Cisco Blogs


Cisco Blog > Internet of Everything

HAVEX Proves (Again) that the Airgap is a Myth: Time for Real Cybersecurity in ICS Environments

July 3, 2014 at 7:00 am PST

The HAVEX worm is making the rounds again. As Cisco first reported back in September 2013, HAVEX specifically targets supervisory control and data acquisition (SCADA), industrial control system (ICS), and other operational technology (OT) environments. In the case of HAVEX, the energy industry, and specifically power plants based in Europe, seems to be the primary target. See Cisco’s security blog post for technical details on this latest variant.

When I discuss security with those managing SCADA, ICS and other OT environments, I almost always get the feedback that cybersecurity isn’t required, because their systems are physically separated from the open Internet. This practice, referred to in ICS circles as the “airgap”, is the way ICS networks have been protected since the beginning of time; and truth be told, it’s been tremendously effective for decades. The problem is, the reality of the airgap began to disappear several years ago, and today is really just a myth.

Today, networks of all types are more connected than ever before. Gone are the days where only information technology (IT) networks are connected, completely separated from OT networks.  OT networks are no longer islands unto themselves, cut off from the outside world. Technology trends such as the Internet of Things (IoT) have changed all of that. To gain business efficiencies and streamline operations, today’s manufacturing plants, field area networks, and other OT environments are connected to the outside world via wired and wireless communications – in multiple places throughout the system! As a result, these industrial environments are every bit as open to hackers and other cyber threats as their IT counterparts. The main difference, of course, is that most organizations have relatively weak cybersecurity controls in these environments because of the continued belief that an airgap segregates them from the outside world, thereby insulating them from cyber attacks. This naivety makes OT environments an easier target.

The authors of HAVEX certainly understand that OT environments are connected, since the method of transmission is via a downloadable Trojan installed on the websites of several ICS/SCADA manufacturers. What’s considered a very old trick in the IT world is still relatively new to those in OT.

It’s absolutely essential that organizations with ICS environments fully understand and embrace the fact that IT and OT are simply different environments within a single extended network. As such, cybersecurity needs to be implemented across both to produce a comprehensive security solution for the entire extended network. The most important way to securely embrace IoT is for IT and OT to work together as a team. By each relinquishing just a bit of control, IT can retain centralized control over the extended network – but with differentiated policies that recognize the specialized needs of OT environments.

We’ll never completely bulletproof our systems, but with comprehensive security solutions applied across the extended network that provide protection before, during, and after an attack, organizations can protect themselves from most of what’s out there. A significant step in the right direction is to understand that the airgap is gone forever; it’s time to protect our OT environments every bit as much as we protect our IT environments.

Tags: , , , , , , , , , , , , ,

IoT in Manufacturing: Insights and Best Practices

IoT Webcast Manufacturing net

Recently, the second of a two-part Manufacturing.net webcast series on ‘The Internet of Things ’ (IoT) wrapped with a deep dive on the very real business advantages and outcomes that are enabled when IoT is fully applied to Manufacturing operations. One of the speakers, David Gutshall, Infrastructure Design Manager at Harley-Davidson Motor Company, highlighted many advantages he’s experienced with deployments of the Converged Plant-wide Ethernet solution architecture from Cisco and Rockwell Automation. In the webcast, David talked about “greater manufacturing flexibility across the supply chain, where … we can collate data across the factory (and enterprise) … and have experienced a substantial reduction in downtime.”  He described that with an IP-enabled Connected Factory, “what used to take hours or days to triage and troubleshoot problems now takes seconds.” Expanding on the topic, David said “when we bring a new machine online, it essentially works with the network out-of-the-box,” yielding greater flexibility and significantly reducing new model NPI (New Product Introduction) cycles and time to market.

