Linux software locks down industrial infrastructure
Published: 11 Jun 2003 07:32 BST
Control-system specialist Verano has introduced a service and software package to help companies protect their critical infrastructure from digital attacks.
The product, dubbed Industrial Defender, aims to close holes in the security surrounding control systems used by utility companies, manufacturers and other industries. Verano announced the first piece, a network monitoring appliance and service, on Tuesday.
Moreover, unlike Honeywell, Siemens and many other companies in the industrial application market, Verano doesn't build its products on top of a special version of Microsoft's Windows operating system, but on a security-enhanced Linux (SELinux) system. Originally created by the US government's military security agency, the National Security Administration (NSA), SELinux adds advanced security technology to further lock down the Linux operating system.
"Most of today's (control) systems were installed in the '80s and '90s, and weren't designed with security in mind," said Brian Ahern, chief executive of the control-system management and security company. Ahern cited penetration tests by Verano's partners that indicate the network security around industrial control systems can be breached in as many as 90 percent of cases.
The package is an early effort to target an often-overlooked part of corporate networks: the control systems that monitor and maintain factories, energy plants and other industrial infrastructure. Such networks -- the two common types being Supervisory Control and Data Acquisition (SCADA) networks and Distributed Control Systems (DCSs) -- have come under intense scrutiny after the 11 September terrorist attacks, as they could be weak points in a strike against critical components of the US infrastructure.
While "cyberterrorism" has been the rallying cry of policy makers seeking stricter laws to punish hackers, and of government agencies asking for more funds, the chances and effects of any such attack have been greatly overblown. Instead, Ahern said, Verano's new service and software aims to protect a company's operation from the deleterious effects of a simple cyberattack.
"Any industries that are operating in a real-time market can't cut the cord and isolate themselves," he said. "They have remote dial-in capabilities for their remote engineers and have to have a way to guard those entry points."
While enterprise network security services do exist, the specialised network devices, or appliances, that monitor a network consume too much bandwidth, Ahern said. Typically, the general devices used in corporate networks can use between 6 percent and 10 percent of the typical 10mbps Ethernet used in most factories and control applications. For real-time control systems, that just won't do, he said.
Verano's expertise with control systems and its base of 200-plus industrial customers puts it in good stead, Spire Security analyst Peter Lindstrom said.
"Their big value-proposition is that they know the industry," he said. "Their stuff looks just like the products and services available in the enterprise security industry, but they are integrated differently."
Verano's Ahern said that getting companies to adopt a Linux-based system will take a few years, more because of the slow pace of the industrial sector than because of any lack of faith in the open-source operating system.
"My experience has shown that there is generally a three-year delay between when a technology moves into an enterprise and when it gets onto the plant floor," he said.
However, security may be the issue that will speed that adoption cycle up.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
62 out of 137 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
