A week rarely goes by when one doesn’t read about yet another cyberattack on a large, global businesses or critical infrastructure. Crime and conflict in the world have expanded from location-specific physical attacks, to geographically independent cyberattacks perpetrated by organized crime and even nation states. The security breaches at Target and Home Depot that violated consumers’ identities was bad enough. But cyberattacks, such as the one on a German iron plant last December, are targeting control systems such as those used in nuclear plants and electric power grids. Terminating power sources is the new holy grail of political and economic warfare — but unlike the biblical cup, this weapon is real. The recent attack on Sony Pictures has further blown open a door of denial that too many enterprises have been hiding behind.
Recent warnings by U.S. officials and other experts predicting an attack on our critical infrastructure have proven prophetically accurate. Their dark statement of “it’s not a question of ‘if,’ but ‘when,’” has become “right now.”
How do we protect our current and evolving power grids in the U.S.? Clearly, cyberterrorists are undaunted by our traditional, ring-fenced, physical barrier method tactics. They email or send “sneaker net” attacks into facilities using authorized personnel, who directly access systems and — knowingly or not — infect platforms directly via USB ports or LAN access. And power companies that promote smart grids, buildings and cities with Internet-accessible systems have also become likely targets for sophisticated remote attacks. And the whole world knows it.
Forensic reports from recent corporate and critical infrastructure attacks have revealed system vulnerabilities behind the network firewalls, which originally were believed to be keeping operational systems safe. Some of these attack vectors include:
- Direct access to compute platforms: Once logged in, a system stays up so anyone could access the applications running on it. Or, software updates introduced via USB ports (that were not being monitored, nor their contents scanned), before new files were uploaded and executed on the platform.
- Advanced persistent threats: All parts of the compute infrastructure — network traffic, platforms, databases and applications — were not being monitored and tracked in context with one another to establish known, good behavior, and were not continually analyzed to identify behavioral anomalies.
- Locking down operational platforms: Exclusionary controls, such as secure boot and whitelisting, were not present to keep new files from executing and proliferating on devices.
- Machine-to-machine identity management: Devices on a LAN or WAN were not required to authenticate with each other to allow communications between them, allowing new devices on the same network to infiltrate operation platforms.
Grid operators need to increase security measures, but they also have the herculean task of protecting power plants and distribution grids without impacting system performance or availability — and they have to do it all without too heavy an investment of time and budget. A holistic, yet practical, protection strategy is required to retrofit existing infrastructure and design in managed, layered security for new platforms and networks. This type of security framework combines traditional network security solutions with endpoint and transaction integrity security enforcement. This will provide comprehensive protection from physical and cyberattacks for data at rest, in motion and in use.
Let’s identify some core principles that we can apply in concert, yet with flexible application, to effectively and economically protect any part of the grid infrastructure:
1. Harden the operational platforms and protect mission critical data in all transactional phases.
Given that we have the aforementioned timing and budget concerns, we can’t rip and replace every platform to take advantage of the latest trusted boot and execution capabilities (this along with application whitelisting and change management to keep platforms in a known, trusted state of operation). But we can reduce the attack surface of existing platforms by placing intelligent gateways in line with them to monitor and manage all access. We can also move operational applications, unchanged, to virtualized, hardened platforms to securely monitor and manage them.
2. Secure communications to every platform from any other platform.
For legacy platforms, we can leverage intelligent gateways to help secure communications between devices and applications by employing machine-to-machine authentication, by using authorization and auditing (AAA) techniques, and by creating secure tunnels and transaction spaces between devices. Where possible, far greater communication protection can be achieved by moving existing applications to secure, virtualized platforms that will manage and monitor all connectivity and communications to the hosted applications.
3. Monitor and manage every platform, application and connection running as part of the operational framework.
Existing network security information should be correlated with device, application and data security event information in real time for both immediate alerts and remediation capability. The converged incident and event data also should be historically analyzed. Advanced analytics on contextually combined system state information provides powerful protection against advanced persistent threats, as well as protection against other stealth attack methods via networks or platforms.
When these three security elements — device hardening, secure communications and management — are combined into one, unified strategy, they provide a cohesive and powerful system of protection. Devices and gateways in critical infrastructure are securely measured and validated. Also, during hardware and software startup, connectivity, shutdown and recovery, all security status and event data are monitored in real-time with automated, policy-driven management capabilities.
Ensuring panoramic, security situational awareness across all the operational and cloud computing platforms, which comprise critical infrastructure, is key in delivering the data integrity, privacy and accessibility controls required to maintain a safe, secure, robust and profitable smart grid.
Intel Security has been piloting such a system, called the Critical Infrastructure Protection (CIP), in a field trial since December 2012. The field trial is protecting a synchrophasor network as part of a funded program by the Department of Energy (DOE). It is hosted at Texas Tech University (TTU) and is managed by the Center for the Commercialization of Electric Technologies (CCET). Electric Power Group (EPG) is supplying the synchrophasor collection and analytic capability.
The embedded system security and grid protection capability, which is supported by Intel Security CIP, has been tested by TTU and Electric Power Group (EPG). Intel’s security solution incurred no performance impact on the PMU data collection. Intel has worked on this DOE program in cooperation with U.S. NIST (National Institute of Standards and Technology), which has been involved with Intel in documenting the alignment and compliance of the Intel Security CIP deployment with the NIST IR-7268, which is a regulatory standard for cybersecurity for electric grids.
The Intel Security Group was formed to bring together a talented team of security experts, industry technologists, ecosystem innovators and operations veterans under one organization, to drive focus and deliver solutions for the safe and secure evolution of our connected world.