Wireless and wired technologies have advanced to the point where automated control systems are routinely networked together. Information can be shared and tasks performed across long distances, via the Internet, linking systems in large industrial spaces, or across remote or rugged areas. Networked control systems (NCS) offer many benefits such as far greater efficiency than manual controls, leading to savings on personnel and resources. Accurate and continuous monitoring also translates to desirable safety and reliability benefits.
Any facility where human interaction can be challenging or dangerous is appropriate for networked control systems. Space and harsh terrestrial environments are suited for wireless networked control. The U.S. Navy, for instance began using NCS to reduce labor-intensive activities aboard ships — where explosives and shock can affect critical electronics — and is increasingly using sensor systems and wireless technologies for anti-terrorism and force protection — even tying biometrics sensors into wireless. On shore, they are using NCS for smarter operation of personnel and equipment in an era of declining budgets and increasing demands for efficiency.
Cyberattacks demand a multilayer protection strategy
Today, the news is filled with stories of sophisticated cyberattacks on the banking industry as well as critical infrastructure like the nation’s power grid. Industrial facilities are also prone to attack but use standard controller devices while relying on default passwords on their internet-facing networks. This is particularly unacceptable for military environments where data is highly sensitive and the nation’s security is at stake, presenting an attractive target to those who want to steal secret information, damage critical systems or make a statement.
In 2011, over 100,000 cyber incursions occurred against U.S. government and commercial networks.1 Many types of malware specifically target control systems. Stuxnet famously has been able to inflict significant damage, and Duqu and Flame are believed to be designed to gather as much information as possible on a system. In addition to eavesdropping attacks, engineers deploying an NCS must be concerned with man-in-the middle attacks and/or denial-of-service attacks. These incursions have made clear that air-gapped systems are just as prone to cyber attacks as their wired counterparts.
To combat such attacks, the military requires a “defense-in-depth” (DID) strategy. DID consists of several layers of both physical and cyber safeguards for a given system, forcing the attacker to penetrate not only a first layer of defense but also a back-up layer and so on. In describing DID, Jeff Johnson, Command Information Officer for Naval District Washington (NDW) notes, “it’s important in order to make sure that one of the attack vectors or all of the attack vectors can be mitigated kind of in parallel. But we look at defense in depth as part of an overall strategy ... associated with our infrastructure.”
Defense-in-depth security solutions
In the industrial arena, control systems have long been designed for reliability in the event of power disruption, equipment malfunction or some type of accident. Stuxnet and other high-profile cyber attacks have shown that industrial control systems must adopt some of the same strategies employed by the military. Wireless networking device vendors are meeting the challenge of offering equipment that can protect sensitive military and industrial control networks from many types of attack while presenting a defense-in-depth approach to network security.
Rockville Maryland-based Ultra Electronics, 3eTI was one of the first wireless network vendors to meet FIPS 140-2 (Federal Information Processing Standards) requirements for encryption of cryptographic modules which include hardware and software components. Its products were initially used as part of a SCADA (supervisory control and data acquisition) system that monitored key machinery in shipboard environments. Later, the NDW was looking to expand the system further. Running cables to all their sensors — particularly in a military platform — was going to be expensive. The company introduced them to wireless sensors for monitoring and control. “They’re trying to operate facilities smarter and more efficiently in an era of declining budgets,” explains Benga Erinle President of 3eTI. “We’re providing sensor systems to support security and surveillance, access controls as well as direct digital controls (DDC) and SCADA for operating building equipment and plant equipment more efficiently.”
To implement a secure wireless NCS for the military, the equipment must comply with not only the FIPS 140-2 encryption requirements, but also meet any pertinent DISA (Defense Information Systems Agency) STIGS (Secure Technical Implementation Guide) which provides a framework for wireless networking accreditation in the military, and DID is a critical part of the accreditation process.
NDW uses EnergyGuard from 3eTI to connect various DDC and SCADA systems into one network environment. According to 3eTI’s Erinle, “Defense-in-depth begins with things such as physical security, making sure that only people that are authorized can actually physically get close to the information systems.” Every individual device on the network must include its own security features, starting with the network perimeter, followed by the network edge and then the controller all the way down to the software. “Just implementing one layer does not assure true security,” he adds. “A true defense-in-depth network solution should include many discrete protection devices all together to provide robust security.”
Risk assessment, DID strategy enhance customization
When designing a wireless network for military environments and sensor networks, each device in the system is its own risk point. Therefore, your system should only allow communication between the device and a secure enterprise server, relying on a tightly controlled interface to handle outside requests for information and control. Risk assessment is also an important part of network design. Here, DID allows for greater flexibility with regard to the tradeoffs between desirable network performance and any associated risks. That’s because the additional layers mean that any vulnerability that is introduced for system requirements can be mitigated by an additional layer of security.
Be sure to include a high-speed, government-accredited network encryption device. EnergyGuard, for instance, offers a number of different security capabilities to create a custom networking solution. When no attack is taking place, its EtherGuard component employs static defense controls such as encryption, firewalls and authentication. It also actively seeks out attacks and responds to them, employing deep packet inspection and heuristic analysis. A solution that employs both static and active protection provides the redundancy necessary for a secure, defense-in-depth approach.
Satisfying customer and validation requirements
Across many industries, wireless networked control systems are proving their ability to deliver the efficiency of manpower and resource usage that organizations are demanding. Jeff Johnson of NDW notes, “You have a lot more flexibility in reaching locations that don’t have wired infrastructure, and you’re able to support mobile clients if needed with the wireless hotspots that are established. So it’s worth the investment if it’s part of an overall strategy ... to achieve the mission of a particular installation.”
The military, however, has its very unique requirements and demands confidentiality and integrity from its wireless networked control systems. The Department of Defense’s DIACAP (DoD Information Assurance Certification Approval Process) requires the engineers to thoroughly assess and identify all the risks associated with sensor systems throughout every connected device from the advanced meters to building automation down to the handheld wireless devices used to control the equipment. DIACAP also requires the appropriate risk-mitigating solutions be implemented for each and every possible risk point. Benga Erinle explains that independent validation allowed Naval District Washington to select its secure wireless networking products. “The common criteria allowed (NDW) to trust their integrity, and then we added other layered defense techniques to help them achieve real certification. He adds, “They’re meeting Federal mandates and are on their way to reducing their costs.”
1 Rene Marsh, “Feds need more computer defense experts, Napolitano says,” (bit.ly/JnJLpT) CNN, April 21, 2012.