Westinghouse Electric Company and McAfee have announced a partnership around information security for nuclear power plants at McAfee Focus 2012 in Las Vegas.
Westinghouse will use McAfee Enterprise Security Manager and Network Intrusion Prevention Systems in existing and new power plants around the world.
The agreement enables Westinghouse to offer its customers strong attack detection and prevention capabilities, designed to address threats to nuclear power plant control systems.
“This agreement will help us deliver cyber security in accordance with some of our industry associations’ best practices and guidelines,” said David Howell, senior vice-president of Westinghouse Nuclear Automation.
Westinghouse chose McAfee after evaluating, testing and certifying its systems. Westinghouse said it is essential to ensure security controls do not affect the reliability of control systems.
The nuclear energy company found McAfee’s Enterprise Security Manager provided deep security visibility for strong attack detection and incident response, including threats specific to nuclear plant control systems.
Westinghouse said McAfee’s Network Intrusion Prevention provides advanced threat prevention for control systems architectures.
Read more about critical infrastructure security
- Critical infrastructure providers are less engaged with government cyber protection despite growing
- Is UK critical national infrastructure properly protected?
- Germany opens cyber defence centre in response to critical infrastructure attacks
- Steve Lipner on the Microsoft SDL, critical infrastructure protection
Together, the two systems protect control systems from direct threats and attacks launched through corporate network connections. Both systems comply with international regulatory standards.
“This partnership is a great step in the essential fight to keep critical infrastructure safe,” said Ken Levine, senior vice-president and general manager, McAfee risk and compliance.
It is testament to McAfee’s investment in research and development in the security of control systems, Levine said.
Eric Knapp, director of critical infrastructure at McAfee, said control systems are fundamentally different because once an attacker is in, there is no need to establish links to command and control.
“Control systems themselves provide that command and control environment directly to any attacker that is able to compromise the system,” Knapp said.
He said security for control systems in critical infrastructure presents unique challenges best tackled in partnership with relevant industry experts.
“This issue is larger than any one organisation and success depends on taking a partnership approach,” Knapp said.
McAfee is working with several key critical infrastructure suppliers to help them meet the unique challenges of protecting the digital control systems they deploy and maintain.