Industrial control systems (ICS) represent critical operational assets across more industries than most people imagine.
Many people also don’t realize how important it is to safeguard these vital ICS networks, not only to maintain operational efficiency and to keep services running, but also to help ensure the safety of our communities and the personnel who work with ICS.
But, just as we all rely on the Internet or IP communications to connect our laptops, smart phones and tablets, so do ICS networks and other vulnerable machines.
Internet connectivity has become a requirement for all aspects of our lives today—work, home and recreation. The growing reliance on network connectivity increases your organization’s attack surface.
It’s critical to understand and be more judicious in knowing what things we connect to via the Internet. You must be concerned not only with ordinary hackers, but also the possibility of foreign espionage stealing intellectual property or disabling our vital resources.
Security experts at the U.S. Department of Homeland Security (DHS) have confirmed that activities behind many foreign hacks have been targeted at discovering models of ICS-SCADA systems and other key hardware/software components of critical infrastructure.
Some countries have proven their ability to successfully execute major attacks on critical U.S. systems related to power, public utilities, manufacturing, and other industries.
Unfortunately, the engine that makes our connectivity run is TCP/IP, which was built with openness and connectivity in mind, but not security.
“In its early days, the Internet was designed to be a network that combined unprecedented speed, reach, and efficiency. It was a perfect formula … for the dark side.” (Leonard Kleinrock, UCLA scientist and pioneer of networking)
One of the most basic attacks a hacker can execute is by spoofing the IP address of an endpoint. This is all the bad guys (or gals) need to gain access to your data, your operations, and potentially your reputation as a capable and socially responsible organization.
Complicating the issue of network security is the operational need to keep ICS systems running at peak efficiency. Unfortunately, efficient connectivity is often compromised in favor of bulky layers of added security and prohibitive firewalls as a best effort to properly safeguard critical assets.
Additional challenges regarding optimal connectivity are presented by operational technologies (OT) located in geographically sparse areas, making it time-consuming and costly to get skilled staff members to various sites to effectively authorize vendors and other users.
We need a better way to achieve optimal security along with increased operational efficiency. It’s time for something better.
It’s time for a new network paradigm whereby an IP address must no longer serve as a device’s identity in networking and security.
The vast majority of today’s complexity and vulnerabilities (DoS, MiTM, Spoofing etc.) can be traced back to this singular flaw. Our unique host identity paradigm fixes this root defect and revolutionizes networking and security.
Our Identity-Defined Network (IDN) is a unified secure networking architecture that significantly reduces IT complexity, is simple to orchestrate, and enables instant provisioning and revocation of networking and security services with minimal, if any, modification to the underlying network, applications, or infrastructure. It’s built with an “orchestration and manageability first” mind-set, enabling controlled and predictable self-service by authorized technical teams.
So, what are some of the outcomes you should be looking to achieve?
Protect legacy systems: You should seek a topology and IP protocol-agnostic solution that supports serial-over-IP communications for flexibility and security for legacy and “unpatchable” systems.
Effortless segmentation: You should require easy micro, macro, or cross-boundary segmentation of devices/systems with the ability to give access or control for self-management to business units for specific network segments. It should be easy to grant and revoke access to vendors for specific devices.
Cloaking – Can’t hack what you can’t see: Your vital assets and vulnerable endpoints should be invisible and safeguarded from bad actors. Your security should be proactive with endpoints cloaked from the start.
Just by reading the daily news, we can attest to the fact that today’s common practices for security and networking fall short.
Yesterday’s ‘breach of the year’ is now the ‘breach of the day’. It’s time for a new approach that helps ensure networks and people can cost-effectively scale to keep up with increasing connectivity demands, from today’s intricate SCADA systems and PLCs, to legacy networks and long-lived systems such as HVAC, fuel pumps, and generators.