CQ HOMELAND SECURITY – TECHNOLOGY
March 2, 2006 – 7:35 p.m.

DHS Software Contract Could Help Protect Nation’s Infrastructure

By Benton Ives-Halperin, CQ Staff

A California-based company is working on next-generation security technology that could help protect computer systems and networks that underlie nearly every facet of the nation’s critical infrastructure, from power generation to transportation to the financial sector.

Called Supervisory Control and Data Acquisition (SCADA) systems, these computers run the “remote control” elements of oil pipelines and electric grids. SCADA systems often provide fail-safes and remote monitoring capabilities.

And Solidcore Systems Inc. — based in Palo Alto — is working under a Department of Homeland Security research contract to develop new software that would bolster SCADA systems’ defenses against malicious software, or “malware.”

The need to defend SCADA systems is real. Lawmakers have singled out the command and control software systems as vulnerable points in the nation’s infrastructure. And with the boom in computer technology over the past decade, many of those essential systems are now using commercial operating systems, such as Windows and LINUX.

But the introduction of commercial software also means that well-documented vulnerabilities could now affect SCADA systems. For example, the 2003 SQL Slammer worm crashed plant monitoring systems at the Davis-Besse nuclear power plant in Ohio.

The worm infiltrated the plant’s computer networks through an attached outside contractor system. Fortunately, the plant was offline for routine maintenance, and backup systems would likely have prevented a disaster.

“These are computers that control machines where if the machines don’t work right, people die,” said John Sebes, chief technology officer at Solidcore, by telephone.

The company’s software helps protect computer system “end points,” by preventing any unauthorized software from running on a particular computer.

For example, an automated teller machine leaves the factory with certain security parameters and embedded software in it. Using Solidcore’s software means that a hacker or thief could not insert a new piece of code that would make the machine dispense all its cash, for example.

In the SCADA realm, the company’s technology would help secure critical infrastructure networks by preventing malware from running on essential systems. Even if vulnerabilities are left unfixed or unknown, “that vulnerability couldn’t be exploited because all of the ways these vulnerabilities are exploited require the execution of some code,” Sebes said. Solidcore’s technology prevents any new code, including malicious software, from running.

“As soon as you protect some of these systems — typically the ones that are closer to the public network — they’re well protected,” Sebes said.

Under an 18-month contract from the Homeland Security Advanced Research Projects Agency of DHS, the company will be working to apply its protection software on a network-wide scale. Because computer networks are always growing and changing, it can be difficult, and possibly undesirable, to guarantee every machine is protected against running unauthorized code.

So Sebes envisions using his company’s software as a kind of early warning system. If a computer registers an attempt to run unauthorized code, it can immediately alert the entire network. Firewalls and other defenses could be automatically updated, Sebes said.

“When their protections ring bells, that can immediately enable network-level protection of all the systems further back in the control network that may not be as well protected,” Sebes added.

Benton Ives-Halperin can be reached at ihalperin@cq.com.