In 2010, Stuxnet carried out attacks on Iranian nuclear facilities and the Besher nuclear power plant.The attack destroyed 1,000 centrifuges at the Natanz facility and shut down the Bushehr power plant.Stuxnet was the world's first cyber weapon to target OT/ICS critical infrastructure.In addition, 6 million PCs of major industrial infrastructures in China were also infected, affecting the control of the water control of the Shansha Dam.

In 2015, Black Hat also announced that it is possible to execute malicious control commands to the internal control network by using the PLC as a gateway through the analysis of the Siemens PLC control protocol connected to the external Internet. Iologik e1214

The same goes for Korea.As critical control systems and operating systems of infrastructure such as power plants, gas production and distribution, water resource management, nuclear power generation, airports, and railways are connected to the Internet, various security incidents are occurring.As internal and external maintenance and remote access by third-party employees increase, security problems and safety accidents are occurring more frequently.

According to data from 2019, hacking attempts at Korea Hydro & Nuclear Power have reached 489 cases over the past five years, and a total of 39 people, 3 per unit of 13 power plants, are in charge of cyber security for the control system of nuclear power plants.Attack attempts continue to increase, but manpower is in short supply.In addition, remote access to OT/ICS manufacturing networks is an unavoidable reality due to the increase in hybrid or remote work after COVID-19 and the increase in demand for remote or uninterrupted facilities.

◇ Cooperation with Fargo Networks and Jonah System... Expansion of supply to domestic OT/ICS related public companies

Accordingly, Fargo Networks (CEO Kwon Young-mok) and XONA Systems entered into a partnership and decided to supply and expand innovative security products that enable safe access to OT/ICS critical infrastructure to domestic OT/ICS-related public enterprises. Agreed.

At the press conference on the 22nd, Kem Pehlivan, APJ manager of Jona Systems, said, “As OT/ICS data is digitized and remote work increases, existing IT security solutions are in a state of weakness in cybersecurity in the OT/ICS area.” Various security solutions are introduced and used to control internal and external remote workers accessing through the Internet, but there are limits to controlling them and preventing security accidents.If the VPN account is leaked through hacking, hackers can access the internal network of OT/ICS as it is and control the operating system, which can lead to a national catastrophe.VPN account information is openly traded on the deep web and dark web.”

What distinguishes Jonah System from existing IT security solutions is that it can safely access, manage, and control facilities during remote access.

The zone system is located between the user PC corresponding to the IT zone and the internal network corresponding to the ICS zone, the control DMZ network, and the control network (operation department, control unit, field unit).

◇Differentiation of OT/ICS security of Jonar system platform

ROAM of Jonah System is a policy server and plays the role of a central policy management server that records, audits, and controls everything performed in the operating network.In addition, CSG equipment installed at each domestic and overseas branch is installed inside the OT production network.

At this time, when CSG transmits internal network data to the user's PC, it does not send original data, but transmits only PNG image files using protocol isolation technology.In other words, even if the user's PC is hacked, the attacker cannot see the original data of the OT network.On the other hand, normal users can use all functions even on PNG images.In other words, even if the endpoint is hacked, the hacker cannot take the information of the internal network and cannot attack with malicious code.

In addition, since the user PC must also access through biometric authentication when accessing, it is difficult for hackers to access.

Currently, the Jonah system has been introduced and is being used smoothly by domestic mid-sized auto parts companies and mid-sized semiconductor companies.In addition, as companies in industries such as electric power, gas, oil, energy, manufacturing, chemicals, electronics, and semiconductors are increasingly interested, the domestic market is expected to expand rapidly.

Youngmok Kwon, CEO of Fargo Networks, said, “VPN only encrypts the tunnel when connecting to the OT network, but if the user's PC is taken over by hackers, the unencrypted data is exposed as it is, so it can directly damage the operating network.It leads to a major accident,” he said. “Since the Zona System solution only transmits PNG files, which are picture files, to the user’s PC, there is no data exposure.The Zona System solution is currently being introduced and used in major infrastructure and various OT companies in 30 countries.It is expected that Korea will continue to increase the number of institutions introducing it.”

