Industrial control systems is the term used to identify several types of control systems, including supervisory control and data acquisition (SCADA) systems, process control systems (PCSs), and other smaller control system types, such as programmable logic controllers (PLCs), used in critical infrastructure such as power plants, oil and gas pipelines, electrical power distribution, and manufacturing facilities.
Historically these control systems were kept separate from the corporate network. Because of this isolation they were traditionally difficult to break into because of their separation for health and safety reasons.
More recently, control systems may be running Windows or Linux, using the Internet Protocol (IP) to communicate, giving direct access to SCADA networks via the Internet. Wireless and Bluetooth capabilities allow remote management and diagnosis. These connections to the outside create a massive challenge from a security perspective for the following reasons:
Following up on my last note about BYOD at Cisco, I wanted to update you on the latest numbers here at Cisco. As Sheila Jordan had pointed out here, we have surpassed the 20% tablet penetration among our workforce and mobile devices continue to grow at a rate of 1,000 each month. I highly recommend you doing a quick read on her six steps of approaching device deluge. Meanwhile, the latest IDC report (Aug 8, 2012) reaffirms the 2-horse race in the smartphone world. Android and iOS powered 85% of all smartphones shipped in the second quarter of 2012 (2Q2012).
Maintaining our market leadership in supporting the broadest set of Operating Systems (desktop and mobile) and Web Browsers, Cisco Security is excited to announce the availability of AnyConnect 3.0 for Android (Download here). As in the past, we have worked with the market leading Android device makers along with supporting the Android VPN Framework (AVF) to ensure the latest AnyConnect functionality. These new features are now available on any Android device running on version 4.0 (Ice Cream Sandwich) or higher (including Jelly Bean).
SOME KEY FEATURES OF ANYCONNECT 3.0 FOR ANDROID:
Intel Android (IA): The Android VPN Framework (AVF) image is now compatible with x86 Intel Android devices.
IPsec IKEv2: AnyConnect users can connect via IPsec IKEv2 connections to their corporate Cisco ASA in addition to SSL (TLS or DTLS). (Requires ASA 9.0+)
Suite B Cryptography: AnyConnect users who need NSA’s recommended Suite B Cryptography will be now able to do so from their mobile devices. (Requires ASA 9.0 and AnyConnect Premium Licenses.)
Untrusted Certificate Warnings: Reduces Man-in-the-Middle attack risk by rejecting untrusted certificates by default and requiring end-users to acknowledge risks before connecting to a gateway with an untrusted certificate.
SCEP Proxy: AnyConnect users can enroll their mobile device with an internal Certificate Authority (CA) Server, using SCEP without opening up the CA Server directly to external threats. (To embed the identity of the mobile endpoint in the certificate request, Mobile Host Scan must be utilized, which is an AnyConnect Premium License feature).
FIPS 140-2 Compliant: AnyConnect users now have access to the latest FIPS 140-2 cryptographic compliant module to meet industry compliance/mandates.
I just returned from Cancun after delivering a BYOD seminar, as part of Cisco Live Mexico 2012. Bring your own device (BYOD) was a hot topic at Cisco Live in Cancun. There were several in-depth presentations regarding the architecture, design, implementation, and troubleshooting of all the technologies related to BYOD. I had the pleasure and opportunity to deliver a presentation related to remote access VPN implementations related to BYOD, as part of an 8-hour seminar:
TECRST-2020 -- Bring Your Own Device -- Architectures, Design and Operation.
Other BYOD-related sessions delivered this week were:
BRKEWN-2020 -- Securely Managing the BYOD Phenomena
BRKCOC-1567 -- Inside Cisco IT: BYOD… Coping with the Explosion of Mobile Devices in the Enterprise
Imran Bashir provided a detailed introduction about BYOD and the key considerations when implementing BYOD solutions and technologies in your environment. He then went into the details about the Cisco BYOD solution and the integration with the Mobile Device Management (MDM) solutions from other vendors and partners. This was followed by product demonstrations for device on-boarding, profiling, posture/compliance check and the integration with MDM third-party solutions.
One of the greatest threats to Internet service is Distributed Denial of Service (DDoS) attacks which can paralyze ISPs and disrupt traffic to and from targeted websites. For years now, DDoS attacks have dropped down the IT security priority list as topics such as IP theft took center stage.
Recently however, DDoS attacks targeting organizations of all types have sharply increased. Afflicted organizations had daily operations disrupted and servers compromised, with attacks increasing in sophistication and damage impact. The next waves of attacks will likely be even more complex and damaging.
The DDoS revival reminds us that as threats continue to evolve, organizations must strengthen their security infrastructure and management practices to improve the timeliness and effectiveness of incident response.
The following excerpts are from an interview with Bernie Trudel, Asia Pacific Regional Data Center and Cloud CTO, Cisco Systems, Inc.
As someone whose world is dominated by cloud, data center, privacy, and compliance, it was exciting to meet a long-term expert with the same-shared interests. Bernie Trudel has been with Cisco for 17 years, and in addition to his role as Regional CTO, he is Chairman of the Asian Cloud Computing Association, an industry organization dedicated to making cloud computing a reality across Asia Pacific (APAC) by addressing the needs for common platforms. He shared his ideas with me on key regional trends, security to accelerate cloud adoption, and the future of the data center.
What are the key regional trends?
Increasingly APAC countries are adopting a national broadband policy driven by a combination of the adoption of cloud and the ubiquity of personal computing. There is a strong focus on data sovereignty and privacy in response to emerging data privacy legislative measures in Singapore, Malaysia and the Philippines and also greater awareness around consumer’s rights to protect private data. International connectivity is also emerging as an issue as smaller countries rely on networks that cross geographic borders.
Many of these trends are measured in the Cloud Readiness Index, which uses 10 parameters that focus on risk, power, sustainability, and other metrics to assess readiness across the region.