McAfee, Subnet Partner In Substation Security
McAfee is teaming with Subnet to equip substations with security mechanisms designed to stave off APTs and other advanced cyber threats. The move could position Intel's security division well in light of a proposed legislation that once again attempts to mandate critical infrastructure security protections.
Send to Kindle
In light of growing noise around a recently introduced cybersecurity bill, escalating foreign threats and growing uneasiness around utility security, McAfee Inc. is once again raising its critical infrastructure security profile.
The security subsidiary of chip manufacturer Intel Corp. is joining forces with Subnet Solutions Inc. in an effort to offer a unified substation security solution aimed at combatting a rising tide of cyber security threats. Altogether, the solution relies on a combination of Subnet’s Unified Grid Intelligence products and McAfee’s Security Connected for Critical Infrastructure framework.
Broken down, the solution comprises Subnet SubStation Server and Subnet PowerSystem Center along with McAfee’s Enterprise Security Manager, Intrusion Prevention Systems, Deep Command and Application Control. The Subnet Substation Server provides utilities with a multi-vendor gateway that interfaces with major substation vendors’ intelligent electronic devices (IED).
McAfee’s portion consists of application control and network intrusion prevention (IPS) technologies, which help integrate and automate security mechanisms into IED-based substations without requiring utilities to implement costly infrastructure upgrades or replacements. The IPS component also contains advanced threat protections aimed at combating APTs and other sophisticated malware while allaying a growing uneasiness about critical infrastructure attacks.
McAfee’s Enterprise Security Manager also bolsters the solution with added visibility along with more robust detection mechanisms and incident response technologies, including those specific to substation integration.
It’s a combination that bodes well for partners with ties to federal, critical infrastructure and other government security verticals, easing the ability to get their feet wet or blaze new trails in those arenas. For one, the resulting solution enables solution providers to address mounting compliance requirements by introducing an advanced substation integration and automation system that also protects against imminent cyber threats targeting critical infrastructure platforms.
It also allows solution providers to leverage McAfee technologies, such as its Deep Command and ePolicy Orchestrator platform, to boost margins with a slew of security value-adds – the ability to remotely update and patch a substation computer out of band, for example.
The joint effort also speaks to a growing uneasiness about the very real possibility of cyberterrorism and foreign attacks on critical infrastructure.
“Cyber security attacks on industrial automations are real and increasing. According to "In the Dark, Center for Strategic and International Studies (CSIS), February 2011 study, funded by McAfee, 85 percent of critical infrastructure companies have experienced an intrusion,” said David Hatchell, McAfee director of industrial control systems and energy. “To protect the complexity and diversity of electrical power delivery systems, a strong partnership is necessary between the equipment manufacturer and the security vendor to increase security while ensuring the safety and reliability of the systems.We are pleased to be working with SUBNET to bring an advanced security solution to the substation automation industry.”
To Hatchell's point, it’s no secret that cyberweaponry is emerging as the tool of choice for governments worldwide. Over the last few years, targeted Advanced Persistent Threats (APTs) such as Stuxnet, Flame and Gauss have been linked to global cyberespionage and cyberwarfare activities. Subsequently, it’s not a huge leap to conceive that a cyberattack halting or disrupting critical infrastructure might be looming in the not too distant future.
Historically, McAfee has maintained strong ties to federal government and infrastructure verticals, positioning it well to address an anticipated onslaught of government targeted cyber threats. Last August, the Santa Clara, Calif.-based security firm was awarded a $12 million Department of Homeland Security contract, intended to provide the government agency with a broad array of enterprise level network and system security support, products and services.
And its latest partnership further cements it into critical infrastructure security niches that appears primed for growth. Last fall, ReportsandReports projected that the smart grid cybersecurity market would climb from $7.8 billion in 2011 to $79 billion by 2020.
It’s a growth trajectory the might be well underway. Last week, Senate Democrats introduced a new bill, dubbed the Cybersecurity and American Cyber Competitiveness Act of 2013, a piece of legislation that once again attempts to harden critical infrastructure with a slew of security mandates and protections.
The channel's role in implementation, should the bill progress, remains to be seen. But going forward, it’s a space that government, infrastructure and public sector solution providers will undoubtedly want to keep their eyes on.