ICS-CERT, Industrial Control Systems Cyber Emergency Response Team (which is under the DHS umbrella) issued security vulnerability alerts that could potentially impact hundreds of thousands of SCADA industrial controllers/sensors at power plants and other civil infrastructure. ICS-CERT went one step further and recommended “Users minimize network exposure for all control system devices. Control system devices should not directly face the Internet”.
Bayshore Networks SingleKey™ Industrial Edition are currently in POC deployment at U.S. government agencies to secure our nation’s critical civil infrastructure. SingleKey™ IE is a Layer 7 firewall custom-built for SCADA environment and can protect the interfaces between IP networks and non-IP industrial control networks. We are working with security researchers, academics, industrial conglomerates, and government agencies to set the initial security standards and best practices to secure industrial control networks. We believe a network-based approach (using SingleKey™ IE Layer 7 firewall) provides the most flexible and scalable architecture to secure the SCADA infrastructure. In contrast, a host based approach (such as the one proposed by McAfee using embedded software on the sensors/controllers) requires software updates on the decade-old controllers/sensors in the field and could create huge headache for the very thin IT staff at the power plants and other civil agencies.