CEO Insights: the best way to prevent an ICS/SCADA cyber incident
As part of the CEO Insights Series, IIoT World’s Managing Editor, Lucian Fogoros, interviews the CEO of Waterfall Security Solutions, Lior Frenkel, about ICS security, IT/OT divide and the solutions to prevent an ICS cyber incident.
Lucian Fogoros: What is Waterfall Security’s focus within the Industrial IoT?
Lior Frenkel: Since 2007, Waterfall Security has been protecting industrial sites and critical infrastructure from remote cyberattacks with our flagship product, the Unidirectional Security Gateway. Unidirectional security gateway technology makes industrial sites inaccessible to cyberattacks via the external networks that monitor them, or through the cloud services with which they share data. This protective measure effectively immunizes an industrial control network (e.g. SCADA network) to all kinds of online malware, including recent types of ransomware, enabling businesses to use their critical networks safely. It creates a physical, impassable barrier to the propagation of malicious code and other online attacks back into the networks.
Our involvement in the IIoT has taken several paths. One is through our active participation with the Industrial Internet Consortium (IIC) in many activities, such as the critical role we played recently in a joint demo during the Hannover Messe event, and as a major contributor to the IIC Security Framework. Upon speaking with industrial customers, we understood that there were two main obstacles hindering rapid IIoT adoption. This is what led us to apply our unidirectional technology to develop the Unidirectional CloudConnect, launched in October 2016.
The Unidirectional CloudConnect solves the two major challenges that have slowed the adoption of the IIoT among industrial businesses; interoperability and security. Protection of the industrial site from remote online attacks has been accomplished by providing a safe connection to the cloud. On top of that, CloudConnect acts as a translator gateway between the industrial site’s systems and the cloud. It collects data within a SCADA network using the wide variety of Waterfall’s connectors, then publishes that data to the cloud using selected a “cloud” protocol. In short, the CloudConnect has made it possible for oil and gas companies, power facilities, manufacturing plants, transport systems and others to reap the benefits of using the cloud with zero risk of remote attack to their control network. Waterfall’s Unidirectional CloudConnect supports many industrial clouds such as the GE Predix and Microsoft Azure to enable businesses to be protected today.
Lucian Fogoros: A lot has been published on IT/OT, what is your opinion about the divide between the IT and the OT?
Lior Frenkel: My concern here is in choosing the right approach to OT cyber security. Until recently, many industrial sites relied on IT-based approaches for protection of their OT networks, and that can lead to unfortunate consequences. In OT you’re dealing with the control of physical assets, from major machinery like turbines, gauges that regulate heating or cooling systems in power plants, to stations that control water purification systems, among many others. IT-based cyber solutions may provide enough protection when securing information against manipulation or theft because data can be relocated and backed-up. And if the network goes down or falls prey to ransomware, it can be restored, sometimes on a backup site, in a very short while.
This is not the case with OT physical assets, as they cannot be ‘backed up’ or relocated. When your manufacturing plant is down, it is down! You do not have a backup oil platform to continue production when your pumping gear is malfunctioning. So OT cybersecurity needs to be able to prevent attacks from happening, limit the propagation of those that failed to be prevented and contain the damage.
Firewalls, as the default ‘IT Security’ perimeter solution are based on software, and, like all software, they contain bugs and vulnerabilities, leaving too many opportunities for attacks to penetrate. In the world of OT, you need a solution that provides physical cybersecurity to your assets. Period.
Lucian Fogoros: What is the best way to prevent an ICS cyber incident?
Lior Frenkel: Let’s first focus on the most probable path the cyber incident originated from, which is, of course, the Internet. There are other classes of attacks, off-line in nature, involving infected devices or ‘disgruntled’ employees, but remote access attacks are the number one threat, and the most used by attackers of any type. Here is where unidirectional gateway technology is the only practical solution to protect the industrial control network, as it creates an impassable physical barrier to the ICS from all attacks originating external sources. And it still allows you to continue business as usual with data and server replication capabilities.
Lucian Fogoros: What’s the biggest challenge that IT will face in implementing cybersecurity solutions with industrial companies?
Lior Frenkel: The fact that IT fails in its primary approach of relying on solutions like firewalls. Firewalls are porous by nature, as they are designed to allow interactive, bi-directional data flow, allowing hackers to easily hitch a ride on a seemingly legitimate incoming message that passes through. Once inside, the message can be used to launch malware inside the network to archive the anticipated remote control ability of the network. Now, imagine that same intrusion and the potential impact when hackers have unfettered access to ICS. Firewalls have an important play in security corporate networks. They cannot, however, serve as the perimeter barrier between a cybercriminal and an ICS.
Lucian Fogoros: What are the biggest opportunities in the ICS security market in 2017?
Lior Frenkel: I believe the biggest opportunities in the ICS security market are around the massive increase in attack surface due to cloud connections, and the exponential use of big data analytics software. The other opportunity is in regard to cyber insurance – as many industrial businesses are interested in obtaining insurance but there are two issues. One is that what is offered today is insufficient coverage in contrast to the high risk of damages and loss. The second is that few insurance companies are offering anything at all because they are at a loss as to calculating risk factors.
Here Waterfall has made some unprecedented steps with international insurance brokers THB and Lloyd’s underwriters as the technology partner in cyber insurance. You can read the details here.
Lucian Fogoros: What are your main goals in 2017?
Our goals are to protect more and more industrial sites and critical infrastructure for a safer world, eliminating the risk of a cyber criminal sipping coffee on the other side of the world while remotely penetrating an industrial site’s control network. We don’t believe it is a coincidence that we’re hearing of more cyberattacks of one kind or another, particularly in sectors like manufacturing that are joining the fray to become more connected to benefit from industrial cloud services in the IIOT.