Industrial Security. Especially the cyber kind. My inbox attracts several messages each day.
Last July I began to think that people were ignoring me. Few press releases, announcements, interviews. It was a quiet time.
I really don’t have any list of product announcements or new companies. But I thought that I’d pass along an awareness to pay attention to your cyber security risks, policies, mitigations, and counter measures.
Most of the announcements have come in the guise of “our CEO can address the new threats on industrial control systems”.
Remember when there were 3-4 places to go for industrial cyber security help?
Not so. These days there are many. The interesting ones to watch are several from Israel founded by former Israeli army intelligence officers.
There is a product and/or strategy to fit every conceivable type of threat. Part of your risk analysis needs to be a thorough evaluation of all the new ideas and companies.
Unfortunately, the number one risk continues to be people. Your people. Usually it’s carelessness. For example last winter I was in a conversation with two security product marketing managers for a large company. Each had just been slapped on the wrist (or something) for clicking on a link in a bogus email. It is just so easy.
Clicking links, opening files, not being careful with Flash, inserting USB drives, letting a contractor take a laptop home…
Most companies have policies on terminated employees–whether through downsizing or due to cause. You need to treat people with respect. Even someone terminated for cause doesn’t need a quite public “perp walk.”
However, you do need to make sure there is no network access after termination. IT must move in and change passwords immediately. Check out remote network access they might have.
I am no expert, but I have experience with employees and common sense. Be careful, take your time, think it through.
Protect those assets.
Cyber Security is always the “elephant in the room” at Industrial Internet of Things (IIoT) and Industrial Control Systems (ICS) conferences.
The latest edition of the ARC Industry Forum in Orlando featured many cyber security firms. Most were monitoring network traffic for anomalies. Some look at other aspects of the system. More firms are pivoting from other emphases into a cyber security firm.
Here are two news items attacking cyber security from totally different angles. One from the enterprise; the other from the lowest level user.
Manage Cyber Security Risks
Deloitte, the enterprise consulting company, announced plans to expand its cyber risk platform for end-to-end industrial control systems (ICS) and operational technologies (OT) security with next generation technology enabled by Dragos, a cybersecurity company focusing on securing ICS and OT networks.
The tactic Deloitte is taking is to monitor emerging cyber threats. Deloitte Risk and Financial Advisory Cyber Risk Services’ end-to-end ICS offering, enabled by Dragos technology, uses a combination of innovative cyber security products and services. This combination brings hunting and reconnaissance capabilities that now allow organizations to look beyond internal data to threat documentation found in external databases. Beyond securing ICS and OT systems, this combination of cyber risk services and technologies can provide a more complete picture of an organization’s ICS and OT threat landscape through active monitoring that can better inform scenario planning and response.
“Assessing the cyber risks of our clients’ ICS and OT, we see that many organizations are often unprepared for the magnitude of the impact to operational technology and industrial control systems environments” said Ed Powers, principal, Deloitte & Touche LLP, and U.S. leader for Deloitte Risk and Financial Advisory Cyber Risk Services. “A decision to include OT and ICS as a part of a broader cyber risk management program can improve a company’s understanding of the potential damage resulting from a cyberattack and can bolster the efficacy of its cyber risk mitigation strategy.”
The Dragos Platform, Threat Operations Center, and intelligence team form an ecosystem of technology, people, and intelligence to safeguard industrial networks. The Dragos Platform is designed for industrial networks and provides visibility into the environment, detection of threats through behavioral analytics, and the automation of workflows including incident response data collection and analysis.
“There have been pockets of excellence around the community in industrial security leading practices. But the world is facing a more connected infrastructure and a more aggressive threat than we’ve seen in years past,” said Robert M. Lee, chief executive officer, Dragos. “Now is an important time to get the solution correct and that’s what the Dragos and Deloitte cooperation represents.”
Protecting From USB Device Hacks
We all know about Stuxnet and how it was spread using malware in USB sticks. Well, here is an interesting tactic and new product from Honeywell.
