When governments began worrying about cyber attacks on critical infrastructure several years ago, their prime concern was networked industrial control systems (ICS). Banks could be crippled through IT systems, but electrical utilities, factories, pipelines and the like could be jammed by raising device temperatures or pressures through their operational, or ICS, networks.
One of the most recent examples was last year’s attack on power stations in Ukraine, which temporarily knocked out electricity to some 220,000 businesses and households into darkness for six hours..
Israeli startup Aperio Systems today announced a new service it says can protect operational control rooms from being fed phoney data that mask an attack on critical supervisory control and data acquisition (SCADA) applications on ICS networks.
Called Data Forgery Protection, the solution uses proprietary algorithms search for the fingerprints of normal data sends an alert when a mismatch from forged data is discovered. It can reconstruct the real values of the data and restore it to its original state in real time.
Interestingly, one of the examples the company gives to show the damage that can be done through what it calls forged data is the 2010 cyber attack on Iranian nuclear centrifuges allegedly with the Stuxnet worm that reportedly caused the machines to spin wildly out of control and causing permanent damage.
Widely thought to have been created by Israel and the United States, few verifiable details are avaialble about the attack. However, Aperio CEO Yevgeni Nogin and vice-president of products Michael Shalyt said in an interview one of the ways the attackers got away with it by feeding phoney data to the centrifuge control room to convince technicians nothing was wrong.
“We’re focusing on the physical layer (of the network), on the actual machinery that can be destroyed, or the product that can be tampered with,” said Shalyt. “Once you destroy a gas turbine – aside from the fact it costs a half a billion dollars to buy one – it takes months to ship and replace. If you destroy 10, 20 per cent of the largest electricity turbines in the U.S., there is literally not enough energy for everyone … until they are replaced.”
“Our job at Aperio is to detect whenever a physical data (from a sensor) is falsified,” he said. These devices can sent back thousands of pieces of digital data, he said. “We define a line of defence against critical damage.”
To simplify things, Aperio has a record of historical device data which it compares to what the operator is receiving in real-time. Attackers, said Nogin, can forge data largely in three ways: Record and replay old normal operating data; transform a data signal, or generate a synthetic signal with an algorithm. Aperio can detect those and more, he said, through advanced machine learning.
The solution runs on a Linux server on premise or can be bought as a cloud-based SaaS service. Nogin stressed that either way it taps into device data already in operational servers; it doesn’t sweep network traffic.
The cost of the solution depends on the size of the project, Nogin and Shalyt said. Distribution is still being worked out but potential Canadian customers can contact the firm directly.