This document discusses cybersecurity threats facing critical infrastructure industries. It notes that nearly 70% of critical infrastructure providers have been breached in the past year, with power and utilities being the most targeted. It outlines how the convergence of IT and OT systems, aging infrastructure, distributed systems, and industrial automation modernization are expected to increase cyber threats. The document then describes ECI's LightSECTM cybersecurity solution, which provides encryption, anomaly detection, firewalls, and other security controls across IT and OT networks to secure the connectivity between substations and control centers. It provides an example case study of how LightSECTM was deployed between two transmission companies to secure their SCADA devices and networks.
2. ECI Proprietary 2
WORLD’S MOST TARGETED INDUSTRIES
Nearly
Critical Infrastructure
Providers have been
Breached in the Past
Year
70%of
*Source: Report of Industrial Security
Incidents/Security Incidents Org.
28
26
24
19
12
13
10
6
4
4
2
2
Power and Utilities
Petroleum
Transportation
Water/Wastewater
Food & Beverage
Other
Chemical
Pulp and Paper
General Manufacturing
Electronic Manufacturing
Metals
Automotive
Most Targeted Industries (Global)
Demonstration of Relative Attack Frequency
3. ECI Proprietary 33
Multiple Points of Attack
Hackers seek out weakest links –
Need specific SCADA
protection with Anomaly
Detection and DPI
IT/OT Convergence &
Industrial IoT
New types of threats and
vulnerabilities
IT-to-OT firewall no longer
sufficient
Migration to IP Network;
Smart Grid
Security lags new infrastructure
Opens up to all IP
vulnerabilities
Aging Network Infrastructure
Filled with Security Vulnerabilities
Requires Multilayer security
WHY CYBER THREATS ON C.I. ARE EXPECTED
TO GROW?
Aging
Networks
Distributed
Infrastructure
Industrial
automation
Modernization
4. ECI Proprietary 4
UTILITIES MUST COMPLY WITH REGULATION
NERC CIP v6
Cybersecurity National Action
Plan (CNAP) to enhance
critical infrastructure security
and resilience
EPCIP
5. ECI Proprietary 55
LightSEC™ – SECURING THE OT
MAN-IN-THE-MIDDLE: L1 to L3 Encryption,
DPI, Anomaly Detection
IT: UTM, Access Control, Firewall,
Anti-Malware, DPI, IDS/IPS
OT: SCADA Anomaly Detection and DPI,
Anti-Malware, Access Control
Unified & Consolidated SIEM
Big Data Analytics
Correlation of Events
Open Platform
Threat Evaluation and Response
Network Awareness
Regulation
Certification
NERC-CIPv6
CEER
Common Criteria
FIPS
MoD/NATO
6. ECI Proprietary 6
Substation
Generation Operations
& Control
LightSEC™ ARCHITECTURE
SoC
LightSEC SHIELDTM
FW
Anomaly
detection
Service Function
Chaining
Enc.
Mitigation
Service
Traffic
Control
Presentation LayerAnalytics Engine
LightSEC COMPASSTM
Secured
Substation
Secured
Control Center
Secured Connectivity
8. ECI Proprietary 88
SCADA devices
(about 120 devices
between the two sites)Substation
#1
Substation
# 400
LightSEC Shield
SCADA Protection
application
Secured Gateway application
Running on Mercury NFVi
blade in NPT-1050
LightSEC Compass
Consolidated event reporting for accurate
threat detection
SCADA mapping
Located at SOC (in data center)
SOC also contains Mercury-O (not shown)
L2 Encryption
THE SOLUTION
Already deployed in several
European Power Utilities
9. ECI Proprietary 99
ECI WAS AWARDED THE UTC IMPACT AWARD
ECI LIGHTSEC™ CYBER
SECURITY SOLUTION -
FOR CRITICAL I.F.
IS RECOGNIZED BY THE
INDUSTRY AS THE MOST
IMPACTING SOLUTION
FOR 2017
According to figures from Department of Homeland Security's Industrial Control Systems Computer Emergency Response Team (ICS-CERT), 41% of incidents reported and investigated by the agency last year were related to the energy industry. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) works to reduce risks within and across all critical infrastructure sectors by partnering with law enforcement agencies and the intelligence community and coordinating efforts among Federal, state, local, and tribal governments and control systems owners, operators, and vendors. Additionally, ICS-CERT collaborates with international and private sector Computer Emergency Response Teams (CERTs) to share control systems-related security incidents and mitigation measures.
Add relevant icons
There are already a number of smart grid standards, such as NERC-CIP, a federal regulation to protect critical infrastructure; IEC 61850, which covers how to network infrastructure; and IEEE 1613, which outlines environmental requirements for IT equipment in substations. These standards identify areas where utilities need to improve.
Https://www.whitehouse.gov/the-press-office/2015/02/13/executive-order-promoting-private-sector-cybersecurity-information-shari
Section 1. Policy
In order to address cyber threats to public health and safety, national security, and economic security of the United States, private companies, nonprofit organizations, executive departments and agencies (agencies), and other entities must be able to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible.
Sec. 2. Information Sharing and Analysis Organizations. (a) The Secretary of Homeland Security (Secretary) shall strongly encourage the development and formation of Information Sharing and Analysis Organizations (ISAOs).
Sec. 3. ISAO Standards Organization. (a) The Secretary, in consultation with other Federal entities responsible for conducting cybersecurity and related activities, shall, through an open and competitive process, enter into an agreement with a nongovernmental organization to serve as the ISAO Standards Organization (SO), which shall identify a common set of voluntary standards or guidelines for the creation and functioning of ISAOs under this order.
Sec. 4. Critical Infrastructure Protection Program. (a) Pursuant to sections 213 and 214(h) of the Critical Infrastructure Information Act of 2002, I hereby designate the NCCIC as a critical infrastructure protection program and delegate to it authority to enter into voluntary agreements with ISAOs in order to promote critical infrastructure security with respect to cybersecurity.
Sec. 5. Privacy and Civil Liberties Protections. (a) Agencies shall coordinate their activities under this order with their senior agency officials for privacy and civil liberties and ensure that appropriate protections for privacy and civil liberties are incorporated into such activities. Such protections shall be based upon the Fair Information Practice Principles and other privacy and civil liberties policies, principles, and frameworks as they apply to each agency's activities.
SIEM – SECURITY INFORMATION AND EVENT MANAGEMENT
FIPS – FEDERAL INFORMATION PROCESSING STANDARD
CEER – COUNCIL OF EUROPEAN ENERGY REGULATORS
COMMON CRITERIA – EAL-EVALUATION ASSURANCE LEVEL 2 AND 4
NERC – NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION CIP-CRITICAL INFRASTRUCTURE PROTECTION
UTM – UNIVERSAL THREAT MANAGEMENT
DPI- DEEP PACKET INSPECTION
IDS/IPS – INTRUSION DETECTION/PREVENTION SYSTEMS
A transmission company connected to another.
A ransom virus was spread in their network
Afraid from a law sue