Is critical infrastructure any more secure than it was a year ago, or five years ago? I don’t think so. It seems like critical infrastructure is a ripe target that is pretty sweet for attackers.
Reported cyber-attacks aimed at data centers are on the increase, many of which have centred around attacks to Industrial Control Systems (ICS) such as SCADA (Supervisory Control and Data Acquisition) systems.
Earlier this year, SANS released the results of its latest survey on control system security in which IT professionals answered questions about their overall risk awareness, trends in threats and breaches, and effective means to mitigate vulnerabilities with regard to ICS/SCADA.
In the year since SANS’ last survey on this topic, the number of entities with identified or suspected security breaches increased from 28% to nearly 40%.
The threat vector for data centers via SCADA systems is increasing, of that there’s no doubt.
While the risks from cyber-attacks to critical government infrastructure are significant, the risks to SCADA systems running in thousands of enterprises worldwide are even more substantial.
This is due, mainly, to the pervasiveness of these systems in enterprise data center environments for various monitoring tasks, from temperature and humidity, to airflow and power supplies.
Malware targeting SCADA systems has already demonstrated the vast amounts of knowledge attackers have on these proprietary control systems.
The end goal of many attacks is, at the very least; to disrupt services to the intended users and, at worst, bring the data center down for days.
With data centers becoming increasingly critical to business strategy execution, their security must be considered within the context of the broader security strategy for the overall organization.
Security for the data center must evolve in three important aspects to deliver the control administrators need, without compromising protection and functionality.
Security must be designed specifically for the data center
Many Internet-edge security solutions, like next-generation firewalls, are being inappropriately positioned in the data center where the need is visibility and control over custom applications, not traditional web-based applications, and the systems that keep them operational.
Security must be integrated into the data center fabric, in order to handle not only north-south (or inbound and outbound) traffic, but also east-west traffic flows between devices, or even between data centers.
Security also needs to be able to dynamically handle high-volume bursts of traffic to accommodate how highly-specialized data center environments operate today. And to be practical, centralized security management is a necessity.
Security must be able to adapt
Today’s data center environments are highly dynamic and security solutions must be as well.
As they evolve from physical to virtual to next-generation SDN and ACI environments, data center administrators must be able to easily apply and maintain protections.
Security solutions must provide consistent protection across these evolving and hybrid data center models
They must also be intelligent, so that administrators can focus on providing services and building custom applications to take full advantage of the business benefits these new environments enable, without getting bogged down in administrative security tasks, or risking reduced levels of protection.
Security must protect against advanced threats
Traditional data center security approaches offer limited threat awareness – especially with regards to custom data center applications and the SCADA systems that keep them running 24x7.
They typically deliver limited visibility across the distributed data center environment and focus primarily on blocking at the perimeter.
As a result, they fail to effectively defend against the emerging, unknown, threats that are targeting them.
What’s needed is a threat-centric approach to holistically secure the data center, that includes protection before, during, and after an attack - one that understands, and can provide protection for, specialized data center traffic and the systems that keep them running.
With capabilities like global intelligence, coupled with continuous visibility, analysis, and policy enforcement across the distributed data center environment, administrators can gain automation, with control, for the protection they need.
Advanced attackers are infiltrating networks and moving laterally to reach the data center.
Once there, the goal is to exfiltrate valuable data or cause disruption.
Data center administrators need technologies that allow them to be as ‘centered’ on security as attackers are on the data center.
With solutions designed for the data center, able to evolve as data centers embrace hybrid and next-generation environments, and built to deliver protection before, during, and after an attack, data center administrators can reap the business benefits, without the risk.
The opinions expressed in the article above are those of the author and do not reflect those of DatacenterDynamics, its employers or affiliates.