While IT and controls engineering traditionally have been two widely separate disciplines, the adoption of Ethernet for industrial networking has increasingly brought the two worlds together.
Then along comes the Industrial Internet of Things (IoT), with more and more connected devices. Now the need to marry engineering expertise with IT smarts is vital for keeping production networks humming.
A third dimension that calls out for a multi-disciplinary approach is the area of cyber security. Cyber security attacks on the critical infrastructure industries have been rapidly growing in number and sophistication since Stuxnet. In addition, there is heightened concern about it at the executive level.
As result of these trends, our organization is prioritizing investment in cyber security technology and know-how. When it comes to Industrial Control System (ICS) security, we want to provide solutions that meet the requirements of both IT and engineering professionals.
A reflection of this is our recent acquisition of Tripwire. Today, I am going to introduce you to this innovative organization and their role in helping you, our industrial customers and partners, see the big picture of ICS security.
Belden’s acquisition of Tripwire provides you with a bigger picture of ICS securityand a broader range of cyber security solutions.
Tripwire and ICS Security
Tripwire is an innovative company that provides advanced threat, security and compliance solutions for more than 9,000 organizations, particularly those in the Fortune 500 and in government. With many customers in hyper-security-conscious industries, their people and products are accustomed to the high-volume and fast-paced world of today’s advanced cyber threats.
Tripwire also has installations in the energy and utility industries, including nine of the top 10 utilities in the U.S. Their team is knowledgeable about the unique networking and security concerns of process control operators and manufacturers. In fact, last fall before the acquisition, our two companies announced a joint initiative to improve critical infrastructure cyber security in manufacturing organizations.
A leader in providing up-to-the-minute news and analysis of current cyber security threats and topics, Tripwire’s blog, website and social media accounts provide valuable information. They will help you stay current and can enrich the dialogue you have with colleagues and management.
Let’s get a first-hand look at Tripwire’s expertise with some highlights of their comments on industrial cyber security matters.
Industrial Network Attacks Result in Physical Damage
Recently Tripwire presented a handy summary of attacks on industrial systems that caused physical damage.
One such attack infiltrated the ICS at an unnamed German steel mill causing ‘massive’ damage and making it impossible to shut down a blast furnace. A German government report indicated it appeared that “the hackers obtained access via a spearphishing attack” before quickly moving across a “multitude” of sensitive corporate networks. Who the hackers were, how long they were in the system, whether they intended to destroy the furnace, and what, if any, other equipment was accessed, remains unclear.
Another example is the recent disclosure of a 2008 targeted attack on the majority BP-owned Baku-Tbilisi-Ceyhan pipeline in Turkey that caused an explosion with flames as high as 46 meters (150 feet). At the time, Baku-Tbilisi-Ceyhan was thought to be one of the most secure pipelines in the world. Still, attackers infiltrated the pipeline through a wireless network, tampered with the systems and caused severe physical damage. (This one was news to me. Until this incident was revealed Stuxnet was thought to be the first malware that specifically targeted an ICS.)
“The risk to physical systems is growing due to the combination of two factors,” said David Meltzer, chief research officer at Tripwire. “First, there is an explosion in the Industrial IoT; everything is being connected to IP networks, and traditional ICS – comprised of things like distributed control systems (DCS), programmable logic controllers (PLC), and sensors – are all joining the same types of networks that we all use every day to connect to the Internet.”
“Second, hackers are becoming much more intelligent and sophisticated about how to attack industrial control systems. Now, hackers have set new targets and devices from automation vendors are being studied to find holes.”
In the U.S. alone, there are millions of miles of pipelines that distribute everything from oil to hazardous liquids, natural gas and chemicals. They are unquestionably vulnerable to cyberattacks that can inflict the same kind of serious physical damage as physical attacks.
Recently, it was revealed that this fire at the Baku-Tbilisi-Ceyhan pipeline in 2008was caused by an intruder gaining access to the control network and tampering with it.Photo Anatolian-Muhammet Ispirli/Corbis
It’s not possible to completely prevent all attacks. But you can quickly detect attacks, isolate them and control them so they don’t impact other areas of the substation network.
Since electrical substations evolve over time, it is necessary to conduct maintenance tasks in order to protect the network. These include changing device passwords on a regular basis, implementing upgrades to fix bugs and maintaining regular antivirus software updates.
Asset Discovery is Key to IoT Security
In March 2015, Dwayne Melancon, CTO for Tripwire, alongside with security experts from ExxonMobil, SS8 and Cisco, participated on the panel “What’s Next: Protecting our Critical Energy Infrastructure from Cyber Threats.” They discussed how critical infrastructure executives are complacent about IoT security.
This is especially alarming since a study found that 24 percent of critical infrastructure employees have already connected an IoT device to their employers’ networks. In addition, many organizations do not have a clear picture of how many devices they have and what software or firmware they are running. On average, companies have 20 percent more devices than they thought they had once their networks are thoroughly scanned.
The challenge of asset enumeration may be even harder with industrial networks than it is in enterprise networks. Besides new devices being added as part of the IoT trend, many machines that do not look like white box PCs control factory automation and process control operations. Many of them run a lightweight version of Windows XP called “Windows XP Embedded.”
While presenting the same security risk as desktop or laptop computers, devices with embedded computer operating systems can be harder to identify. For example, a large manufacturer of pharmaceuticals that Belden recently worked with was actively seeking to identify Windows XP-based assets - and was surprised to keep uncovering them in groups of hundreds.
New Resources for Improving Your Cyber Security Expertise
I see a number of ways that our new corporate sibling can help controls engineers, network designers and manufacturing IT teams:
- Up-to-the-Minute Cyber Security News and Commentary
The Tripwire blog and its social media accounts stay up-to-date with current threats and topics. Check in with them regularly for your own cyber education.
- Bridging the Controls / IT Gap
Tripwire also offers a lot of resources that will help controls engineers and IT professionals understand each other’s challenges and approaches. Some of them are listed at the end of this article and I urge you to take advantage of them.
- Particular Expertise in the Electric Utility Industry
Tripwire has significant expertise in helping electric utilities and offers labor-saving products for NERC CIP compliance.
- Complementary Products and Services
While it is too early to announce integrated product and service roadmaps, stay-tuned. Our intention is to provide the comprehensive cyber security advice and solutions you need. The combination of Tripwire monitoring and detection products with Belden (Hirschmann and Tofino Security) prevention products already go a long way towards delivering Defense in Depth and they will go further in the future.
Have I piqued your interest in Tripwire? Let me know your comments and thoughts on this latest acquisition by Belden.
Note that Tripwire offers utility specific solutions for cyber threat detection
and for NERC CIP compliance.
- White Paper download page: Windows XP End of Service: Practical Options for Industrial Applications
- Blog: Windows XP End of Service – Industrial Firewalls are an Easy Fix
- Blog: IT and Controls - Working Together for Better Industrial Networking
- Blog: Essential Cyber Security Concepts for CEOs
- Automationworld.com: A Practical Approach to Benefit from the Industrial Internet of Things
- Tripwire blog home page: The State of Security
- Tripwire on Twitter: @TripwireInc
- Tripwire blog: Cyberterrorists Attack on Critical Infrastructure Could Be Imminent
- Tripwire press release: Study: Critical Infrastructure Executives Complacent About Internet of Things Security