Honeywell Process Solutions (HPS) announced Secure Media Exchange (SMX) to protect facilities against current and emerging USB-borne threats, without the need for complex procedures or restrictions that impact operations or industrial personnel.
Malware spread through USB devices – used by employees and contractors to patch, update and exchange data with onsite control and computer systems – is a key risk for industrial control systems. It was the second leading threat to these systems in 2016, according to BSI publications, and uncontrolled USBs have taken power plants offline, downed turbine control workstations, and caused raw sewage floods, among other industrial accidents.
“Industrial operators often have hundreds or thousands of employees and dozens of contractors on site every day,” said Eric Knapp, Cyber Security chief engineer, HPS. “Many, if not most, of those rely on USB-removable media to get their jobs done. Plants need solutions that let people work efficiently, but also don’t compromise cyber security and, with it, industrial safety.”
Currently, many plants either ban USBs, which is difficult to enforce and significantly reduces productivity, or rely on traditional IT malware scanning solutions, which are difficult to maintain in an industrial control facility and provide limited protection. These solutions fail to protect process control networks against the latest threats, and offer no means to address targeted or zero-day attacks.
“SMX is a great example of Honeywell’s major investments in new industrial cyber security technologies, products, services, and research which further strengthen our ability to secure and protect industrial assets, operations and people,” said Jeff Zindel, vice president and general manager, Honeywell Industrial Cyber Security. “With the continued increase in cyber threats around the world, Honeywell’s industrial cyber security expertise and innovation are needed more than ever for smart industry, IIoT and critical infrastructure protection.”
Honeywell’s SMX was developed by the company’s cyber security experts based on field experience across global industrial sites and feedback from Honeywell User Group customers. Honeywell has one of the largest industrial cyber security research capabilities in the process industry, including an advanced cyber security lab near Atlanta. Honeywell also partners with cyber security leaders, including Microsoft, Intel Security and Palo Alto Networks, among others, to develop new, highly-effective industrial threat detection techniques.
Contractors “check-in” their USB drive by plugging it into an SMX Intelligence Gateway. The ruggedized industrial device analyzes files using a variety of techniques included with Honeywell’s Advanced Threat Intelligence Exchange (ATIX), a secure, hybrid-cloud threat analysis service.
SMX Client Software installed on plant Windows devices provides another layer of protection, controlling which USB devices are allowed to connect, preventing unverified USB removable media drives from being mounted, and stopping unverified files from being accessed. SMX also logs USB device connectivity and file access, providing a valuable audit capability.
“For most plants, the proliferation of removable media and USB devices is unavoidable, but the security risks they bring don’t have to be,” said Knapp. “We know our customers have limited resources to maintain another system, so Honeywell manages SMX for them. SMX never connects to our customers’ process control networks. From a system administration perspective, it’s like it’s not even there.”
Managed and maintained directly by Honeywell, SMX provides the easy and secure solution to USB security in industrial plants. It helps prevent the spread of malware through removable media; stops unverified files being read by Windows hosts; and, through the private ATIX connection, provides continually updated threat information and advanced analytics to help detect advanced, targeted, and zero-day malware.
Industrial Control Systems cybersecurity discussions often spill over from trade press to mainstream media. An incident in a large plant leads to economic and human consequences drawing interest from the big media companies.
A company called NexDefense formed an ICS Cybersecurity Fellows Program. Together with NexDefense, the Fellows will help educate and raise awareness of contemporary cybersecurity issues facing industry’s critical control systems that tirelessly operate in critical infrastructure facilities around the world.
In addition, Eric Byres, co-founder and former chief technology officer of Tofino Security (acquired by Belden Inc. in 2011) and leading expert in the field of process control and SCADA system cybersecurity, joins NexDefense as a strategic technology advisor and Senior Fellow to help further develop the company’s technology offerings and raise the attention level of cyber risks affecting industry.
