INFRASTRUCTURE CONTROL SYSTEMS ENCRYPTION

Transcription

1 INFRASTRUCTURE CONTROL SYSTEMS ENCRYPTION solutions-paper

2 INFRASTRUCTURE AND INDUSTRIAL PROCESS AND CONTROL SYSTEMS SECURITY ARE OF NATIONAL IMPORTANCE DUE TO THEIR ESSENTIAL SERVICES AND ECONOMIC IMPACT. RISKS OF CYBER AND TERRORIST ATTACKS AND INTERFERENCE HAVE NEVER BEEN GREATER. ENCRYPTING AUTOMATION, CONTROL AND BUSINESS DATA PROVIDES ESSENTIAL PROTECTION. OVERVIEW Senetas provides the world s leading multi-certified; defence-grade high-speed encryptors that protect infrastructure and industrial process control systems data transmitted across Supervisory Control and Data Acquisition (SCADA) networks. Critical utility infrastructure and industrial assets are high profile targets for terrorist and criminal attacks. The development of automated infrastructure and industrial control systems and their use of SCADA networks have also exposed these critical assets to significant threats of cyber-attacks. Furthermore, utility and industrial organisations business systems such as Smart Grid and Smart Metering revenue data are also at significant risk of criminal cyber-attacks attacks. The data networks used to control these assets and transmit business critical information are the weak link when their data is transmitted across high-speed public or private networks. Contrary to popular belief, data networks are not inherently safe! The infrastructure and industrial process and control organisations using SCADA networks face serious risks of data input, data corruption, tampering and other data interference, that can have catastrophic consequences. The transmission of unencrypted sensitive business systems data across high-speed networks risks consequences such as data theft, breach of privacy and loss of intellectual property. But, industrial process and control systems using SCADA networks face additional serious risks to public safety, health, the environment and the economy. Successful breaches of SCADA networks used by utilities such as telecommunications, energy and water resources, can lead to catastrophes, from loss of life to total loss of the assets and cessation of operations. In the case of industrial assets such as in the oil, gas and resources sectors, there are similar risks of catastrophes. Whether the risks to utilities and industrial organisations high-speed network data threaten asset control systems or their business systems data theft, data disruption, data redirection, and tampering or data corruption the consequences can be devastating for many stakeholders. The potential economic impact is also significant. It is essential that industrial process and control systems data be protected. It is not sufficient to attempt to prevent network breaches alone the data itself must be protected! Defence-grade encryption of that data is the last line of defence. 1

3 Because such assets are typically of regional or national infrastructure importance, many governments regulate the protection of their data and data networks and even mandate the use of certified data encryption. Ultimately, the optimal protection of control system and business data networks is to protect the data itself. Protecting the networks is a process of catch-up. It is not a matter of if a breach will occur, but when and how severe the consequences. Encryption provides that data protection rendering access by unauthorised parties useless. Therefore, it is essential to focus on the data itself encryption is the optimal solution. Senetas certified high-speed encryptors provide that encryption without the loss of high-speed data network performance and that s certified! Senetas world-leading defence-grade encryptors provide the best performance unique near-zero latency and zero impact on other network assets maximum security without network performance compromise. Additionally, Senetas encryptors offer a number of important benefits such as ease of installation and on-going management; % uptime; interoperability and flexible tailoring to customer needs. Infrastructure and industrial assets process and control systems; their business systems (such as billing systems) and the high-speed networks they use, expose them to risks of unauthorised network access through: > > Data sniffing > > Rogue data input disrupting asset and industrial process and control > > Loss of billing systems revenues information Smart Grid and Smart Metering > > Information theft > > Disruptive data input > > Redirection of data streams > > Business and operations disruption > > Identity theft > > Damaging asset attacks These risks are real and growing. The consequences can be catastrophic: > > Loss of life and serious injury > > Major financial loss > > Loss of major physical assets > > Wide economic loss > > Expensive litigation costs > > Loss of reputation > > Loss of stakeholder confidence > > Devastating impact on intellectual property assets and business revenue > > Consequential losses from business disruption and asset damage. Because Senetas defence-grade, high-speed encryptors protect the data itself, they provide peace of mind that should a successful network breach occur, unauthorised parties will only obtain meaningless data. They also ensure that attempts to input rogue data will not adversely affect industrial processes and control. 2

