Cisco Blogs


Cisco Blog > Internet of Everything

HAVEX Proves (Again) that the Airgap is a Myth: Time for Real Cybersecurity in ICS Environments

July 3, 2014 at 7:00 am PST

The HAVEX worm is making the rounds again. As Cisco first reported back in September 2013, HAVEX specifically targets supervisory control and data acquisition (SCADA), industrial control system (ICS), and other operational technology (OT) environments. In the case of HAVEX, the energy industry, and specifically power plants based in Europe, seems to be the primary target. See Cisco’s security blog post for technical details on this latest variant.

When I discuss security with those managing SCADA, ICS and other OT environments, I almost always get the feedback that cybersecurity isn’t required, because their systems are physically separated from the open Internet. This practice, referred to in ICS circles as the “airgap”, is the way ICS networks have been protected since the beginning of time; and truth be told, it’s been tremendously effective for decades. The problem is, the reality of the airgap began to disappear several years ago, and today is really just a myth.

Today, networks of all types are more connected than ever before. Gone are the days where only information technology (IT) networks are connected, completely separated from OT networks.  OT networks are no longer islands unto themselves, cut off from the outside world. Technology trends such as the Internet of Things (IoT) have changed all of that. To gain business efficiencies and streamline operations, today’s manufacturing plants, field area networks, and other OT environments are connected to the outside world via wired and wireless communications – in multiple places throughout the system! As a result, these industrial environments are every bit as open to hackers and other cyber threats as their IT counterparts. The main difference, of course, is that most organizations have relatively weak cybersecurity controls in these environments because of the continued belief that an airgap segregates them from the outside world, thereby insulating them from cyber attacks. This naivety makes OT environments an easier target.

The authors of HAVEX certainly understand that OT environments are connected, since the method of transmission is via a downloadable Trojan installed on the websites of several ICS/SCADA manufacturers. What’s considered a very old trick in the IT world is still relatively new to those in OT.

It’s absolutely essential that organizations with ICS environments fully understand and embrace the fact that IT and OT are simply different environments within a single extended network. As such, cybersecurity needs to be implemented across both to produce a comprehensive security solution for the entire extended network. The most important way to securely embrace IoT is for IT and OT to work together as a team. By each relinquishing just a bit of control, IT can retain centralized control over the extended network – but with differentiated policies that recognize the specialized needs of OT environments.

We’ll never completely bulletproof our systems, but with comprehensive security solutions applied across the extended network that provide protection before, during, and after an attack, organizations can protect themselves from most of what’s out there. A significant step in the right direction is to understand that the airgap is gone forever; it’s time to protect our OT environments every bit as much as we protect our IT environments.

Tags: , , , , , , , , , , , , ,

Summary: Extended By Popular Demand: The Cisco IoT Security Grand Challenge

June 16, 2014 at 8:49 am PST

Since its announcement at the RSA 2014 conference, the security community has been actively involved in the Cisco IoT Security Grand Challenge. The response has been so great that we’ve decided to extend the deadline by two more weeks -- so you now have until July 1st, 2014 to make your submission! Visit www.CiscoSecurityGrandChallenge.com for full details about the challenge and prepare your response. Good luck!

Read the full blog for more information.

Tags: , , , , , , , , , , ,

Extended By Popular Demand: The Cisco IoT Security Grand Challenge

June 16, 2014 at 5:00 am PST

Since its announcement at the RSA 2014 conference, the security community has been actively involved in the Cisco IoT Security Grand Challenge, an industry-wide initiative to bring the best and brightest security minds to the table to help us find innovative IoT security solutions. Thus far, we’ve had dozens of wonderful submissions and they’re still coming in.

Cisco_extension-banner

The initial deadline to make a submission was this coming Tuesday, June 17th. However, the challenge has been so popular that we’ve decided to extend the deadline by two more weeks, to July 1st, to give you an opportunity to complete your best work. After all, we all benefit by ensuring that the things we connect are secure. And with billions of objects networked all over the world, many of which will reside in insecure locations, security is arguably more important for IoT than it has been for any other technology in history.

Cisco will select up to six winners, each of whom will be awarded between $50,000 and $75,000 USD. The winners will be announced, and will have an opportunity to present their winning submission, at the IoT World Forum in Chicago, October 14-16, 2014!

Interested in participating? Visit www.CiscoSecurityGrandChallenge.com for full details about the challenge and prepare your response. Good luck!

Tags: , , , , , , , , , ,

Summary: Why Should You Participate in the Cisco IoT Security Grand Challenge?

May 2, 2014 at 6:00 am PST

Interested in learning more about the Cisco IoT Security Grand Challenge? Plan to attend a free one-hour webinar at 12 p.m. EDT Wednesday, May 7. Cisco Futurist Dave Evans and Dr. Tao Zhang, Chief Scientist for Smart Connected Vehicles at Cisco, will talk about why the Challenge is so important to the future of IoT, and answer any questions you may have.

Read the full blog for more information.

Tags: , , , , , , ,

The Extended Network Requires Security That’s the Same, Only Different

April 23, 2014 at 6:00 am PST

IoT Double Edged SwordWhen I was in grade school, my best friend had a favorite saying whenever he disagreed with somebody’s observation that two things were really similar. “It’s the same, only different,” he would quip. Though this phrase was mostly intended to be flippant and evoke an emotional response from the recipient, I’ve finally found a topic where his phrase is 100 percent legitimate; IoT security. That’s because when it comes to securing IoT, we’re not talking about a single, homogeneous network, but rather the extended network which comprises both Information Technology (IT) and Operational Technology (OT) environments.

While existing IT networks have included cloud and perimeter security for many years, OT environments have traditionally been air gapped from the Internet, and therefore only required physical security components to ensure a high level of secure access and safety for plant personnel. And since IT and OT networks were completely separate, the radical differences in their approach to security didn’t make much of a difference – users of each simply lived in blissful isolation. But IoT is changing all of that! Read More »

Tags: , , , , , , , , , ,