Protecting national grids is easier said than done, so how will the companies approach it?
McAfee has teamed up with its parent company Intel to launch an initiative that aims to protect the world’s energy utility ecosystem from cyber attacks.
The companies say they will team up to create a blueprint for a series of products that will form a multi-layered approach to energy utility security. The protection will cover the generation, transmission and distribution of energy, the companies said.
The companies will also be creating what they call a "reference implementation," which essentially is a mock-up of a critical infrastructure environment with McAfee’s security products installed and can offer a simulation of what happens during an unsuccessful cyber attack.
An "improperly configured" – meaning one without McAfee’s products installed – can also be simulated to show what happens during a successful attack.
However while this may make the process of securing critical energy infrastructure look simple, McAfee and Intel admit that it will be a very difficult task to achieve.
The companies say network diversity, data overload and complex endpoint management make this a difficult task. Simply adding security products designed for the enterprise environment to an energy infrastructure will not work.
Along with this we can add the fact that many assets used in power grids predate the internet. This makes them particularly vulnerable to cyber attacks and means they are unable to identify or report malicious activity up the network chain, McAfee said.
"To adequately secure critical systems against cyber attacks, the right products and technologies must be integrated into the entire infrastructure — from the enterprise, to the SCADA and control systems, and even to the automated device networks — without impacting reliability or interfering with operations," Eric Knapp, critical infrastructure expert at McAfee.
"McAfee, together with Intel, has combined commercially-available chipset capabilities and cyber security products into the perfect recipe for substation security, providing advanced protection while removing operational complexity, and improving reliability through remote manageability," he added.
Security experts have previously warned energy companies and governments that critical infrastructure cyber attacks will increase over the next few years. James Lyne of Sophos told CBR recently that the potential impact on a successful cyber attack being launched against a country’s national infrastructure was, "serious" and that, "we will see more over the next year because control systems have not grown as IT security has over the last 20 years, so there are security holes."
Kaspersky founder and CEO Eugene Kaspersky also told CBR that attacks on critical infrastructure are a real possibility.
"The critical infrastructure is not well protected and can be the victim of a sophisticated attack. My message is that we have to inspect national and global security infrastructure, we have to inspect power plants, airports and so on to find the weak points and introduce military standards of security for the critical elements of national and global infrastructure. It’s time for that," he told us.