I am always pleased to share operationally sound methods for deeply layering security, and I frequently demonstrate live hacks that illustrate how exploits can be countered undetectably to hackers once they’ve breached the firewall — as they inevitably will.
Recently I had the opportunity to team with an expert security researcher to investigate new capabilities that add security to widely used, and inherently vulnerable, protocols such as DNP3 in industrial control systems. Investigators have discovered numerous weaknesses associated with the protocol that is in wide use in the SCADA systems driving most industrial control system (ICS) networks. Some of these flaws can severely compromise equipment, and even halt operations. Organizations like the DNP User’s Group and ICS-CERT have been sounding the alarm about the protocol’s security problems, and how tricky they can be when implementing a DNP3 solution that is both secure and robust.
Industrial networks promote the free flow of messages that may also carry malware directly to a particular sensor. Knowing this, we developed a new method for picking up where DNP3 Secure Authentication ends in order to protect all payloads, as well as those from a compromised device. While most security systems do little more than signature-based matching, a validated, protocol-aware, packet inspection solution will parse the DNP3 protocol, including DNP3 Secure Authentication messages, to detect any malformed, unauthorized, or malicious messages.
In this way, you can up the ante on your proactive initiatives to mitigate the ICS’s most deeply embedded vulnerabilities — and do so without decreasing network productivity. The applications for DNP3 solutions stretch far and wide throughout the industrial control world. I am confident that this method will prevent many serious ICS issues. It also helps build stronger infrastructures that model the security standards that are effectively used by the U.S. Department of Defense.
Design a system that leaves no security stone unturned
When considering a security design for your plant or facility operations, make sure to factor in these aspects of the cybersecurity landscape:
- Traditional information assurance (IA) practices are left over from World War II days when the biggest threat was the enemy breaking encryption (the Enigma machine, for example). IA practice was all about secure implementations of encryption and key management – protecting your information from an external attacker.
- Cyber attacks are a fundamentally different problem because they occur from within a system. An attacker gets into your system and then looks to pillage as many other areas and devices as possible.
- Today, the danger lies with the interconnected devices inside the system that individually manage essential, discrete operations. These devices must be protected against both external AND internal attackers.
However, not everyone agrees on how to fix these problems. Enterprise ICS operators understand network vulnerabilities, but often balk at the perceived costs of the solutions. The COOs often focus on the potential for operational interruptions with more deeply embedded security, and the CSOs may question the risk-effectiveness of one approach over another, and may not agree with C-suite colleagues on optimal solutions.
Industry needs to continue to demonstrate how optimal and government-grade cybersecurity can be achieved to the satisfaction of control industry CSOs and COOs. Layering in security can mitigate protocol weaknesses affordably without impacting operational performance. I see exciting advancements ahead for stronger and safer critical systems, and look forward to sharing new strategies widely.