“The NexDefense Industrial Cybersecurity Fellows Program assembles highly recognizable and well respected industrial security practitioners, consultants and advisors and allows each to speak as part of a larger cohesive unit,” said Doug Wylie, CISSP, vice president product marketing and strategy at NexDefense. “We are privileged to bring together some of the great cybersecurity minds of industry, each of whom share a common objective with NexDefense to expand business and community visibility and recognition of important security trends, emerging risks and techniques that can help to counteract threats to the safety and operational integrity of many industrial control systems.”
Members of the NexDefense Fellows Program will independently share their professional perspectives on security topics relevant to the ICS industry, including how security risks to industrial control systems can be reduced or avoided altogether through whitepapers, articles, blogs, social media and speaking engagements sponsored by NexDefense.
Joining the Fellows program are four highly reputable industrial cybersecurity authorities, each of whom continue to have a positive and meaningful affect on industry and provide control system owners and operators and the public at large with expert perspectives on cybersecurity for automation and control systems:
Eric Byres, SCADA and ICS Security Product Visionary, President Byres Security Consulting, ISA Fellow, Co-Founder and former CTO of Tofino Security—“Every digital system on which we depend has become an integral part of our connected world. This is especially true for the many industrial control systems (ICS) that produce power, move clean water and manufacture goods. The NexDefense Fellows Program will serve as a useful outlet to discuss the positive and negative consequences of today’s hyper-connectivity to these critical systems.” Eric added, “In my role as NexDefense Strategic Technical Advisor and Senior Fellow, I look forward to working closely with the team to address industry-wide security challenges with innovative solutions that can have a valuable effect on reliability, safety and productivity of control systems.”
Michael Chipley, PhD., President, The PMC Group, consultant and respected contributor to NIST cybersecurity guidelines and best practices including the Cybersecurity Framework and SP 800-82 R2—“Connected devices are at the core of building automation subsystems that provide services such as fire and physical security protection, heating and ventilation and automated lighting control, all of which are actively converging with business enterprise and industrial control systems. Cybersecurity as it relates to systems-of-systems is a topic that increasingly affects everyone and commands greater visibility with the public.”
Eric Cornelius, Director of Critical Infrastructure and Industrial Control Systems (ICS), Cylance, previously Deputy Director, Control Systems Security Program, US Department of Homeland Security (DHS)—“Electronic Perimeters alone cannot adequately protect control systems from attackers intent on stealing data, damaging equipment, or compromising the process itself. The NexDefense Fellows program will help open up discussions on security issues to more people from industry, raising awareness of what can be done to better protect people and processes from harm.”
Bryan Singer, Principal Investigator, Kenexis Consulting Corporation, and former Chairman ISA99—“The most successful industrial automation risk management programs are built on a foundation that recognizes safety and security are inextricably linked. While only a few companies have truly embraced this philosophy to date, others are still struggling with where to start. NexDefense’s Cybersecurity Fellows program will be a valuable opportunity to share and discuss risk management concepts like this with a broader audience.”
Each NexDefense Fellow will deliver their messages through a variety of mediums, with the intention to reach the public and private sectors and raise security awareness about the importance of expanded investment in the design, operation and maintenance of critical control systems around the world.
There remains some unfinished business from the ARC Forum held last week in Orlando. Security as a key component of the Industrial Internet of Things was a recurring theme. Mentor Graphics held a press conference to highlight advances in embedded computing. Later, I met with Alan Grau, CEO of Icon Labs, to talk about security.
Building security directly into embedded control is a burgeoning trend. Expect to see more—and demand more from your suppliers—about building in security at the embedded level.
From the press release:
Icon Labs, a provider of embedded networking and security technology, has announced the integration of Icon Labs’ Floodgate security products with Mentor Graphics’ Nucleus RTOS and Mentor Embedded Linux. The integrated solution creates a secure platform for industrial automation and extends the Internet of Secure Things initiative into industrial control systems.
