Blog Events

Protecting Critical Infrastructure: Is Isolation the Key?

Camille Campbell Published 17 Aug 2018

Key Takeaways from this Year’s Black Hat Conference

The Black Hat Conference represents the who’s who of the security world; from ex-hackers, to educators & researchers, to security vendors, and those tasked with protecting our most sensitive data and critical infrastructure. This conference is a chance to discuss, in a technical setting, the very latest in security research, development, and trends. 

To get an insider’s view of the conference, I initiated a conversation with Extreme’s Distinguished Systems Engineer and resident cyber-security expert, Ed Koehler who attended the US conference in August. Below is a glimpse of our Q&A:

Question 1: What was your area of focus for this year’s conference? 

IoT, and more specifically Industrial Control Systems, is a key area of interest for me and something that I really wanted to dig into at this event.  

And frankly, some of the stuff I saw was downright scary.  One of the most compelling demonstrations that I saw was a model of a water distribution network.  In these networks, dams are controlled by what is called programmable logic controllers.  These controllers take in water level information from sensors and control the functioning of the dam.  The demonstration showed how a malicious attacker could manipulate both the programmable logic controllers and the sensors into thinking that the water levels were low – even though they weren’t – and to then open the dam –  which would create a catastrophic flood.  Although this was only a “what if” scenario, the programmable logic controllers that were compromised as part of this demonstration, do currently control many of our dams across the country.

This is only one of many examples that can occur when you think of the network connectivity of our critical infrastructure.  Whether it’s the traffic management systems, power grid, or nuclear facilities – the potential for malicious attackers to take control over these systems is a very real threat.

Experts say the next wave of warfare is in cyber-space.  And critical infrastructure is a country’s crown jewels.

Question 2: What are some of your recommendations for how governments and other organizations can better protect themselves from these threats especially with the ongoing trend of IT and OT convergence?

With ongoing network connectivity to Industrial Control Systems (which make up the OT environment) – we really need to rethink security.  Otherwise we are just sitting ducks! 

What I have seen is that many organizations do not do a risk assessment of their OT environment.   Therefore, they don’t have a clear understanding of what vulnerabilities exist in their power grid, their water distribution network or their intelligent traffic management system.  A risk assessment is crucial and the first place to start.

I also highly recommend that once you’ve identified the vulnerabilities that you hire a penetration expert to come in and show how compromises can occur.  Then you can take proactive measures to secure the environment because you now have actionable information.

Isolation is the other critical piece of these systems. Many organizations connect their OT systems to the IT network because they need to pull information from production systems.  However, there is a key difference between needing access to the information provided by the OT environment and needing access to the OT environment itself.  My recommendation is that rather than having a pinhole in the firewall between the OT and IT environments (which is common by the way), that a single secure encrypted channel be created only to the databases you need to collect information from.  This database system needs very strong access controls, an audit trail and security hardening – so you can get the information required from the OT environment without giving anyone access to the OT systems themselves. 

Another huge component of isolation of the OT environment is network segmentation.  Best practices state that you shouldn’t mix traffic from controllers and traffic from sensors.   You also, outside of high availability shouldn’t generally have more than one controller on a segment.  Therefore, within the OT environment there should be multiple isolated network segments that can interconnect where needed through the controllers and the sub-systems.  The result is a tiered environment with strong traffic control and high degrees of isolation – which makes it much more difficult for a malicious actor or even an adversary nation state to gain access to the OT environment. 

Question 3: Can you talk about some of the Extreme technologies that can help with isolating and securing these Industrial Control Systems?

Extreme Fabric Connect can play a key role isolating these critical systems.  It’s what the technology was designed for.  It enables the creation of thousands of private virtual networks that are completely isolated without any reachability in or out (unless specified).  Because these networks are dynamically created using Layer 2 Ethernet Switched Paths, they are not vulnerable to the L3 IP scanning techniques commonly used to discover the network topology.  This ensures that the network topology remains hidden – so that even if breached – the hacker has nowhere to go because the topology is dark or hidden, as well as, highly segmented.  Finally – as systems, controllers and sensors connect and disconnect from the network – the corresponding network configuration profiles are deleted then reapplied on demand to ensure that back door entry points to the network simply do not exist. 

Another key technology for securing these critical systems is policy.  And I believe that the best approach is a whitelist profile that dictates with what the controller or sensor can communicate with and what a typical traffic flow looks like.  Any traffic that doesn’t conform to this profile is blocked.  Both ExtremeControl and Extreme Defender for IoT can play a key role here with Defender offering the addition of Fabric Attach and Encryption to support distributed controls systems such as municipal water distribution.

Finally, the last piece that is critical is application telemetry.  More and more traffic is going east/west and will not hit a centralized firewall.  Therefore, having application telemetry supported within the switch hardware is a critical piece of securing the infrastructure since anomalous traffic can be pin pointed and blocked regardless if it is going east west or north south.  We have several integrations that we have completed with multiple security vendors in the industry. We strongly believe that a coordinated approach to security is the way to go and are developing an open eco-system to work with.

Question 4: Where can people gain more information on security and protecting critical systems?

I highly recommend listening to the on-demand webinar “Secure??… Are you sure? Practical Tips for Securing Your Network.” In this webinar, I talk more about the security attributes of Fabric Connect and overall best practices for secure network design. 

They can also tune into my own blog site a or see some of my videos on YouTube.

They can also view the Smart Factory of the Future SlideShare which talks more about segmentation and IT/OT convergence. I highly encourage anyone who works in the area of process control to investigate this issue.

We also have some healthcare customer success stories that share how Extreme Fabric Connect and Extreme Control have created segmented networks to reduce security threats:

 

Also, check out our video on how to secure the everywhere perimeter:

 
 

Related Healthcare Stories