Securing Critical Infrastructure - Protecting Our Way of Life
Critical infrastructure is comprised of all of the computer systems that could be targets of criminal threats, industrial espionage and/or politically motivated sabotage... the power grid, the water supply, railways, nuclear energy plants, etc. Attacks on these networks can cause loss of life, threaten the public safety, impact national security, create economic upheaval, or environmental disasters.

It is estimated that the destruction from a single wave of cyber attacks on U.S. critical infrastructures could exceed $700 billion USD -- the equivalent of 50 major hurricanes hitting U.S. soil at once. (Source: US Cyber Consequences Unit, July 2007)

Because of today’s interconnected world, these systems are targets for attack from both inside and outside the organization:

1. Thrill seekers
2. Botnet owners
3. Contractors and other temporary workers
4. Cyber criminals
5. Disgruntled insiders
6. Foreign intelligence services
7. Industrial spies
8. Phishers, spammers, and spyware authors

Industry and government regulations have been developed to provide guidance on how to secure critical infrastructure. To understand more about these standards and how Secure Computing solutions can help you meet and exceed them, click here.

Highlights
View On-Demand analyst webcast "Cricital Infrastructure Threats Revealed" featuring IDC Energy Insights. Download companion white paper.	“4 Design Requirements to Protect Critical Infrastructures” Learn the four key steps required to protect critical networks	“Meeting and Exceeding Critical Infrastructure Protection (CIP) Standards” Learn how Secure Computing can provide solutions to CIP Standards for infrastructure security

The North American Reliability Corporation (NERC) developed nine Critical Infrastructure Protection (CIP) Reliability Standards (CIP-001through -009). The Federal Energy Regulatory Commission (FERC) approved these Standards, making them mandatory and enforceable with significant sanctions and penalties for non-compliance. The proposed implementation schedule plans for responsible entities to be “auditably compliant” with most requirements by mid-2010 or face fines up to $1,000,000 USD per day.

Secure Computing delivers a broad range of technologies to help you meet and exceed CIP standards with confidence.  Click below to learn more about how Secure Computing’s portfolio can assist you with compliance to CIP regulations.

High-level mapping between CIP and Secure Computing products
Click on the Product Area column headings below for more information on how Secure Computing helps with these requirements.

CIP Standards	Identity Authentication and Access >> more	Web and Mail >> more	Network Firewalls >> more
CIP-001 – Sabotage Reporting
CIP-002 – Critical Cyber Asset Identification
CIP-003 – Security Management Controls
CIP-004 – Personnel & Training
CIP-005 – Electronic Security Perimeters
CIP-006 – Physical Security of Critical Cyber Assets
CIP-007 – Systems Security Management
CIP-008 – Incident Reporting and Response Planning
CIP-009 – Recovery Plans for Critical Cyber Assets

*Each of the 9 requirements represents several sub-requirements. Checkmarks represent mapping with one or more sub-requirements.

How it All Fits Together  

Secure Computing’s extensive portfolio all works together to protect:

• Critical networks from outside attacks
• Remote assets from unauthorized access
• Data regarding critical assets from leaking out of the network
• Interconnected corporate networks spreading malware and blended threat attacks

This graphic depicts an example of how Secure Computing’s extensive portfolio of security offerings would be deployed to protect a control (SCADA) network.

• Secure Mail and Secure Web provide the data leakage protection from within the corporate network to guard information on critical assets.
• Secure SnapGear and Secure SafeWord protect remote facilities by securing remote devices and communication channels as well as providing strong user authentication.
• Secure Firewall provides perimeter defenses of the control center from every possible access point.
• TrustedSource  monitors virtually every activity happening throughout the Internet, and provides real-time information on attacks happening worldwide.

Together, this deployment allows owners of critical infrastructure to meet and exceed the CIP standards.

These systems provide so much security that in 14 years of vulnerability testing at a major urban utility company servicing over 10 million customers, the testers have NEVER been able to penetrate the firewall barrier. In fact, they can’t even see that a network exists past Secure Firewall.

At the same time, Secure Computing can provide this level of security without jeopardizing critical networks’ availability and integrity. Secure provides an easy to manage solution with the strongest security available.

When nothing but the most proven, successful, and comprehensive security solution will suffice, you need the experts at Secure Computing.

