Cyber Security for National Defense
Naval District Washington finds a cost-effective answer to the growing threat of critical infrastructure attacks.
BY BENGA ERINLE, M.SAME
Cyber attacks are threatening our nation’s critical infrastructure and the federal government is pressured to protect disparate legacy systems with limited budget and resources.
In 2010, Stuxnet, the first acknowledged piece of malware specifically targeting Industrial Control Systems (ICSs) and real-time systems, provided startling proof that cyber warfare had finally made the inevitable leap to the “controls” world. Since Stuxnet’s discovery, additional malware such as Shamoon, Duqu and Flame have shown that ICSs are firmly in the sights of both enemy nation states and malicious hackers. It is believed both Duqu and Flame are intelligence gathering malware aimed at gleaning as much information as possible about an ICS—ultimately serving as a highly effective means of cyber destruction. Shore infrastructure vulnerabilities exist within both the physical security and cyber security areas, particularly as it relates to control systems, including Supervisory Control and Data Acquisition (SCADA) and Direct Digital System (DDC) components.
Last year, the Government Accountability Office estimated that significant cyber security events increased 680 percent over a five-year period, from 5,503 in 2006 to 42,887 in 2011. Cyber threats now originate from a wide variety (and ever-multiplying) range of entities—from state-sponsored groups and terrorists to criminal elements and emerging hacktivist movements. As these groups exercise increasing sophistication in their use of advanced technology, the federal government is pressured to keep “ahead of the game” in protecting a wide array of disparate legacy SCADA and DDC systems with more limited resources. Today’s solutions must reflect a multilayered approach, including both physical and cyber security components to protect against threats.
Though substantial funds have been spent on physical security, such as improved access lanes and gates, far fewer resources have been dedicated to securing ICSs to prevent unintended command of facility plant equipment. It is important to understand that the loss of functionality for many facilities extends far beyond mere administrative headaches. Such disruption can have major consequences, including command and controls areas, medical facilities, and warfighter operations and support.
INCREASED NEED FOR PROTECTION
To proactively address the emergence of critical infrastructure attacks and vulnerabilities in legacy control systems, Naval District Washington (NDW) worked with Ultra Electronics, 3eTI, on an Enterprise Industrial Controls System (EICS)—a wired and wireless sensor network that securely links disparate ICSs across several Navy bases into a centralized operations center. The system offers military-grade cyber protection and provides physical security, analysis, modeling and prediction capabilities for building systems. By leveraging a secure scalable wireless mesh network deployed across hundreds of buildings, the EICS provides an advanced cyber-secure sensor application that integrates DDC and SCADA systems into an enterprise network. The platform also provides a wireless intelligent video network system that enables critical infrastructure protection, while fully satisfying the Department of Defense’s (DOD) rigorous security requirements.
These security requirements are one of the greatest challenges federal agencies face in adopting new technology. Agencies are under pressure to utilize solutions to achieve cost savings for energy consumption and labor-intensive activities. However, due to the intensely sensitive nature of the information flowing along DOD networks, any solution must fully comply with DOD directives for Information Assurance (IA) during activities involving data and information interchange. Federal facilities require resilient networks that assure control of critical assets. Networks must comply with oversight such as the Federal Information Security Management Act, Office of Management and Budget memoranda and circulars, and National Institute of Standards and Technology guidance.
Federal agencies also face serious risks in securing their control systems, rendering risk assessment a critical factor in network system design. Each device is its own risk point, so the network is designed to handle outside requests for information access and control via a tightly controlled interface. This permits only communication between system approved devices and a secure enterprise server. Without this, a compromise of a single device on the network would leave all devices vulnerable.
Devices on the network perimeter, network edge and ICS controllers all have specific security features to arm them individually.
The current budget environment can prove difficult for secured information technology acquisition. The need to deploy sensors in distributed environments requires a tremendous effort, but the Navy was quick to recognize the cost and time benefits of integrating advanced wireless solutions into its infrastructure. Wireless integration could accommodate a variety of topologies and meet the needs of specific applications while improving efficiencies.
Many of the Navy’s water, gas, electricity, HVAC and steam systems are located in remote areas without connectivity. These sites historically would have required expensive cabling to achieve sensor-tonetwork connectivity and collect data. There are many key locations along the Navy’s utility distribution systems that are not near a power source and thus have been outside economically viable standard data collection techniques. The EICS program would centrally manage these buildings within a common system. 3eTI’s solution enabled secure integration of the Navy’s widely disparate network of legacy controls systems. It provided a long-term opportunity to fundamentally alter the paradigm on dispersed system control and monitoring to maximize efficiency at minimal cost.
The Navy’s new system reflects a multilayered Defense-in-Depth (DID) strategy. In DID, both physical and cyber security components connect various SCADA and DDC systems into one network, comprehensively safeguarded against threats. Devices on the network perimeter, network edge and ICS controllers all have specific security features to arm them individually. The extra layers of backup protection provided by DID network architecture minimize vulnerabilities so users can balance optimal network performance with the associated risks.
A complete DID network solution, in addition to physical security such as only permitting authorized personnel near information systems, should include many discrete protection components. From a systems engineering perspective, the ultimate security solution must reflect a modular design architecture combining highly secure facilities/utilities control and protection with a perimeter monitoring solution that identifies threats in real-time. This combination should leverage secure authentication, encrypted communications, firewalls and deep packet inspection, supplemented by physical security with automated intrusion detection.
The Navy EICS comes very close to this ideal, with multiples components providing key support at critical points in the system architecture. One key component is 3eTI’s EnergyGuard Appliance, a real-time energy monitoring device with built-in cyber security components that enable an expanded IA accreditation boundary. EnergyGuard provides “intelligent” automation and control and was easily integrated and deployed, becoming an integral component of the architecture that underpins the Navy’s Smart Grid Program at NDW. The system can respond to external drivers like current energy supply challenges and weather as well as internal demand signals like military operations and facility maintenance. Additionally, a second system, 3eTI’s VirtualFence, provides wired and secure wireless critical infrastructure protection and perimeter monitoring, supplementing the EICS.
With the application of secured ICS technologies like these, facilities can operate smarter and more efficiently in an era not just of declining budgets but of more ambitious energy reduction mandates as well.
ENSURING TOTAL SECURITY
Securing the military’s ICS components is vital to ensuring operational availability of the shore infrastructure, and there is a known credible threat vector focused to ICSs. The ability to provide and control clean power, stable HVAC, and command and control of ICSs is paramount and requires a thoughtful approach in both physical and cyber security measures.
The technology to provide a rapidly deployable, affordable, accredited, and secured ICS and critical infrastructure protection system has been proven. With the right planning, it can be done in a way that enables future growth and expansion as technology evolves.
Benga Erinle, M.SAME, is President, Ultra Electronics, 3eTI; 301-944-1369, or