Cyberoam, the provider of network security appliances, announced the availability of security for Industrial Control Systems (ICS) on its UTM and NGFW network security appliances. Until recently, organisations maintained their critical infrastructure and Operational Technology (OT) ecosystem as closed silos. Rapid integration with IT networks has turned these isolated silos into a close coupling of Internet, enterprise and critical infrastructure networks. This transition has exposed previously unnoticed inherent security vulnerabilities in Industrial Control Systems (ICS) such as SCADA and more. Cyberoam aims to bridge these inherent security gaps in ICS environments to support secure migration / integration with TCP/IP networks.
Cyberoam’s holistic approach – Bridging the security gap, protecting IT integration and enabling business continuity
Having become a part of ‘The Internet of Things’, critical infrastructure is now exposed to cyber threats and network security risks that were until now seen only with business networks. This includes exploiting insecure and inadequate authentication, infiltration of malware to disrupt key processes by targeting vulnerabilities in weak communication protocols, intercepting weak remote communication, exploitation of ICS component vulnerabilities and other web-based vulnerabilities primarily affecting HMIs.
“Findings by ICS-CERT and other security studies reveal that cyber attackers are aggressively leveraging tools and databases like SHODAN search engine and The Internet Census to identify Internet-exposed critical infrastructure devices. As per an estimate over half a million ICS devices with poor or no authentication are exposed over the Internet. Integration of ICS and IT networks indeed augurs well for organisational productivity but unfortunately it has occurred at the cost of security,” says Abhilash Sonwane, Senior VP, Product Management, Cyberoam.
Today’s security administrator of connected critical infrastructure needs reliable authentication mechanism, enhanced visibility into network communication and user activities in ICS environments. By adding layer-8 and layer-7 capabilities, logging & reporting and IPS defense on top of ICS networks, Cyberoam gives required visibility and control enabling actionable security intelligence to protect critical infrastructure.
Key security offerings available on Cyberoam security appliances for Industrial Control Systems include:
- Layer 8: User-identity based authentication, ensuring role-based access to authorized users of ICS networks including schedule-based access
- Protection from cyber-attacks like malware implantation in network with on-appliance features like Gateway Anti-Virus, Gateway Anti-Spam, Website & Application filtering to block malicious websites and apps
- SCADA-aware Intrusion Prevention System with pre-defined category for ICS / SCADA signatures and Web Application Firewall protection to prevent exploitation of ICS component vulnerabilities including web attacks
- Firewall with application-aware (Layer 7) capabilities that provide granular visibility and control over ICS & SCADA protocols such as Modbus, DNP3, Bacnet and also selectively filter specific commands/ functions
- Situational awareness with logs and reports giving real-time visibility of user activities, unauthorized attempts, policy violations, ICS commands, IPS alerts and capabilities that help with incident management and forensic analysis
- Secure and encrypted remote access and communication to SCADA and other ICS networks with on-appliance SSL and IPSec VPN
- In addition, Cyberoam offers centralized security management and visibility for distributed security deployments across ICS and corporate /IT networks through its Cyberoam Central Console (CCC) and dedicated iView appliances.
The future of smart-grid vision and successful evolution of intelligent networks depends on how best critical infrastructure networks are guarded and protected. However, a plethora of well-planned attacks such as Stuxnet, either born of corporate espionage, Hacktivism against rival economies or other ill motives continues to storm into ICS systems and SCADA networks at world’s leading critical infrastructure sites.