ATLANTA – 2014 ICS Cyber Security Conference – Ultra Electronics, 3eTI, a maker of cyber-technology solutions designed to secure critical infrastructure and improve operational efficiency, expanded its CyberFence product lineup with new devices that push encryption, port authentication, and firewall technologies onto non-traditional endpoints.
Overall, CyberFence is comprised of five products that provide endpoint protection for non-PC systems. The products include DarkNode, EtherGuard, EtherWatch, UltraCrypt, and Criticom ISEC.
DarkNode protects industrial control systems networks by fortifying the endpoints, said Alex Tarter, group cyber-security technical lead at Ultra Electronics, 3eTI, told SecurityWeek at the 2014 ICS Cyber Security Conference in Atlanta this week. “The endpoints shouldn’t trust the network, and the network shouldn’t trust the endpoint either,” Tarter said.
DarkNode provides programmable logic controllers and other industrial control systems with essential security defenses instead of forcing the devices to rely on the network for protection.
No IT administrator would ever put the endpoint on the network without installing some security software on it, regardless of what other security defenses are deployed on the network level, said Benga Erinle, president of Ultra Electronics, 3eTI. Windows PCs have a built-in firewall build-in to the operating system. “Yet when PLCs are connected to the network, the network defenses are sufficient,” Erinle said. DarkNode acts as the security software for the PLCs.
DarkNode provides low-latency Layer-2 inline encryption to protect all communications passing through the device. Because the encryption is performed on the hardware level—meeting FIPS 140-2 and Common Criteria certification—there is no performance hit or latency issues, Tarter said. DarkNode also prevents random endpoints from connecting to the network by enforcing port authentication. The endpoint has a digital certificate which the DarkNode device validates before connecting to the network. By the same token, if a device is stolen, the administrator can disable the certificate and block the device when it tries to reconnect.
The built-in firewall in DarkNode also lets administrators specify rules on who can read or write to the PLC. Administrators can create a blacklist defining what activities to block, or a whitelist defining only the allowed actions.
DarkNode also has the same capabilities of EtherWatch, an industrial firewall for SCADA systems protecting ICS and embedded devices, which separates management traffic from the data traffic. Attackers can eavesdrop on communications data, which is encrypted, but not be able to intercept any of the alerts or other management packets. Or the reverse. DarkNode is also invisible on the network, meaning attackers cannot see DarkNote on the communications traffic side, so they have no way of knowing why their attacks are failing, Tarter said.
For the other products in the CyberFence portfolio, UltraCrypt encrypts data for high-capacity dedicated networks such as MPLS and VLANs, while Criticom ISEC is a secure video conferencing switch for communications across different network classifications.
The products offer FIPS 140-2 and Common Criteria certification.