Network Threats

Picture this scenario:Power Plant

  • An employee has a company laptop on the internet at his home office, connected to the control network through a VPN (Virtual Private Network)

  • A hacker from overseas infects the laptop with a virus over the Internet 

  • The virus then propagates over the VPN connection into the control network and infects another Windows PC located right in the heart of the control system

Is this just a hypothetical situation? It couldn't happen to you? The bad news is that this is a real incident that actually happened to the water supply system in Harrisburg, Pennsylvania in 2006.

Control networks are highly vulnerable to cyber incidents. The growing complexity of modern control systems means that they need security now more than ever. The Harrisburg incident is just one of many Security Incidents you can read about.

The following table provides a summary of types of Network Threats and links to Case Profiles that document real world examples.

  

Threat: 'Soft' Targets Real World Examples

The personal computers in most control networks must run continuously for months or years, with no opportunity to install security updates or antivirus tools. What happens if a PC virus gets loose on your control network?

The PLCs and RTUs in control networks were optimized for real-time I/O performance, not for robust networking connections. Even normal network traffic, like broadcast and multicast messages, can overload some devices and cause them to crash. What are you doing to protect them?
 Tofino Solution Featured Products

Tofino addresses this problem by making it easy for the control engineer to define rules that specify which network devices are allowed to communicate and what protocols they may use. Any network traffic that does not fit the rules is automatically blocked by Tofino and reported to operations personnel as a security alert.

 

Threat: Poor Network Segmentation Real World Examples

Many control systems have evolved over time from simple, stand-alone systems to complex interconnected networks. These networks are typically wide-open with no isolation between different sub-systems, so if a problem occurs in one area it can quickly spread throughout the network. Even worse, your staff typically have very few tools to isolate and identify the source of a problem, leading to lengthy shutdowns and overtime costs when problems do occur. How are you isolating the sub-systems in your network?
 Tofino Solution Featured Products

Tofino is the ideal solution for segmenting a control network into security zones. It can be installed into an existing system with no changes to the network, forming 'conduits' of communications between the zones. The control engineer can define rules that specify which network devices are allowed to communicate and what protocols they may use. Any network traffic that does not fit the rules is automatically blocked by Tofino and reported to operations personnel as a security alert.

 

Threat: Multiple Network Entry Points Real World Examples

Even if your control network doesn’t connect to the internet, you’re still at risk. Studies show that the vast majority of cyber security incidents originate from a variety of secondary points of entry into the network, including

  • the enterprise network
  • maintenance connections
  • third-party networks, like partner companies and contractors
  • even transient sources, such as laptops that travel in and out of the facility

A single infected USB storage device can be enough to shut down an entire plant.
 Tofino Solution Featured Products

A security risk assessment, combined with Tofino's Zone-Level Security strategy, identifies potential threat sources and entry points and isolates those points. If an attack does originate from a transient entry point, the potential damage is contained only to the zone in which the attack originated.

Tofino offers exceptional value

Even simple network issues can result in significant financial losses due to plant down time:

Tofino is a proactive solution that will help you reduce or eliminate production losses caused by these cyber security incidents.