Supply chain security has been top-of-mind for a while now, but with the recent SolarWinds cyber attack, many organizations are becoming increasingly concerned about the security of their systems.
The event involved a compromised supply chain in which the attacker inserted unauthorized code into a legitimate software application. When the customer installed the software on their system, the malware was positioned behind the perimeter security controls, establishing a foothold on the LAN. Once established, the attackers were able to move freely across the network because spanning tree-based managed switches are incapable of detecting or stopping most attacks.
The commonality between this and many other attacks is the inherent vulnerability of spanning tree-based managed switches, due to two fundamental flaws — they allow all traffic by default and there are no security protections on the control plane.
Attackers are using phishing, USB memory sticks and compromised supply chains to deliver malware. Once these intrusions occur, the malicious communications propagate behind the firewall within the LAN.
These attacks are unfortunate yet clear examples of why it’s crucial to incorporate security in the LAN.
That’s where SEL’s operational technology (OT) software-defined networking (SDN) comes in. SEL developed OT SDN to provide the network access control on the LAN that spanning tree-based managed switches just could not provide and critical infrastructure demands.
Here’s the difference:
Many cyber attacks attempt to gain access on the LAN where, once established, they can pivot to other desired targets on the same network. Once past the perimeter access controls of the firewall, the attacker takes advantage of the “allow-all” behavior of managed switches to access other Ethernet-connected devices, as demonstrated in the first image below.
In contrast, the OT SDN denies all traffic by default, meaning you have the security controls to defend against:
- Unauthorized devices connecting to the network.
- Authorized devices speaking unauthorized conversations.
- Authorized devices plugged in at unauthorized locations.
- Authorized devices speaking authorized conversations to unauthorized destinations.
Even if an attacker compromises a host device on the LAN, the architecture of OT SDN drastically changes what the attacker can do next. In most cases, they will be restricted to their point of entry. The second image below illustrates the outcome of a cyber attack on a network that uses SEL’s OT SDN.
The switch limits the access of the compromised workstation to only the previously approved conversations, protecting other devices on the network.
Securing LANs with OT SDN provides protection from the impact of software supply chain attacks and provides situational awareness when unauthorized activity occurs. To learn more about how SDN improves cybersecurity for OT environments, visit our SDN webpage.