Critical Infrastructure, ICS-SCADA, SmartGrids

Malicious hackers looking to cause havoc enjoy targeting critical infrastructure. In fact, there have been 245 attacks to critical infrastructure in the year 2015 alone. While most attacks were targeted towards manufacturing and energy, representing 27% and 32% of the attacks respectively, it can be assumed that no one industry will be completely safe from cyber attackers.

Critical Infrastructure Protection Standards

The Critical Infrastructure Protection (CIP) Standards were established by the U.S. Department of Homeland Security to provide guidelines for cybersecurity in critical infrastructure. It is highly recommended that all SCADA systems comply to these guidelines. These guidelines have direct tie-ins to wireless to ensure the safety and functionality of critical infrastructure.

Yet, the IoT explosion has introduced a plethora of new devices and methods for wireless connectivity. While this continues to streamline and create convenience to assist in daily operations, it broadens the threat landscape, introducing new risks and threats to the critical infrastructure itself.

The CIP Standards define a set of guidelines for wireless network security. More specifically, CIP-005 outlines guidelines for electronic security perimeter(s). While quarterly checks can be performed manually, they are costly, inefficient, and nothing more than a spot-check in time. The rest of the quarter is a blindspot to the organization presenting significant wireless risk. A more diligent, automated, and thorough approach is to leverage distributed wireless sensors to monitor for rogue devices and threats to minimize wireless risks.

A Prescription for IoT Security

A passive approach is to deploy distributed sensors that do not connect to the ethernet network and remain autonomous to the critical environment. This eliminates any risk to the SCADA network directly and allows risks and threats to be reported back through an out-of-band LTE pathway. The SaaS can report and notify the team of identified threats to allow quick time to resolution, as well as automated mitigation approaches to minimize the window of opportunity for an attacker. This not only achieves CIP Standards Compliance, but provides an audit trail of activity and reporting for the IT and Security teams.