The Big Picture: Secure Critical Infrastructure with Cooperation & Automation

Date: August 24, 2017 By: Chet Namboodri

When dealing with the difficulties of securing critical infrastructure, it’s sometimes good to take a step back from day-to-day challenges and take a macro view; look at the big picture. Fortinet’s CISO Phil Quade did just that recently in an article originally appearing in CSOonline.com.

I found his key themes both relevant and insightful. Phil indicates that while the news media focuses attention on high profile malware and ransomware attacks, like WannaCry, the bigger threat to critical infrastructure—water, energy and transportation systems—comes from “low and slow” attacks that are hard to detect. And, since a lot of critical infrastructure is owned and operated by the private sector, securing it takes real cooperation between industry and government.

Phil also states that we are on the verge of a security revolution that includes using automation strategies to find and respond to incremental cyber intrusions. Automation is what underpins the Fortinet / Nozomi Networks partnership. Read on to learn more about Phil’s perspective and how our combined solution secures critical infrastructure.

Secure-Critical-Infrastructure-with-Automation
Sophisticated cyberattacks that infect industrial networks in a “low and slow” way
threaten essential services, such as electricity and water.

“Low and Slow” Cyberattacks on Critical Infrastructure

When major attacks happen, victims readily see them and can move to counter them. The risks from less than obvious attacks are harder to counter. “Low and slow” attacks – often resulting in undiscernible, incremental changes to the compromised system – worry many security experts. They’re hard to detect before it’s too late and a system is moving towards a critical state. Sophisticated intrusions often work together in subtle ways, yet can disrupt essential services such as water and power.

Cooperation and Automation are Key

In many countries, critical infrastructure is owned and operated by thousands of municipal entities and the security problem is so complex it’s hard to know where to start. Government can’t solve the problem by itself, and private companies can’t be expected to defend against the cyber military of other nations. An important step is for organizations to cooperate and automatically share threat and vulnerability information within their industries.

Automation is key. As Phil states:

“The best way to find the incremental intrusions and respond in a coordinated and comprehensive fashion is through automation. Human eyes often can’t see the low-and-slow attacks, and we can’t respond fast enough once a breach has been detected.”

The Fortinet / Nozomi Networks partnership is built on cooperation and automation. Nozomi Networks’ SCADAguardian product uses automated machine learning and artificial intelligence techniques to detect cybersecurity and process anomalies occurring within the Industrial Control Systems (ICS) of critical infrastructure. When anomalous and/or suspicious behavior is detected, an alarm is generated and sent to security operators and network administrators.

At the same time, SCADAguardian is capable of automatically triggering the right policy in FortiGate firewalls to segment and block the suspicious traffic, all while permitting the unaffected, critical control traffic to continue and keep the plant operating with stability. The combination of advanced anomaly detection, which can identify “low and slow” changes to industrial networks, along with automated feedback and active integration into Fortinet Security Fabric products, goes a long way to improving critical infrastructure cybersecurity.

See SCADAguardian in Action at the Fortinet 361 Security Forum

I urge you to read Phil’s full article, which includes more useful information than what I’ve presented here.

And, if you would like to see the SCADAguardian / Fortigate solution in action, I will be demonstrating and presenting it at:

Fortinet 361 Security Forum
Sept 5-8, 2017, Vienna, Austria

Drop me a line and we’ll set-up a meeting.

Related Content to Download


Solution Brief: Fortinet & Nozomi Networks ICS Cybersecurity Solutions

 

This document covers:

Challenges of Securing ICS
Fortinet-Nozomi Networks Joint Solution
Segmenting ICS Networks
Sample Network Architecture


DOWNLOAD NOW


Related Links

 

Tagged , , , , , , , , ,