Ultra Electronics adds DNP3 to CyberFence security software | Automation.com

Ultra Electronics adds DNP3 to CyberFence security software

August 072015
Ultra Electronics adds DNP3 to CyberFence security software

August 7, 2015 - Ultra Electronics 3eti announced DNP3 (distributed network protocol) support for its CyberFence product. The capability dynamically inspects and validates all DNP3 communications, adding previously unavailable security to counter vulnerable pathways in the SCADA systems used by most water and electric utilities.

Security investigators have discovered numerous vulnerabilities specific to DNP3, some with the potential to damage equipment and impede or halt operations. Organizations such as the DNP User’s Group and ICS-CERT have been aware of issues and complexities involved in implementing a fully-secure and robust DNP3 solution.

Industrial networks facilitate the free flow of messages that could allow poison packets to be sent with potentially disastrous effect. The use of DNP3 Secure Authentication doesn’t protect all payloads or those from a compromised device, making validated protocol-aware packet inspection essential. Unlike other security systems that perform incomplete or simplistic signature-based matching, CyberFence comprehensively parses the DNP3 protocol, including DNP3 Secure Authentication messages, to detect any malformed, unauthorized, or malicious messages.

The CyberFence solution includes end-to-end security through encryption adding confidentiality and authentication to every DNP3 packet that proactively protects devices against known and zero-day vulnerabilities. With CyberFence, DNP3 system owners and operators can mitigate cyber-attacks to critical control systems for continuously reliable communications. Certified by the National Information Assurance Partnership (NIAP) and National Institute of Standards and Technology (NIST), CyberFence offers embedded cyber-protection for vulnerable end-devices, and is widely used in defense industrial networks to efficiently protect machine-to-machine (M2M) communications.