IntroductionCritical infrastructure is becoming increasingly connected and exposed to advanced persistent attacks and nation-state adversaries, where data tampering and corruption that can lead to significant economic consequences and catastrophic impact on human life. Adversaries, typically sponsored by nation-states, have become sophisticated enough to develop attacks on Industrial Control Systems such as SCADA and PLC, resulting in catastrophic attacks such as the Stuxnet zero-day attack.
Critical Infrastructure Security
Security is often characterized in terms of three components known as the CIA triad – Confidentiality, Integrity and Availability.
Historically the focus of security has been on availability and confidentiality. However for critical infrastructure integrity may be of even more importance. Malware such as Stuxnet represents an attack on the integrity of the system it infects.
Whether nuclear power stations, transportation networks or industrial control systems the bottom line is that confidentiality is secondary to integrity. If you want to take out a country you don’t need to steal secrets. You simply need to manipulate the software inside their power-grid, communications and transport systems and it’s game-over.
These are all integrity attacks and the reality is there is not a single critical infrastructure network can guarantee integrity – i.e. the administrators can prove they are in a clean state. They might be, they might not – they simply don’t know.
KSI provides a new level of instrumentation for system integrity by using KSI digital signatures to digitally sign components, whether firmware, binaries, system events or configurations) the integrity of the infrastructure can be instrumented with the following benefits:
- Real-time Situational Awareness: Directly supports enhanced continuity of operations, data loss prevention due to theft or maliciousness, and is a new form of Advanced Persistent Threat (APT) detection when malware infects a crucial network or system components.
- Protection against zero-day attacks. By monitoring the integrity state of the digital assets, all unauthorized changes in the software and configurations can be detected.
- Integrity Monitoring. Control of the industrial infrastructure relies solely on the sensor data received by the monitoring systems and it is important that the data received is accurate, timely and in clean state.
- Blockchain security implications for the Industrial Internet
- The Industrial Internet, forensics, attribution, and data governance
- Our answer to Peter Thiel: start with integrity
- Why 'lets encrypt everything' misses the point
- 6 reasons security will fail on the Industrial Internet
- Integrity the number one threat to corporations
- Privacy and integrity on the Internet of Things: if all you have is a PKI hammer