In addition, the VPN had to block the connection to the internal server outside of the user access time, so the person in charge had to block it himself, which was inconvenient.On the other hand, ZonaSystem CSG automatically disables the remote access control or physically disables the Ethernet port when the user is not connected.In addition, all operational situations are recorded so that they can be used as audit data.

On the other hand, parachute equipment that can be used in case of an emergency in a remote or remote area is also provided.The equipment has a built-in modem, SIM card, and CSG, so it supports smooth operation of the equipment wherever there is no Internet.

In addition, when configured with equipment that interlocks with the MOXA Relay function, such as the MOXA ioLogik E1214, the on-site alarm control function is additionally configured and supported.When remote access occurs, it is linked with MOXA Relay equipment and is an alarm generating and safety process operation equipment that informs field workers.If generators or power devices are operated while on-site maintenance personnel are working, it can lead to human casualties, so it is used as a preventive device.

“There are many major global manufacturing companies, industrial infrastructure and research institutes with critical infrastructure in Korea,” APJ Manager Chem Pelivan said.For all these companies and institutions, we will expand our business in Korea to provide a direction for new and powerful remote access technology and to collaborate.” We maintain a close technical collaboration relationship with companies and have already secured many customers and references in industries such as gas, oil, energy, manufacturing, chemical, electronics, and semiconductors.”

◇ Fargo Networks “We will leap forward as a company specializing in managed detection and response”

CEO Kwon Young-mok said, “Institutions that operate critical infrastructure, from information and public companies to enterprise companies, have a critical responsibility to protect themselves from rapidly growing cyberattacks. Most of them allow remote access to critical infrastructure. of companies, it comes with enormous complexity and cost issues, further exposing the infrastructure to threats.Jonah System's OT/ICS remote access platform is a unique, clear, and secure solution that can solve these problems.”

“In order to provide remote threat detection and response services for Fargo Networks itself, which provides MDR services to various customers, instead of using the traditional VPN/VDI-based approach to customers, we directly use the Jonah system platform. By connecting to our customers, we will leap forward as a managed detection and response specialist with strong security and increased reliability.”

XONA Systems was founded in 2017 to create better solutions that provide seamless, robust and secure access to OT/ICS critical infrastructure.The protocol isolation-based remote access technology and Zero Trust architecture included in the platform provide customers with the convenience to use without deep knowledge, and the time required for deployment is short, and the access right is reduced by immediately removing common attack vectors. It supports users with complete and secure control of the OT/ICS infrastructure.

In addition, it supports multi-factor authentication integration, user asset access control, user access session real-time monitoring (CCTV), automatic video recording function, etc., and as a single security portal that connects to critical OT/ICS critical infrastructure with a safe and robust security methodology. , empowers you to perform critical tasks that can occur anywhere, with complete confidence and confidence.

“Organizations attacking critical infrastructure are capable, well-funded, and motivated,” said Bill Moore, founder and president of JonaSystems.However, that does not relieve the business requirement of modernizing OT/ICS with remote access.” “Fargo Networks is a proven company based on its experience working closely with critical infrastructure operators on the cybersecurity front. Because of this, I chose XONA as a Korean partner.Together with Fargo Networks, we will provide a robust remote secure access platform for markets such as energy, manufacturing and supply chain.”

Jonah Systems has customers in 30 countries worldwide through strategic partnerships with organizations such as GE and Baker Hughes.Fargo Networks intends to take this first relationship with Jonah System as a way to become a global partner and as a turning point to expand the company's business direction into the OT security area and meet global demand.

Moxa 5110 While supplying security products to the market, Pago Networks provides its own Managed Detection & Response (MDR) service called PAGO DeepACT.It is a security company specializing in threat detection and response services that advance the level of service.We do not only supply security products to our customers and provide technical support such as installation/maintenance for normal operation, but also analyze all threats detected by security products in depth and provide our customers with a way to respond more quickly. , together serving a broader threat intelligence sharing role.

★Daily Secu, the leading information security media!★