Support Login


Advanced Network Security for Energy Facilities

Deception Based Threat Detection

Whether you are thinking oil, gas, electric, massive hydroelectric dams or nuclear power plants, they are all vulnerable to cyber attacks, which could be devastating. Modern factories, refineries, ports, and countless other industrial environments all are designed to central networks which have vulnerabilities that allow attackers to gain access to the network, take full control, and cause potentially fatal damage. Any single vulnerability has far-reaching consequences, ones that go far beyond typical inconvenience or financial impact of typical data breaches.

The 2010 Stuxnet attack on Iranian nuclear facilities and the 2014 cyber attack on a German steel mill where the factory owners could not shut down a blast furnace, are examples of the cyber attacks that were designed to cause physical damage to their targets. Whether it is an attack on a power station, hydroelectric dam or nuclear substation, cyber threats must be treated seriously.

In addition to typical BOT and Advanced Persistent Threats (APTs), many of these companies face additional risk from the use of outdated equipment whereas there is less emphasis on hardening and ongoing auditing. Bringing down an entire network can cost thousands to millions of dollars every hour and for this reason the actual process of patching the equipment is generally done annually, sometimes taking years, leaving large numbers of industrial facilities open to attacks on their network. These devices can be found everywhere within electrical facilities, food processing plants, manufacturing plants, onboard ships, transportation facilities, and more.

The threats to nuclear power plant security are among the most concerning. Even with most nuclear facilities having set up substantial security systems to protect themselves, there are often paths from the enterprise side of the business that create doorways for access into the industrial networks.

Other vulnerabilities include the use of default passwords, hard-coded encryption keys, and a lack of proper authentication for firmware updates paving the way for attackers to gain access to industry devices and networks, change what they please, and summarily take control.

Injecting Real-time Cyber Attack Detection into SCADA Networks

Webinar: Learn more about building defense in-depth for SCADA networks and how to close the gaps left open by current security infrastructure solutions.

Speakers: Tony Dao, Aspect Engineering – Michael Kiefer, Attivo Networks.

Other vulnerabilities and openings for malicious attacks can include:

  • Use of legacy hardware running unpatched operating systems and applications software
  • Infected mobile devices and USB’s used outside ICS/SCADA networks being used in air-gapped networks for software updates and data collection
  • The download of diagnostics and configurations to which only administrators should have access
  • Hidden accounts originally created for maintenance can also provide cover and a backdoor for attackers to get into the network and start a malicious attack

Being able to detect intrusions inside the network or a data center has proven to be a challenge. Standard intrusion detection systems have been in place, but with the sophistication of zero-day attacks, attackers are breaking through the perimeter and getting access to critical information and controls. Once the attacker is within the network, traditional security measures don’t always reliably detect their presence until an attack has been mounted, and the damage is done. Monitoring and big data analysis has also been tried, but compute intensive and prone to false alerts, these methods can be overwhelming for security management.

Attivo for ICS-SCADA

Attivo takes a modern approach to IT security for energy facilities and operates on the premise that attackers will get inside the network. Attivo has created advanced network security solutions that uses deception based threat detection techniques to help energy facilities dramatically increase the speed to which threats inside the network are uncovered, understand an attacker’s intent and establish a defense against future attacks. These techniques are authentic and proven to detect threats associated with the protection access controls, valuable business assets, information stored in data centers, electrical and other network attached devices used to operate facilities, and traditional Internet/web presence, HTTPS and phishing attacks.