Hacking attempts on power generators are increasing dramatically

Stuxnet was just the start

The first known case of a cyber attack was the computer worm known as “Stuxnet”, which - according to news reports - caused huge damage to the Iranian nuclear programme. "Stuxnet" was developed as a malware program and was designed for the purpose of attacking supervisory control and data acquisition systems (SCADA systems), as developed by Siemens. SCADA systems are also to be found in water and energy plants, where they are also vulnerable.

Cyber attacks in the Ukraine and the USA

At the turn of the year (2015-16), hackers made the headlines again when they caused a power cut in the Ukraine. The attack caused carnage - on 23rd December, 700,000 households were forced to go without electricity for several hours. It wasn't just the Ukraine, though: in December 2015, the USA was also hit, when hackers attacked one of the biggest power generators in the USA. The hackers entered the networks that control the American power network and were able to steal passwords and access dozens of power plant and power network layouts. With this data, future attacks on power generators are possible. Who has sufficient protection against these intruders?

IT security risks in the power generation sector

Manufacturing environments also require reliable security against cyber risks

It is almost always the case that the IT security solutions which are typically used in the office environment are also thought appropriate for neutralising the new threats to the process IT. Experience has shown, however, that such solutions can only offer manufacturing environments limited protection.

Ethernet and TCP/IP are serving to increase cyber risks

The use of Ethernet and TCP/IP is creating new security problems in manufacturing environments that did not exist before. Ethernet and TCP/IP offer a hacker or malware a standardised distribution channel. A lower level of specialist systems knowledge is required all the time. This also allows for standardised attacks, such as Stuxnet. The existing and new implementations of TCP/IP protocols in equipment are error-prone. These errors can also be security-relevant.

Establishing links with the office IT is opening new doors to cyber threats

The linking of process networks with the office environment or the internet is also leading to new and significant risks in this area. By linking both environments, an increasing number of threats from the office environment are finding their way into production environments. This is resulting in global networks which can lead to global cyber risks.

How the honeyBox® can help in the industrial sector

The honeyBox® provides industrial systems with sustainable protection against cyber attacks

For the operators of power systems, preventing the availability of the systems from being put at risk is the overriding goal. Therefore, in every situation, a honeypot must remain transparent for the rest of the LAN, and it must not influence other systems in the event of a failure. Since the honeypot hosts only act on a passive basis, no impact on the other areas of the LAN is to be expected.

Therefore, security technology that was originally adopted from the office environment can be supplemented to optimum effect. With a correctly configured and adapted honeypot, operators of industrial systems are able to establish an important additional security level which sustainably ensures the active protective mechanisms such as firewalls, anti-virus or intrusion prevention systems.

The honeyBox® has been developed especially for the industrial environment

Commercial honeypot systems, such as the honeyBox® industrial from secXtreme, have been developed especially for the industrial environment. The honeyBox® and other solutions are able to provide both low- and high-interaction honeypots in industrial environments. In the process LANs, they simulate virtual victim systems as bait so as to attract hackers. During their manual or automatic exploration of the network, the intruder comes across virtual honeypots in the LAN which appear to have a poorer level of security than the other systems.

No false alarm: the honeyBox® catches the hacker out and notifies the administrator

The administrator is notified of the attempted attack at the very first contact. The quality of the notification is very high, because responses are made to active hacking attempts only. In the ideal case scenario, for a superior overview, the notification can also be connected to the process visualisation. All notifications should be formulated on a clear and understandable basis so that operating personnel without technical knowledge of IT are able to ascertain the significance of the case immediately.