CybridgeSecure Content Filter for SCADA Networks by Bynet

Bynet SolutionsBynet Inside

www.bynetgroup.com

SCADA Industrial Protocol

SupervisoryControlAndDataAcquisition(SCADA)networkscontaincomputers

andapplicationsthatperformkeyfunctionsinprovidingessentialservicesand

commodities(e.g.,electricity,naturalgas,gasoline,water,transportation).

Assuch,theyarepartofthenation’scriticalinfrastructureandrequireprotectionfrom

avarietyofthreatsthatexistincyberspacetoday.

Byallowingthecollectionandanalysisofdataandcontrolofequipmentsuchas

pumpsandvalvesfromremotelocations,SCADAnetworksprovidegreatefficiency

andarewidelyused.However,theyalsopresentasecurityrisk.

Security Challenges

Builtforreliabilityandstabilityratherthansecurity,industrialinfrastructurenetworks

havelongbeeneasytargetsformalwareattacks.

Cityandregionalinfrastructuresdependonreliableaccesstoenergy,waterand

transportationsystems.

Inaveryrealsense,allinfrastructuresarebuiltupontheindustrialinfrastructurebase.

Theconceptofthe‘networkofeverything’thatfuturistsandplanningcommissions

havespokenaboutoptimisticallyforyearshasarrived.Buttheyforgotonething:

industrialsecurity.

SCADAnetworkswereinitiallydesignedtomaximizefunctionality,withlittle

attentionpaidtosecurity.Asaresult,performance,reliability,flexibilityandsafety

ofdistributedcontrol/SCADAsystemsarerobust,whilethesecurityofthese

systemsisoftenweak.ThismakessomeSCADAnetworkspotentiallyvulnerableto

disruptionofservice,processredirection,ormanipulationofoperationaldatathat

couldresultinpublicsafetyconcernsand/orseriousdisruptionstothenation’scritical

infrastructure.

Action is required by all organizations, government or commercial,

to secure their SCADA networks as part of the effort to adequately

protect the nation’s critical infrastructure.

Industrial Security

Industrial infrastructures are growing in size and complexity. And it’s all too clear that

traditional enterprise IT solutions have not been successful in safeguarding them from

cyber-attack.

They do not meet the best-practice deep-packet inspection capability in the field,

nor do they place an emphasis on zone protection network segmentation.

As well, they tend to focus on preventing loss of confidential information, rather than

what really matters in the industrial world – reliability and integrity of the system.

In this architecture, a Cybridge is used as a one way content filter gateway which

enables the extraction and export of protocol data and information from within

the industrial networks, carried upon industrial protocols, to enterprise networks.

This allows safe and easy integration of the machine data coming from the SCADA

network in enterprise reporting and statistical services, within external or public

networks without any Cyber-attacks apprehension.

Cybridge - SCADA Industrial Protocol Gateway

CybridgeSCADAProtectionisacomprehensiveindustrialnetworkprotectionsolution

designedanddevelopedbyBynetCommunicationGroup.Thehardware/software

combinationhasbeendesignedspecificallytoprotectagainstTrojans,wormsandviruses

thatmightinfectindustrialSCADAsystems.

SecureContentFilterCybridgeenablestheconnectivityofvariousnetworkshavingdifferent

levelsofclassificationandinformationsecuritypoliciesincludingSCADAandenterprise

networkconnection.TheCybridgeisasecuritysolutionfororganizationswhointendto

connectdifferentnetworkswhilecontrollingtrafficthattraversesbetweenthenetworks.

TheCybridgeprovidesthenetworksecurityadministratororSecurityOperationCenter(SOC)

managerstheabilitytomonitor,filteranddefendinternalnetworksorserverfarmsagainst

cyber-terrorattacks,bothfromoutsideorfromwithin-whileensuringthattraversingtraffic

accordsthesecuritypoliciesdefinedbySOCmanagers.

TheCybridgeisbasedonsecuredunidirectionaldataflowcombinedwithacontentfiltering

engine.TheCybridgeisaplatformspeciallydesignedtoimplementnetworkgapsbetween

externalandinternalnetworksorinternalnetworkwithdifferentclassification,usingsession

terminationandregenerationateachside.Usingaconfigurableplatformforcontentfiltering,

enablesontheonehandthesecurityadministratortodevelopitsownprivatecontentfiltering

enginesforspecializedpurposesandfilteringtasks,andontheotherhandtheCybridgecould

beprovidedwithsuittailoreddevelopmentforthespecificorganizationalneedsandthreats.

Cybridge Advantages

•BothapplianceandHWagnosticdelivery

options–simple,configurableandmaintainable

•Any-to-anytransformation-inputfilesinone

formatandoutputfilesinadifferentformat

•Multipledataformats-thetypesofdata

formatsthatcanbeprocessedarepractically

unlimited

•Affordableandscalable-costeffectiveand

modularsystem.Beginwithonecomponent

andaddmorecomponentsastheneedarises

•Afieldtestedsecuritysolution

©2013BynetDataComm.LTD,AllRightsReserved.BynetandtheBynetlogoaretrademarks

ofBynetDataComm.LTD,andmayberegisteredincertainjurisdictions.

Alltrademarksidentifiedby©aretrademarks,trademarksorservicemarks,ofBynetDataComm.LTD.

10/13•RB11133

Notice:Everyeffortwasmadetoensurethattheinformationinthisdocumentwascompleteandaccurate

atthetimeofpublication.However,informationissubjecttochange.

has extensive knowledge and proven experience in ICT solutions

in general, and in the Security sector in particular

Bynet Data Communications

Security Proven

Bynet Data Communications

8HanechoshetSt.,TelAviv6971071-Israel

Tel:+972-3-645-8080

Fax:+972-3-548-8058

info@bynetgroup.com

www.bynetgroup.com

SCADA Seamless Connectivity Proxy

(SCP) - Key Features

•Providessecureunidirectionalconnectivity,

eitherinputoroutput,betweenSCADA

andEnterprisenetworkssegments.

•Toachievebi-directionalfunctionality,

itwouldbenecessarytoinstalltwoCybridges

•Singlestandardappliance

•PhysicalandLogicalIndustrystandard

UDPsub-layer

•OneWay–NoFeedbackattackpossibility

•ProtocolStructureValidation

•DataSchemeValidation

•PacketCryptographicSignature

•SecureViolationsNotification&Logs