'Immune System' Cyber Security for SCADA Systems
Cyber-attack campaigns targeting Supervisory Control and Data Acquisition (SCADA) networks are increasing, and 2014 saw both the Energetic Bear campaign and the remote crippling of a German steel mill. When an analogy is made to the very effective human immune system, traditional cyber defences are clearly missing the key ability to adaptively detect and react to new and unseen threats. There are two viable methods for copying raw network traffic to an appliance without affecting the reliability of the operational process. Recent advances in computer hardware and machine learning techniques have made it possible for such an appliance to develop a deep understanding of normal network activity in real-time, and then highlight unusual behaviour. The three most prominent SCADA cyber campaigns of recent years – the steel mill, Energetic Bear, and Stuxnet – all produced activity that was clearly unusual for the networks they compromised. An immune system approach would have detected this and highlighted them for investigation. Cyber ‘immune systems’ deployed in real SCADA networks have identified a range of interesting behaviours not noted by the existing security stacks. This technology is already being used by major industrial companies such as Drax Power in the UK, to defend both their corporate and SCADA networks.
Please sign in or register for FREE
Sign in to E&T Cyber Security Hub
Register to E&T Cyber Security Hub
E&T Cyber Security Hub brings together engineers and cyber security specialists to share practical know-how. With content created ‘by engineers, for engineers,’ it provides peer-reviewed technical information, real-world insights, lessons learnt and case studies, as well as tools for networking and knowledge-sharing, profiles of experts and the opportunity for companies to showcase their expertise.