New Security Algorithm Allows Industrial Control Systems To Ward Off Cyber Attacks
The security of industrial control systems is a fairly hot topic of conversation these days, with the assumption being that it leaves a lot to be desired. Acknowledging that the security of critical is a potential weak point in the country’s defenses, researchers have come up with a way of making these sensitive hacker targets a lot less vulnerable. How did they do it? Why, they simply have the control systems police themselves.
Researchers from North Carolina State University have developed a system that enables networked devices to detect any suspicious or erratic behavior that could indicate a security breach, and then isolate any compromised device before it causes damage. For example, in a factory production line, each machine would be tasked with keeping an eye out for any troublesome behavior among its neighbors, and if it spotted anything amiss, the machine in question could be quickly isolated. The researchers say that the new mechanism could be used in both programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) systems.
Mo-Youen Chow, professor and co-author of the study, likened the system to a kind of virtual neighborhood watch. “Each device listens to its neighboring device to see if they’re misbehaving,” explained Chow.
The system could be a real breakthrough in the fight to protect the nation’s most critical infrastructure. PLC and SCADA systems are used in numerous industries that are considered vital to the country’s well being, including oil and gas pipelines, transportation networks, power stations and defense manufacturing facilities, among others. This infrastructure is seen as a soft target for foreign hackers, who are known to have infiltrated critical systems in the past. While no damage has been done so far, Defense Secretary Leon Panetta warned last October that aggressors from countries like China and Iran could take advantage of these weaknesses to contaminate water supplies, shut off power grids and even derail trains.
“We know of specific instances where intruders have successfully gained access to these control systems. We also know that they are seeking to create advanced tools to attack these systems and cause panic, and destruction, and even the loss of life,” warned Panetta at the time.
The biggest challenge with securing critical infrastructure is the age of the machinery and electronic systems it’s built on. Most industrial facilities within the US were built years before we even envisaged using the internet as a networking protocol for these systems.
One solution would be to rip everything out and start again, but obviously that just isn’t practical given the expense involved. Instead, the North Carolina State University team has developed an algorithm that can be integrated with just about any networked device, either as firmware in a microcontroller or in the actual software. What the algorithm does is to come up with acceptable parameters governing factors like speed or temperature for networked devices to operate within – with any deviation from these parameters causing all the other devices within the network to isolate it immediately it by halting their communications with it.
So essentially what we have is a next-generation technology that acknowledges the ‘new normal’ in today’s world where security experts advise us to always assume the worst has happened. If anything goes wrong, act is if you’ve been compromised and work to minimize the damage immediately – should it later turn out to be a false alarm then so be it.
The researchers say that their PLC and SCADA security system would be able to augment existing security products like access controls and communication encryption. They plan to present their technical paper (PDF file) on the system at the upcoming IEEE International Symposium on Industrial Electronics in Taipei, Taiwan, later this month.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU