Summit: Technology and Hackers

Wednesday, June 27, 2012 @ 03:06 PM gHale

By Gregory Hale
There is a simple tenet when it comes to security that most people understand and that is to understand the goal is to keep the system up and running. Unplanned downtime is unacceptable.

That idea got a good workout during two breakout sessions at the 2012 Siemens Automation Summit today in Washington, DC, as one session talked about one of the latest ways to keep intruders out through whitelisting and another showed how easy it was for hackers to get into a system.

Summit: Safety, Security Growth Driver
Summit: Security Threat Modeling
Summit: Birth of CERT
Summit: Users Need to be Aware
Summit: Productivity Key to Growth

One user was complaining about an increase in downtime and didn’t really understand why. They needed a comprehensive simple and effective way to ensure security; eliminate downtime and associated virus/malware infections.

There were using patching and antivirus which deals with blacklisting all known viruses and malware hitting the market, said Howard Page, OEM account manager at McAfee. The problem was the remediation that went on because of patching and the antivirus updates were having an effect on the user’s system to the point where it would crash.

“I am here to say these are sometimes not the best solutions to go on an industrial control system,” Page said.

That is where whitelisting comes into play. In short, whitelisting only allows specific email addresses or domain names to make it into the systems. All others get denied access. That is the opposite of a firewall or blacklist.

“The basic system works and it doesn’t really change,” Page said. “It is the exact opposite of antivirus. This allows you to keep your robustness.”

One user started a whitelisting program in place of certain firewalls and they reported an increase in uptime, Page said. He also added whitelisting is not a silver bullet and cannot act as a single security solution. It works as a part of a defense in depth program.

With one report saying there are 75,000 new pieces of malware coming out each day, Page said it is almost impossible to blacklist everything. So, why not focus on what you want to allow into your system that makes it much easier for the end user. Plus, in the control environment the list of acceptable names coming in does not change that frequently, so this is one security solution that can remain somewhat static.

“The idea is to keep the system running as it was intended to do,” Page said.

Hackers today, however, want to take control of systems for various reasons and there are free and available websites to help any attacker learn the tricks of the trade, said Chuck Tommey, senior business development engineer at A&E Engineering in Concord, NC.

One of the driving forces behind connectivity is the idea of more information. “People want more data. They want data to go from the plant floor all the way up to the top.

During his presentation, Tommey showed just how easy it was to get into a system and force an exploit.

“There are free sites to help learn about exploits, so it doesn’t surprise me that a 15-year-old can sit in his bedroom and hack anywhere across the world,” Tommey said.

2 Responses to “Summit: Technology and Hackers”

  1. Wayne Davis says:

    “There is a simple tenant”… ouch; I believe you mean “tenet”.

  2. gHale says:

    You are right, of course… All fixed now…

Leave a Reply

You must be logged in to post a comment.