Commercial Enterprises:

INTEGRITY—When Life Depends On It
Securing Chemical Manufacturers from Cyber Attack

SCADA systems were never designed to be connected to the Internet. Recent exploits have proven that the "air gap" between SCADA systems and business networks that are connected to the Internet is easily compromised. So while not directly connected, SCADA systems are accessible from the Internet.

FERC and NERC are still trying to play catch-up and tighten up the Critical Infrastructure Protection (CIP) measures mandated by the US government. On January 18, 2008, FERC approved the CIP Reliability Standards developed for the electric industry by NERC and directed NERC to develop modifications to CIP, including:

  • Removing the "reasonable business judgment" language and the "acceptance of risk" exceptions
  • Developing specific conditions that a responsible entity must satisfy to invoke the "technical feasibility" exception

These tighter standards are being applied throughout the critical industries in the US, including the Natural Gas industry.

SCADA systems are almost NEVER updated for fear that the effected systems won't work properly post-update. This is nothing less than a recipe for a cyber disaster, since cyber holes don't get fixed. How big is the problem? The chemical industry massive and complex:

Consider the chemical manufacturing network:

  • Nearly a $1.5 trillion global industry
  • U.S. is the world's largest producer
  • 170 chemical companies
  • More than 15,000 facilities operating in the US
  • Over 2% of total U.S. GDP
  • Nearly 12% of the manufacturing GDP
  • 2006 revenue was approximately $632 billion
  • Gross profit was 44.1% at $279 billion

No SCADA system updates, exposed vulnerabilities in SCADA software, SCADA systems connected to the Internet. A successful cyber attack on a chemical manufacturing plant is not a matter of if; it's only a matter of when.

Sooner or later, cyber security strategies based on ad-hoc, reactive, inconclusive"pierce and patch" security policies will result in:

  • Executives not in compliance with Federal laws; facing fines and/or prison sentences
  • Widespread economic upheaval as loss of chemical production impacts other dependent industries
  • Loss of corporate value — market capitalization, revenue, earnings
  • Loss of customers
  • Millions lost defending or settling class action lawsuits
  • Millions spent on restoring operations or refunding money to customers
  • Bankruptcy
  • Potential for environmental and medical disasters that could include loss of life

A cyber security strategy based on "pierce and patch" is—

Unfathomable. Unacceptable. Untenable. Uneconomic.
And has largely been unfixable — until now.

INTEGRITY — the most secure and reliable software system ever developed — can provide chemical manufacturers with certified unbeatable cyber asset security. The National Information Assurance Partnership (NIAP) has awarded INTEGRITY a rating of EAL6+ High Robustness. No software system has ever come close to these ratings before INTEGRITY.

With INTEGRITY, mission critical applications stay secure, customer data remains private, and control and command applications work without the possibility of intentional, hostile, well-funded, internal or external attack. And it's been certified — not once, but multiple times.

INTEGRITY helps chemical manufacturers meet and exceed Critical Infrastructure Protection requirements:

  • CIP-001-1 Sabotage Reporting — INTEGRITY eliminates the possibility of cyber sabotage.
  • CIP-002 Critical Cyber Assets — INTEGRITY makes the risk assessment process simpler by eliminating the risk.
  • CIP-003 Security Management Controls — INTEGRITY turns the minimum requirement into a "maximum" as the security management controls will be military-grade.
  • CIP-004 Personnel and Training — INTEGRITY makes cyber awareness easy as access to and control of critical data are allowed based on a comprehensive policy strategy established by the electric utility.
  • CIP-005 Electronic Security — INTEGRITY protects all the assets regardless of where they reside.
  • CIP-006 Physical Security — INTEGRITY provides physical security planners with the added benefit of knowing the assets are secure from social hackers.
  • CIP-007 Systems Security Management — INTEGRITY enables utilities to establish their own enterprise-wide and system-level protocols.
  • CIP-008 Incident Reporting and Response Planning — INTEGRITY prevents any attack from getting out of the virtual machine involved. Attacks can be eliminated with a single click of a mouse.
  • CIP-009 Recovery Plans — INTEGRITY ensures that critical cyber assets are always safe and always available from INTEGRITY-enabled data storage facilities should physical damage create the need to rebuild an electric utility command center.

Certified as secure and reliable for both military and non-military use as a result of the most rigorous testing and evaluation possible, INTEGRITY offers:

  • True security
    • Open communication is possible without risk to critical assets
    • Mission critical assets and applications remain completely safe and secure
  • Cost savings
    • INTEGRITY Secure Consolidated Client
    • Simultaneous support of legacy and mission critical applications
  • Form flexibility
    • Protect desktop PCs, servers, Thin-Client Workstations and even PDAs
  • Open Standards
    • Supports Windows and Linux
    • Supports native POSIX-compliant applications
  • Certified security and reliability—no other operating system can offer this level of security and reliability and no other operating system has ever been certified to the levels of INTEGRITY

To learn more about how INTEGRITY Global Security can secure your chemical manufacturing enterprise, please call 805.882.2500, or send email.

© INTEGRITY Global Security    |    Site Map    |    Contact Us