By John Walsh | SVP Business Development & Strategy
From Stuxnet to Sandworm, the proliferation of successful attacks against cyber-physical systems (CPS) has highlighted growing threats across the critical infrastructure landscape. Across the U.S., utility organizations are digitizing operations and enhancing the interconnectedness of their systems to gain efficiencies and account for the growing demand for distributed energy resources (DERs). The substantially increased number of endpoints, sensors, controls, fault detection/response, and overall complexity of the power grid connectivity leads to an expanded attack surface and adversaries are taking advantage – cyberattacks on critical infrastructure will only continue to escalate in quantity and sophistication. In particular, as the Energy Sector continues to evolve, so do the threats it faces and, as most attacks and system infiltrations begin between 45-95 days prior to detection, it’s better late than never when it comes to building cyber defenses and testing response plans to make sure each person knows their responsibilities in executing the plan
Federal Government policy, requirements, and guidance are attempting to address these growing problems, and it is time for operational technology and information technology (OT-IT) stakeholders to augment their approach to cyber-physical security, away from the defense-in-depth mindset to the Zero Trust model. Adversaries are employing Tactics, Techniques, and Procedures (TTPs) to blend in and act as legitimate traffic/protocols/domains by leveraging the functionality in general purpose compute applications, operating systems, and industrial control systems. In the operational technology Supervisory Control and Data Acquisition (SCADA) environment, these attacks are challenging to identify, prevent, and respond to due to a lack of threat data, real-time operating systems, and resource constrained environments.
We are also seeing an uptick in microgrid and hybrid power plant production as part of the transformation to a “smart grid” as systems incorporate both enterprise command and control and edge elements – integrating IT and OT. The availability, reliability, and resilience of these systems depends on the data protection/integrity and system critical components availability to ensure efficient daily operations, command and control, and transaction with the business/financial supporting systems. Most of these systems, applications, and processors are designed for general purpose computing to promote interoperability and large market access, meaning they have much more capability than is necessary. This is an inherent cyber-physical security concern, pushing organizations to embrace least functionality and build architectures that are intelligent enough to execute only the tasks necessary to perform a specific function, and nothing more. Restricting and containing what these applications or hardware can do reduces and microsegments the attack surface, making it more difficult for adversaries to exploit them.
Most monitoring and detection systems rely on looking for abnormalities and/or signatures associated with prior attacks. This leaves organizations behind the ball if they only follow the current NIST Cyber Security Framework (CSF) paradigm of Identify, Protect, Detect, Respond, and Recover. BedRock Systems’ takes it a step further with Prevent, i.e. documenting cyberattack attempts and sharing information with the existing SCADA system and adding prevention mechanisms to counter the risk of zero-day exploits.
In accordance with Executive Order 14028 BedRock Systems designed and built a formal methods proven unbreakable trusted virtualization platform with active security™ that provides feature capabilities to countermeasure next generation Advanced Persistent Threats (APTs). BedRock supports integration and convergence of both OT and IT systems applications, protocols, and operating systems (including Real Time Operating Systems – RTOS), enabling organizations to isolate, secure, and implement least functionality through Virtual Machines (VMs) that run on a formal method of proven trusted computing base. Through a combination of finer grain segmentation, segregation, isolation, maintenance of kernel integrity, and denial of functionality, BedRock Systems stops attacks on critical infrastructure that others cannot.
Learn more about how BedRock Systems builds an unbreakable foundation for critical infrastructure security.