Utilities and Critical Infrastructure

Specialized Security and Compliance Solutions for Critical Infrastructures

NitroSecurity understands critical infrastructure: we're born from the U.S. Department of Energy's Idaho National Labs, and provide security monitoring and compliance solutions to some of the world's largest utility vendors and asset owners. We've used our experience to develop specialized support for critical infrastructures directly into NitroView, to support the unique requirements of this industry, including:

  • Passive monitoring of SCADA and DCS systems and protocols
  • Groundbreaking Integration with PI System historians for unified IT and OT security management
  • Active and dynamic protection to maximize security while maintaining reliability
  • Centralized data collection, retention and reporting to satisfy NERC CIP, CFATS and HSPD-7 compliance

The result is an end-to-end solution for monitoring control systems and cyber assets, designed to protect your critical infrastructure and to produce a clear audit trail of how critical assets are used, and what systems are at risk. NitroView's unprecedented ability to centrally monitor, analyze and report on security events across both IT and OT network zones allows for the detection of advanced "Stuxnet-class" cyber attacks, while facilitating compliance solution for ISA-99, CFATS, NERC CIP, or NRC regulation 10 CFR 73.54, and others.

In addition to best-in-industry security tools, NitroSecurity also delivers professional consulting, implementation, and compliance services, leveraging our network of strategic partners in all areas of critical infrastructure protection and compliance. NitroSecurity can provide everything that you need to identify and remediate known issues, and establish sustainable compliance.

 

  • Overview
  • Electrical
  • Nuclear
  • Chemical
  • DCS Support

NitroSecurity provides a wide range of products and services tailored for critical infrastructure deployments, including Monitoring, Protection, and Compliance Reporting.

Monitoring

Monitoring critical control systems and networks can be difficult, because not all SCADA and DCS devices communicate their actions effectively via logs. To further complicate matters, many cyber assets use specialized protocols to communicate on Ethernet networks, and some aren't Ethernet-connected at all, using legacy serial connections—making passive monitoring of these devices difficult.

NitroView overcomes these challenges by understanding how control systems operate and comunicate, and using that understanding to develop the tools necessary to:

  • Monitor SCADA and DCS networks, applications, and protocols for indications of risks and threats to your critical infrastructure
  • Monitor databases and applications to ensure the integrity of personnel records, privileges, and policies
  • Monitor Historian systems to gain additional visibility into the actions and operations of a wider array of SCADA and DCS devices

All monitored activity is analyzed, allowing NitroView to detect risks and threats against the control system. The activity is also logged, producing a fully centralized and automated audit trail of device activity, which is necessary for NERC CIP, CFATs, and HSPD-7 compliance.

Protection

In critical systems, the active protection of systems and services is paramount. However, at the same time, these systems demand 100% reliability, meaning there is zero tolerance for false positives when implementing automated cyber defenses.

NitroView takes a unique approach to maximes the active protection of control systems without impacting reliability:

  • Establish a reliable Electronic Security Perimeter using SCADA and DCS aware Intrusion detection and prevention systems (IDS/IPS)
  • Passively monitor activity within the process control system, including network-, user-, application- and even Historian monitoring
  • Dynamically adapt the ESP to identified risks and threats, to effectively lock down critical systems during an incident

This allows NitroView to detect complex attacks, low-and-slow attacks, covert communication channels, and even zero-day attacks such as the Stuxnet worm. NitroView is able to then block suspected threats at the security perimeter—outside of the control system, so that the control system's internal operations are never impacted.

Compliance Reporting

The centralization and automation of data collection and reporting required by NERC CIP, CFATS, and HSPD-7 has always been difficult due to the diverse nature of cyber assets. Many of these devices lack the ability to generate appropriate logs on their own. Others use specialized protocols or even serial interconnections, making them difficult to integrate into Ethernet and IP-based security information management systems.

NitroView overcomes this challenge by integrating with key components of the industrial and process control systems, and by understanding the unique protocols used in SCADA and DCS systems so that all information can be managed together. This allows NitroView CIP to:

  • Generate auditable security logs for all monitored assets and activity
  • Simplify log reviews with NERC-CIP dashboards
  • Produce comprehensive NERC-CIP compliance reports

The result is a single, automated compliance automation solution that addresses many of the security monitoring and documentation requirements of NERC CIP, CFATS, and HSPD-7, such as:

  • Asset reports, including cyber asset inventories, risk assessments, and incident reports
  • Assessment of risks and vulnerabilities associated with those assets
  • Automated report generation and notification of cyber incidents or sabotage
  • User reports to produce an audit trail of all user activity, privileges and transactions
  • Exception reporting to track anomalous activities or policy violations

NitroView is the leading Security Information and Event Management (SIEM) and Log Management solution for NERC CIP, designed to protect your generation, transmission and distribution infrastructures in addition to your business networks. It's the only SIEM that understands SCADA and DCS protocols and is able to passively monitor these industrial protocols to detect everything from policy violations (such as the use of DNP3 outside of SCADA network zones), to hidden threats (such as a Command & Control channel hidden within Modbus/TCP traffic). NitroGuard Intrusion Prevention System (IPS) is also SCADA and DCS protocol aware, helping to build a strong Electronic Security Perimeter that can — with the help of central analysis from NitroView — dynamically lock down the ESP in response to detected threat behavior.