Similar companies, like General Motors, have leveraged this industrial automation and controls system (IACS) architecture, which GM calls ‘Plant Floor Control Network’ (PFCN), to reduce downtime by as much as 75% and to drive out hundreds of $millions in plant engineering, operations and maintenance costs associated with factory expansions and modernizations. Both GM and Harley identify one of the biggest advantages of a standardized yet flexible factory automation infrastructure is the acceleration of NPI offerings and advancement into new markets. Over the past decade, GM with partners has been able to gain a leading share of passenger vehicles produced in China, Brazil and other emerging markets. And as Harley rolls out their recently announced LiveWire electric motorcycle, I suspect that an integral part of their strategy includes the American manufacturing renaissance vision for a dynamic, fun, flexible factory of the future. Take a look at this inspirational video from Harley describing the modernization and transformation of their existing York Manufacturing Facility:

Read More »

Tags: , , , ,

#InnovateThink Tweet Chat on Friday, June 27 at 10 a.m. PST: Exploring the #FutureOfMobility

Innovations in mobility have made it possible for us all to connect from pretty much anywhere in the world, turning wherever we are in to our office. And mobile connections show no signs of slowing. By the end of 2014, the number of mobile-connected devices will exceed the number of people on Earth!

As with any technology, mobility is constantly changing, having to meet the demands of an increasingly mobile workforce that desires to conduct “business as usual” from anywhere.  And while companies have realized the importance of investing in mobility solutions, critical questions remain that must be answered for them to determine what needs to happen next to remain competitive and maximize their mobility efforts:

Cisco_IDG_Tweetchat FOM 6 25 14

  • How has mobility changed your business?
  • What do you need to impact your future business initiatives?
  • How is mobility influencing behavior among workers and customers?
  • What’s got you excited for the future of mobility in your organization?

Join me on Twitter this Friday, June 27 at 10 a. m. PST/1 p.m. EST for an exciting and insightful hour about the #FutureOfMobility in the #InnovateThink  Tweet Chat. Join me @RachaelMcB and @CiscoIoE alongside @ron_miller to learn more about how mobility has transformed the business landscape and why companies must continue to keep pace with the possibilities it creates. Simply use the hashtags #InnovateThink and #FutureOfMobility on Twitter to join the conversation.

Tags: , , , , , , , , , ,

The Nexus of the Internet of Everything? It’s in the Palm of Your Hand.

On a typical day, we hold in our hands a portal to our civilization’s entire trove of information and entertainment — and a window into our finances, our health, and the lives of our friends. Not to mention, the ability to make a purchase anywhere and anytime the whim strikes us.

To say that our personal devices have become an integral part of our lives is a vast understatement. But get ready for an even bigger wave of change. Mobile is poised to become ever more ubiquitous. But the focus will be less on the device itself, and more on its role as a critical enabler in the connected world of the Internet of Everything (IoE).

Read More »

Tags: , , , , , , , , , , ,

Forget Looking in the Mirror, It’s Your Digital Image That Truly Matters

It’s great to stay in shape at the gym and pick out stylish clothes. But more and more, the personal image that really counts is digital.

That’s because the Internet of Everything (IoE) era demands new ways of looking at, well, just about everything. And everything includes you. In an expanding universe of new connections, each of us needs to ask, just where do I fit? And how am I being viewed?

In short, what is my digital persona?

The ways in which we are seen online have assumed acute importance in recent years, and that only stands to increase. Therefore, our digital personas have to be cultivated and maintained, just as we care for our images in the physical world.

In career terms, for example, you may be known in your daily work life as a good leader. But the physical world has limited reach.  If there is no evidence of that in the digital world, you will be in trouble, especially if you happen to be looking for a new job. Recruiters, of course, know that they can do an instant search and start compiling your digital profile within seconds. If you say you’re an expert or a good manager, your digital persona had better back it.

According to some recent research, job recruiters are turning more and more to Facebook, which by some measures is becoming even more impactful for employment purposes than LinkedIn. So, if the personal social media site can actually trump the professional social media site, think twice before you post those Spring Break photos.

As the consumerization of IT extends ever further into the workplace — via personal devices, social media, and so forth — the blurring of the personal and the professional will only continue.  As a result, everyone must be aware that personal actions have an impact comparable to professional achievements. And the digital trail that you leave behind every day influences how you are perceived in the marketplace.

Read More »

Tags: , , , , , , , , , ,