Uniloc offers StrongPoint to protect critical infrastructure

Published 4 March 2008

U.S. critical infrastructure is controlled by Supervisory Control and Data Acquisition (SCADA) networks; in the innocent pre-9/11 years, emphasis had been placed on performance, reliability, and safety, leaving these networks prone to attack; Uniloc shows physical device “fingerprint”-based solution to make SCADA networks more secure

Readers of the Daily Wire would know that we have raised the issue of critical infrastructure security — or rather, the lack thereof — time and time again. Infrastructure facilities are large and sprawling, and they are often controlled from hundreds of miles away over SCADA networks. This makes these very important critical infrastructure systems vulnerable to malicious hacking. Good to see, then, that Irvine, California-based Uniloc USA, a specialist in device-based authentication, is releasing StrongPoint, a device-based Identity and Access Management (IAM) appliance for infrastructure security (talk of infrastructure: We could not move beyond the first page on the company’s Web site). The company says that StrongPoint uses device fingerprinting to ensure secure private networks between a StrongPoint Server at the NOC (Network Operating Center) and StrongPoint appliances located at field controls. StrongPoint offers protection against unauthorized insider and cyber security threats for SCADA networks in the transportation, government, electricity, natural gas, gasoline, water, and waste treatment industries.

SCADA networks contain computers and applications which conduct essential operations in the delivery of services across a wide variety of critical industry and government infrastructures, including transportation networks, electric power grids, water delivery networks, and sewage networks to control pumps, valves, and switches. They are a part of the U.S. industrial infrastructure, requiring tight protection against a variety of inside and external threats. There is an unfortunate paradox here: SCADA networks deliver significant operational efficiencies and are pervasive throughout North America — but at the same time security of these systems is less than optimal because over the years, especially the innocent pre-9/11 years, emphasis has been placed on performance, reliability, and safety, leaving these networks prone to attack. StrongPoint appliances will protect SCADA networks using Uniloc device fingerprinting to restrict SCADA network access to designated PCs at the NOC. This gives limited access to designated computers used by authorized field engineering staff logging into the NOC Virtual Private Network (VPN). With StrongPoint, a hacker must be on an authorized PC to impersonate an authorized user (but what, you may ask, if such an authorized PC is stolen and lost? This is another question). StrongPoint also provides notification and location of unauthorized VPN connection attempts at the NOC. The company says that the hardened appliance is designed to meet the need for security and hack resistance in the rapidly evolving world of SCADA systems. StrongPoint thus shields field control systems against malicious code threats, ensuring against network vulnerabilities, and monitoring field security status conveniently from the NOC. “Open standards make it very easy for hackers to gain detailed knowledge about the workings of SCADA networks,” said Casey Potenzone, CIO of Uniloc. “StrongPoint stops attacks in their tracks, protecting public infrastructures with device-based identity management more accurate than human DNA is at identifying humans. Now, public infrastructures gain a powerful ally in the defense against unauthorized network access.”

The company says that StrongPoint features these capabilities:

—Protection of SCADA systems and field controls from cyber attack

—Hack resistance — significantly improves upon traditional router, switch, and firewall security

—Uncompromising security on any infrastructure — including open standards, wireless, and public Internet

—Bidirectional security — prohibiting network access from breached field substations

—Cross-platform compatibility with any and all operating systems and field control hardware

—Notification and location of unauthorized StrongPoint VPN connection attempts

—Low impact on network performance

About the technology

Uniloc’s Device-Based Authentication Physical Device Fingerprinting is the core technology behind StrongPoint. The technology is based on the principle that no two digital devices are identical. The company’s patented method identifies a user device, such as a PC, game console, smart phone, or cell phone, by the naturally occurring, inherent physical imperfections of that device, and then incorporates that physical device fingerprint into licenses or access credentials. The process of physical device recognition starts by generating a digital identity for a device, known as its “Physical Device Fingerprint.” A Physical Device Fingerprint is made up of a combination of machine characteristics and properties which are generated using a set of proprietary algorithms. The Uniloc Physical Device Fingerprinting algorithms allow the unique, reproducible identification of a device with an accuracy greater than 3.4 * 10^38 — the company says this accuracy allows Uniloc to identify devices with more comparable accuracy than human DNA.

StrongPoint is available in limited release and is scheduled for general availability in early Q3.