Ultra Electronics 3eTi

Playing Zone Defense in Operational Technology

July 12th, 2017 / By

SCADA Security, Image of Dam, Text: Operational Technology: Playing Zone Defense

Industry is increasingly connecting operational technology (OT) networks to the internet, widening the attack surface, and heightening risk.  By the year 2020, nearly 40 billion devices will be connected to the internet.  More exposure requires more protection.

Our most critical infrastructures such as power plants, pipelines, railroads, and hospitals require protection on multiple levels to ensure the safety of people, the actual infrastructure, productivity, and the environment.

Security control and data acquisition (SCADA) networks are responsible for organizing and physically managing facilities.  SCADA networks can distribute steam to turbines, purify wastewater, and generate nuclear power.  Because SCADA networks are extremely valuable assets, they are becoming high-profile targets for attack.

SCADA Attacks

The most notable SCADA attack is Stuxnet, dated back in 2010, which damaged a uranium enrichment facility in Iran.  The facility was considered secure, however, an infected USB stick allowed for the damage of a large number of centrifuges. In another incident, a German power utility was taken offline for five days by attackers before finally coming back online. The utility services more than 18 million people. But more recently, new threats such as CRASHOVERRIDE, BlackEnergy, Havex, or Sandworm are causing growing concern to critical infrastructure systems everywhere. The risks are increasing due to a rise in published vulnerabilities, wider connectivity, and adoption of open standards that can expose networks and critical edge devices to serious exploits.

Preventing Attacks

Zone segmentation of SCADA networks creates boundaries, or zones, around groups of assets and/or data, much like zone defense in sports sets up zone defense rather than player-to-player defense.  As the old adage goes, “Good defense is a good offense.”  SCADA networks offer a segmented defense from potential attacks.

Physical security is necessary to restrict physical access to critical facilities.  Perimeter security uses strict firewall access rules and real-time reporting to red-flag any suspicious activity.

Once the perimeter is secured, SCADA solutions inspect all network traffic, block known threats, and protect against zero-day threats by downloading threat prevention techniques from the cloud.

OT network segmentation must enable easy, zone-level separation in a centralized manner, without requiring network re-engineering or re-configuration.

The Future of SCADA

As Information Technology and Operation Technology converge, SCADA networks will continue to rise in importance.  OT devices use different protocols than their IT counterparts, but they co-exist to properly filter and inspect network traffic across zones.

Create a baseline view that records all OT network traffic to determine what normal traffic looks like in order to protect each zone from malicious and anomalous behavior.  Understand the full context of OT protocol, be able to complete virtual zoning (remotely and centrally), and enforce a customized security policy for each unique OT environment.

Applying an effective zone defense can improve security and strengthen your competitive position.