Bayshore Blog Post
by Francis Cianfrocca, Founder & CEO Bayshore Networks
October 29, 2014
Yesterday, ICS-CERT issued an alert regarding an "Ongoing Sophisticated Malware Campaign Compromising ICS."
The attacks described in the advisory are of an extremely worrisome kind. It's commonplace for industrial control-system software to be deployed on Windows machines (servers and workstations), and this won't change soon because these software products are very slow to evolve. Typically, workstations that run control software are dual-homed (one leg in the machine network and one on the IT side), but without very careful controls, even this defense model is easily defeated by advanced malware.
The old saw is still true: the most dangerous threats are the ones carried in data streams themselves. Even the most effective firewalling and malware detection schemes will miss many attacks.
The defense-in-depth techniques recommended by CERT and others are an essential first step. But the real answer is to combine them with content-aware policy enforcement systems that can actually filter unsafe control signals right out of the machine-level traffic.