Energy, as one of the 14 essential services requiring extra security according to the US Department of Homeland Security, receives additional unwanted attention from cyber-attackers.
The 2015 Dell Security Threat Report showed the number of attacks in 2014 on Supervisory Control and Data Acquisition (SCADA) systems doubled compared to 2013. Most occurred in Finland, the UK and US, probably because the SCADA systems are more likely to be connected to the internet.
SCADA systems control key functions in many critical infrastructure sectors, including wind farms, and are required to be kept secure and isolated from external networks. But it is sometimes necessary to connect portable media products for upgrades or maintenance.
To ensure these products are secure, wind farms owners need to create strict data workflow policies. These may be expensive to implement, but the cost can be justified by looking at the potential fallout resulting from a policy failure. Perhaps the most famous example is the Stuxnet worm attack, introduced via USB, attacking Iran's nuclear facilities.
Security policies should limit portable media only to only those that are necessary for employees to perform their duties. USB drives could be prohibited, and if they are a business necessity we recommend using "trusted" and scanned USB drives, and to exercise extreme caution in allowing use of peripheral media by outside users.
Wind farm owners should also emphasise the importance of never using USB drives or other peripheral media devices of unknown origins on secure systems - it still surprises me how many employees collect and use USB drives from unknown sources.
The secure data workflow policy applicable to workers at wind farms should have multiple layers of protection, such as user authentication and source verification, to prevent unauthorised users or sources from bringing in data to facilitate future access, and guarding against known and unknown risks. Portable media should be classed according to their properties. File types too should be limited, blocking executable files and any encrypted files where no password has been given.
File type analysis and filtering will prevent risky file types from entering the facility, and leveraging multiple anti-malware engines simultaneously increases the likelihood of detecting new risks. Data sanitisation will further protect against the unknown by stripping potential threats out of documents and images.
One recommendation is to use media scanners at the wind farms themselves as well as at the central location where the SCADA data is collected. These scanners range from large kiosks to tablet installations, and operators would be required to scan all portable media drives.
The nuclear industry has led critical infrastructure providers in implementing secure data workflow policies, including portable media scanning. As wind farms increase in number worldwide, it is imperative that they adopt a similar approach. Attacks on energy are increasing; a recent report from US Industrial Controls Systems Cyber Emergency Response Team (ICS-CERT) showed that energy was the most targeted sector among all critical infrastructure providers. Wind farms must protect themselves by defining a robust secure data workflow policy that defines portable media security guidelines and allows the organisation to operate in the most secure and productive way possible.
Tony Berning is senior product manager at software security firm OPSWAT. He specialises in developing products to secure critical infrastructure and SCADA environments.