff Caldwell of Belden (on the right) discuss ICS Security at the Belden Design Seminar.

Most Industrial Cyber Incidents are Unintentional 

The vast majority of cyber incidents on industrial networks are unintentional, resulting from:

  • Human error, for example device configuration errors
  • Software or device flaws, such as legacy equipment that fails when overloaded with multicast traffic
  • The accidental introduction of malware, for example via a USB stick or a vendor laptop

An example of this type of incident was the manual shutdown of the Browns Ferry Nuclear Power Plant in 2006. Redundant drives controlling the recirculating water system failed due to “excessive traffic” on the control network. Network traffic between two different vendors’ control products was the likely cause. The facility remained offline for 2 days, and $600K of revenue was lost.

While only about 20% of incidents are intentional, those from external hackers have become more and more sophisticated. ICS-CERT estimates that 55% of such ICS attacks come from Advanced Persistent Threats (APTs). APTs are carefully crafted attacks against a focused target that are designed to be effective over an extended period of time. Classic examples of such attacks on industrial systems are Stuxnet, Flame and the Dragonfly malware campaign.


Belden’s 1-2-3 Approach to Industrial Cybersecurity

In order to protect availability, Belden has developed a 1-2-3 approach to industrial cybersecurity:    

  1. Industrial Network
    • Segmentation
    • Zoning
    • Monitoring
    • Secure wireless access
  2. Industrial PCs
    • Inventory connected assets
    • Identify unauthorized & malicious change
    • Identify vulnerable & exploitable systems
    • Ensure proper configurations
  3. Industrial Controls
    • Detect and respond to attacks
    • Identify unauthorized & malicious change
    • Identify vulnerable & exploitable controls

At a high-level our portfolio of industrial networking solutions contributes to these three levels of protection as follows:

Industrial-Cybersecurity-Protection-AreasAll together Belden and Tripwire’s solutions are being engineered to work together to deliver the “Belden Safe Network Architecture.”

Where are you in implementing cybersecurity measures? What are your challenges? I look forward to hearing from you?

Related Links

Blog: Industrial Cyber Security Experts At Your Service: A Conversation with Tripwire's Brian Jackson
Blog: Cyber Security Experts At Your Service: A Conversation with Tripwire’s Robert Landavazo
Blog: Cyber Security Experts At Your Service: A Conversation with Tripwire’s Randy Esser
Blog: IT/OT Convergence Means Greater Resources for Both
Blog: IT-OT Convergence and Conflict: Who Owns ICS Security?
Blog: The Human Attack Surface: The Weakest Link in Your ICS Security
Blog: ICS Security: Essential Firewall Concepts
Blog: Three Ways to Improve Your IP Network Security
Blog: SCADA Security: Securing DNP3 Communications with Defense in Depth

Webpage: Cyber Security Solutions by Belden
Webpage: Managed Industrial Ethernet Switches
Webpage: Tripwire Enterprise