Federal Friday – 9.20.13 – The Air Gapped-Off line Edition

Blog Post created by jschim Employee on Sep 20, 2013

September 20th. Yup, I said it. We are two days away from the Autumnal Equinox, and I find myself asking; where have the spring and summer gone? With about 6 working days left in the federal FY13 most of us are knee deep in year-end wrap and FY14 prep (even though that might be delayed a little while).


I read a nice article in the New York Times last weekend by Matthew L. Wald called “Imagining a Cyberattack on the Power Grid.” The subject of Mr. Wald's article is a scenario based on the book “Gridlock” co-written by Byron L. Dorgan, a former US Senator, in which the nation’s power grid is the subject of a multi-state sponsored cyberattack. While Mr. Wald wrote a thought provoking piece based on a work of fiction, it was the opening paragraph that hooked me for 2 reasons. First of all, it sounds like a feasible plot for the next Call of Duty - COD: SCADA. Secondly, and more important, was the fact that our power grind is entirely too vulnerable and this is a real world dilemma we could face any day.


The timing around this article could not be more on point. There are more than 200 agencies and organizations that are gearing up to participate in a large scale drill focused on this scenario. The thought behind this drill is that an attack like the one described in Mr. Dorgan’s book has the ramifications to be more catastrophic than the confusion and panic that ensued following the attacks on 9/11. To test how our utilities and government agencies respond to these types of incidents is crucial to our recovery from this type of attack but it is equally important to analyze the data from this exercise to take a proactive stance in closing the vulnerable gaps in the grid.


This all comes back to protecting your critical controls and networks. Many organizations that have classified or critical networks use air gaps, taking that network (or network segment) offline. This does make them more secure from outside attacks, but it also makes them more difficult to deal with from a vulnerability management, exploit/vuln prioritization, and remediation stand point.


We have had an offline process in place for a while for Metasploit, allowing you to take the market leading pen-testing tool into these critical networks. We have done the same with Nexpose. Our latest release 5.7.10, Rapid7 has just made your life a little bit easier by allowing organizations to both activate a license and update their product without having a direct connection to the Internet. Nexpose users can now activate their product using an offline activation file and can update their software using a deployed installer, delivered through portable transport that the customer chooses, such as USB or CD. This allows organizations to maintain the security and segregation of their air gap in a simple one-step update without having to go through an overly convoluted process.


To learn more about this process please reach out to your Account Manager or our Support Team. If you are unsure of how to contact your Account Manager you can do so by emailing accountmanagement@rapid7.com.