Kaspersky Lab Second ICS Operators with Adaptive Information Security
“When implementing an enterprise’s cybersecurity system, it is very difficult to assess how effective it will be. Expensive solutions are not always the most effective,” pointed Andrey Doukhvalov, Head of Future Techs, Chief Strategy Architect, Future Technologies, Kaspersky Lab.
In a bid to transform the adaption of end-to-end conventional security systems, Kaspersky Lab has come up with a patented method of modeling IT security for enterprise’s according their needs.
Capable of analyzing the ways in which malware affects different elements of the IT infrastructure, the newly patented method can be used to simulate the possible effect of malware on the infrastructure as a whole and to choose the most effective methods of neutralizing threats based on a specific enterprise’s top security criteria. The patent was issued by the United States Patent and Trademark Office.
In an age of ubiquitous Internet-connectivity, an enterprise’s industrial network needs protection from cyber-threats at least as much as its office IT infrastructure does, if not more so. According to the RISI analytical agency, every tenth enterprise has suffered losses of between one and 10 million dollars from cyber-incidents that resulted in the disruption of an industrial process. In 2013, the downtime caused by a cyber-incident in an industrial network lasted 24 hours or more in 25% of cases.
In most cases, infection of the industrial network started with cybercriminals penetrating the corporate network. Importantly, there was often a direct data transfer channel between the two networks, with little or no protection. The next most popular method was found to be penetration via remote access to the industrial network (directly from controllers or the remote offices of the organization/contractor) using a Wi-Fi and/or cellular wireless channel and incorrect VPN connection settings. Access to the Industrial Control System (ICS) from contractor networks deserves a special mention, since it is impossible to fully control the security of a contractor’s remote networks and to inform the contractor’s employees about IT security rules.
The method patented by Kaspersky Lab is claimed to make it possible to create a model of an enterprise’s IT security system in several stages, adapt the security system to the enterprise’s specific requirements and identify the most effective methods of mitigating IT security incidents in an industrial network.
In the first stage, a complete model of the enterprise with all its electronic systems is created, based on the topology of computing devices and their connections.
Next, the impact of malware on each individual computing device is reproduced and the result of that impact is modeled. In all subsequent stages, the IT system’s response to different malware-related events is calculated, as well as the most effective measures to mitigate the unwanted effects of these events.
“Modeling security incidents and designing an optimal response strategy for a specific information system can be used to calculate the most effective measures to protect industrial processes based on predefined criteria, such as data confidentiality or industrial process continuity adds Doukhvalov.”