Standing Up to Cyber Threats

The National Cybersecurity Center of Excellence

Part of the National Institute of Standards and Technology (NIST), The National Cybersecurity Center of Excellence is an agency of the United States Department of Commerce which sits in a low-key building in the quiet town of Rockville, Maryland. The work that has been going on there since the NCCoE opened its doors in 2012 will have a major impact on businesses and organizations throughout the United States – and likely around the world.

So what are they up to exactly? Here’s how they explain it:

“(The NCCoE) is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. This public-private partnership enables the creation of practical cybersecurity solutions for specific industries, as well as for broad, cross-sector technology challenges. Through an association under Cooperative Research and Development Agreements (CRADAs), including technology partners – from Fortune 50 market leaders to smaller companies specializing in IT security – the NCCoE applies standards and best practices to develop modular, easily adaptable example cybersecurity solutions using commercially available technology.”

Tripwire is proud to be one of those private sector technology partners, selected by competitive Request for Proposal (RFP). We’re currently involved in our second project. Both efforts involved developing cutting-edge cybersecurity practices to address specific real-world issues and sharing them, at no charge, with the industry.

Energy Sector Asset Management – Protecting our Vital Infrastructure

There’s little doubt that energy facilities are and will continue to be prime targets for cybersecurity threats. Disruptions to the electric grid or oil and gas installations, as well as damage to infrastructure, can wreak havoc on productivity and have a severe negative impact on public safety. Risks can range from interruption in the delivery of critical services to potential loss of lives and property. In order to properly guard against such attacks, energy companies must be able to keep track of activity relating to all of their network assets – a big challenge due to the quantity of assets and geographic locations throughout the organizations.

With this vital challenge in mind, Tripwire, along with six technology partners and the University of Maryland, embarked on a project called Energy Sector Asset Management (ESAM). The goal is to create a best-practice plan for managing, monitoring and baselining OT assets and identifying threats to them, and to make that plan available to all interested utilities.

5 Asset Management Solution Aspects

Overall, ESAM is addressing the following aspects of a comprehensive asset management solution:

1. Asset Discovery: Establish a full baseline of physical and logical locations of assets
   
   
2. Asset Identification: Capture asset attributes, such as manufacturer, model, operating system, Internet protocol (IP) addresses, media access control addresses, protocols, patch-level information and ransomware versions
   
   
3. Asset Visibility: Continuously identify newly connected or disconnected devices and IP (routable and non-routable) and serial connections to other devices
   
   
4. Asset Disposition: The level of criticality (high, medium, or low) of a particular asset, its relation to other assets within the OT network and its communication (including serial) with other devices
   
   
5. Alerting Capabilities: Detecting a deviation from the expected operation of assets

To generate this information, Tripwire has contributed a list of solutions, all of them geared toward the OT environment, which is far more sensitive to probing than the IT environment. They include:

• Tripwire Enterprise: A security configuration manager that provides security monitoring, real-time change intelligence and threat detection
  
  
• Tripwire Data Collector: Software that provides an innovative approach for industrial organizations to assess the configurations, security and status (including firmware, hardware revision, software versions, patch levels and more) in their environments
  
  
• Tripwire Industrial Visibility: Uses deep packet inspection, change management, event logging and threat detection to protect against unwanted changes

Of note, Tripwire Industrial Visibility, a newer product, was not available when ESAM first began in mid-2018 – but, seeing how valuable it would be to the outcomes, we immediately sought to contribute it to the project.

The products are installed at a lab facility run by NCCoE, another run by partner TDI in Texas, and a 20-MW generating plant at the University of Maryland campus. Data from all locations is being fed into a Splunk database (Splunk is a fellow ESAM partner).

Taken as a whole, the products are providing continuous OT asset management and monitoring to deliver faster security alerts and automated cybersecurity event capabilities. The learnings from this initiative have supported the development of a best practices plan for maintaining assets inside an energy facility infrastructure. The first draft of the plan is out and available for you perusal. Check out the latest here. While you’re there, click around the site. There is valuable information of all kinds.

Standing up to Ransomware

A couple of years before ESAM began, Tripwire was involved in an earlier project with the NCCoE and a handful of other industry partners. These efforts were all focused on giving organizations of all kinds a best practices method for detecting and dealing with data integrity breaches, including ransomware, data destruction and unauthorized data manipulation, and then ensuring that the recovered data – emails, employee records, financial records, customer data – was accurate, complete and free of malware.

Ransomware, a cyberattack by which vital organizational data is encrypted and payment for the decryption keys is demanded, is an especially heinous data integrity event that is costing organizations worldwide billions in lost productivity and remediation costs. The projects have delivered a number of valuable work products, including a practice guide with example scenarios and solutions. Download it and find out more here.

We look forward to future efforts with this important public sector agency, as well as with our private sector cybersecurity colleagues, as we work together to help make all of us a little safer from the escalating dangers of navigating cyberspace – especially as we all become more and more dependent on the enormous benefits of data sharing in all areas of life. If you are part of an organization that has something to contribute, we invite you to join us. Visit the NCCoE webpage to find out more. Also feel free to start a dialog with me or any of my Tripwire or Belden colleagues. We’d love to hear from you.