Industrial Cybersecurity

Approaching Industrial Cybersecurity

Belden

If you're not familiar with Tripwire, the company provides advanced threat, security and compliance solutions for over 9,000 organizations, including nine of the top 10 utilities in the United States. Tripwire was acquired by Belden and is an important part of our industrial network security solutions.


In a recent Design Seminar Tripwire experts spoke to the nature of cybersecurity incidents occurring in industrial networks today. They covered a simple 1-2-3 approach to securing industrial networks which we share in this blog post.


Most Industrial Cyber Incidents are Unintentional 

The vast majority of cyber incidents on industrial networks are unintentional, resulting from:

  • Human error (e.g., device configuration errors)
  • Software or device flaws, such as legacy equipment failures when overloaded with multicast traffic
  • Accidental introduction of malware (e.g., via a USB stick or a vendor laptop)

An example of this type of incident was the manual shutdown of the Browns Ferry Nuclear Power Plant in 2006. Redundant drives controlling the recirculating water system failed due to 'excessive traffic' on the control network. Network traffic between two different vendors’ control products was the likely cause. The facility remained offline for two days, and $600,000 was lost.

 

While only ~20% of incidents are intentional, those from external hackers have become increasingly sophisticated. ICS-CERT estimates 55% of such ICS attacks come from Advanced Persistent Threats (APTs). APTs are carefully crafted attacks against a focused target designed to be effective over an extended time frame. Classic examples on industrial systems are Stuxnet, Flame and the Dragonfly malware campaign.

 

Belden’s 1-2-3 Approach to Industrial Cybersecurity

In order to protect availability, Belden has developed a 1-2-3 approach to industrial cybersecurity:   

  1. Industrial Network
    • Segmentation
    • Zoning
    • Monitoring
    • Secure wireless access

  2. Industrial PCs
    • Inventory connected assets
    • Identify unauthorized & malicious change
    • Identify vulnerable & exploitable systems
    • Ensure proper configurations

  3. Industrial Controls
    • Detect and respond to attacks
    • Identify unauthorized & malicious change
    • Identify vulnerable & exploitable controls

The Belden and Tripwire solutions portfolios are designed to work together delivering a 'Belden Safe Network Architecture'. The following is a high-level overview of our Industrial Networking & Cybersecurity solutions across three levels of protection:


Industrial Cyber Protection Channels

 

Industrial Networks   

 Industrial PCs    

 Industrial Controls   

Tofino L2 Firewalls for network segmentation & zoning including Deep Packet Inspection of industrial protocols

Industrial HiVision for asset inventory

Tripwire log center for detecting attacks & unauthorized changes

 Hirschmann L3 EAGLE Firewalls for multipurpose protection of data availability

Tripwire Security, Configuration & Compliance Manager

Tripwire Vulnerability Management to identify exploitable controls

GarrettCom & Hirschmann routers for physical & VLAN network segmentation

Tripwire Log Center for insights on suspicious events

 

Industrial HiVision for network monitoring, accurate config & security lock down of devices

Tripwire Vulnerability Management to identify exploitable controls

 

Hirschmann OpenBAT products for secure wireless

 

 

Hirschmann Switches for device-level security & zero failover redundancy

 

 

 

All together Belden and Tripwire’s solutions are being engineered to work together to deliver the “Belden Safe Network Architecture.”