The HAVEX worm is making the rounds again. As Cisco first reported back in September 2013, HAVEX specifically targets supervisory control and data acquisition (SCADA), industrial control system (ICS), and other operational technology (OT) environments. In the case of HAVEX, the energy industry, and specifically power plants based in Europe, seems to be the primary target. See Cisco’s security blog post for technical details on this latest variant.
When I discuss security with those managing SCADA, ICS and other OT environments, I almost always get the feedback that cybersecurity isn’t required, because their systems are physically separated from the open Internet. This practice, referred to in ICS circles as the “airgap”, is the way ICS networks have been protected since the beginning of time; and truth be told, it’s been tremendously effective for decades. The problem is, the reality of the airgap began to disappear several years ago, and today is really just a myth.
Today, networks of all types are more connected than ever before. Gone are the days where only information technology (IT) networks are connected, completely separated from OT networks. OT networks are no longer islands unto themselves, cut off from the outside world. Technology trends such as the Internet of Things (IoT) have changed all of that. To gain business efficiencies and streamline operations, today’s manufacturing plants, field area networks, and other OT environments are connected to the outside world via wired and wireless communications – in multiple places throughout the system! As a result, these industrial environments are every bit as open to hackers and other cyber threats as their IT counterparts. The main difference, of course, is that most organizations have relatively weak cybersecurity controls in these environments because of the continued belief that an airgap segregates them from the outside world, thereby insulating them from cyber attacks. This naivety makes OT environments an easier target.
The authors of HAVEX certainly understand that OT environments are connected, since the method of transmission is via a downloadable Trojan installed on the websites of several ICS/SCADA manufacturers. What’s considered a very old trick in the IT world is still relatively new to those in OT.
It’s absolutely essential that organizations with ICS environments fully understand and embrace the fact that IT and OT are simply different environments within a single extended network. As such, cybersecurity needs to be implemented across both to produce a comprehensive security solution for the entire extended network. The most important way to securely embrace IoT is for IT and OT to work together as a team. By each relinquishing just a bit of control, IT can retain centralized control over the extended network – but with differentiated policies that recognize the specialized needs of OT environments.
We’ll never completely bulletproof our systems, but with comprehensive security solutions applied across the extended network that provide protection before, during, and after an attack, organizations can protect themselves from most of what’s out there. A significant step in the right direction is to understand that the airgap is gone forever; it’s time to protect our OT environments every bit as much as we protect our IT environments.
Tags: Cisco, cybersecurity, HAVEX, ICS, Industrial Control Systems, Internet of Everything, internet of things, IoE, IoT, IoT Security, operational technology, OT, SCADA, security
During geek-fests like CiscoLive, it’s easy to become hypnotized by all the amazing technology. So many smart people are innovating in so many amazing ways. When the party’s over, though, we all need to get back to business. Not just CIO’s and CTO’s -- everyone in IT needs to focus on business outcomes -- now more than ever. Here’s why.
IT is under increasing pressure to innovate and help deliver business results, as evidenced by several new data points in our industry. Understanding these trends and next steps can help IT, business, and operations teams all work better together to deliver more value from technology.
Read More »
Tags: business priorities, Columbia Sportswear, dundee mining, education, enterprise networks, Financial Services, healthcare, line-of-business, Manufacturing, operations, retail, solution central, Transportation, Transwestern
#CiscoChampion Radio is a podcast series by Cisco Champions as technologists hosted by Amy Lewis (@CommsNinja). This week we’re talking about ACI Updates with Cisco Product Management Director, Thomas Scheibe.
Listen to the Podcast
Learn about the Cisco Champions Program HERE.
See a list of all #CiscoChampion Radio podcasts HERE. Read More »
Tags: #CiscoChampionRadio, ACI, APIC, Insieme, OpFlex
Internet traffic in Australia is set to grow 3-fold from 2013 to 2017 according to the latest data from Cisco’s Visual Networking Index (VNI). However, if we “look behind the curtain” there is more to this story beyond just greater bandwidth demand as both consumers and enterprises are increasingly adopting cloud-based services. This move to the cloud provides a new opportunity for traditional service providers since they can uniquely combine network infrastructure and data center capacity to deliver premium cloud services with an SLA guarantee. Australia’s leading telecommunications and information services company, Telstra, has established itself as a trusted provider of cloud services, such as collaboration and management applications, to customers. They’re achieving this with a new architectural approach that enables a next generation Internet experience combining networks, data centers and applications together while ensuring resiliency, low-latency performance, and programmability.
Telstra recently announced Read More »
Tags: Cisco, cloud, epn, IoE, IoT, NCS6008, Service Provider, telstra
What do Walt Disney World, The Matrix, and Big Ben have in common? On the surface they do not share much. Each of these is special because everything that makes them tick, pun intended, are hidden from view of the consumers. We all intuitively know there is a great deal of complexity behind the scenes, but it is intentionally hidden from the users. This is the behavior consumers of cloud-based services also expect, even in the datacenter.
Today vendors are working hard to make their products and services more consumable in a nearly seamless fashion. They are accomplishing this by adding abstract control layers, open APIs with robust development kits, and enabling cross platform integrations. The recognition is that in today’s virtualized datacenter and the Internet of everything no technology is an island any longer. Efforts have to be made to make interoperability a priority in order to provide the polished experience that consumers have grown to expect. The question being answered is ‘Why doesn’t X communicate with Y?’ Read More »
Tags: #ciscochampion, APIs, Cisco UCS API, cloud-based services, Disney MagicBands, Internet of Everything, onePK, SolidFire, vipr