Global critical infrastructure supplier uses Microsoft SDL to reduce cyber attack risk

A supplier of automation and software systems to the global manufacturing and critical national infrastructure industries has partnered with Microsoft to reduce the risk of cyber attacks.

A supplier of automation and software systems to the global manufacturing and critical national infrastructure industries has partnered with Microsoft to reduce the risk of cyber attacks.

Invensys Operations Management, whose customers include nuclear power plants, was one of the first industrial IT suppliers to partner with Microsoft in building more secure software code.

When US researchers confirmed in 2006 that cybercriminals were able to cause physical damage by infiltrating software control systems, Invensys began looking for a way to strengthen its code base and processes against attacks, assess its security posture and improve its responsiveness to cyber security issues.

"Microsoft was really the only organisation that was addressing the issue of secure code as part of its Trustworthy Computing (TwC) initiative," said Ernest Rakaczky, program director of control system security at Invensys Operations Management.

He was impressed with TwC's security development lifecycle, which is aimed at providing processes to help organisations develop code that is inherently more secure.

A key element of the security development lifecycle (SDL) is the five-step threat modelling process that helps developers define a set of possible attacks to identify weaknesses and vulnerabilities.

All new code would be more secure automatically, but one of the biggest challenges Invensys faces is reviewing software systems developed as far back as 1991, said Paul Forney, system architect in the cyber security project at Invensys Operations Management.

"Since these systems were developed, much has changed, particularly in terms of the number of connections into and out of the systems control room," Paul Forney said.

The first things the company had to tackle included training for all software engineers around code testing and response to vulnerabilities, conducting assessments and roadmaps for all products and reducing the attack surface and number of security vulnerability reports.

Where vulnerabilities are discovered, having an SDL in place enables developers to respond faster to developing security updates, said Forney.

Invensys opted for computer-based training to keep the costs as low as possible and reduce the impact of training on current projects.

Process improvement involved working with Microsoft to assess existing levels of security, developing customised templates using the SDL as a base to raise the bar where necessary, and integrating the supporting tools developed by Microsoft to support the SDL.

The main benefits of the SDL are greater confidentiality, integrity, availability, access control and accountability through establish detailed audit trails, said Forney.

The security objectives of the SDL include preventing unauthorised changes to values in a controller, programmable logic controller (PLC), process or configuration.

This is essential in control systems used in critical national infrastructure, as illustrated by Stuxnet, which targeted PLCs governing uranium enrichment centrifuges used in Iran's nuclear programme.

Other SDL objectives include preventing misrepresentation of process values, reducing the possibility of a plant shutdown and improving the reliability and robustness of systems and software.

Above all, the SDL means security is built in and not added on, and from a business point of view, helps reduce total cost of ownership because secure software is automatically better quality software that requires less security patching, said Forney.

"The SDL is a key part of our commitment to protect our customers. It is also what they expect from us and helps to build and maintain their trust," said Forney.

Another important aspect of the SDL is that it is designed to ensure continual monitoring, assessment and improvement, he said.

According to Forney, the SDL has given Invensys a self-perpetuating maturity model, a culture for research and development to produce secure and robust products and a security focus for all products.

The partnership with Invensys Operations Management has brought benefits to Microsoft too in refining its SDL, said David Ladd, principal group program manager, security engineering strategy, SDL evolution at Microsoft.

"Working with Invensys, we have gained a better understanding of threats to control systems, the type of information we need to provide, what type of things we need to be doing, and what things to prioritise," David Ladd said.

White paper: How to Protect Industrial Infrastructure Against Malware >>

Read more on IT risk management