Belden: Security Front and Center

Wednesday, October 3, 2012 @ 07:10 PM gHale

By Gregory Hale
Belden has had a long line of physical security offerings for quite a while now, but with the acquisition of Tofino Security one year ago, they are starting to put together a stronger total security portfolio.

“Security is the hot topic in the industry right now,” said Mark Cooksley, product manager for software service at Belden during the Belden Design Seminar in Wheeling, IL, Tuesday.

‘Highly Sophisticated’ DDoS Attacks
Blackhats Stealing Whitehat Tools
SQL Attacks Take Big Jump
VW: Espionage Victim

While Cooksley knows security is one of the most important areas any manufacturer faces moving forward, he still finds people are not moving forward.

“The concept of people saying nothing has ever happened before so nothing will happen now is still a major thought,” he said. “If a system is not secure you can either patch it, update it or leave it alone. The idea of leaving it alone can be attractive, superficially.”

Jeffrey Smith agrees. Among his many tasks, the technology lead at American Axle Manufacturing (AAM) helps create a security plan at his company and it has helped ward off the evil of unplanned downtime.

“You can sit by the sideline and say ‘I don’t have to do anything,’ ” Smith said during his Monday keynote address at the conference. “It is not if it will happen, it is when it will happen.”

When they started working on their security initiative, Smith said they had to sit down and figure out what do we need to protect and how do we get there.

Getting to the point of actually meeting to understand what you have to do is a huge, but important, step. Because one of the reasons people do not embark on a security program is oftentimes the lack of understanding what security is all about and realizing it is not as complicated as it seems.

“Security is not that complicated,” he said. “It is just a matter of using good common sense.”

Security issues are not going away and they are happening all around the industry. Cooksley pointed out incidents that occurred in various segments, like the chemical industry:
• IP Address Change Shuts Down Chemical Plant
• Hacker Changes Chemical Plant Set Points via Modem
• Nachi Worm on Advanced Process Control Servers
• SCADA Attack on Plant of Chemical Company
• Contractor Accidentally Connects to Remote PLC
• Sasser Causes Loss of View in Chemical Plant
• Infected New HMI Infects Chemical Plant DCS
• Blaster Worm Infects Chemical Plant

Or the oil industry:
• Electronic Sabotage of Venezuela Oil Operations
• CIA Trojan Causes Siberian Gas Pipeline Explosion
• Anti-Virus Software Prevents Boiler Safety Shutdown
• Slammer Infected Laptop Shuts Down DCS
• Virus Infection of Operator Training Simulator
• Electronic Sabotage of Gas Processing Plant
• Slammer Impacts Offshore Platforms
• SQL Slammer Impacts Drill Site
• Code Red Worm Defaces Automation Web Pages
• Penetration Test Locks-Up Gas SCADA System
• Contractor Laptop Infects Control System

One of the problems facing manufacturers, Cooksley said, is the industry is full of “soft” targets, which are devices vulnerable to disruption through their network interface.

“PCs in many plants run for weeks or months without any security updates, and some even operate without any anti-virus tools,” he said. “In addition, many of the controllers in these networks were designed in an era when cyber security was not a concern. As a result, many of these devices can be disrupted by malformed network traffic or even by high volumes of correctly-formed traffic.”

In addition, control networks have multiple pathways where cyber security threats can enter the plant, he said. These pathways often bypass existing security measures in the plant, and some of them don’t even appear on a network diagram. These can easily bring malware into the plant and rapidly spread it from one system to another.

On top of that, “networks are implemented as large, flat networks with no isolation at all between unrelated subsystems. This means that if a problem does occur in one part of the plant, it can spread very quickly to other unrelated subsystems and even to remote plant sites.”

In Smith’s case, one area he wanted coverage was to protect each system from each other.

“We wanted to protect the manufacturing system from the IT infrastructure and the infrastructure from the manufacturing system,” he said.

He also wanted to control and track supplier access to the manufacturing control systems. “That is a huge problem for us.”

Under the AAM plan, Smith said the supplier has one port to plug in, which asks for an access number. The supplier is able to stay on the system until his voucher runs out and then he ends up kicked off the system.

AAM has a solid security plan not often seen in the industry. One strength is it seems to employ a defense in depth strategy.

Defense in depth is a vital area that will help keep manufacturers up and running and the bad guys out.

“Use defense in depth, create zones and that will limit damage,” Cooksley said. “Don’t get spooked by these IT experts that will try to charge you a lot of money for a security solution.”

Leave a Reply

You must be logged in to post a comment.