Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Looking at the Ukraine Power Grid Hack: Why Defending the Industrial Ethernet Is No Longer a Precautionary Tale

When we discussed Rhebo’s innovative approach to Germany’s new IT-Security Act (ITSA), real-world cyber attacks on the industrial Ethernet hadn’t truly come to fruition. It seemed like a critical infrastructure hack was still relegated to the over-blown plot lines of Bruce Willis’ Live Free or Die Hard.

Even as countries like Germany take proactive measures against industrial Ethernet threats, cyber attackers manage to find ways to stay ahead of the game.

As 2015 drew to a close, the world experienced its first true critical infrastructure hack—an attack on Ukraine’s power grid.  

 

Putting the Ukraine Power Grid Hack in Perspective

We watch John McClane do his Die Hard job against a sophisticated set of critical infrastructure attacks and know it’s not real—especially when a car is launched in the air to take down a helicopter. But who knew how perceptive the 2007 film would be? 

The Ukraine power grid hack is truly a watershed moment in the history of cyber attacks. This kind of attack is so unique and new to the cyber security community that security researchers are debating whether squirrels or hackers are more dangerous to critical infrastructures (hint: squirrels cause far more power outages than hackers!).

The December 23, 2015 attack could mark the beginning of the increasing vulnerability of critical infrastructures on a global scale. While intelligence agencies and the US Department of Homeland Security are still investigating the hack, it’s important for every networking and security professional to understand what we know so far.

 

>> Download Now: Full Duplex Capture In Industrial Environments [Free Whitepaper]

 

The Details of the Ukraine Power Grid Attack that We Know So Far

It was first reported that half of one Ukrainian region lost power inexplicably. However, Slovakian infosec firm, ESET, discovered that several energy companies were targeted simultaneously. The full picture of details regarding the Ukraine power grid attack is unclear for now. But for those trying to defend the industrial Ethernet, it’s important to understand the two key attack vectors used in the hack:

  • BlackEnergy Trojan: According to Kaspersky Labs researchers, the BlackEnergy Trojan “is crimeware turned APT tool and is used in significant geopolitical operations…An even more interesting part of the BlackEnergy story is the relatively unknown custom plugin capabilities to attack ARM and MIPS platforms, scripts for Cisco network devices, destructive plugins, a certificate stealer and more.” 
  • KillDisk Malware: BlackEnergy is threatening on its own, but researchers have discovered the Trojan is acting as a back door to deliver the KillDisk malware. KillDisk is a data deletion attack vector capable of deleting upwards of 4,000 different file types while also containing scripts that specifically threaten critical infrastructures.

We know that industrial network traffic is heavily regulated and that introducing foreign packets is absolutely prohibited—which is why these pieces of malware are so dangerous. Defending your industrial Ethernet from advanced malware requires a true visibility plane. 

 

Passive Visibility Is the Key to Defending the Industrial Ethernet

Many cyber security measures have not been developed specifically for industrial Ethernet environments. Now that there is real-world example of an industrial Ethernet hack, it’s time for the industry to innovate and protect our critical infrastructures. The solution might seem to be a litany of active in-line security appliances throughout the network—but the network traffic restrictions make this an unfeasible approach.

Passive network TAPs are essential to industrial Ethernet connectivity because they are purpose-built, un-hackable and capable of enabling network monitoring without affecting traffic flow. According to Chris Sistrunk, TAPs are a great way to gain visibility into a network, both to look for evil, but to also detect misconfigurations and devices with firmware problems. Chris writes in detail in his, It's a TAP blog about the 4 Considerations when installing a TAP in ICS.

 

With passive network TAPs and the innovative solutions they are developing for the industrial Ethernet, companies can work towards defending themselves from a critical infrastructure attack like the one in Ukraine. 

 

Full Duplex Capture in Industrial Network Security Garland Technology

Written by Jerry Dillard

Jerry Dillard leverages two decades in design and engineering to ensure maximum performance within today’s network environments. Dillard, as the inventor of the Bypass Network Test Access Point (TAP), has secured his legacy as he continues to provide network solutions for data centers worldwide.