You don’t have to look hard to find examples of companies that have suffered serious security breaches, with recent examples including the U.S. Postal Service and Home Depot. While these breaches tend to cost the affected companies, and sometimes their customers, significant sums of money, they don’t amount to a threat to the health and safety of citizens. And these attacks generally don’t bring the firms to their knees and prevent them from doing business.
But some organizations simply cannot afford to suffer security breaches. Think about an offshore oil rig out, for example. Should the IT systems that run the control systems for the rig be compromised, taking the rig out of commission, there is no backup rig that can take over for it. Or consider utilities such as gas and power companies. If their control networks are compromised, the results could be catastrophic.
At the same time, managers on the business side of the house want to have a view into these control systems for perfectly valid reasons – to see in real time how production is going, whether there are delays, problems or the like. For these business managers to be able to monitor the control networks, they need some sort of network path into those systems. Usually, that path is through the Internet, via one or more layers of firewalls which are intended to protect the connection.
This is where the risk comes in, for that same path used by managers to view their control systems is available for intruders to launch intrusions and attacks. While firewalls, anti-virus systems and other software-based protections may make such attacks more difficult, they can be circumvented – and they are on a regular basis.
So what is an acceptable level of risk for any given business to take? For retailers or even banks, firewalls and IDS/IPSs may represent an acceptable level of protection because they all have backup systems in place should a database, for example, be compromised. Many have one or more backup data centers; in the event of a breach at a primary site they can activate a secondary site and be back in business.
We can’t do that with an offshore oil platform, electrical substation, gas pipeline, or manufacturing plant. It’s not like there’s a backup manufacturing plant ready to take over should one fail. Rather, the business is simply not putting out the quantity of goods that it should.
It’s for such businesses where any risk of a security breach is too great that my company, Waterfall Security Solutions, is partnering with Schneider Electric to offer solutions. Schneider Electric, of course, sells much of the control and monitoring equipment used in utility, oil and gas, manufacturing and other industries, along with the software control systems for those processes. Waterfall sells security solutions that protect control systems from any possibility of a network breach.
Waterfall’s Unidirectional Security Gateways allow data to flow only outbound, from the control system to the remote user. Hacking sessions are by nature interactive; a hacker initiates a session with the target node, gets a response and figures out his next move. When trying to hack a Waterfall-protected system, he will be unable to initiate a session and will effectively reach a dead end.
Waterfall also places a copy of certain control system databases outside the protected portion of the network, synchronized sub-second with the live, protected system. Legitimate users can query the copy and retrieve up-to-the-second data. But the actual control system remains safe behind Waterfall’s hardware-enforced gateway.
That’s a simplified explanation of how the technology works. Companies worldwide are benefiting from it, including the vast majority of critical infrastructure organizations in Israel, where Waterfall Security is based. We’re also protecting power plants, offshore oil platforms, chemical facilities, pipelines, refineries and more in North America, Asia and Europe. And since forming our partnership with Schneider Electric earlier this year, our combined solutions are already working together to serve this market.
I’m looking forward to getting to know more Schneider Electric customers and learning how we can team up to offer solutions that keep industrial and critical infrastructure companies in business, and keep the people that work for and rely on these companies safe.