Utility companies are vulnerable to virus attacks

Florian Malecki, Dell SonicWALL, head of Product Marketing – EMEA says utility companies are becoming targets for cyber-criminals.

Tags: Dell CorporationSonicWALL Incorporated
  • E-Mail
Utility companies are vulnerable to virus attacks Florian Malecki from Dell SonicWALL says that viruses designed to delete data are targeting utility companies.
By  Florian Malecki Published  January 30, 2013

Florian Malecki, Dell SonicWALL, head of Product Marketing – EMEA says utility companies are becoming targets for cyber-criminals.

Recently some well-known utility companies were taken offline by virus attacks. It appears that the viruses were not designed to steal data, but to delete it irrevocably: these viruses spread around internal computer networks by exploiting shared hard drives. This is a new form of security guerrilla warfare which is being launched by governments or activist groups who are using IT viruses to target and attack specific industries for political reasons. This is a new form of attack that all utility companies can be at risk from and positions them in a place of vulnerability. Companies need to be aware and prepared.

Many leading industrial network infrastructures employ supervisory control and data acquisition (SCADA) and distributed control systems (DCS) to automate, monitor and control crucial physical processes in their IT infrastructure. Their crucial importance and prominence in the field places them high in terms of being a prospective target, SCADA systems have increasingly been the target of criminal and terrorist activities intended to disrupt and deny services. They are becoming more and more vulnerable as critical failures can disrupt crucial production and endanger public safety.

1. Know your SCADA systems

Document the network infrastructure, components, applications, data stores and connections that are critical to your SCADA system. Perform a baseline analysis for ongoing risk management, and set corresponding security requirements. Establish and communicate security roles, responsibilities and authorisation levels for IT, management, staff, and third-party stakeholders.

2. Lock down your perimeter
Disconnect any unnecessary or unauthorised network paths to your SCADA systems, including unsecured disk drives, USB ports, wireless connections, or links to third-party extranets (e.g., suppliers, contractors, outsourcers, etc.) and implement firewalls.

3. Update your defences
Implement defence security solutions such as Unified Threat Management (UTM) and Next-Generation Firewalls, which protect against single-point-of-failure breaches. Effective solutions feature multiprong defences, including intrusion prevention, antimalware, content filtering, and application-intelligent firewalling.

4. Enforce access controls
Criminals cannot take control of your SCADA systems unless they can reach them. You must design and implement rules for access control and sharing of data, applications and resources. You must define, implement and monitor all external secure access connections needed for all users. Keep an up-to-date list of access accounts, periodically check logs, and renew all access credentials with enhanced access control.

5. Secure your remote access
The exponential growth of mobile, wireless and widely distributed networks presents a vastly greater potential for unauthorised remote access. Secure all remote access over virtual private networks using technologies like SSL VPN.

6. Harden SCADA features
Certain automated SCADA features (e.g. remote maintenance) can potentially undermine security by creating vulnerabilities for unauthorised access or intrusion attacks. Work with your SCADA vendors to find out which of these can be disabled without violating support agreements, interrupting service or causing downtime.

7. Monitor and log incidents
Implement monitoring and logging systems for all SCADA-critical applications, infrastructure, etc. By recording incidents and assessing alerts on the status of the system, you can take proactive measures to prevent attacks and avoid interruptions in service. Solutions are currently available that can display all network traffic (including SCADA applications) in real time, enabling a faster response to emerging threats.

8. Establish change control and configuration management

Network configurations and system, firewalls, access, applications and procedures can change over time. Any change can impact other components and connections. Manage the configuration with all changes documented and back-up date to limit disruption and delays in case of restarts. There are applications available to control even complex networked systems.

9. Conduct routine audits
Perform a complete system check every six to 12 months. Periodically check the event log for incidents to confirm technological safeguards (firewalls, network components and systems), documentation, procedures and appropriate access are maintained. Regularly assess audit results and apply them to strategically correcting and improving your security.

10. Prepare for recovery
As a high-profile target, SCADA systems must be backed up and prepared for rapid recovery should an attack take them offline. Develop contingency procedures to ensure business continuity and disaster recovery for SCADA-critical systems. Comprehensive solutions include automatic offsite backup, continuous data protection and bare metal recovery to alternate equipment.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code