What About Whitelisting?

March 31, 2012
One security tactic gaining momentum in the industrial sector is whitelisting. This security method involves a layer of security that only allows pre-approved applications to run on the system. No exceptions.

Brian Ahern, president and CEO, Industrial Defender (www.industrialdefender.com), says that “if we can run whitelisting on the mission critical server side, that allows us to address gaps from a patching perspective, because vendors can’t certify an operating system patch fast enough.” These patches usually takes six months to develop before they are ready for release.

Though whitelisting is an effective strategy for control system security, industry is still very early in its adoption of this tactic. Fewer than 5 percent of Industrial Defender’s customers have adopted this approach, but Ahern says there is increasing interest in it.

The downside to whitelisting, according to Ahern, is that it is “fairly invasive and does require compatibility and interoperability testing with the OEM vendor. As soon as you only allow certain applications to run, you need to understand the DLLs, executables, and what’s happening on a mission critical server so that, if it spawns another DLL, you’ll be able to understand that it’s allowed.”

>> Click here to read Automation World's full report: The Stuxnet Effect on Cyber Security

About the Author

David Greenfield, editor in chief | Editor in Chief

David Greenfield joined Automation World in June 2011. Bringing a wealth of industry knowledge and media experience to his position, David’s contributions can be found in AW’s print and online editions and custom projects. Earlier in his career, David was Editorial Director of Design News at UBM Electronics, and prior to joining UBM, he was Editorial Director of Control Engineering at Reed Business Information, where he also worked on Manufacturing Business Technology as Publisher. 

Companies in this Article

Sponsored Recommendations

Shorten project timelines with these hidden-gem Ignition efficiency tips for designing HMIs, provided by Inductive Automation Sales Engineer Reese Tyson.
Get ready for that “where has this been all my life?” moment—over 25 hidden Ignition features await in our webinar. Our experts show how to boost your productivity and streamline...
Advanced software solutions, like those built in the Ignition platform from Inductive Automation, can provide a crucial means to navigating electrical grid challenges.
Unlock seamless data flow across your manufacturing sites with MQTT and Ignition—turn siloed operations into a connected, data-driven enterprise. Discover how standardization,...