The Secway Quarantine Station

An attempt at securing the perimeter of critical infrastructures.

Introduction

As today’s Industrial Control Systems rely mostly on Microsoft Windows-based workstations and servers, the use of Removable Media – such as USB flash drives or CD/DVD – has become increasingly common.
Whether it’s updating systems, backing up servers or simply moving files around, Removable Media is now the de-facto standard in all areas of the industrial control world.

The Problem

While these removable media devices are mostly seen as a simple and convenient way to move and store data, they bring along their own set of risks. New threats are being introduced into the factory, sometimes without anyone realizing it.

The incredible versatility of USB flash drives, for example, makes them highly prone to unintentional misuse : the same flash drive that was used to back up a server could be used to transfer family pictures or some personal documents on a home computer. While this is only one of many scenarios in which industrial data could be compromised, it gives an idea of what can happen when such a portable and universal storage media is used without proper control.

Defense in Depth

In order to prevent malware from propagating through an organization’s ICS infrastructure, the standard “Layered Security” or “Defense in Depth” principle is usually applied to some extent.

The idea behind this principle is simple : by securing every layer of the infrastructure (from public external interfaces such as corporate websites, all the way down to field instruments), the global risk level can be reduced to a minimum.
This stands in high contrast to the previous views on cyber security, where the strongest possible measures would be implemented at the perimeter of the system, but almost nothing would be secured at the inner layers.

Securing The Perimeter

One of these “layers” is the perimeter of the Industrial Control System.

As of today, Secway has observed a frightening lack of security specifically at this critical point.

Throughout Secway’s collaboration with major Oil & Gas companies, the following weak point has been identified, common to all types of industrial systems :

While strong filtering mechanisms (Firewalls & IDS / IPS solutions) are in place to protect systems at the network level, data enters and leaves the control system without any form of control through removable media.

The Solution

Enter Secway’s Quarantine Station. A new data gateway for today’s industrial environment. This solution provides a secure interface between removable media and the plant. By allowing external data to flow only through this gateway, the exposure to external threats is reduced.

How it works

The Quarantine Station is a pc-based appliance packed with Anti-Virus engines and network file sharing capabilities. By connecting critical systems to this appliance, they will have access to external removable media, but only after they have been deemed clean by the quarantine station. Disabling removable media access (by means of BIOS configuration or Windows Group Policies) on the systems will ensure that data is only exchanged with the outside world through the Quarantine Station. This gateway effectively becomes the physical equivalent of a “DMZ”, for removable media.

Usage information

The Station has been designed with simplicity in mind. It functions as a black box requiring only minimal install-time configuration.
Once initial set up is complete, users can simply plug in their flash drives or load up CDs/DVDs into the station. Then, a simple click on the “scan” button will determine if the media is clean and may be used inside the facility. A second “scan & import” button will not only scan the media, but also (once identified as clean by the antivirus scan) make its data available on the network for all other systems to access and use.

Download

The Quarantine Station can be downloaded here.

Tags: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.