Was the foreign intrusion a dry run for a cyber attack from Russia? While the incident proved to be harmless, it raised awareness of just how open industrial control systems truly are, and how an infection could easily occur as soon as the next maintenance visit.
Addressing the industrial network vulnerabilities brought to light by the StuxNet virus a few years ago, a Norwegian network and data security company has extended its forensic malware tools into a supervisory control and data acquisition (SCADA) protection product.
Norman ASA (www.norman.com), based outside Oslo, Norway, is best known in Europe but competes with Norton and McAfee in the U.S. to supply large multinationals, Internet service providers and others with anti-virus tools and network vulnerability diagnostics. Its industrial customers include Arla Foods, BASF and Boeing.
Norman SCADA Protection is the company’s new industrial network protection solution. The hardware/software combination has been designed specifically to protect against Trojans, worms and viruses like Stuxnet that might infect industrial systems.
“Customers say they don’t have bulletproof security. They’re sort of forced to be exposed,” says Oivind Barbo, Norman product director. “SCADA vendors tell users they’re not allowed to have any antivirus software added, because the SCADA system has to update several times a day and could be slowed down. Antivirus software on a PC also can be unpredictable and resource heavy.”
So Norman engineers invented a network appliance device “that could live between administration and the IP network, inline between the SCADA network and the rest of the site,” explains Barbo. That appliance, which is Phase 1 of what the Norman SCADA Protection system does, prevents malicious code from hitting the SCADA network.
“We also realized there is another major threat: The people maintaining the networks or getting any kind of physical access to machines. They could innocently or maliciously infect the system. So we also had to protect the physical access, and scan the portable storage devices. This is Phase 2,” says Barbo.
The Norman Protection System makes it impossible for a service engineer or anyone else to plug in any kind of portable storage device without first having it scanned and approved by the network security appliance. An intelligent piece of software automatically recognizes file systems introduced to the SCADA system and prevents them from mounting and running files.
>> Click here to watch how Deep Packet Inspection provides another method to protect Industrial Control Systems.
>> Click here to read Automation World's coverage on maturing network security.