Belden : A 1-2-3 Approach to Industrial Cybersecurity

One of the best parts of the Belden Industrial Ethernet Infrastructure Design Seminar, held last week in Chicago, was the lively presentation given by two of Belden and Tripwire's top experts on industrial cybersecurity:

• David Meltzer, Chief Research Officer of Tripwire
• Jeff Caldwell, Chief Architect-Security at Belden

If you are not familiar with Tripwire, the company provides advanced threat, security and compliance solutions for more than 9,000 organizations, including nine of the top 10 utilities in the U.S. Tripwire was acquired by Belden earlier this year and is an important part of our increased focus on network security solutions.

In their

presentation David and Jeff spoke about the nature of cybersecurity incidents occurring in industrial networks today. They went on to discuss a 1-2-3 approach to securing industrial networks. Find out about this approach and how Belden and Tripwire products contribute to it.

David Meltzer of Tripwire (on the left) and Jeff Caldwell of Belden (on the right) discuss ICS Security at the 2015 Belden Design Seminar.

The vast majority of cyber incidents on industrial networks are unintentional, resulting from:

• Human error, for example device configuration errors
• Software or device flaws, such as legacy equipment that fails when overloaded with multicast traffic
• The accidental introduction of malware, for example via a USB stick or a vendor laptop

An example of this type of incident was the manual shutdown of the Browns Ferry Nuclear Power Plant in 2006. Redundant drives controlling the recirculating water system failed due to 'excessive traffic' on the control network. Network traffic between two different vendors' control products was the likely cause. The facility remained offline for 2 days, and $600K of revenue was lost.

While only about 20% of incidents are intentional, those from external hackers have become more and more sophisticated.

estimates that 55% of such ICS attacks come from

(APTs). APTs are carefully crafted attacks against a focused target that are designed to be effective over an extended period of time. Classic examples of such attacks on industrial systems are

,

and the

malware campaign.

In order to protect availability, Belden has developed a 1-2-3 approach to industrial cybersecurity:

To protect against both unintentional and intentional threats to ICS security, Belden has developed a 1-2-3- approach.

At a high-level our portfolio of industrial networking solutions contributes to these three levels of protection as follows:

All together Belden and Tripwire's solutions are being engineered to work together to deliver the 'Belden Safe Network Architecture.'

David and Jeff's talk also hinted at new Belden/Tripwire cybersecurity solutions to come - and I for one am really looking forward to learning about them. Stay tuned…..

Where are you in implementing cybersecurity measures? What are your challenges? I look forward to hearing from you?

Don't miss the 'Effective Defenses' section of the white paper below for strategies on how to protect industrial control systems from APTs.