The following Secure Computing and industry resources are available to help you learn more about critical infrastructure security.

Secure Computing Resources:

White papers:

• “What Hackers Know about Control Systems that You Don’t”  by Dr. Phyllis Schneck and Joe Weiss
• “4 Design Requirements to Protect Interconnected Critical Networks”
• “Meeting and Exceeding Critical Infrastructure Protection Security Standards”
• IDC Energy Insights Paper: Critical Infrastructure Survey Findings

Customer Success Stories:

• “Major Urban Utility Company: Secure Firewall (Sidewinder) Protects Critical Control Systems”
• “PlantCML Prepares for Next Generation 9-1-1 Emergency Services By Securing VoIP-Based Emergency Call Center”
• “Public Utility District Deploys Application Firewall, Authentication, and Email Security to Protect Corporate and Control Networks”

Industry Application Note:

• “Secure Computing - Protecting the Power Grid from Cyber Threats”

Industry and Government Resources:

Additional information regarding registration and compliance with mandatory
Reliability Standards is available at:

• Download the CIP standards
  
• NERC Website
  
• Commission-approved Reliability Standards
• NERC Organization Registration and Certification
• NERC Statement of Compliance Registry
• FERC Reliability Homepage
  

GERMANY UPDATE:

Germany's BSI (Bundesamt für Sicherheit in der Informationstechnik, Federal Office for Security and Information Technology) and BMI issued KRITIS as a national plan to protect information structures. The brochure was created together with operators of critical infrastructures to describe the actual situation and to give recommendations about how to proceed with securing critical infrastructures in the future.

Kritische Infrastrukturen (KRITIS) sind die Lebensadern unserer Gesellschaft. Die verlässliche Bereitstellung der Dienstleistungen dieser Infrastrukturen ist eine Grundvoraussetzung für die wirtschaftliche Entwicklung in unserem Land, für das Wohlergehen unserer Gesellschaft und für politische Stabilität. Lesen Sie mehr dazu im Umsetzungsplan KRITIS, des Nationalen Plans zum Schutz der Informationsinfrastrukturen, der in Zusammenarbeit von BSI, BMI und Betreibern Kritischer Infrastrukturen erstellt wurde. Weitere Informationen finden Sie hier.

Secure Computing is pleased to offer additional services through our network of valued partners:

FishNet Security, Inc.

Headquartered in Kansas City, MO, FishNet Security is a leading professional services company specializing in providing information security solutions to business clients. The company provides audit and assessment, implementation, support, training, staff augmentation, and managed security services. FishNet Security's consulting team is equipped with certifications that are industry-related and vendor-specific. The team has been successful in helping companies within the utility vertical with their critical infrastructure protection (CIP).

For more information on FishNet Security, Inc., visit www.fishnetsecurity.com.

Net Direct Systems

Net Direct Systems (NDS) is a professional consulting
organization experienced in designing and implementing consolidation, virtualization, and network performance acceleration strategies. We partner with specialized hardware and software providers to offer industry-leading security, data center and network solutions, and integrate them into your unique environment to deliver the benefits of improved flexibility, efficiency, reliability and security. NDS takes a highly personal approach to each client and will make recommendations that are based on real ROI.

For more information on Net Direct Systems (NDS), visit www.netdirectsystems.com.

RP PRO

RP PRO provides IT solutions to commercial and government accounts. Located in Medina, OH, we have a regional focus in Ohio, Michigan, Indiana, Kentucky, West Virginia, and Pennsylvania. The company offers comprehensive solutions for network perimeter security, wan acceleration and email archiving.

We are certified to install, train and support Secure Computing's core products which include Secure Mail (IronMail), Secure Web (Webwasher) and Secure Firewall (Sidewinder). We have been a growing partner with Secure Computing since 2005.

For more information on RP PRO, visit www.rppro1.com.

• What your peers and other industry experts think of today's state of readiness against a major cyber attack.
• Four design requirements that will help you protect your critical networks.
• How to meet and exceed Critical Infrastructure Protection (CIP) Standards adopted by FERC.
• Meet your local Secure Computing Team!
• Provide direct feedback, ask questions, and receive specific technical details from Secure Computing.
• Receive a gift just for attending!!

Space is limited!

Reserve Your Seat Now!

Date:	Location:	Registration Link:
September 24th, 2008	Phoenix, AZ	Register!