by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : September 2014
mal behavior for each role allow automat- ed analysis tools to flag behavior that falls outside the established norm. Identity management is a precursor for any effective access policy, and in this area government has taken the lead with its civilian Personal Identity Verification cards and its military counterpart, the DOD Common Access Card. These smart ID cards enable strong multifactor au- thentication that can provide more clarity of user activity. PITFALLS OF PRIVILEGE But even with effective identity manage- ment, privileged users present a serious insider threat, with their broad trusted access and permissions. Xceedium helps to limit this threat by limiting trust. Its Xsuite solution controls and monitors privileged access on a ze- ro-trust basis using the enterprise's leg- acy authentication platform. It releases securely stored credentials as needed for each task being performed and monitors activity to provide an audit trail that is tied to the user. Another technique for protecting against the trusted insider is network segmentation. Segmenting the network limits the ability of a rogue person or software to travel vertically or horizon- tally through the network, limiting the damage in the event of a breach. "The government is going in that di- rection," said Matt Dean, vice president of product strategy at FireMon. In react- ing to any breach, smarter and faster de- cisions are needed and that require au- tomation, Dean said. "We've got to get humans out of the equation. They can't react fast enough." At the same time, most observers say software and automation can only take agencies so far in protecting against in- siders. "At some point you do need to have a person involved," Crouse said. Automation and the use of Security Information and Event Management software can also stretch limited hu- man resources. But no one software tool can do it all, and data produced by these tools has to be used in conjunction with human knowledge to create meaningful information, experts say. Drawing the line between automa- tion and human analysis can be a, "huge problem," said Armond Caglar, senior threat specialist for TSC Advantage, an enterprise security consultancy. "At the end of the day there has to be somebody on the back end who knows what to look for," Caglar said. "This has to be somebody's full time job, and it's going to be a cost center." PHYSICAL CONTROL SYSTEMS Industrial control --- or supervisory con- trol and data acquisition (SCADA) --- systems present a special threat because they can open the door to the manipu- lation or destruction of physical assets, including critical infrastructure. They typically are built for reliability, needing to run 24/365 and often are built to run in isolation and without security. In an increasingly networked world, however, isolation is becoming difficult if not impossible to ensure, and the ab- sence of security can open large holes in systems that run everything from chemi- cal plants and power grids to military aircraft and naval weapons systems. With the death of isolation, "we are seeing a trend toward a more holistic view of security," said David Barnett, vice president of products and markets for RTI, which provides data communica- tions systems. "With devices increasingly connected to other systems, a lot more in- telligence has to be put at the edge of the network. Everything that connects to the network is now a point of exposure." This new connectivity effectively mul- tiplies the number of insiders in SCADA systems, which in turn multiplies the in- sider threat. "There is now an order of magnitude more people who have access to that data," Barnett said. Moreover security is a special challenge in control systems because security usual- ly involves a trade-off with performance. "Our control systems have to work very quickly and have to have very high reli- ability with no downtime," Barnett said. This means security updates on SCA- DA systems are difficult. "Every change is a threat," said Andrew Ginter, vice president of industrial security at Water- fall Security Solutions. "Change is a huge problem on the industrial network." One solution, done with digital cer- tificates, is frequent authentication of people and machines on the system. Data also can be authenticated with digital signatures and further protected with encryption when necessary. But be- cause computing overhead in strong en- cryption can impede performance, this should be limited to data that needs to remain private. Waterfall Security Solutions emphasizes hardware-based security for control sys- tems. A two-box gateway that physically separates sending and receiving functions on the network can protect it from outsid- ers without degrading performance. Ginter admits that this is, "not an abso- lute protection against insiders." Detailed monitoring and auditing of systems are necessary to increase the chances that an insider attack will be detected, he said. And although chances of detection can be improved, the threat cannot be com- pletely eliminated, especially in the case of a well-funded, determined adversary with someone on the inside. "If you have all the information, it is always possible to craft an attack that will get around the software defense," Ginter warned. • "If you have all the information, it is always possible to craft an attack that will get around the software defense." --- ANDREW GINTER, WATERFALL SECURITY SOLUTIONS INSIDER THREAT DETECTION 18 GCN SEPTEMBER 2014 • GCN.COM