Cyber Security - Getting in Focus with Nozomi Networks

Cyber Security - Getting in Focus with Nozomi Networks

By Bill Lydon, Editor, Automation.com

In the race for industrial profits, it’s not uncommon for organizations to run legacy equipment as long as they can, and avoid costly replacements and rewirings. While this can be a viable strategy in many areas, when it comes to industrial control network cyber security, it can be a deadly vulnerability for today’s organizations. I discussed cyber security trends with Thomas Nuth, the Global Director for Product Marketing at Nozomi Networks.   Nozomi Networks, founded in 2013, currently has over 200 global installations in the range of industries including energy, oil & gas, manufacturing, chemicals, mining, and pharmaceuticals. 

In our conversation, Nuth described the present industrial network situation as one that has a great deal of legacy practices and equipment, including:

  • Isolation from enterprise & business information systems
  • Communicate using proprietary control protocols
  • Run on specialized hardware
  • Run on proprietary embedded operating systems
  • Connected by proprietary copper and twisted pair networks

Now organizations are converging industrial networks and enterprise business systems, which is changing the cybersecurity attack surface opening up greater vulnerabilities.  Typical new system configurations include the following characteristics:

  • Bridged into corporate networks
  • Riding on common internet protocols (IP)
  • Running on general purpose hardware with IT origins
  • Running mainstream IT operating systems (i.e. Windows)
  • Increasingly connected to wireless technologies including corporate WiFi

What was air gapped and proprietary in the past is now exposed to a significantly higher risk of cyber attack.

 

SCADA Vulnerabilities

Typical SCADA components are also vulnerable to cyber threats and require Domain-specific technologies and specialized knowledge of industrial control systems technology and communications.  These systems can fall to the side as they are outside of the scope and capabilities of Enterprise IT security technologies, but these systems vitally need protection too. 

Nuth emphasized there are plenty of opportunities for hackers to exploit loopholes throughout a facility.  Operational technology devices can provide these dangerous loopholes, including PLCs and RTUs, which are low-computational computers built for controlling physical components such as valves, pumps, motors, etc.  These devices include a number of cyber deficiencies, including lack of authentication, lack of encryption, built-in backdoors, and susceptibility to buffer overflows. These deficiencies make them juicy targets for tailored attacks on physical control components.  This trend has even been reflected in recently-documented cyber attacks, including:

  • 2010 – Stuxnet
  • 2015 - Massive damage by manipulating and disrupting control systems at German steel mill
  • 2016 - Cyberattack on Ukraine Power Grid investigators found indications of BlackEnergy malware
  • 2017 - Ukraine's capital Kiev power blackout caused by a cyber attack

 

The Nozomi Networks Solution

To help combat a subset of these cyber vulnerabilities, Nozomi Networks’ SCADAguardian and Central Management Console (CMC) are tools to be used to create a secure system.

SCADAguardian is an appliance (physical or virtual) that passively connects to the industrial network, non-intrusively monitoring all traffic, within the control of process networks, that is passively analyzed at all levels of the OSI stack (L1 to L7).  SCADAguardian uses Artificial Intelligence and Machine Learning techniques to create detailed behavior profiles for every device, according to the process state, to quickly detect critical state conditions.  Additionally, features such as network visualization, asset management, ICS anomaly intrusion, vulnerability assessment, as well as dashboards and reporting are provided

SCADAguardian can be tailored to requirements using and open API for integration between IT/OT applications.  Additional industrial networks can be supported using the companies SDK protocol.

Related Articles

MORE ARTICLES

VIEW ALL

RELATED