Kelly Jackson Higgins reports on ICS/SCADA experts who recommend open-source network security monitoring software as a simple and cheap way to catch hackers targeting plant operations.
Free open-source network security monitoring tools provide a simple and inexpensive technique for detecting threats within ICS/SCADA environments. These tools can help spot unusual file traffic or command and control communications.
"NSM would have caught" Stuxnet, says Sistrunk, senior consultant with Mandiant's ICS practice. It would have shown, for example, the infamous malware getting updated, he says
Network security monitoring has traditionally been used by IT security. But it can be effective securing ICS environments because it's non-intrusive and shouldn’t disrupt real-time critical processes or operations.
"It all comes back to the premise … know your network," Caldwell says. That means watching the flows of traffic and knowing what's normal and what's not, and drilling down into what types of sessions and transactions occur, he says. "Not just looking at data, but at any extracted content, what kind of files are spreading around the network, and what Web pages are being hit or DNS servers are being resolved," he says.
"Communications going to and from PLCs … should be very consistent,"