Potential threats to the nation’s energy supply, generation and distribution systems attract intense scrutiny not so much because of what has happened but because of what we believe could happen. The specter of an attack that could severely impair, for example, the distribution of electricity in much the same way Stuxnet damaged the Iranian uranium enrichment program, raises alarms that no number of credit card or personally identifiable information (PII) breaches can. McAfee/Intel’s new vision for security in the energy sector is a tiered deployment of its wide range of existing tools to monitor and enforce critical infrastructure protection policies and procedures.
At the heart of the concern in these sectors is the rapid evolution of the industrial control systems (ICS) used to maintain and manage a wide range of manufacturing and utilities operations. At one time, those tasked with securing these once isolated and proprietary systems only had to be concerned with someone with bad intent getting into the control facility. No more. Now these systems are dependent on standard Ethernet networks and OS platforms, such as Windows, and are too often open to direct or indirect Internet connections that can be used as attack vectors.
Digital security has come slowly to the ICS environment, so the job of securing our most critical operations has been a combination of shoring up long neglected policies and procedures and enforcing them with appropriate technology. That’s really no different than security anywhere, except these companies and public utilities generally have to overcome years of inertia and, at the risk of cliché, a false sense of security.
McAfee/Intel makes the case for layered defense using an increasingly comprehensive portfolio of software and hardware tools, integrated under its very popular ePolicy Orchestra (ePO) management platform. Its case for protecting energy utilities focuses at and around the control centers (they actually did a proof of concept over several months using a simulated electrical substation, what they call a reference implementation) that are used to manage supervisory control and data acquisition (SCADA) environment. Control centers, such as substations, are at the crux of the operations and where the junction of proprietary ICS and the outside world pose the greatest threat.
A key component lies in the ability to leverage integration of McAfee software and Intel’s vPro chip technology. McAfee ePO Deep Command provides management and communications with vPro Active Management Technology to enable secure remote communication for monitoring and remediating control station PCs, referred to as human-machine interface (HMI) devices. The key is the ability to monitor endpoints for improper configuration and compromise and remediate.
The baseline keys to security in these control environments is strongly enforced application control via white listing on the endpoint and strongly enforced access control (what types of traffic and applications will be allowed in) at the network ingress point. McAfee’s extensive security portfolio, including firewall and IPS at the perimeter and antimalware and data protect on the endpoint are now augmented by the SIEM capabilities from its acquisition of NitroSecurity last year. In addition to filling the SIEM gap for McAfee (seems almost every major security vendor has bought a SIEM company), NitroSecurity brings specialized tools for acquiring and analyzing data from SCADA environments, making it an especially nice fit for this critical infrastructure initiative.