Protecting the Edges

June 13, 2007
"CERN, the European physics lab that was the birthplace of the World Wide Web, tested 59 different PLCs they owned and found that they had huge numbers of failures in those controllers," said control system security expert Eric Byres in a presentation before over 150 Honeywell User Group attendees on Tuesday of HUG week. "PLCs were not designed for security. No sane IT department allows unprotected PCs or laptops, so why are PLCs i...
"CERN, the European physics lab that was the birthplace of the World Wide Web, tested 59 different PLCs they owned and found that they had huge numbers of failures in those controllers," said control system security expert Eric Byres in a presentation before over 150 Honeywell User Group attendees on Tuesday of HUG week. "PLCs were not designed for security. No sane IT department allows unprotected PCs or laptops, so why are PLCs immune?" Byres asked.So, when he was the Director of the Internet Security lab at the British Columbia Institute of Technology (BCIT), Byres started a program to design a micro-firewall for what he calls "edge devices" like PLCs, field controllers, field instruments and final control elements."There needs to be a shift in how we look at security," Byres said. There have been dozens of cyber incidents in every process and manufacturing vertical, and they cost real dollars, lots of them. The average cost of a malware incident is about $68,000. The average sabotage cost is much higher. "In the same way the Maginot Line didn't save France," Byres said, a defense in depth strategy is what is required rather than a single bastion-like defense.Honeywell's Global Security Architect, Kevin Staggs (see the video interview in the Wednesday edition of the ControlGlobal.com eNewsletter) noted that process safety and cyber security go hand in hand. Process security is a key Honeywell initiative, Staggs said, and defense in depth is the key to the initiative."Security is a journey," Staggs commented, "not a destination." Honeywell is partnering with customers and suppliers, taking leadership on standards committees like SP99 and SP100. "We've published a Networking and Security Planning Guide to help customers get up to speed on state of the art procedures and practices as they implement their own security policies," Staggs said."IT is not the enemy," Staggs went on to say. "We need to learn from each other. Most IT practices can be applied directly, and those that can't must be known, discussed, and negotiated into new practices that work in the process environment."Back to the micro-firewall, Byres went on to describe the program from BCIT to the present day. The BCIT study found that just using a COTS firewall wouldn't work. They aren't industrially hardened, they don't understand the controls environment, they aren't extensible, they are not at all easy to use, and management of change in a process environment is essentially impossible for a COTS device. The study concluded that a micro-firewall that could be used to protect the edge devices in the system needed to have an industrial form factor, be electrician friendly, and controls technician friendly; have control system functionality built in and be extensible.By this time, Byres had left BCIT and formed his own company, Byres Security to develop a device that met those specifications. He calls it the Tofino Device, and has licensed it to MTL, a Honeywell partner. It has a Zero Configuration Deployment Model, is simple to operate using self tuning, rules based learning and no complex rules. "It wakes up and looks at the network and configures itself the way it is supposed to run," Byres reported. It is more than a firewall, too. It is extensible, and can be integrated into a global Management of Change procedure."We can't hide behind the "˜great big firewall,'" Byres concluded. "Defense in depth is critical and those best practices and solutions are available now. We need to start using them."