"... deploying systems and technologies that can monitor control systems to detect malicious activity and facilitate response actions to cyber threats is central to ensuring the safe operations of these critical systems.
The Federal Government will work with industry to share threat information for priority control system critical infrastructure throughout the country."
---National Security Memorandum on Improving Cybersecurity
for Critical Infrastructure Control Systems
Industrial Tough Taps And Aggregators
Data Sheets 2021.09.29
Vision T1000 Industrial Network Packet Aggregator
Industrial Packet Aggregators For ICS/OT
Keysight’s industrial network packet aggregator solves the challenge of getting visibility into remote sites with harsh environments, such as power substations, mining sites, and other unique locations that have a wide range of environmental requirements.
When used with Keysight’s Copper and Flex Tough Taps, the Vision T1000 aggregates multiple input streams into multiple aggregated output streams-- optimizing scarce tool port requirements within your substation.
The Vision T1000 filters out unwanted traffic based on packet headers, eliminating unwanted traffic such as CCTV video feeds. The Vision T1000 also load balances traffic, optimizing usage of monitoring tools. It’s built with an easy-to-use GUI interface, so most functions are just a few clicks away.
Keysight’s industrial network packet aggregator is TAA Compliant, independently certified for harsh operating environments, and supports either AC or DC power requirements.
Data Sheets 2021.07.30
Copper Tough Tap
Copper Tough Taps for ICS/OT
Keysight’s industrial visibility solutions interoperate with our enterprise visibility solutions. Together they create a complete portfolio of copper and fiber solutions for out of band (‘OOB’) network monitoring tools for security and performance. Tough Taps give you the visibility you need to enable security in your ICS environment.
Keysight’s Industrial Copper Tough Taps are TAA Compliant, independently certified, and purpose-built to meet requirements to operate where you need them, in extreme operating temperatures.
The 10/100/1000Mbps Copper Tough Tap is a secure tap device which can operate in three modes: (1) simple tap, (2) 2:2 packet replication (breakout on aggregation mode) or (3) 2:1 packet replication (aggregation mode). When operating in aggregation Mode, the Copper Tough Tap sends copies of the aggregated traffic through two monitoring ports, allowing for a primary and secondary tool.
Copper Tough Tap supports Power over Ethernet (PoE) pass through, and have physically air gapped monitor ports for intrusion protection. Copper Tough Taps fail-to-wire to continuously pass traffic even if the tap loses power.
A TAA Compliant Power Rack for Tough Taps can be purchased to power up to 16 copper Tough Taps with fully redundant power source supply (dual-redundant). The Industrial power supply rack can support 48V DC or 110-220V AC input power, and support up to 32 x 5VDC powered devices. TAA Compliant, the 19” rack mount supports both AC and DC DIN mountable power supply convertors available separately from Keysight.
Data Sheets 2021.09.21
Flex Tough Taps Keysight Industrial Solutions
Fiber Tough Taps for ICS/OT
Keysight’s Tough Taps give you the visibility you need to enable security in your ICS environment.
Keysight’s Industrial Tough Taps are optimized for “Run to Fail” fiber networks with both old and new fiber modes often seen in remote substations.
Available in two models:
- 1G OM1 multimode fiber for older networks, and
- OM5 multimode fiber for everything else
Flex Tough Taps are compatible with monitoring devices from all major manufacturers, including protocol analyzers, probes, intrusion detection systems, and ICS cybersecurity tools, and are protocol agnostic.
Flex Tough Taps are TAA Compliant and compact, with each module holding 4 taps in one DIN mountable housing. Flex Tough Taps are deployed at any inline connection on the network, have no IP address, don’t drop packets, and add no additional overhead or management burden to network devices like SPAN ports do.
Why Your ICS/OT SCADA Architecture Needs Visibility
There was a time when keeping your ICS environment physically off the enterprise network was a major component of the ICS cybersecurity strategy.
And for years, it worked.
But in a world where just about everything is connected to the internet, that time has passed. Because hackers have already proven that the physical air gap can neither prevent malware intrusion, nor identify malware once it gets inside your network.
A strong cybersecurity strategy for ICS must now include the ability to see what network traffic is flowing inside your entire network; both the IT enterprise network and the OT operational technology network. And we call that, Network Visibility. Why?
Because you can’t protect what you can’t see.
"We cannot address threats we cannot see; therefore, deploying systems and technologies that can monitor control systems to detect malicious activity and facilitate response actions to cyber threats is central to ensuring the safe operations of these critical systems.”
---National Security Memorandum
Industrial Cybersecurity For IT And ICS/OT
Solution Briefs 2022.01.10
Security Monitoring of Critical Infrastructure
It didn't take a worldwide pandemic for Industrial IT teams to realize that ICS/OT cybersecurity ought to be their #1 priority. In 2017, a NotPetya attack disrupted vaccine production at a major pharmaceutical company, causing $1.3 billion in damages and proved to the world that cyberattacks can cripple the operations of its victims. NotPetya impacted production facilities so effectively, that millions of doses had to be acquired elsewhere just to meet customer demand.
But ICS/OT systems haven't always been vulnerable to attack. While the threat of cyberattack has kept IT security teams awake for the past forty years, the Ukraine power plant hack in 2015, was the first real wake-up call to ICS/OT teams around the world.
The cyberattack in Ukraine is the first publicly acknowledged cyberattack to result in power outages. The hackers not only demonstrated their ability to infiltrate ICS systems, but also used their expertise in operating the ICS supervisory control systems to shut down substations which left over 220,000 customers without lights.
