Share

Related Links

Related Stories

Top 5 Stories

News

Whitelisting is the solution for the national infrastructure

21 June 2012

The Pacific Northwest National Laboratory and McAfee have produced a report on securing industrial control systems within the critical infrastructure. It concludes that whitelisting and related technologies are the best solution.

The report from McAfee and PNNL, Technology Security Assessment for Capabilities and Applicability in Energy Sector Industrial Control Systems, suggests that traditional security will inevitably leave industrial control systems (ICS) exposed. “What’s actually going on onboard the ICS computing platform remains a mystery to the operator, and even some of the most skilled IT professionals,” it concludes.

The problem is that the nature of threat has, since Stuxnet and Duqu, changed. “Today, we have this new threat which isn’t really the brawler a botnet is, or the bully that malware can be. This new threat seems to have the disposition of a cyber-sniper... The Stuxnet malware attacked Windows systems using an unprecedented four zero-day attacks.” 

Zero-days cannot be stopped by traditional blacklisting security – and it is for this reason that the report promotes increased use of whitelist technologies. In particular, it suggest five solutions: dynamic whitelisting, memory protection, file integrity protection, write protection, and read protection. In short, the report promotes a switch from preventing what is bad to only allowing what is known to be good.

Although the report was only published this week, it was actually compiled back in March. As such it makes no mention of the third cyberweapon, Flame, discovered last month. Flame doesn’t change the threat to ICS so much as reinforce it – and empirical support for the conclusions of the report comes from a third party, Bit9. Bit9 is clearly promoting its own products, but the point to bear in mind is that they are whitelisting technologies.

“Flame remained undetected for 2–5 years under antivirus’ watch. It remained undetected under the watch of firewalls, IDS/IPS, and behavioral HIPS solutions,” writes Bit9 in a new blog. But it did not defeat whitelists. “Right now, Bit9 is the only security company to report that they stopped Flame. The only one. Not once, not twice, but over an extended period of time – eight months to be exact. Bit9 protected one of its customers before anyone, including Bit9, knew what it was.”

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security  •  Public Sector

 

Comments

lancop1 says:

25 June 2012
Whitelisting and file system change monitoring solutions like Bit9 Parity are essential tools for ALL sizes of computer networks, including small SOHO and SMB networks. Unfortunately, Bit9 isn't interested in customers with less than 100 users, so huge swathes of the IT community can't get their hands on this essential technology. What is needed is an inexpensive microsecurity appliance that implements a Bit9 type technology that can be dropped into smaller networks and provide effective whitelisting & file system change monitoring features. With our medical records, credit card data, and other personal information residing on small business networks, effective endpoint protection is no longer just for the big guys. Please make it happen Bit9.

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×