Symantec Expands SCADA Protection for Electric Utilities; Web Seminar Offers Advice on ICCP Signatures and Other Security Measures Required to Become NERC CIP Compliant.
ICCP is the primary protocol used to communicate real-time data, schedule, and control command exchanges between the energy control centers that operate these SCADA networks and remote terminal units (RTUs) and substations. While it has been developed with built-in security, in today's interconnected environment additional security measures are critical for enabling uninterrupted operations for transmission, generation and independent service operators.
ICCP security signatures are available immediately for Symantec Network Security 7100 Series appliances offering real time intrusion prevention (IPS) and detection to proactively protect critical enterprise assets, and are supported by Symantec Managed Security Services. These signatures were developed to address not just known attacks, but also key vulnerability areas for optimal protection against new and unknown exploits. Symantec Research Labs, the company's industry-leading research organization, crafted the signatures using new techniques developed specifically for ICCP.
"Given that SCADA networks are the underlying infrastructure for worldwide power grids, it is vital that the integrity of these systems remain intact," said Gary Sevounts, director of Symantec power and energy industry strategies and solutions. "Beyond our extensive internal testing of these vulnerability signatures, we have also successfully run these signatures for over three months with no false positive triggers, further validating our development efforts. As a result electric utility companies can rely on our ICCP signature protection as part of their effort to meet pending NERC CIP compliance requirements, to mitigate the risk of potential service disruptions, process redirection, or manipulation of operational data that could result in public safety concerns."
The Symantec ICCP signatures were rigorously lab tested by the leading ICCP provider SISCO for three months, using live ICCP traffic, and produced no false positives. This testing also included a known attack procedure, which had previously resulted in crashed systems, and the Symantec signatures correctly triggered against this known attack. In addition, leading EMS vendor AREVA T&D tested live ICCP traffic for two weeks and also detected no false positives. These tests indicate the Symantec solution accurately detects and prevents attacks, without producing false positives that could result in unnecessary control system downtime.
"Securing the SCADA infrastructure is of critical importance to the energy industry," said Ralph Mackiewicz, vice president, sales and marketing for SISCO, Inc. "The work of Symantec to develop ICCP signatures for intrusion detection and protection is an important step in improving the security environment for SCADA communications and is very complimentary to SISCO's own efforts in securing ICCP communications. SISCO wholeheartedly supports the Symantec approach based on real implementations of SCADA systems and protocols that are in actual use today and was very pleased to have been able to work with industry leaders like Symantec and AREVA on this project."
Laurent Demortier, executive vice president of AREVA T&D, in charge of the automation business unit adds, "This collaboration helps ensure that customers using AREVA/Symantec security solutions get the maximum benefit from their security investment, with technology, integration, and services tailored to the unique needs of the critical infrastructure environment of electrical utilities."
NERC CIP Readiness Web Seminar
In an upcoming Web seminar, Symantec will conduct a readiness workshop designed to help electric generation and transmission companies, and independent system operators find a balance between optimal NERC CIP compliance, and profitable, cost effective operations. The Web seminar, titled "NERC CIP Readiness Workshop for Electric Utility Companies" will be held on Thursday, Sept. 15th, at 1:00 p.m. EDT/10:00 a.m. PDT. Attendees can register at http://ses.symantec.com/EC_EMAIL.
Ideal for IT operations, engineering professionals and management responsible for compliance, the seminar will address the following:
--Pertinent details of NERC CIP
--Tools to evaluate and assess the current level of NERC CIP compliance readiness
--Tactics that can help companies cost-effectively comply with NERC CIP
--Secure Inter-Control Center Communications Protocol (ICCP) connectivity as part of complying with NERC CIP
"Our most recent research indicates that security continues to be one of the top IT concerns in the energy industry," stated Rick Nicholson, vice president of research for Energy Insights, an IDC company. "With the recent passage of the Energy Policy Act of 2005, which includes provisions regarding electric transmission reliability, we expect spending on cyber security by US electric utilities to accelerate during the next 2-3 years, especially as it relates to SCADA and other real-time systems. Within that context, the ICCP protocol is one of most critical areas that must be addressed in terms of cyber security."
About Symantec ICCP Signature Support
Symantec offers ICCP signature capability as part of the Symantec Network Security appliance series, offering proactive network intrusion prevention, and Symantec Managed Security Services, providing real-time threat analysis to meet compliance requirements with minimal business impact. These signatures provide proactive protection on X.500, CMIP, CMIS, FTAM and Microsoft Exchange Server protocols.
SISCO (Systems Integration Specialists Company, Inc.) is a privately held developer of standards-based real-time communications and integration software for energy utilities headquartered in Sterling Heights, Michigan. SISCO is the world leader in the Inter-control Center Communications Protocol (ICCP) with installations on 6 continents serving electric utilities, independent systems operators, gas pipeline operators, power generators, and original equipment manufacturers supplying these customers.
With manufacturing facilities in over 40 countries and a sales network in over 100, AREVA offers customers technological solutions for nuclear power generation and electricity transmission and distribution. The group also provides interconnect systems to the telecommunications, computer and automotive markets. These businesses engage AREVA's 70,000 employees in the 21st century's greatest challenges: making energy and communication resources available to all, protecting the planet, and acting responsibly towards future generations.
AREVA's T&D division is an active player around the globe. It designs, manufactures and supplies a complete range of equipment, systems and services for all stages in the transfer of electricity, from the generator to the large end-user. For more information, go to www.areva-td.com.
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States.
Symantec, the Symantec logo, VERITAS, and the VERITAS logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and certain other countries. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.