Gareth Evans: What are the threats?
Lior Frenkel: The most common threats come from the business networks to which critical infrastructure control systems are directly or indirectly connected. Business networks are exposed to constant attacks from email attachments, web pages and download. Control networks are separated from the ‘wild west’ of the Internet by the business network, and as a result, business networks become the vector through which control systems are most commonly attacked.
The most disturbing threat though, is not common viruses, malware or botnets, but the so-called ‘advanced persistent threats’. These attacks are often not very advanced, but they are persistent, and targeted. They do not deviate from their target if they see a less-well-defended target ‘next door’. Instead, they persist until they succeed. These types of attackers have demonstrated that they can punch through firewalls and reach past conventional cyber defences more or less at will.
GE: Why don’t conventional defences work?
LF: The key to these attacks is interactive remote control. The tools these attackers put on your system have many features, and one of these is something like the common remote desktop tool. The malware lets the attackers see your screen, move your mouse, type on your keyboard, as if they were you. This way they interactively explore your network – slowly, and quietly. Most businesses do not know they have been hacked until months after the hackers have completed their work.
They tend to get into a target’s business network with ‘phishing’ attacks – they trick people. They bypass anti-virus systems by using custom, low-volume attacks. Anti-virus vendors create signatures for new attacks when they see thousands of the same kind of infection, on thousands of different computers. These attackers install only a few tens of copies of their malware worldwide. AV vendors never put out signatures for such low-volume threats.
Once on the target network, they operate the computers they have taken over remotely, harvesting passwords and things called ‘password hashes’ – which are almost as good as passwords – and use them to log into other computers and explore the network.
If you have a password and appear to be logging-in legitimately, a firewall won’t stop you and intrusion detection systems won’t see you either if you are going through the front door, with trusted accounts and passwords.
These attackers do not need to attack vulnerabilities. Exploiting software vulnerabilities and design flaws, both in ordinary applications and security products, is a common technique, of course, and one that works. In fact [it] cannot be fully protected against – yet, in most cases these more advanced and complex hacking techniques are not even required.
GE: What do you think the biggest threat will be over the coming years?
LF: It’s hard to say. Many nations are building up ‘cyber warfare’ capabilities and terrorist groups might buy, or recruit, the skills they need to attack essential infrastructure. Perhaps organised crime will figure out how to make money from disrupting production or from control system extortion. If so, we could see a whole underground industry of professional saboteurs spring up, just like we saw professional virus writers emerge in the underground economy of the mid 1990s.
I think it is just a matter of time before things become dramatically worse in terms of who is attacking these vulnerable control system networks. The question is, will it be this year, next year, or five years from now? And which of these threat actors will be first? I am convinced that whoever is first, the rest will not be far behind.
GE: How would you sum up Critical Infrastructure Protection today, and where should it be going?
LF: A handful of very effective technologies are emerging to protect industrial control networks, including Unidirectional Security Gateways. By and large these technologies can be installed on existing systems, not just brand new ones. This is important because once deployed, it is very expensive to significantly change the internal operation of a control system, and even more expensive to throw it out and re-deploy new technology.
The discipline is maturing, and more and more people are recognising that the skills and the technologies that you use to protect control systems are not the same ones you apply to IT networks.
All of these are positive trends. The problem is that a great many businesses still don’t believe they need to invest in substantially stronger control system security. In spite of our adversaries’ demonstrated abilities, and in spite of Stuxnet, Shady RAT and Shamoon, there has not been enough of a well-published history of sabotage-type attacks for executives and boards of directors to sit up and say ‘we need to fix this now!’
These decision-makers are only just coming to the realisation that there is a big hole in their fence – that something needs to be done, now.
GE: Who is behind the attacks?
LF: Attributing these attacks to a specific source is difficult [but] most of these attacks are thought to be funded by government intelligence agencies for purposes of industrial espionage.
It is not always the agencies doing the actual attacking though, there are reports of an ecosystem of ‘private sector’ contractors evolving to serve the ‘market’ needs.
GE: What does Waterfall provide?
LF: Waterfall provides Unidirectional Security Gateways. They can only send information in one direction, from inside an industrial network, out to the business network. Utilities and other businesses have learned how to use real-time data from control systems, both to increase profits and significantly reduce costs. If you use a firewall to send the data out to the business though, every path out, is also an attack channel back into the industrial network. Every path connection through a firewall is two-way. Unlike firewalls, Waterfall Unidirectional Gateways are physically incapable of sending any information back into the protected industrial network.
GE: How does that work?
LF: The secret to making one-way data flows work is to make real-time copies of industrial servers. Imagine a database on the industrial network holding data which must be shared with business systems.
Waterfall’s Gateways take the data out of that database and put the data into a replica database, located on the business network, which business users and business programmes use.
As the data in the original database changes, the Waterfall Gateways keep the copy on the business network up to date. The replica has all of the data from the control system, and all of the latest data, less than a second old.
Business users connected to the replica think they are still reaching into the industrial network and pulling data from the original database, [but it is] the faithful reproduction of the original database [that] gives business users the data they need, and there is still no way to send any attack back into the industrial network.
GE: Who uses you?
LF: Waterfall’s Unidirectional Security Gateways are used in all critical infrastructure sectors, worldwide. We secure the majority of the US’s nuclear reactors [and] are widely deployed in conventional power generation throughout North America. Our marketing activities have created a growing demand also in water and wastewater utilities, oil and gas production, chemical plants and refineries. Our biggest installed base is in North America in the power industry, but we are deployed all over the globe, including Europe, Asia and, of course, Israel, in every kind of critical industrial infrastructure.
GE: What has been your greatest success?
LF: I take great pride in the success we have had in securing North America’s nuclear generators. There are still a few North American generators with no network connection whatsoever into their control systems, but all of the rest of the Canadian and American units are using the unidirectional communications concept to send data safely out of control systems, using the approach I helped pioneer and patent.
GE: What are the challenges for the future?
LF: Well, the bad news is that cyber-attacks only become more sophisticated over time. The situation will always continue to get worse, so the need for protection will always increase. The control systems themselves are likely to remain very vulnerable. The world of control systems is focused on safety and reliability, and change is the enemy of safety and reliability. Every change is a risk, and so things change very slowly.
As a result, there will be a steadily increasing need for strong perimeter security, to harden the shell of the control system network, if you like, and to keep the bad guys out of the soft interior. Waterfall plans to supply that need with our very strong perimeter security technology.
With survivability high on the agenda, armies worldwide are developing sensors that are not only capable of monitoring a soldier’s vital signs, but could even predict future ailments and injuries.
Handheld biometric devices have become an essential piece of kit for today’s soldier.