Kaspersky Lab Empowers ICS Operators With Adaptive Information Security

Kaspersky Lab has patented a method of modeling IT security and adapting it to an enterprise’s individual needs. By analyzing the ways in which malware affects different elements of the IT infrastructure, the newly patented method can be used to simulate the possible effect of malware on the infrastructure as a whole and to choose the most effective methods of neutralizing threats based on a specific enterprise’s top security criteria. The patent was issued by the United States Patent and Trademark Office.

In an age of ubiquitous Internet-connectivity, an enterprise’s industrial network needs protection from cyberthreats at least as much as its office IT infrastructure does, if not more so. Moreover, there is ample proof that cyber-incidents in industrial networks can have far graver consequences than the same incidents in corporate networks. According to the RISI analytical agency, every tenth enterprise has suffered losses of between one and 10 million dollars from cyber-incidents that resulted in the disruption of an industrial process. In 2013, the downtime caused by a cyber-incident in an industrial network lasted 24 hours or more in 25% of cases.

In most cases, infection of the industrial network started with cybercriminals penetrating the corporate network. Importantly, there was often a direct data transfer channel between the two networks, with little or no protection. The next most popular method was found to be penetration via remote access to the industrial network (directly from controllers or the remote offices of the organization/contractor) using a Wi-Fi and/or cellular wireless channel and incorrect VPN connection settings.Access to the Industrial Control System (ICS) from contractor networks deserves a special mention, since it is impossible to fully control the security of a contractor’s remote networks and to inform the contractor’s employees about IT security rules.

The method patented by Kaspersky Lab makes it possible to create a model of an enterprise’s IT security system in several stages, adapt the security system to the enterprise’s specific requirements and identify the most effective methods of mitigating IT security incidents in an industrial network.

In the first stage, a complete model of the enterprise with all its electronic systems is created, based on the topology of computing devices and their connections. Next, the impact of malware on each individual computing device is reproduced and the result of that impact is modeled. In all subsequent stages, the IT system’s response to different malware-related events is calculated, as well as the most effective measures to mitigate the unwanted effects of these events.

“When implementing an enterprise’s cybersecurity system, it is very difficult to assess how effective it will be. Expensive solutions are not always the most effective,” – explained Andrey Doukhvalov, Head of Future Techs, Chief Strategy Architect, Future Technologies, Kaspersky Lab. “Modeling security incidents and designing an optimal response strategy for a specific information system can be used to calculate the most effective measures to protect industrial processes based on predefined criteria, such as data confidentiality or industrial process continuity.”

The ideas behind the patented method are used in the Kaspersky Industrial Protection Simulation training course.