McAfee FOCUS: Critical Infrastructure Security Requires Partnerships

LAS VEGAS – McAfee FOCUS 2012 – Solving security challenges to critical infrastructure companies requires partnerships between vendors, a panel of solution providers and experts said today at McAfee’s Focus conference in Las Vegas.

Working closely with suppliers, explained Gary Woodward, director of business development at Emerson Process Management and Water Solutions, ensures that products are integrated and working optimally.

“You don’t want a Blue Screen of Death in front of an operator,” he said.

A report released this year by the U.S. Industrial Control System Cyber Emergency Response Team (ICS-CERT) underscores why. According to the report, there was a dramatic increase in the number of reported cyber-security incidents affecting critical infrastructure companies in the United States between 2009 and 2011. In 2009, ICS-CERT received nine incident reports. By 2011 that figure had jumped to 198.

In April, a survey of 104 security pros in the energy sector sponsored by nCircle and EnergySec revealed that 61 percent felt that smart meters did not have sufficient controls to protect against false data injection.

Historically, many industrial control systems were not designed with security in mind – nor was the overall architecture, said Philip A. Craig Jr., a researcher at Pacific Northwest National Laboratory.

“There are a lot of sacrificial lambs and kind of low hanging fruit that may exist in industry today,” he said.

As part of its strategy of addressing this, McAfee is working with companies focused on critical industry, such as nuclear power and electric companies. For example, McAfee has partnered with Waterfall Security Solutions, which joined McAfee’s Security Innovation Alliance program earlier this year, to integrate Waterfall’s Unidirectional Security Gateway solutions with McAfee’s ePolicy Orchestrator and other products. In addition, McAfee and Westinghouse Electric Company announced an agreement today in which Westinghouse will provide McAfee Enterprise Security Manager and Network Intrusion Prevention Systems to nuclear power plants.

In a statement, Ken Levine, senior vice president and general manager of McAfee Risk and Compliance, applauded the partnership between the company and Westinghouse, noting that the integration will add another layer of security into components in control systems.

“This partnership is a great step in the essential fight to keep critical infrastructure safe,” he said.

While security pros may dream of a world where all critical systems are isolated and disconnected in the name of security, this is not always practical in the real world, Lior Frenkel, CEO of Waterfall Security Solutions, said during the panel discussion.

“We must enable businesses to work efficiently,” he said.