Intel and McAfee  have announced a partnership to better protect the world’s energy utility ecosystem, including generation, transmission and distribution, from increased cyber attacks. McAfee and Intel have provided a blueprint for a comprehensive solution of multiple products that create layers of security and operate together without great complexity or without impacting availability. McAfee and Intel solutions deliver a variety of technologies for securing the energy environments, decreasing chances of malicious attacks, increasing uptime and decreasing resource intensive responses to fix and update systems. As a jointly created “reference implementation” that mirrors real-world energy environments customers can see the technology implemented fully and integrated across endpoint, network and cloud.  The solution is focused on satisfying the energy industries need for situational awareness, seamless multi-zone protection, native supervisory control and data acquisition (SCADA) support, and remote device mamanagement. 

Challenges Facing Energy Infrastructure

The complexity and diversity of the electrical power delivery systems make protecting them from cyber attacks very difficult.  Energy provider’s infrastructure is comprised of a diverse set of networks that cannot be effectively secured by simply adding technologies designed for typical enterprise IT environments.  Many of the power grids aging assets predate the internet revolution and are particularly vulnerable from attack and unable to identify or report malicious activity up the network chain.  Substations, known as one of the most vulnerable parts of the smart grid, are particularly at risk from attack. Meanwhile, hackers have grown more sophisticated, increasing the need to defuse or deter zero-day and more sophisticated attacks. 

Securing electric power delivery is an enormous task because of:

•         Multiple zones include: Corporate IT, SCADA, and device networks: Each different zone has unique technical challenges.

•         Coping with “big data” overload: Security devices on the network produce incredibly large number of logs, overwhelming stretched IT departments.

•         Simplifying endpoint manageability and improving visibility: Energy endpoints are spread geographically and rarely updated and many times lack the ability to detect or communicate and identify a security breach.  Device failures can be costly especially when they require updates if not properly managed.

•         Providing the right security context for the grid: Standard IT products don’t have the right features to identify issues within the energy infrastructure or don’t understand the unique utility lexicon making it difficult to apply specialized measures need for control systems.

Solution Requirements for Energy Infrastructure

With the increasing number on attacks to critical infrastructure, energy providers need protection against zero-day and known attacks in a manageable way.  McAfee and Intel address this with a select group of solutions and technologies needed in critical infrastructures.

•         Situational Awareness – To stop zero-day attacks there needs to be actionable intelligence and not just the creation of more security logs.  This is the role of the McAfee Enterprise Security Manager that gives a contextual view that helps identify and isolate attacks produced by unknown malware.

•         Unified, Multi-zone Protection – Energy IT organizations need to centrally manage assets and substation network operation centers to better understand their environments.  McAfee ePolicy Orchestrator and McAfee Enterprise Security Manager unify security and policy management of the endpoint, network, and data security controls that have been deployed across all zones.

•         Malware Protection.  Application white-listing is particularly effective against zero day attacks and is much more resource “light” than blacklisting solutions. McAfee Embedded Control combines whitelisting technology with change control to monitor, enforce policies and provide absolute protection against malicious activity at the endpoint.

•         Intrusion Prevention – McAfee IPS actively detects, analyzes and protects from an array of attacks and neutralizes them real-time.

•         Database Protection – McAfee Database Activity Monitoring automatically finds databases on the network and protects them with a set of preconfigured defenses and policies customized for the energy sector.

•         Remote Remediation – Intel Advanced Management Technology (AMT) on 2nd generation Intel Core processors has been enhanced with a feature called KVM redirection over Internet Protocol (IP), permitting the keyboard-video-mouse (KVM) for an IT console to control and display the graphical user interface (GUI) of an embedded device in the field. As a result, technicians can manage the remote device as if they were sitting right in front of it using normal input devices. To resolve issues, it’s possible to reboot the device, observe errors, launch tools for analyzing failure data and guide the system to fix the error. Lowering the cost of servicing endpoints especially remote sites is more important.  McAfee Deep Command allows administrators to remotely deploy, manage, and update security even on disabled or powered off devices.

•         Monitoring Critical Software – Using Intel AMT deployed through McAfee ePO Deep Command, security administrators can remotely deploy, manage and update security and device software on disabled or powered-off endpoints through an out-of-band (OOB) connection to the endpoint. This allows utility IT departments to take control of the devices regardless of the hardware or software state – even a rogue device. Using Intel AMT, the device can be taken offline and replaced by a redundant, failover device, thus minimizing downtime.

•         Continuous Compliance – The solutions provide continuous compliance in a fast, automated and easy-to-use interface that addresses audit requirements in minutes instead of hours or days.

 Joint Reference Implementation

Intel and McAfee created a “reference implementation” that integrates a number of McAfee security solutions relevant to substations and network operations centers with selected Intel hardware.  The reference implementation emulates the components and functionality commonly found in a critical infrastructure environment.  The added capability of end-point security, network security and security management solutions delivers a secure environment and increased reliability.  The demonstration of the "reference implementation" allows the audience to witness the system response to an unsuccessful cyber-attack thwarted by McAfee Embedded Control and the impact to valuable assets of a successful attack on an "improperly configured" system.  The demonstration shows the audience how the critical infrastructure operator, having complete situational awareness delivered with the McAfee SIEM solution, can remotely and securely mitigate the threat of the comprised "improperly configured" system with McAfee's ePolicy Orcheszrator coupled with Intel's vPro technology.

Protecting utility infrastructure is challenging for many reasons including network diversity, data overload, complex endpoint management and tools that lack the right security context for energy.  McAfee unifies situational awareness and multi-zone protection using purpose built, compliance-oriented solutions to prevent attacks in real-time.  This end-to-end security solution features remote management using Intel AMT to lower device support costs.

Check out more IT news at itvoir.com