Approaching Industrial Cybersecurity
If you're not familiar with Tripwire, the company provides advanced threat, security and compliance solutions for over 9,000 organizations, including nine of the top 10 utilities in the United States. Tripwire was acquired by Belden and is an important part of our industrial network security solutions.
In a recent Design Seminar Tripwire experts spoke to the nature of cybersecurity incidents occurring in industrial networks today. They covered a simple 1-2-3 approach to securing industrial networks which we share in this blog post.
Most Industrial Cyber Incidents are Unintentional
The vast majority of cyber incidents on industrial networks are unintentional, resulting from:
- Human error (e.g., device configuration errors)
- Software or device flaws, such as legacy equipment failures when overloaded with multicast traffic
- Accidental introduction of malware (e.g., via a USB stick or a vendor laptop)
An example of this type of incident was the manual shutdown of the Browns Ferry Nuclear Power Plant in 2006. Redundant drives controlling the recirculating water system failed due to 'excessive traffic' on the control network. Network traffic between two different vendors’ control products was the likely cause. The facility remained offline for two days, and $600,000 was lost.
While only ~20% of incidents are intentional, those from external hackers have become increasingly sophisticated. ICS-CERT estimates 55% of such ICS attacks come from Advanced Persistent Threats (APTs). APTs are carefully crafted attacks against a focused target designed to be effective over an extended time frame. Classic examples on industrial systems are Stuxnet, Flame and the Dragonfly malware campaign.
Belden’s 1-2-3 Approach to Industrial Cybersecurity
In order to protect availability, Belden has developed a 1-2-3 approach to industrial cybersecurity:
- Industrial Network
- Segmentation
- Zoning
- Monitoring
- Secure wireless access
- Industrial PCs
- Inventory connected assets
- Identify unauthorized & malicious change
- Identify vulnerable & exploitable systems
- Ensure proper configurations
- Industrial Controls
- Detect and respond to attacks
- Identify unauthorized & malicious change
- Identify vulnerable & exploitable controls
The Belden and Tripwire solutions portfolios are designed to work together delivering a 'Belden Safe Network Architecture'. The following is a high-level overview of our Industrial Networking & Cybersecurity solutions across three levels of protection:
Industrial Cyber Protection Channels |
||
Industrial Networks |
Industrial PCs |
Industrial Controls |
Tofino L2 Firewalls for network segmentation & zoning including Deep Packet Inspection of industrial protocols |
Industrial HiVision for asset inventory |
Tripwire log center for detecting attacks & unauthorized changes |
Hirschmann L3 EAGLE Firewalls for multipurpose protection of data availability |
Tripwire Security, Configuration & Compliance Manager |
Tripwire Vulnerability Management to identify exploitable controls |
GarrettCom & Hirschmann routers for physical & VLAN network segmentation |
Tripwire Log Center for insights on suspicious events |
|
Industrial HiVision for network monitoring, accurate config & security lock down of devices |
Tripwire Vulnerability Management to identify exploitable controls |
|
Hirschmann OpenBAT products for secure wireless |
|
|
Hirschmann Switches for device-level security & zero failover redundancy |
|
|
All together Belden and Tripwire’s solutions are being engineered to work together to deliver the “Belden Safe Network Architecture.”