The need for systems that can help the company monitor effectively for physical security events, in addition to IT-based threats such as denial-of-service attacks, has created the need for systems that haven't necessarily existed in the past, the executive said.
Many infrastructure businesses are leery to even speak of the security makeover they're currently undergoing.
"The biggest challenge as an end user today is that almost all process control systems have gone Ethernet over the last five years," said an executive at a large North American chemicals company who requested anonymity. "The intent of these systems is to connect operations to the outside world so they can be controlled and monitored remotely, which is a great idea, but it's also a bad idea because now someone can hack you and potentially take these system offline."
To address their problems, both Tri-State and the unnamed chemicals firm have turned to Verano, a Mansfield, Mass.-based technology vendor specializing in securing Supervisory Control and Data Acquisition (SCADA) systems -- the large-scale, distributed measurement and control technologies which serve as the operational backbone of many large infrastructure businesses.
In addition to the heightened need to defend SCADA systems as companies add more IP technologies into their facilities, Verano officials said that many infrastructure companies are simultaneously dealing with the loss of older engineers who had been responsible for building and maintaining internal applications.
A combination of looming security regulation by the government and the departure of their most knowledgeable workers are putting utilities and other companies under increasing pressure, said Brian Ahern, Verano's chief executive.
"These businesses are worried about external threats, insider attacks, potential regulation from the government, and a loss of their most important expertise," Ahern said. "The incidents you see in the field are often shocking in terms of what is out there right now unprotected, especially when you consider that the impact of even a minor incident could cripple national infrastructure."
A prime example of the type of domino effect that a seemingly small infrastructure mishap can have was the August 2003 blackout that left New York City and a large swath of the Northeastern United States without power, Ahern said. Investigators determined that the entire problem -- which plunged an estimated 40 million people into the dark -- was caused by overgrown tree limbs that interfered with power lines in Ohio.
Verano markets a package of tools under the banner of Industrial Defender that promises integrated security and performance management for mission-critical control systems. Among the products, sold individually or as part of the suite, are a perimeter security appliance, network sensor devices, software and security sensors, as well as a security event management (SEM) console.
Many of the individual components may be available from larger security applications and hardware makers, but the key to addressing many infrastructure security problems is having hands-on experience in the SCADA world, the CEO said.
"Traditional IT security companies are trying to move into this market, but they lack the domain expertise that is needed to understand the size and scope of what customers are going through in modernizing their operations," said Ahearn. "There's huge growth potential in the market, but only those companies with the specific domain expertise will be able to compete."