The recent Stuxnet worm, which specifically targeted control systems manufactured by Siemens, brought mass attention to the unique vulnerabilities of control system architectures. Primarily, that beyond the Human/Machine Interface (HMI), behavior of SCADA and ICS assets – such as RTUs, PLCs, and the sensors and actuators that they control – are essentially invisible to traditional IT security monitoring products. The integration of NitroView CIP and OSIsoft’s PI System has removed that shroud, making the previously dark corners of the control system visible to SIEM for the first time.
Asset owners such as grid providers leverage specialized data historians as centralized repositories of device activities and events, as the end devices do not have the ability to preserve that information individually. Through the HMI, they can monitor the operational state to react to issues such as sensor faults or threshold violations in process controllers, as well as collect data for the purposes of compliance. Because the visibility of most SIEM solutions is limited to routable networks such as TCP/IP over Ethernet, security and compliance activities across business and process control networks was done in isolated silos – with little-to-no ability to correlate potential relationships between cybersecurity events and process implications. With the industry’s highest scalability and performance, NitroView CIP is uniquely capable of integrating historian data and empowering providers with the unprecedented ability to:
• Identify/correlate zero-day events like Stuxnet and their impact from system infections/network perimeter events, to sensor faults or threshold violations in process controllers
• Allow point changes and anomalies to be monitored using NitroView, providing real-time UI and incident response capability to control system operations, including sensor mismatches, control loop discrepancies, etc.
• Centralize all logged activity for compliance with regulations such as NERC CIP and build a complete audit trail of all activity within the control system “With Stuxnet proving in no uncertain terms that a threat originating in the IT world can effectively cross the divide into the ICS, asset owners need the ability to see their networks as one from a security and incident response perspective,” said Eric D. Knapp, Director of Critical Infrastructure Markets for NitroSecurity. “Providing visibility into these previously ‘dark’ areas of control networks, NitroView is the only solution with the scale to seamlessly incorporate this new universe of data, and the horsepower to provide real- time incident response.”
About NitroView CIP
NitroView CIP is the industry’s first end-to-end NERC CIP security and compliance solution. Comprising SIEM and network, database and application security monitoring appliances, NitroView CIP monitors and alerts on control systems, SCADA and DCS protocols and cyber assets in real-time, producing a clear audit trail of how critical assets are used. It identifies systems that are at risk – including passively monitoring the network and generating logs for assets that do not produce them natively. NitroView appliances are non-obtrusive and can drop into existing networks – with no interruption of operations or impact to performance or reliability. NitroSecurity also partners with leading NERC CIP consultancy Encari, for assessment and implementation services.
NitroSecurity develops high-performance security information and event management (SIEM) solutions that protect critical information and infrastructure. NitroSecurity solutions reduce risk exposure and increase network and information availability by removing the scalability and performance limitations of security information management. Utilizing the industry’s fastest analytical tools, NitroSecurity identifies, correlates and remediates threats in minutes instead of hours, allowing organizations to quickly mitigate risks to their information and infrastructure. NitroSecurity serves more than 500 organizations in the energy, healthcare, education, financial services, government, retail, hospitality and managed services industries.
For more information, please visit http://www.nitrosecurity.com. D