- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
A large medical-grade gas firm is installing intrusion-prevention systems to circumvent security problems that the government fears are a menace to power utilities and other essential industries.
At each of Air Liquide Large Industries' 130 plants in the United States representing 4,500 users, the $323 million company can now segment its Internet-exposed business network from its supervisory, control and data acquisition (SCADA) network - the network that monitors and controls the devices that run the plants, via Top Layer IPS boxes, says Charles Neely Harper, director of national supply and pipeline operations for the company’s U.S. facilities.
The IPS gear tackles a problem that looms over power, chemical, petroleum and other plants that rely on SCADA networks - namely these networks are vulnerable to cyberattacks because they are connected to corporate networks with Internet access.
The U.S. Departments of Energy and Homeland Security have demanded policies that deal with protecting SCADA networks, but the problem has largely not been dealt with.
Earlier this year, for example, a security expert speaking at the RSA Conference in San Francisco recounted performing a penetration test at a power utility network during which he cracked the network using elementary social manipulation and drive-by malware downloads.
Even without malicious intent, SCADA failures result from this close linking with business networks. For example, in March a nuclear plant in Georgia was shut down for two days because the reboot of a PC to upgrade software zeroed out data on SCADA systems, and that was interpreted as a drop in cooling-system water levels.
And SCADA software can be vulnerable to exploits, such as the one revealed this week by Core Security, which found the buffer-overflow flaw in a commonly used commercial SCADA application.
"You can’t have your control computers be distracted from your primary business,” says U.S. Air Liquide’s Harper. “That was our model."
So the company hired a consultant to recommend what to do about its architecture. At each site, the company had a distributed control system (DCS) monitored and controlled by one or two PCs, he says. The PCs were also used by engineers to perform duties on the business network. “You’d have this exposure where I could accidentally plug in this traveling laptop into this industrial network and contaminate the system,” Harper says.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment