McAfee, Intel working to protect energy utilities from cyber attacks

McAfee, Intel working to protect energy utilities from cyber attacks

Summary: Intel and its subsidiary McAfee are working on a security platform aimed to protect critical infrastructures, especially those that are energy-related, worldwide.

SHARE:

McAfee has announced a new partnership with its parent company, Intel, on an initiative intended to better protect the world’s energy utility ecosystem from increased cyber attacks.

Under the partnership, the two entities are developing a blueprint for a comprehensive solution of multiple products that will comprise a multi-layered security platform.

Besides promoting more awareness about cyber security and increasing attacks, some of the objectives for this platform include improving and speeding up response times to attacks, decreasing the changes of a malicious attack in the first place, increasing uptime, and offering more options for remote device management.

However, tackling a project to protect energy utilities worldwide is no easy feat, and it's going to take a considerable time to accomplish. Although there is not a detailed timetable available, both parties have acknowledged this, citing handling big data, endpoint manageability, and handling multiple networks and IT zones as some of the major hurdles.

So far, McAfee and Intel have introduced a "reference implementation" that is already based upon several of both companies' existing security solutions. This implementation basically works as a simulator to demonstrate to enterprise customers what happens in response to an unsuccessful cyber-attack thwarted by McAfee Embedded Control as well as the impact of a successful attack on an unprepared system.

Related:

Topics: Intel, Big Data, Browser, Google, Malware, Outage, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Here's How You Do That

    Step #1: Force all SCADA systems to stop using Windows. It's stupid. Really. Either create a sepcialized operating system or use something with a better track record in security than Windows (a hardened Linux or BSD with locked down MAC restrictions would do fine).

    Step #2: Ensure that the business side of the utility company is not connected to the SCADA side. That is, air-gap the freaking networks already. And it is best to ensure the SCADA systems themselves are not connected to the public Internet. If they need remote access, simply create their own private LAN or VPN.

    How hard is this? Really? So many utility companies do *not* even take these security 101 steps. It's sad and, frankly, unacceptable. If they need advice on how to create a secure VPN, go call the NSA. They have a lot of experience in securing very sensitive networks, and they do it quite well (JWICS anyone?). The best policy is if you don't *need* something on the Internet, take it offline.

    Many of these "compromises" in the power grid infrastructure are due to some $6 an hour secretary reading facebook at work and then passing malware along to the critical systems. Seriosuly, this is how most of these breaches have occured. Even Oak Ridge National Labs (with a bunch of PhD's and computer experts working on classified projects) fell victim to a simple spear-phishing attack a while back. This one e-mail sent a virus through the entire lab and allowed some basement dweller in some eastern-bloc country to download some material. I mean really guys. If you had implemented step #1 above it wouldn't have happened. And if it somehow did slip by, step #2 would have saved your ass.

    There's no need for sophisticated state actors when you can basically send the secretary to a malicious web-page or send a penis enlargement e-mail to some geeky physicist at ORNL.

    Now, I fully expect a check in the mail from Intel and McAfee for my services. Does $200,000 seem fair? That's just a drop in the bucket of what they will spend on the project and I am sure my recommendations will be much more effective than some new super-AV software that McAfee will no doubt call a "solution."
    KodiacZiller
    • Thank You!

      Finally, somebody with brains!

      You should work for ICS-CERT.
      f0real
    • Seperate Networks OK

      But your slam on Windows is malicious...if the networks are seperated it won't mater which OS is being used, now will it?
      James-SantaBarbara
  • I wonder why ....

    Hmmm.....

    [url]http://www.google.com/hostednews/afp/article/ALeqM5i-6aADY_d_RWRxLy3JWbGweTdYzA?docId=CNG.41380f9fd13a9cf5399ea138e7f20afb.821[/url]

    [url]http://www.csmonitor.com/USA/2012/0510/Exclusive-potential-China-link-to-cyberattacks-on-gas-pipeline-companies[/url]
    f0real
  • Challenge to Energy Utilities

    David Chalk's Challenge to the IT Industry, Government, and Media: "Bring forward a smart meter or any other technology which you think is secure and we will show you, on national TV, that it is penetrable. I guarantee you 100% that there is nothing out there that can withstand or survive a cyber attack."

    Responses to Dr. David Chalk's challenge
    Email: info@davidchalkinc.com
    f0real