Cyber Forensics-- at long, long last

Finally, something Joe Weiss and I have been talking about, begging for, and even shouting about for several years in this blog has come to pass. I personally am delighted to see Lofty Perch beginning to see the importance of forensics. Now if the rest of the industrial control security business could just climb on the bandwagon with me, Joe, Mark Fabro and RISI...

Good one, Mark.

 From the press release: 

Guidance Software Unveils Industry’s First Forensic-based Critical Infrastructure Security Solution

Teams with Lofty Perch to Enhance Security for Industrial Control Systems and SCADA

PASADENA, Calif., August 11, 2010 – Guidance Software, Inc. (NASDAQ: GUID) today announced a new relationship with Lofty Perch, Inc., a global leader in cybersecurity solutions for industrial control and SCADA systems, designed to help organizations quickly expose, respond to and recover from security incidents including advanced persistent threats.

Lofty Perch will use Guidance Software EnCase® Cybersecurity to give companies – such as those in the utilities and energy space – the power to discover malicious or improper files and expedite restorative activities in industrial automation environments through the industry’s first forensic-based critical infrastructure security solution.

Until now, industrial control and SCADA systems asset owners and operators have struggled with how to perform critical forensics without taking mission-critical systems offline. With Guidance Software EnCase technology, operators can perform forensic analysis while systems are operational with little impact to performance and availability.

“There is a clear need for cyber forensics and incident analysis management capabilities for industrial automation,” said Bob Radvanovsky, a leading expert on SCADA security and co-founder of Infracritical, a firm that provides research and information security awareness programs to critical infrastructure throughout North America. “This effort will combine the expertise of Lofty Perch and Guidance Software to deliver a first-of-its-kind capability to address the emerging problem of cyber forensics within the industrial automation domain.”

SCADA/Incident Command Systems (ICS) were not designed to be exposed to external domains. Recent convergence of formerly disparate systems has opened critical infrastructure up to security threats and vulnerabilities traditionally only found in the IT sector. The recent Stuxnet worm showcases the growing threat, with the emergence of customized malicious software that exploits zero-day vulnerabilities and specifically targets SCADA systems. Due to high availability and performance requirements, combined with legacy technologies, these systems often lack the capability to support forensic analysis after an incident or system failure. As a result, administrators are unable to determine if the system experienced a normal failure or a security attack. Lofty Perch will offer cybersecurity solutions that include Guidance Software EnCase Cybersecurity enterprise software to help determine whether abnormal system behavior or failures are the result of a cyber attack or benign system nuances.

“Despite the fact that the process control industry including electric, water, oil, and gas are prime targets of malicious cybersecurity attacks, many of these organizations don’t have the post-incident cyber analysis tools to distinguish between a normal system failure or malicious activity,” said Jim Butterworth, senior director of Cybersecurity for Guidance Software, Inc. “Security solutions that can detect and mitigate these events is critical. Our new relationship with Lofty Perch delivers a solution to investigate cyber events in SCADA and control system domains to accurately expose malicious activity and prevent future events from occurring.”

“Companies in the utilities and energy space are under increased pressure to identify and protect against malicious cyber activity,” said Lofty Perch President and Chief Scientist Mark Fabro. “This relationship provides for real-time and post-incident cyber forensic analysis – a vital capability needed in the infrastructure community today.  Together, Lofty Perch and Guidance will enable control system vendors, asset owners, and investigators to more accurately determine cyber incident root causes and expedite restorative activities in industrial automation environments.”