WannaCry and What to do for ICS

As we are very certain by now you have heard all about WannaCry and its multitude of possible variants.  What is maybe not so clear is what should you do about it.  To cut to the chase the following should be investigated/executed at a minimum as soon as possible:

  1. Apply the Windows SMB Patch as soon as possible. Note an emergency patch for unsupported versions of windows including: Windows XP, Vista, Server 2003 or 2008 is available for older systems as well (See Microsoft Security Bulletin MS17-010 – Critical)
  2. Block SMB ports (139 and 445) between IT/OT networks   (no connection between systems since uses data diodes)
  3. On systems that don’t require use of SMB, disable it altogether (Microsoft instructions can be found here) or block it using the endpoint firewalls
  4. On systems that may require SMB for services that are less important, consider disabling SMB  until patches can be applied
  5. Quickly review disaster recovery plans and determine which windows-based ICS systems have current backups. Image or backup those systems as soon as possible to aid in rapid recovery if these systems become infected
  6. Additionally, ICS security teams need to remain vigilant for new variants of the WannaCry which may use new replication techniques.

Now that you have your marching orders here are a couple of other sources of information for you to review.  The first article is one written by our very own Technical Director for EMEA based in the UK.  His article ‘When Worms Attack Critical Infrastructure ‘can be found here.

Additionally our senior advisor and ‘godfather’ of ICS security Eric Byres helped out our friends at ISSource with his article titled ‘How to Protect Against WannaCry’.

And be sure to check back soon – very shortly we will be publishing a more detailed analysis about how an orchestrated tool like our Verve Security Center and its 100% visibility into your assets, their status and the ability to tune end points from our portal could speed future efforts like this.  Stay tuned!

RKNeal Orchestration Concept Published in ARC View

The risk of cyber incidents remains high for industrial plants and critical infrastructure. Many operators have invested in sophisticated cyber de-fenses, but most struggle to sustain them. Staffs are overwhelmed with the complexity of managing a never-ending stream of product patches and updates for a multitude of assets and security products.

Verve Security Center helps to cut through the confusion, minimize the effort and maximize accuracy and efficiency of an operational based cyber security program. Recently Verve worked with ARC to define and describe what has been coined an ‘orchestrated approach’ to cybersecurity. To read the full ARC view report click here.

Where To Find ICS Security Breach Data

It can be a struggle to find real data regarding what is going on in the ICS threat landscape. But if you know where to look, the data is out there. A recent article highlights 6 great resources:

For more for background on these ICS threat data sources, and the full article see: Where-to-Find-Hard-to-Get-Industrial-Security-Data

Protecting Industrial Control Systems: An Integrated Approach

Technical white paper

Through our work with critical infrastructure operators we have studied a significant number of security solutions offered to meet both the minimum regulatory requirements as well as the more stringent security requirements of industry leading companies. Our findings are not unsurprising, but unfortunately we did not find a solution that was comprehensive or offered the defense-in-depth strategy necessary for adequate protection.

The purpose of this white paper is to present a novel cyber security framework for deploying and managing best-in-breed cyber threat management products across multiple OEM vendors.

To read the full white paper, please click here.


What Specific NERC CIP Standards Does The Verve Security Center Apply To?

Verve recently developed a new brochure to highlight what specific NERC CIP version 5 standards the Verve Security Center applies to. The Verve Security Center is a centralized security suite that consolidates multiple best of breed technologies into a unified management console.  We understand the unique differences between traditional IT environments and industrial control systems (ICS) because of our extensive ICS background. For the past 22 years, Verve and its predecessor, Rkneal,  have been focusing on turnkey DCS, PLC and SCADA upgrades within the utilities industry. In fact, the power industry represents 90% of our business.

Verve helps automate many of the requirements associated with CIP 005, 007, 009 and 010. It also provides several layers of evidence gathering. For more information, please download our NERC CIP Mapping brochure.


DHS Report, Application Whitelisting And Patching Play A Crucial Role

Application whitelisting and patch management are just two of the technologies integrated into the Verve Security Center

According to a recent United States Department of Homeland Security (DHS) report, application whitelisting and proper patch management mitigate 67 percent of “common exploitable weaknesses in “as-built” control systems.” The December 2015 report, “Seven Strategies to Defend Industrial Control Systems” highlights the rise in cyber attacks targeting U.S. critical infrastructure.

Of the 295 incidents reported to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) last year, the reports cites 98 percent would have been prevented if system owners would have implemented their recommended strategies. As a result, the report details its top seven strategies to protect industrial control systems (ICS) from today’s modern attacks.