Industrial Control Systems within our critical infrastructure are under incredible pressure to secure their networks.
Monitor. Because you can't defend against threats you cannot see.
The US electric generation and transmission infrastructure is one of the most complex systems in the world. Comprised of over 9,000 power plants, and 300,000 miles of high voltage transmission lines, it has a combined generation capacity of one million megawatts.
The utilities that operate this infrastructure face unprecedented challenges from three simultaneous drivers of strategic change:
- Cybersecurity threats – Countries around the world test for weaknesses in the US electricity grid’s cyber defenses
- Emergence of Smart Grid – Bringing a new generation of digital controls, computers, data, and internet access
- Changing Power Mix – Gas-powered plants and renewable sources (solar/hydro/biomass/wind) are replacing coal
Fortification strategies have created large-scale adoption of ethernet and an increased dependence on telecommunications networks. This drives requirements to inspect and monitor traffic on IT and ICS/OT networks.
Fortify. Because you cannot protect what you cannot see.
Solution Briefs 2020.05.31
Validating SCADA Network Security
It's been said that there are two kinds of companies. Those who've been hacked, and those that don't know they've been hacked. And in these unusual times, the headlines scream about breaches occurring even at heavily fortified security companies. So how can you be sure that your cybersecurity defenses are actually working?
In a recent Keysight survey, 75% of companies surveyed have been breached on average once each year. Research indicates that only 50% of security professionals are confident in their current security solutions.
Those surveyed indicate their concern about an ever-increasing attack surface; they worry about insider threats with 66% worried about infected employee devices. 55% also worry about the risk of external attacks.
Professionals cope by throwing security solutions at the problem and hoping these tools perform as expected. But continuous security testing of their security defenses would give proof that their security efforts are working.
Validate. Because industrial cybersecurity is about saving lives.
Keysight for Industrial Cybersecurity
Digital transformation requires the deepest insights from your network. Pressure test your infrastructure at scale with simulated traffic, validate security with breach and attack simulation, and gain visibility into every packet. Safe, reliable, and responsive networks rely on Keysight.
Keysight Technologies, Inc. is a leading technology company that helps its engineering, enterprise and service provider customers accelerate innovation to connect and secure the world. Keysight’s solutions optimize networks and bring electronic products to market faster and at a lower cost with offerings from design simulation, to prototype validation, to manufacturing test, to optimization in networks and cloud environments. Customers span the worldwide communications ecosystem, aerospace and defense, automotive, energy, semiconductor and general electronics end markets.
Ensuring Cybersecurity Compliance for Electric Power Industry
Operational technology (OT) networks and Industrial Control Systems (ICS) are increasingly interconnected with IT networks. This interconnectedness has increased the ICS/OT attack surface due to:
• Proprietary appliances and sensors
• Malware insertion via dedicated attacks to take control of critical infrastructure by criminal and nation-state actors
• Third-party remote access for contractors that may have lax security processes
NERC CIP are mandatory security standards for high-voltage electric transmission and power generation. CIP-005, CIP-007, and CIP-010 require utilities to collect and archive network traffic data at the plant and substation level. Network taps can be placed in power plants and substations at multiple levels of the SCADA network. Unlike Span ports, Network Taps don't drop packets, don't need programming, and can be installed where you need them.
White Papers 2022.03.15
NERC CIP Standards for Threat Visibility and Detection
NERC CIP Standards for Threat Visibility and Detection
Cybersecurity is often described as prevention, detection, response --- and recovery, if needed. What the Colonial Pipeline ransomware attack, the Oldsmar Florida Water poisoning attempt, and now the White House are all telling us is that prevention isn’t perfect and therefore, we need to increase focus on detection, response, and recovery.
The overall goal of the White House’s 100-Day Plan to Address Cybersecurity Risk to the Electric System (100-Day Plan) is to encourage critical infrastructure asset owners to deploy threat visibility and detection technologies to support their incident response and recovery capabilities, as well as provide greater information sharing potential.
The North American Electric Reliability Corporation (NERC) is a regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC’s jurisdiction includes users, owners, and operators of the Bulk Electric System, which serves nearly 400 million people.
The NERC Critical Infrastructure Protection (CIP) standards include regulatory elements that make collecting and archiving network traffic more important than ever before. NERC CIP Standards require utilities to monitor network traffic data at the control center, the plant, and the substation. Utilities are subject to regular NERC Compliance audits and must also regularly conduct vulnerability assessments.
Download the full white paper to go in depth on these topics and more.
IT and ICS/OT Cybersecurity Convergence
It's become almost commonplace to hear pundits speak about the convergence of IT and ICS/OT cybersecurity. But how in the world would hacking something like a company's public facing website, impact revenue through the disruption of service delivery?
When a website offering pay as you go utility services was hacked, customers lost the ability to prepay their electricity, which effectively turned out the lights. Because prepaid services are offered for a wide range of services, from cellphones to cloud storage they're just one more reason why ICS/OT teams are joining their IT counterparts, in a converged security strategy to secure the IT/OT environment.
With the sudden increase in work from home and the resultant surge in digital business transformation, are you ready?
Taps vs SPANS
Partnerships to Fortify your ICS/OT Network
Digital business transformation allows enterprises to continue business as usual through increasingly unusual times. Fortify your IT and OT networks now before unwelcome intruders seize control of your IIoT assets. Partner with Keysight and gain market-leading end-to-end insights to innovate, transform, and win in fortifying your Industrial IoT.
Want help or have questions?