Energy and Industrial Controls

  • Eliminates risk of cyber attack on critical infrastructure, nation state or otherwise
  • Helps ensure safe operation of industrial control systems, including SCADA
  • Ensures only trusted assets communicate throughout critical infrastructure
  • Protects critical business assets
  • Secures the supply chain

Today’s complex manufacturing and energy environments are often highly connected systems performing Energy Cybersecuritycomplex tasks while being remotely monitored and controlled by Supervisory Control and Data Systems (SCADA) systems.  In these types of systems, operators can have direct access, visibility, and control of the sensors and actuators through some type of human-machine interface.  Industrial control systems such as manufacturing robots, farming combine systems, letter handling systems, material sorting machines, nuclear power plants, hydroelectric dams, and package handling systems are capable of being remotely controlled through both wired and wireless communications.

However, as important as these systems are, the fact is that many, if not most, industrial control systems in the field today were designed and constructed long before the term "cyber threat" even existed.  Many of these systems are based on old technology and antiquated operating systems and most do not have even rudimentary security controls.  In fact many of the companies that produce these systems "publish" their passwords for their computer-based controls like "admin", or "1234", so anyone can access them.   Unfortunately these potentially critical industrial control systems are highly susceptible to cyber attack.  This is especially true in the new and evolving smart grid, which ironically is intended to provide efficiency and resiliency to the power grid.

Why Hackers are Interested in Industrial Control Systems

Control systems must be secured to protect design and manufacturing processes and data

There are a number of reasons why an individual, a company, or even a nation state would be interested in gaining access to and taking control of critical industrial control systems.  First of all, many of these systems, as noted above, are easy targets and when they are penetrated can have wide ranging effects.  Some attacks are politically motivated, intended to cause political harm to individuals or groups through the disruption of services.  Another type of attack, which comes under the name of cyber espionage, may try to either steal information or hinder the operations of a competitor or target company.  As an example of this type of attack was exhibited in the alleged attack by the Chinese government on Lockheed Martin Corporation.  In this attack, the Chinese government or associated parties thereto were able to gain access and steal the designs for the American made Joint Strike Fighter, the F-35.  Obviously, this was a costly attack with significant ramifications to Lockheed Martin and the U.S. Department of Defense.

Planning an Effective Response is Not Sufficient

Effective response mechanisms are insufficient and frankly, too late

For many in the Industrial Control Systems sector, there is a belief that a good process for identifying when a company has been hacked and responding to that hack with patches is sufficient and effective.  The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is an organization operating under the U.S. Department of Homeland Security that has been established for helping organizations respond to a cyber attack.  By its definition and its fundamental premise, this is a response organization that helps organizations once they have been hacked.  By the time ICS-CERT kicks into gear, the critical information may have already been stolen or the damage may have been done.  It's simply too late.

Standards - To the Rescue? That is Just a Start

A major step forward is the thought process where security is built in from the ground up.  The National Institute of Standards and Technologies (NIST) has published NIST 8008-82, A Guide to Industrial Control Systems Security which aims to reduce the vulnerabilities in industrial control systems such as SCADA, programmable logic controllers, and distributed control systems.  This guide lays out a number of mechanisms for industrial control system manufacturers to follow in order to reduce their cyber security risk.  This guide offers a number of advanced processes, activities, and methods to minimize risk.

StealthPath: ensures only StealthPath Trusted™ actors and data participate in industrial Control Systems functions

That said, it still is not enough.  Fundamentally, organizations developing, deploying, and maintaining industrial control systems need to leverage the latest advancements in technology to ensure that only Trusted actors, software, hardware, and communication controls today's advanced and connected industrial control systems.  By using StealthShield™ technology in the industrial control systems and critical infrastructure assets that participate in our energy infrastructure you are assured that these will continue to operate securely, enabling them to perform the functional requirements they were designed to perform. StealthShield  ensures only StealthPath Trusted parties with authenticated messages will be able to share information.  That means communication between and among the industrial control systems of today will be assured and dependable. StealthShield  provides the Pathway to Impenetrable Cybersecurity™.

StealthShield :

  • Operates autonomously
  • Requires no human intervention
  • Is simple to install
  • Is not detectable by cyber attackers

Contact Us To Learn More

Find out how StealthPath can help your company operate securely.