4 Senetas encryptors maximum security without compromise While data encryption is the optimal solution, most network data encryption solutions have adverse impact on the network s performance they degrade the data network performance by 50% to 70% and can adversely affect business and other systems performance. Senetas defence-grade network data encryption avoids those downsides near-zero impact on the network. Our unique certified encryptors provide maximum data protection without compromising highperformance networks. That s why Senetas encryptors are chosen to protect much of the world s most sensitive data. Senetas proven defence-grade encryptors maintain maximum network performance and that s certified! The international, independent testing authorities certifications of Senetas encryptors assure you of uncompromised performance, dependability, zero impact on network assets and ease of implementation and on-going management. Data integrity and your assurance Senetas R&D has been committed to independent, international government testing authorities certifications as suitable for the most demanding government and defence use. These product certifications, which take up to two years to be achieved, provide you with the assurance of their performance. Only Senetas defence-grade encryptors are triple certified certified by the three leading international independent government testing authorities: > > FIPS (US), > > CAPS (UK) > > Common Criteria (international and Australia) Your assurance of security without compromise! That s valuable assurance for critical infrastructure and industrial assets. These certifications provide you with the assurance of market-leading performance, scalability and reliability, near-zero data latency performance and % uptime certified security without compromise! As the risks of criminal and terrorist attacks against critical infrastructures and industrial assets and their process and control systems increase around the world; governments and regulatory authorities are increasing their focus on the security of the data networks and the data that controls them. Senetas world-leading defence-grade encryptors are specifically designed and manufactured for highspeed networks requiring maximum defence-grade data protection; bandwidth performance; low cost of ownership and exceptional up-time availability. Because Senetas high-speed encryptors have been the first choice of some of the world s most secure government and defence organisations; they are ideally suited to protecting critical infrastructure and industrial assets process and control data. 3

5 Protecting critical infrastructure, utility and industrial organisations data Major infrastructure, utilities and industrial organisations face two primary risks to their data transmitted across high-speed networks: 1. The security of major infrastructure, utility and industrial assets from rogue data, data tampering, redirection and disruption; 2. The protection of valuable business data and Smart Grid and Smart Metering revenue data. The risks to the SCADA networks expose communities to very serious health and safety risks, as well as obvious serious economic consequences. Whether they are public or private assets, the consequences are the same. Infrastructure and assets in the energy, resources and industrial process sectors refineries, chemical plants and power generation facilities are critical to communities and the national economy. This makes them prime targets for cyber-criminals and terrorists. Overall these risks are threats to public health, safety and the environment; the economy and physical assets. They also threaten essential services and business performance throughout the economy. The vulnerabilities of industrial process and control systems using high-speed data networks expose communities to very serious risks: > > Loss of life and other serious safety issues > > Devastating environmental impact > > Significant loss of production > > Major equipment damage > > Reputation damage > > Loss of revenues Similarly, the use of high-speed data networks for transmitting aggregated business data, Smart Grid and Smart Meeting data also expose infrastructure asset owners to very damaging consequences: > > Breach of business and competitive secrets > > Privacy and compliance breaches > > Theft of intellectual property > > Lost Smart Grid and Smart Metering revenue data > > Loss of reputation Data networks are not inherently safe! Data networks are not inherently safe. In its 2012 Global Security Report, Trustwave reported that as much as 62.5% of data theft occurs while the data is in transit! Supervisory Control and Data Acquisition (SCADA) data networks, whether private or public, are often highspeed fibre-optic links. Like all data networks, these are not inherently safe. They are vulnerable to malicious attacks, rogue data, interruption and even innocent human and technical errors in data transmission (such as routing table errors). Therefore, the data itself must be protected to help ensure its integrity and prevent serious consequences of rogue data input, disruption and manipulation. 4

6 Senetas Cloud Computing Solutions Senetas encryptors have been selected to protect infrastructure and industrial process and control systems transmitted data based on the following requirements. As a data security company, we cannot reveal our customers data protection solutions. When selecting their preferred solution most customers ran their own extensive performance testing and benchmarking. Senetas encryptors always excelled: > > Near-zero latency and maximum network performance > > Maximum bandwidth performance > > Encryptors held all testing authority certifications required > > Extensive interoperability and backward compatibility of Senetas encryptors > > Flexibility to tailor the devises to specific unique customer requirements > > Efficient total cost of ownership > > Zero impact on other network assets > > Ease of on-going encryptor management > > Consistent and dependable latency performance suitable for business-critical applications, > > Best practice reliability (99.999% uptime) > > Multi-network protocol compatibility. SUGGESTED FURTHER READING Topic Description location Senetas CN Series encryptors CN Series Brochures View website Senetas Encryptors at a Glance White-paper Batten Down The Hatches Specifications of Senetas CN Series encryptors Assessing threats to your ethernet network A guide to protecting data in motion Download PDF View website Download PDF 5