“This is the beauty behind the Verve Security Center,” said Adam Brewer, Director of Business Development. “Verve deploys a true defense in depth strategy. In addition to application whitelisting and patching, Verve consolidates antivirus, change management, security information & event management (SIEM), vulnerability assessments, intrusion detection and backup management technologies into a unified management console.”

Since 2009, Rkneal has deployed the Verve Security Center at multiple power plants and substations.


How Is The Verve Security Center Different?

There are a number of cyber security products currently on the market that specialize in change management, asset management and vulnerability assessments. But when it comes to executing and deploying actions (i.e. patching, antivirus scans, backups, etc.) from a single, unified console – these products are quite limiting. As a quick refresher, the Verve Security Center is a centralized security suite that consolidates multiple technologies into a single solution. These technologies include:

  • Antivirus
  • Application Whitelisting
  • Vulnerability Scans
  • Change & Configuration Management
  • Patching
  • Backup Management
  • Security Information & Event Management (SIEM)
  • Compliance

Execute Actions From A Single, Unified Console

Regardless of whether you want to deploy patches, capture a full-image backup, execute an antivirus scan, install agents or run a vulnerability assessment, these actions are all done in the same consistent manner – using a single interface. From a customer perspective, the Verve Management Console is the real power behind the Verve Security Center because it provides a level of simplicity and flexibility not seen in other products.

“Our customers demand a product that is easy to setup and maintain,” says Adam Brewer, Director of Business Development. “This is especially true if the customer wants to standardize their fleet. The Verve Management Console provides users with a single location to not only execute actions, but also gather evidence and generate reports. In addition, it allows our customers to automate many of the processes associated with compliance.”

Vendor Agnostic

As systems integrators, nearly all of the facilities we walk into do not have the luxury of a single DCS or PLC system. Instead, multiple controls platforms are present. We made certain the Verve Security Center was vendor agnostic and able to support multiple DCS, PLC and SCADA platforms. In fact, Verve is currently protecting a power generation facility where eight different control systems are present.

Geared Specifically Toward Control Systems

Verve was founded as Rkneal, an industrial engineering firm, over 20 years ago.  ICS is was what our company was founded on over two decades ago – and this area of expertise remains our core business today. When designing and developing the Verve Security Center, one of our guiding principles was to never impact or disrupt the operations environment. This forced us to take into account CPU usage, scalability and ensuring the technologies we leverage never automatically reboot endpoints. It also allows us to setup vendor profiles based on our controls experience – we know what ports and services are required for each control system and can use predefined templates – saving our customers precious time.

For more information on the Verve Security Center or to schedule a product demo, please contact us.


Verve Security Center Case Study

Tripwire, a leading provider of advanced threat, security and compliance solutions, recently featured the Verve Security Center, in a case study. The study highlights the “plug and play” capability, which easily enables our clients to integrate best-in-class solutions into Verve’s centralized management console.

According to Adam Brewer, Director of Business Development, “The decision to integrate Tripwire CCM into our flagship product, the Verve Security Center, was a very easy one: Most of our clients already have it in their current infrastructure so it allows us to leverage their current environment.”

The Verve Security Center is a centralized security suite that consolidates multiple cyber security technologies into a unified management console. Instead of developing our own proprietary technologies, we decided on a hybrid approach to leverage best of breed products. Extensive research, product review and evaluation helped us compile a list of the highest rated cyber security technologies.

To read the entire study, please visit Case Study.

About Verve:

Verve is a world-class engineering firm specializing in industrial control systems, cyber security and technical services. Since 1994, Verve and its predecessor, Rkneal, have successfully completed several intricate control system projects ranging from complete migrations, upgrades and conversions from older legacy systems to modern controls.

Our engineers have worked with every major DCS, PLC and SCADA system currently on the market. This broad range of control system expertise allows us to offer the best solution without bias toward a particular control system vendor. Learn more at rkneal.com.

About Tripwire

Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers
and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based
on high-fidelity asset visibility and deep endpoint intelligence combined with business-context, and enable security automation
through enterprise integration. Learn more at tripwire.com.


ICSJWG 2015 Fall Meeting

Rkneal is exhibiting at the Industrial Control Systems Joint Working Group (ICSJWG) Fall Meeting October 27-29 in Savannah, Georgia. This event will include two and a half days of interactions and discussions through keynote speakers, practical demonstrations, plenary and breakout presentations, plenary and breakout panels, lightning round talks, and non-classified briefings. This is also the first year that ICSJWG will have a Vendor Expo.

The Meeting provides an opportunity for government professionals (federal, state, local, tribal, and international), control systems vendors and systems integrators, research and development and academic professionals, and asset-owners and operators to network with cyber security peers and stay abreast of the latest initiatives impacting security for industrial control systems and our critical infrastructure.

For more information on this event, please visit ICSJWG Fall Meeting.