Intel Security on Wednesday announced a new software technology platform that it said can be used to secure legacy and new capabilities used in critical infrastructure applications.
Intel Security Critical Infrastructure Protection (CIP) separates the security management functions of the platform from the operational applications, which allows operations to be secured, monitored and managed, Intel Security said. Intel Security is the cyber security arm of computer chip maker Intel Corp. [INTC].
For the past 14 months, Intel Security has been demonstrating its new technology in a field trial at Texas Tech Univ., which also includes the Center for the Commercialization of Electric Technologies (CCET), and Electric Power Group, a company that provides synchrophasor applications for monitoring electrical networks. The field trial was part of a project funded by the Department of Energy for integrating wind power into the electric grid in Texas.
The technology was deployed in a live transmission environment, Lorie Wigle, vice president of Internet of Things Security Solutions for Intel Security, said at a briefing hosted by the company.
The Intel Security CIP “performed as required by NIST (National Institute of Standards and Technology) standards and withstood penetration testing, as well as protected the synchrophasor applications during the Heartbleed vulnerability and Havex attacks,” Milton Holloway, president and chief operating officer of CCET, said in a statement.
The integration for an end-to-end cyber security solution into the electric grid infrastructure is a first, Vikram Budhrja, CEO of Electric Power Group, told Defense Daily.
Intel’s new security technology is market ready, company officials said a briefing in Washington, D.C.
Intel Security said that its CIP platform, which was developed with Intel’s Wind River subsidiary, includes protection capabilities such as device identity, malware protection, data protection and resiliency, “all tailored to today’s machine-to-machine environments.”
Wind River provides software applications for control systems.
Intel Security, citing studies it sponsored through the Center for Strategic and International Studies (CSIS), said that that of 200 executives of critical infrastructure surveyed globally, 32 percent had not adopted special security measures for smart grid controls, although 33 percent expected a major cyber security incident within a year.
James Lewis, a cyber security expert with CSIS, said as part of a panel presentation hosted by Intel Security that the burgeoning number of high profile cyber security incidents worldwide has gotten the attention of corporate boards. The 2013 attack against retailer Target [TGT] got the attention of CEOs, he said, because it eventually resulted in the firing of their CEO.
Lewis said the number of cyber attackers that have the skills to disrupt critical infrastructure is rising, among both state and non-state actors, “and it continues to go up faster than our ability to defend against them.” He added that Iran has capabilities it didn’t have 10 years ago and “if the Iranian Revolutionary Guard decides it wants to turn off power to some part of the U.S., it can do so.”
Some companies have done a “great” job preparing themselves for attacks and other companies haven’t, Lewis said. “The Iranians have probed most of them. We don’t want to find out the hard way that we have not paid enough attention.”