Suite of Cybersecurity Technologies and Practices

by | Jul 25, 2017 | Control & Safety Systems, Cybersecurity, Industry, Power Generation, Water & Wastewater

Jim Cahill

Jim Cahill

Chief Blogger, Social Marketing Leader

Emerson’s Adam Boeckmann presented the Power and Water Cybersecurity Suite at the 2017 Ovation Users Group conference. He opened describing the team that formed over the last several years that now supports more than 200 sites in the U.S. alone.

He shared the story of the recent Wannacry/WannaCrypt ransomware cyber-attack. In March of 2017, Microsoft released a patch. A month later, the National Security Agency (NSA) toolkit was leaked. Microsoft released a patch for Windows XP and Windows Server 2003 in May. This ransomware encrypted the files on a PC and demanded payment in Bitcoin to unencrypt.

A Ukraine cyber-attack, crash override, was designed once into a system, established a backdoor, and download a program for activities to happen on the next day. It would modify the control code and ultimately crash the system and render the PCs unable to reboot—basically an inhibit, modify and crash malware program. A solid backup plan with periodic testing to verify that the backup works in one way to recover from these types of attacks.

With NERC CIP, standards exist for low, medium and high risks. Standards organizations help to drive regulations and best practices and processes to help maintain defenses from these types of attacks. The Power and Water Cybersecurity Suite provides technologies and programs to meet the standards and help to apply best practices. Every plant has different requirements based on their expertise and regulatory requirements in the markets in which they operate. The Cybersecurity Suite is modular to be able to provide the modules required.

The suite includes scheduled security services, security assessments, compliance services, network services, incident response services, on-demand consulting and unplanned on-site security services. Technologies in the suite include antivirus protection, patch management, application control, device control, security incident & event management (SIEM), system backup and recovery, vulnerability assessment, network intrusion detection, rogue system detection, and change management.

Adam contrasted blacklisting from whitelisting. Blacklisting is a list that excludes known malware from running. It must be known to be added to the list. On the other hand, whitelisting is putting all the known good applications in a list and preventing anything not in the list from running.

He described rogue detection intrusion where it sniffs out and records all the connected devices and builds and asset inventory of network connections. It looks for changes outside of normal communications to alert users or service providers to users of this software. Tripwire manages changes in configuration files from the integrity of these files, notifies users of file changes and runs autonomously.

Here’s a link to find out more about ICS cybersecurity with the Power and Water Cybersecurity Suite.

Popular Posts

Comments

Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to stay up to date on the latest news, events and innovations that will help you face and solve your toughest challenges.

Do you want to reuse or translate content?

Just post a link to the entry and send us a quick note so we can share your work. Thank you very much.

Our Global Community

Emerson Exchange 365

The opinions expressed here are the personal opinions of the authors. Content published here is not read or approved by Emerson before it is posted and does not necessarily represent the views and opinions of Emerson.

PHP Code Snippets Powered By : XYZScripts.com