Centralized Monitoring and Reporting

NitroView provides an end-to-end solution for monitoring control systems and cyber assets, designed to protect your critical infrastructure and to produce a clear audit trail of how critical assets are used, and what systems are at risk. NitroView even integrates with OSIsoft's PI System data historian, enabling NitroView to monitor both IT and OT systems, bridging the divide between IT and OT systems for the first time ever — an important consideration when attempting to centrally document and report security incidents and configuration changes on networked HMIs and other cyber assets to comply with NERC CIP.

  • Monitor SCADA and DCS networks, applications, and protocols for indications of risks and threats to your critical infrastructure
  • Monitor databases and applications to ensure the integrity of personnel records, privileges, and policies
  • Passively generate security logs & events for cyber assets
  • Establish a reliable Electronic Security Perimeter
  • Dynamically adapt to identified risks and threats
  • Generate auditable security logs for all monitored assets and activity
  • Simplify log reviews with NERC CIP dashboards
  • Produce comprehensive NERC CIP compliance reports

Compliance

NitroSecurity has partnered with some of the industry's most respected NERC CIP consultants to provide turn-key compliance solutions, from an initial compliance assessment to the full deployment and customization of NitroView and NitroGuard products in order to attain and maintain ongoing NERC CIP compliance.

NitroView's ability to monitor all aspects of enterprise and industrial control networks makes it the ideal solution for securing licensed nuclear facilities. With direct support for SCADA and DCS protocols, and integration with PI System historians for the collection and analysis of point data, NitroView is able to monitor activity within secure network zones. At the same time, support for uni-directional operation across data-diodes allows NitroView to communicate this information outside of secure zones, where it can be correlated against other network and security information from business and supervisory networks.

Centralized Monitoring and Reporting

NitroView is the only SIEM and Log Management solution that's able to monitor user, network, system and application activity — from both IT and OT sources — across all security zones. The result is a true, centralized information repository with everything needed to satisfy the Nuclear Regulatory Commission's 10 CFR 73.54 regulations. NitroView's ability to directly monitor database and application content, and to actively protect it using NitroGuard IPS, also facilities compliance with NRC regulatory guide 5.71, and NEI 08/09.

  • Monitor SCADA and DCS networks, applications, and protocols for indications of risks and threats to your critical infrastructure
  • Monitor databases and applications to ensure the integrity of personnel records, privileges, and policies
  • Monitor multiple security zones, with user, role, and zone-based access controls
  • Centralize security analysis and reporting across zones, securely, over data diodes and uni-directional gateways
  • Generate auditable security logs for all monitored assets and activity

NitroSecurity's content aware security information and event management (SIEM) solutions provide the security tools needed to comply with the DHS's Chemical Facility Anti-Terrorism Standards (CFATS). Together, NitroView and NitroGuard appliances provide the necessary monitoring, reporting and active protection needed to address the majority of Risk Based Performance Standards (RBPS) metric 8 ("Cyber") as well as aspects of Metrics 6, 7, 14, and 15 that relate to cyber security, greatly facilitating CFATS compliance.

Centralized Monitoring and Reporting

NitroView is the only SIEM and Log Management solution that's able to monitor user, network, system and application activity — from both IT and OT sources. The result is a true, centralized information repository that's capable of tracking and monitoring chemicals of interest, including how they are procured, stored, processed, and shipped. With NitroView's advanced threat, risk and anomaly detection capabilities, this information can then be used to monitor for indications of theft, misuse, or sabotage.

  • Monitor Business applications and Control System operations to monitor chemicals of interest
  • Monitor databases and applications to ensure the integrity of personnel records, shipping manifests and chemical controls
  • Monitor multiple security zones, with user, role, and zone-based access controls
  • Centralize security analysis and reporting across zones, securely, over data diodes and uni-directional gateways
  • Generate auditable security logs for all monitored assets and activity

Applies to: NitroView ESM, NitroView DBM, NitroView ADM, NitroGuard IPS

SCADA and DCS Protocols

  • CANbus/CANopen
  • CIP
  • DNP3
  • Ethernet/IP
  • HART
  • ICCP
  • Modbus
  • OPC
  • Profibus
  • RPC

SCADA and DCS devices

  • DCS Controllers
  • HMIs
  • PLCs
  • RTUs/MTUs
  • Data Historians
  • Process Information systems

Control System Infrastructure & Security

  • Network Switches & Routers
  • Data diodes and Uni-directional Gateways
  • Network IDS, Firewalls and ESP devices
  • Host IDS, Anti-Virus, and Application Whitelisting systems

HMI Hosts / Operating Systems

  • HP, HP-UX (Hewlett-Packard)
  • IBM, IBM AIX OS
  • IBM, ISS Desktop Protector
  • IBM, ISS Real Secure Server Sensor
  • ISA, Snare
  • LINUX, LINUX
  • Microsoft, Microsoft IIS
  • Microsoft, Microsoft Operations Manager
  • Microsoft, WMI
  • Red Hat, Red Hat Linux OS Events
  • Sun, Solaris BSM
  • Sun, Solaris OS Events
  • Symantec, Symantec Intruder Alert
  • Type 80, Type 80 SMA_RT
  • VMWare, VMWare Server (version 1 to 4)

NitroView and NitroGuard support a wide variety of SCADA and DCS protocols and devices, through a combination of direct monitoring, direct log collection, and  also via tight integration with industrial control systems and/or data historians.  The result is support for a variety of control system environments, from all of the leading industrial automated control systems asset vendors.  For details on how to support specific SCADA and DCS systems, please contact critical-infrastructure@nitrosecurity.com

Note that this support is in addition to our enterprise device support, which can be found here.