TAP Into Technology | Blog

Network TAPs for Critical Infrastructure

Posted by Patrick Nixdorf on 6/27/17 8:00 AM

Securing critical infrastructure such as Smart Grid and industrial control systems continues to be an ongoing challenge for IT Managers and Security Architects. State based agents, terrorists and organized crime are increasing their efforts to disrupt or destroy industrial control systems. This is evident with recent alerts of CrashOverride, a second generation malware attack platform that was used in the 2016 Ukraine power outage hack.

How do you guarantee 100% packet capture while ensuring security and monitoring tools see all the data? 

“U.S. utilities have been enhancing their cybersecurity, but attacker tools like this one pose a very real risk to reliable operation of power systems,” said Michael J. Assante, who worked at Idaho National Labs, and is a former chief security officer of the North American Electric Reliability Corporation - where he oversaw the rollout of industry cybersecurity standards.

100% Passive Listen-only Network TAPs

Infrastructure clients have similar needs to those found in law enforcement. The data cannot be distorted, packets cannot be dropped and physical errors need to be passed. All packet capture needs to happen in real time - all the time, no changes to the timing of frame or altering response times.

In response to this, Garland Technology offers a ‘No Injection’ Aggregation Network TAP for 10/100/1000M copper networks. The P1GCCAS has been certified for use in a variety of environments - including military, industrial control systems, manufacturing and critical infrastructure networks.

Passive, Listen-only Network TAPs Protect Industrial Infrastructure

Passive network TAPs are essential to Industrial Ethernet connectivity because they are purpose-built, un-hackable and capable of enabling network monitoring without affecting traffic flow. In the Industrial Ethernet sector, the majority of organizations are still utilizing 100M and 10/100/1000M copper networks. In the use case of requiring copper, Garland has specialized copper aggregation TAPs that are listen-only. These TAPs were made specifically for lawful intercept cases and are the standard for FBI Surveillance Protocols.

TAP vs SPAN

According to Chris Sistrunk, TAPs are a great way to gain visibility into a network, both to look for evil, but to also detect misconfigurations and devices with firmware problems. Sistrunk writes in detail in his blog, It's a TAP about the 4 Considerations when installing a TAP in ICS.

Network TAPs are a great way to gain visibity into a network

The “Smarter” Solution - Passive Real-Time Monitoring

Industry and Infrastructure should not be an easy target. They can take security measures, which will protect them and their unique environments. One such measure is implementing network elements that spot any anomalies and deviations from normal behaviors through passive, real-time monitoring. Simple, listen only devices like a passive network TAP copy the data and send it to an analyzer or deep packet inspection (DPI) solution to alert organizations of possible breaches. Of course, first you need to know your baseline traffic in order to determine what traffic is normal and what is not.

The use of passive network TAPs combined with innovative monitoring solutions companies can work toward defending themselves from a critical infrastructure attack like the one in Ukraine.

Topics: TAPs vs SPAN, Industrial Ethernet