Icon Labs’ Internet of Secure Things Initiative defines a platform for developing secure, connected devices. The platform is designed to ensure that security is intrinsic to the architecture of the device itself and incorporates security management and visibility, device hardening, data protection and secure communications. These capabilities provide the foundation for the Industrial Internet of Secure Things. Natively securing the devices simplifies protection, audit, and compliance independent of the secure perimeter, reducing the need for expensive and complicated security appliances.
“Security is a top priority for our industrial automation and critical infrastructure clients. Partnering with Icon Labs allows us to provide an integrated solution that enables security and regulatory compliance,” stated Scot Morrison, general manager of Embedded Runtime Solutions, Mentor Graphics Embedded Systems Division. “Icon Labs Floodgate product family provides a comprehensive security platform for developing secure, embedded devices using Nucleus and Mentor Embedded Linux.”
The integration of Icon Labs’ Floodgate products and Mentor Graphics’ embedded OSes provides:
- Security policy management
- Event and command audit log reporting
- Integration with the McAfee ePolicy orchestrator (ePO)
- Integrated embedded firewall
- Firmware and data anti-tamper support
- Integrated solution on both Nucleus and Mentor Embedded Linux
“Today’s modern industrial automation devices and systems are complex connected devices charged with performing critical functions,” says Alan Grau, CEO of Icon Labs. “Including security in these devices is a critical design task. Security features must be considered early in the design process to ensure the device is protected from the advanced cyber-threats they will be facing now as well as attacks that will be created in the future. By partnering with Mentor Graphics, we are able to offer a solution in which critical security elements are integrated into the operating system, ensuring security is a foundational component of the device.”
I guess this industrial internet thing has legs. Check this announcement (one of several) from GE.
GE announced recently it is on track to deliver over $1 billion in incremental revenue this year from more than 40 Industrial Internet offerings, with $1.3 billion in orders, helping customers improve asset performance management (APM) and business operations across the company.
In addition, Predix, GE’s software platform that powers the Industrial Internet, will be made available to any company in 2015, allowing them to create and deploy their own customized industry apps at speed and scale to better manage the performance of their assets.
“The tools are in place to realize the potential of the Industrial Internet to increase productivity for our customers and for GE,” said Jeff Immelt, Chairman & CEO of GE. “The more we can connect, monitor and manage the world’s machines, the more insight and visibility we can give our customers to reduce unplanned downtime and increase predictability. By opening up Predix to the world, companies of any size and in any industry can benefit from the investments GE has made by eliminating the barrier to entry.”
GE’s new APM solutions, launched today, focus on power optimization, providing customers 24×7 access to a remote monitoring and diagnostics platform, predictive maintenance insight and incremental power when needed.
Distributed Power’s current suite of data-driven solutions – On Site Power Visibility and On Site Power Performance – help to optimize the performance of GE’s aeroderivative gas turbines, reduce life-cycle costs, improve uptime, increase efficiency and drive profitability.
The Predictable Asset Toolbox for Industry: Predix + Predictivity + APM
GE currently monitors and analyzes 50 million data elements from 10 million sensors on $1 trillion of managed assets daily to move customers toward zero unplanned downtime. Powered by Predix, APM enables customers to put streams of data to work to proactively make the right decisions at the right time to keep assets safe, help them run better, consume less fuel, receive service more efficiently and minimize unplanned downtime.
Kristian Steenstrup of Gartner said, “Increased usage of APM solutions and services will help asset owners and operators reduce maintenance costs and operational risk while boosting reliability. The ultimate goal for any organization is the ‘perfectly predictable asset.’ For immature organizations, this might appear to be an unachievable goal. However, the pursuit is worthwhile, given the many benefits that accrue from getting closer to it. APM will be at the center of efforts to get there.”
