Ultra Intelligence & Communications

DHS Offers Industry Seven Steps to Comprehensively Defend Control Systems: 3eTI Weighs In

February 26th, 2016 / By

Days before the New Year rang in, and less than a week after a cyber-attack cut electricity to tens of thousands of Ukrainians, the Department of Homeland Security released new guidance on tightening security in “as-built” industrial control systems (ICS). The recommendations, presented in “Seven Steps to Effectively Defend Industrial Control Systems,” are high-level but clearly support elevating the cybersecurity posture of ICS and critical network infrastructures. I believe they merit some specificity, as this paper directly addresses Ultra Electronics, 3eTI’s mission to protect critical infrastructure — pipelines, power plants, refineries, water systems — from increasingly complex threat landscapes.

With heavy-industry under intensifying attack by hackers worldwide, the DHS paper notes that 295 incidents were reported in FY 2015, with many more either unreported or undetected. The actions suggested by DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which produced the paper, surpass the hardened perimeter because the worst risks mask as legitimate traffic to easily penetrate firewalls. Also, threats are often waved through firewalls as a result of approved-user oversight or error.

Once again, we find ourselves at 3eTI closely in step with DHS and ICS-CERT. We can attest through our experience to the validity of DHS’s observation: “If system owners had implemented the strategies outlined in this paper, 98 percent of incidents ICS-CERT responded to in FY 2014 and FY 2015 would have been prevented. The remaining 2 percent could have been identified with increased monitoring and a robust incident response.”

3eTI has a long history of deploying security systems that meet the seven-step criteria the DHS lays out. In summary, our CyberFence industrial cybersecurity devices comply by using the following technology:

DHS Recommendation CyberFence Solutions
  1. Application Whitelisting (AWL)
Application Aware-Whitelist
Through native application parsing and deep packet inspection (DPI), CyberFence extends whitelisting to the data and commands sent between devices.
  1. Ensure Proper Configuration
Controlled Access Enables Proper Network Configuration CyberFence prevents unauthorized connections over the network, ensuring that ICS components cannot be unknowingly reconfigured or modified.
  1. Reducing Your Attack Surface Area
In-Line Security Controls Reduce the Attack Surface
CyberFence’s end-to-end encryption prevents unauthorized devices that access the network from attacking or interfering with critical controls.
  1. Build A Defendable Environment
Silently Monitors & Restricts Communication Paths
CyberFence was designed to provide both cryptographic and network isolation techniques to segment a control system into smaller functional groups without impacting normal system activity.
  1. Manage Authentication
Supports Network-Based Authentication Protocols
CyberFence allows endpoints such as hardware controllers and servers to authenticate users using multi-factors.
  1. Secure Remote Access
Validated Cryptographic Secure Remote Access
CyberFence is certified and validated to military standards by government and independent third parties for assured protection. It enables secure remote access via its validated IPSEC VPN function.
  1. Monitor and Respond
Provides Robust Logging & Alerting
CyberFence provides situational awareness within the control network so that operators can monitor, log and report on all traffic.


In our on-going efforts to advance awareness of a dangerous reality — for which feasible mitigations are available — 3eTI is acting to get the word out. Read the expanded explanation on how CyberFence targets the DHS strategies in this recently published application note. Also, pre-register for our 2016 webinar series starting March 31 that dives more deeply into the ICS-CERT strategies.

On behalf of 3eTI, I applaud our federal allies in the fight against industrial control cyber-crime. I am proud to play role to better safeguard our critical infrastructure.