Published on June 17th, 2016 | by Tony Thompson
Going Retro on Critical Infrastructure Security? Not So Fast.
New legislation was recently introduced intended to protect the nation’s electric grid from cyberattacks by “dumbing it down.” The Securing Energy Infrastructure Act put forward by Senators Angus King, I-Maine, Jim Risch, R-Idaho, Martin Heinrich, D-N.M., and Susan Collins, R-Maine, would take what the bill’s authors call a “retro approach” to critical infrastructure security by replacing vulnerable IT systems with unconnected, human-operated analog systems.
In a recent Federal Times article on the topic, Sen. King is quoted saying, “By looking to the past, we may be able to develop ways to thwart the sophisticated cyberattacks of the future. Our legislation would reengineer the last mile of the energy grid to isolate its most important systems, and in doing so, help defend it from a devastating blow that could cut off electricity to millions of people across the country.”
The intent of this legislation is a good thing and will hopefully drive a productive debate about the most viable approach to infrastructure security. And while no one can argue there is much to be learned from the past, we have to ask if the cost and effort of reengineering a power grid that is already operationally efficient is the best course of action. As the most technologically-advanced country in the world, we also must ask ourselves if we’re ready to take a step back, or look at alternatives that continue to advance the technology infrastructure of our nation.
Infrastructure Security — Why It’s Critical
20 years ago, I used a PDP-11 to help create Ontario Hydro’s first SCADA system. Since then, the technology has become ubiquitous. It’s only since the appearance of the nuclear centrifuge-busting Stuxnet worm back in 2010 that anybody has paid serious attention to the security of this technology.
The Supervisory Control and Data Acquisition (SCADA) systems at the heart of what we’re talking about here were never designed with security in mind, they were designed for power distribution. Those systems measure frequency, voltage, and power at each sensor location. This is critical, as power systems share power between states and countries to even out supply and demand.
Enter the network. The power of networking is key as these sensors are distributed and geographically dispersed. All of this telemetry data is pulled back to a central location where operators can see the state of the grid and also where automated controls can be applied.
But in today’s era of more open networking, we now see that the once-isolated SCADA networks are becoming more accessible, making isolation a more difficult task to achieve. Most SCADA systems are theoretically “air gapped,” but not really disconnected from the network. In light of this, there are still ways for attackers to get around isolation, either because the systems are not set up properly, or because there is an accessible test link in there, or someone bridged the Wi-Fi network, just to highlight a few examples.
Overcoming Infrastructure Security Challenges
The challenge the industry faces is that many of the early industrial control systems continue to do the job they were designed to, and are doing it well. This means making the case for replacing those systems becomes difficult and not easily justified.
The other challenge is that many industrial control systems handled security through proprietary closed networks, which today, under the world of IP networking, does not hold.
Now the argument that says “let’s make the systems less vulnerable by making them less technically sophisticated” is akin to saying “let’s move from mobile phones to telegraph systems.” Possible, but the issue then becomes the ubiquity and reach that we have been accustomed to.
SCADA systems are designed to automatically re-route or stop power distribution in the case of a load imbalance, and though this is possible without networked systems, it will be far more time consuming and require far more human intervention, and quite possibly lead to an increase in human-related errors.
The alternative infrastructure security approach is to embrace the benefits of the network in terms of communications and interactions, yet monitor all the communications to ensure there is nothing that is out of the norm occurring. This is where network communications analytics comes in with the ability to map and align communications to specific devices and systems.
Don’t Disconnect, Monitor
You cannot back away from the network. At SS8, we built a system that analyzes network traffic and then builds in the ability to wind the clock back. We call it a “time machine” for breach detection that allows for a long term look-back, and the ability to continually learn about anomalous patterns on the network.
At the end of the day, security is about putting up the best defenses one can afford without slowing down the business. In the world of intelligence, there is an adage “Trust but verify,” and this is all about allowing for trusted communications to occur to allow for efficiency. However, we still need to verify.
In the past, the “verify” stage could be done in seconds as the difference between good and bad were obvious. Now, this is not the case. The difference often takes days, weeks and months, and hence the idea of security is to enable that long term view.
We shouldn’t abandon what’s proven today, and we shouldn’t take a step back from being a world leader in technology. We can have our cake and eat it too by implementing a “visibility wrapper” around those critical SCADA systems.