GE will leverage its high-margin services backlog of more than $180 billion to develop new APM technologies, growing its dollars of revenue per installed base 3-to-5 percent annually. Reinforcing the importance of this opportunity, Immelt said: “The Industrial Internet is a win-win for GE and our customers. Our offerings will increase GE’s services margins and boost organic industrial growth, with the potential to drive as much as $20 billion in annual savings across our industries.”
For example, AirAsia is on track to save $10 million in fuel costs in 2014 by using Flight Efficiency Services. The solution enables airlines to optimize traffic flow aircraft sequence management, flight path design, and more by revealing patterns and transforming data into actionable insights. AirAsia fuel savings alone are expected to grow to $30 million by 2017.
Jonathan Sanjay, Regional Fuel Efficiency Manager at Air Asia, said, “If you generate a small savings on each flight it translates to big savings at the end of the year. Even a one percent savings can translate into millions of dollars.”
In addition, E.ON has achieved up to 4 percent more power output from 283 of its wind turbines enrolled in GE’s Wind PowerUp, a customized software-enabled platform that increases a wind farm’s output by up to 5 percent, taking into account environmental and site conditions.
This increased output results in an additional 40 gigawatt hours of annual energy production, the equivalent energy to power approximately 4,000 American homes for a year.
“E.ON is always innovating, and we are happy that GE’s PowerUp technology has made some of our best wind farms even better,” said Patrick Woodson, chairman, E.ON North America. “Advancements in wind energy technology, like PowerUp services, will continue to make renewable energy even more competitive in the energy market.”
To help businesses accelerate the adoption of Industrial Internet solutions, GE also announced a new APM tool that helps customers assess their current operations and identify the assets and processes that would benefit the most from increased connectivity, data analysis, and optimization. This initial assessment is the first step in realizing bottom line savings and minimizing unplanned downtime.
Designing Apps for Industry that Matter: Predix App Factory
To further the value of APM, GE today launched the Predix App Factory, an advanced methodology for rapidly prototyping, validating, and developing Industrial Internet applications that shortens typical development cycles from months to weeks. GE pioneered this collaborative approach with customers to drive innovation at scale, bringing together experts from user experience and design, data science, machine connectivity, and agile software development. GE is using the App Factory process at its state-of-the-art Design Center in San Ramon, California to develop new solutions that lead to better customer outcomes such as reduced resource consumption, improved operational efficiency, and lower risk. For example, GE Aviation created an industry app allowing airline and plane operators to blend current information with advanced analytics to actively monitor more than 30,000 jet engines for real-time detection and response to issues.
The Security Standard to Protect Critical Infrastructure: Wurldtech
Securing critical infrastructure is vital to the Industrial Internet, but it holds a unique set of complexities that are different from protecting a traditional IT environment. GE is focused on safeguarding operations technology and improving the reliability of the Industrial Internet for customers and industries. To do this, GE acquired Wurldtech earlier this year to leverage its Achilles industrial security products and services to certify GE and non-GE products and customer environments. GE plans to use Achilles as a standard for securing all of its technology for delivering security enhancements through Predix and GE Products.
Bill Ruh, Vice President, GE Software, said, “Protecting sensor networks and critical infrastructure is paramount to the reliability and safety of industrial operations as more machines and systems are brought online and connected to people at work. At GE, we are well positioned to help respond to this dynamic by bringing together three elements that include our industrial big data platform, an ecosystem of partners, and vigorous cyber security management through the acquisition of Wurldtech. All of these important elements will require continued progress across innovation to transform not just the industrial world, but the global economy as organizations realize the benefits of the Industrial Internet.”
Global Network Connectivity
GE also announced new global alliances with Softbank, Verizon, andVodafone to provide a wide range of wireless connectivity solutions optimized for Industrial Internet solutions. In addition, GE continues to fuel innovation with AT&T by connecting its machines and assets such as locomotives, fleet, and aircraft engines through the AT&T global network and highly secure cloud. Together, these relationships enable GE to provide its industrial customers with advanced connectivity services in virtually any geography.