Firewalls: Fighting the barbarians at the gate

Nov. 1, 2003
Firewall technology has cut intrusion damage in half over the past year, even as Internet break-ins persist. The culprits are typically hackers and disgruntled employees.

As manufacturers create networks to connect shop-floor systems to business processes and inventory, security concerns have followed. When companies connect to the outside world, security becomes even more complicated. Companies are peppering their systems with hard and soft firewalls. The resulting security is a confusing patchwork of plugs and stitches. Many manufacturers don’t know if they’re safe or vulnerable until a new network virus, or worm, shows up and puts the whole system into question. Worse yet, a disgruntled ex-employee cracks into the system to take revenge for a recent layoff.

Some manufacturers are getting wise. They’re starting to look at security as a strategic concern instead of a patch-up-the-leaks job to be handled by the information technology (IT) team in its spare time. “Manufacturers have to think differently about their business processes,” says Jeff Platon, senior director of product and technology marketing for security at San Jose, Calif.-based Cisco Systems Inc. “As they make the connection from shop-floor to spare parts to make sure they have just-in-time inventory, there are security issues.” According to Platon, manufacturers have to go back to basics. They have to determine what’s at risk, and then come up with strategies to mitigate that risk.

There is a growing need for effective firewalls, because networks are more than just communication systems. Now they carry revenue, control the plant and track inventory. “We’re using our networks more for business than technology,” says Chris Calvert, manager of security intelligence at IBM Corp., in Armonk, N.Y. “We’re generating revenue on networks, so attacks are impacting revenue more than they used to.”

Firewall technology has been applied in an awkward manner, because it is usually added after networks are developed and deployed. Firewalls were used to patch the holes in a system that wasn’t built to fend off attacks. “Security follows the evolution of the information,” says Calvert. “It isn’t so much that it’s an oversight, but that users built their IT practices before security was such a widespread need.”

Firewalls are also called upon to manage a growing complexity of needs in an expanding network. Security devices must ward off attacks while managing who can go where within the network. The network, of course, is tied to other internal systems and it reaches out to suppliers and customers globally. Plus, security devices and programs have the double responsibility of blocking attacks and cleaning up any messes left from intrusions. “A firewall is a whole host of technologies now,” says Michelle Araujo, product manager at Symantec Corp., a firewall producer in Cupertino, Calif. “There’s proactive security and technology to clean up after the system’s been compromised.”

History of the worm

The development of firewall technology goes back to days immediately following the surprising appearance of the Morris Worm 15 years ago. The college “experiment” ushered in a nasty new world of crippling viral programs. “The Morris Worm brought down a large portion of the Internet in the late 1980s,” says IBM’s Calvert. “That had a broad impact.”

The Morris Worm was born on Nov. 2, 1988. A Cornell student, Robert Morris Jr., wrote a self-propagating worm program and sent the malicious creature crawling out onto the Internet, where it found a wide-open terrain of naive computers. The worm started replicating and attacking university and military computers much faster than Morris anticipated, leaving catatonic machines in its wake.

Morris panicked and, in a moment of remorse, sent an anonymous message over the network, telling programmers how to kill the worm. By the time the antidote was released, the Morris Worm had burrowed through the networked computers, leaving behind millions of dollars in damage. Since then, there have been many other worm attacks, but most post-Morris demon creators have lacked his conscience.

As viruses keep coming, U.S. companies have finally turned the corner on fighting the damage. A 2003 FBI/Computer Security Institute survey of U.S. businesses found that 98 percent employ some kind of firewalls to protect their computers and information assets. Fifty six percent reported unauthorized use of computer systems in the past 12 months. This is down from a high of 70 percent in 2000. Seventy eight percent identified the Internet as the weak territory, while 30 percent reported unauthorized use coming from internal strikes. As for the culprits, 82 percent of companies pointed to independent hackers, and 77 percent included disgruntled employees among the attackers.

Losses from information intrusions are estimated in the billions of dollars annually. Yet one surprising statistic, from the FBI/CSI report, reveals that the total annual losses from firewall intrusion plummeted more than 56 percent from 2002 to 2003. The reduction in financial damage comes even as the number of unauthorized intrusions remained roughly the same. The report attributes the reduction of financial losses to the widespread use of firewalls. Even if the barbarians are banging through the cyber wall, their ability to do damage is diminished.

Firewall Advances

Firewall technology has come a long way in a few short years. “If you go back 10 years, firewalls were routers with filter capabilities. They monitored traffic in and out of a network,” says Al Decker, executive vice president of security and privacy services at Electronic Data Systems Corp. (EDS), in Plano, Texas. “We have moved from the configurable router to appliances—hard-coded devices that are often in concert with wireless and network access points.”

As the range of potential damage from intrusions has increased, firewall technology has become more and more complex. “Firewalls are actually one of the more mature technologies in information security,” says IBM’s Calvert. “Firewalls are becoming more intelligent and broader. It’s more than a single device. There is less redundancy and more depth in firewalls now.”

Firewalls are smarter in how they process information and how they differentiate messages coming from various sources. “The new firewall layers have intelligence and go down to make decisions. They look at the IP address and decide whether you can talk to the system,” explains Frank Prendergast, manager of network certification services at the French manufacturer, Schneider Electric. “You can also go down and decide which application you don’t want browser messages to go through.”

Manufacturers are not significantly different from other companies in their firewall needs. “From a security perspective, the firewall requirements for a manufacturer are no different than the requirements of a financial corporation,” says Schneider’s Prendergast. “You have to make sure that nothing enters the system and causes disruption, so we train our security team on the needs of industrial control.”

Manufacturers have some common hurdles that make security difficult. They tend to have older IT systems that have been cobbled together over a couple of decades of acquisitions. “The biggest challenge for manufacturers is consolidation and working with legacy systems,” says Camille Milfort, director of quality assurance, IP Services, at Lucent Technologies Inc., in Murray Hill, N.J. “Companies are coping with legacy systems and consolidating equipment on their networks.”

Once manufacturers begin applying firewalls to their systems, they need to pay attention to the rule sets embedded in the firewalls “It’s not the firewall that matters—it’s the rule set deployed by the firewall,” explains Cisco’s Platon. “In the mainframe days, you had a rich language for access.” According to Platon, things have become a lot more complicated. “Now you’re going to limit a set of traffic to a particular segment, and once it gets there, you’re going to control what it can do.”

What’s next?

The need for complex firewall rules is the next generation of security. “Earlier it was a matter of securing the castle—who can I keep out?” explains Colleen Niven, vice president, technology research, at Boston’s AMR Research. “Now, manufacturers want to control where the good guys can come in.”

Firewall technology will likely see new generations of technology as new threats appear. “We hope to stay one step ahead of the evil-doers. They find exposure and create a tear,” says EDS’s Decker. “It’s a continual leapfrog of technology.” Decker notes that the threat of network breaches has elevated security to an issue for the highest executives. “It’s become more of a boardroom issue,” says Decker. “In the past 18 months, I’ve made more presentations in boardrooms than I have in the past 25 years. Companies have put a lot of capital outlay into IT, and they understand the increased importance of protecting that IT.”

See sidebar to this article: The new security "A Team"

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...

AVEVA™ System Platform: Smarter, Faster Operations for Enhanced Industrial Performance

AVEVA System Platform (formerly Wonderware) delivers a responsive, modern operations visualization framework designed to enhance performance across all devices with context-aware...