Iberdrola awarded a 2012 European SCADA Security Innovation Award
WASHINGTON, Jan. 16, 2013 /PRNewswire-USNewswire/ — The SANS Institute today announced that the Iberdrola has won a 2012 European SCADA Security Innovation Award for leading the implementation of traditional and also cutting-edge security projects in the SCADA world; when very few organizations in this sector were even paying attention to security.
Iberdrola is the largest energy company in Spain and operates multiple types of energy production plants (gas, coal, water, eolic, nuclear) in multiple countries in the European Union and Latin America.
The history of Iberdrola is one of innovation. In early 2000 Iberdrola decided to create the CMDS, a 24×7 Monitoring Center for the operations of their Critical Infrastructure. Inside the scope of the CMDS, and with a codename of AURA, a long-term security program for the in-depth security of their SCADA networks was put in motion.
Starting by a highly tight perimeter in its early stages (AURA.PERIN), through an extensive IDS deployment (AURA.DETIN), Iberdrola jumped into much more aggressive security set projects such as AURA.BACON for the automated change of privileged passwords, together with the restriction, monitoring and control of all external access to the SCADA networks via a clever and innovative use of the most advanced privileged access management technology available.
Other projects followed such as AURA.CIMAS, for the automated monitoring and configuration management of the security infrastructure, AURA.CENLOG, an advanced SIEM system with automated investigation and response capabilities, or AURA.INFOR for the ability to perform Enterprise Forensics, Incident Response and Malware Analysis in the SCADA networks. AURA.SECDIS launched in 2011 had a double objective: on the one side segmenting SCADA hosts via the implementation of sandboxing and whitelisting technology in the SCADA systems and on the other the restriction of distribution of files to the SCADA networks by blocking USB devices and making all file transfers go through a central distribution point with malware detection capabilities.
In 2011, Iberdrola started two of the latest and most innovative projects to date: AURA.MARS and AURA.CONSEG.
The objective of the AURA.MARS project was to create a highly flexible Cybersecurity network with a central highly segmenting network (with 5 security zones), where all central security devices together with the brains of the system sit at the CMDS, and a modular highly segmented virtual environment sitting in each of the plants. This server provides the capability to run multiple virtual machines and therefore provide multiple local security capabilities such as monitoring, scanning, forensics, etc. This avoids the need to open the SCADA networks to remote systems, but at the same time ensures that it is highly integrated with the central MARS command and control center.
AURA.CONSEG is the latest project in the AURA program and its objective is integrating with AURA.MARS to be able to capture the most meaningful security events and present them to the plant operators in an easy to visualize and easy to understand way. No one knows the plant better than the plant operators, and being able to translate security events to threats they can map to their operations so they can detect and react to subtle threats is a massive accomplishment.
This program also aligns very well with the Top 20 Critical Controls even though the AURA program started years before the Top 20 Critical existed. The publishing of the Top 20 Critical Controls has provided great feedback to the AURA program and it is now seeding ideas for new innovative projects which will most certainly be seeing the light in the next few years.
About the European SCADA Security Innovation Awards
The European SCADA Security Innovation Awards recognize the most innovative SCADA projects being done in Europe and the leading innovators in the field. Areas of recognition include:
- Management support in the development of an industry leading security program
- Innovative ICS security implementations
- Community-enhancing research and testing
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted, and by far the largest, source for world-class information security training and security certification in the world. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 20 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet’s early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. (www.sans.org)
SOURCE SANS Institute