SlideShare ist ein Scribd-Unternehmen logo

Cyber Security in Railways Systems, Ansaldo STS experience

Community Protection Forum
Community Protection Forum

Workshop - «Risks and Security Management in Logistics and Transports» by Daniele Debertol, PhD Ansaldo STS, A FInmeccanica Company

TechnologieBusiness
1 von 15
Downloaden Sie, um offline zu lesen
About us: Finmeccanica CP EXPO Workshop - «Risks and Security Management in Logistics and Transports» Cyber Security in Railways Systems, Ansaldo STS experience – Part 2: Cyber Security Strategy and Design Relator: Joint work with: Daniele Debertol, PhD. Ermete Meda, InfoSec Manager Finmeccanica is Italy’s leading manufacturer in the high technology sector. Genova, 29 October 2013 Finmeccanica is the largest shareholder in Ansaldo STS with a 40% stake. 1
Signaling Systems: Safety-to-Security relationships “Vital Systems” • RBC (Radio Block Center) • Interlocking Environment Proprietary Infrastructure that ensures Railway Safety is not subject to computer attack Vital Systems “Non-Vital Systems” • Centralized Traffic Control Systems (e.g. TMS), Automation Systems Environment • Commercial ICT Infrastructure undergoing Cyber Security Risks (Operational Continuity, Financial losses, Reputational damage) Non-Vital Systems Non-Vital Systems 2
… and between vital and non-vital layers Needs Protection… External Systems Non-vital layer Train Management System (TMS) Interlocking RBC Interlocking Vital layer ERTMS Euroradio T2 T1 Balise RBC: Radio-Block Center 3
Evolution and Characteristics of Railway Signaling Systems Technology Platforms In the Past Today Proprietary HW/SW Isolated Systems Dedicated Applications Structured Information Commercial low cost HW/SW TCP/IP Protocol Interconnected Systems Heterogeneous Services (E-mail, Info-web, VoIP, CCTV, …) Structured and unstructured Information Operating Environment Today Distributed ICT infrastructure spread over long distances, and unattended systems Connections between safety critical and non-safety critical layers External systems connected to signaling infrastructure Human factor (operators, maintainers and… passengers) 4
Cyber Space calling, Cyber Security knocking Cyber Security: protection of Cyber Space. But what is Cyber Space? Yesterday: many different environments, side-by-side Today: one single, big environment Consequences: Dynamic Threat Landscape in unique Cyber Domain Strategic & Tactical Cyber War Military Terrorism Politics Espionage Intellectual Property Organized Crime $ Vandalism & Hacktivism Ego, Curiosity Stuxnet, Operation Aurora, Botnets Zeus, Flame, Mandiant APT1 Report, AET attacks, Botnets, Phishing email DDoS attacks, Wikileaks, Anonymous 5
Mature Cyber Security Process 1 Discovery & Assessment • • • 2 HW/SW Review & Redesign • • • 3 Identify key risks Identify key assets Identify gaps Countermeasure rationalization Security Infrastructure Assessment Fill technology gaps Intelligence & Analytics • • • Monitoring & Management Improvement Big Data Security Analytics Real-time Intelligence feeds 3 Phase Approach 6
ICT Security Activities and Governance: Best Practices Incident Management Event Identification Countermeasures Effort 7
ICT Security Activities and Governance: real life Reactive countermeasures Reaction WTF is Detection … and guess what? … and Monitoring… Monitoring… Prevention going on??? (not excluding Forensics) Proactive countermeasures 8
Cyber Security: taking advantage of IT Building on top of Information Technology infrastructures, means that you get both its weaknesses, true, but its strenghts as well… … putting it the other way round: if a system is not secure by design – and they are not –, it will leave plenty of traces for you to follow! Leaving trace-routes behind 9
Strategy: enhance monitoring and correlate Content Filtering Virtual Patching AAA Firewalling IDS/IPS So many eyes… giving a very broad view (say, at 365°degrees… to stay safe)… OK… ° But where to look for? And for what? And who? 10
Perimeter Defence - Firewall shortcoming Signalling Plant_2 Signalling Plant_1 Signalling Plant_N ….. Firewall Module Firewall Module Firewall Module WAN Policy Installation Logs Traffic Firewall Module Management Console External Systems expected results from logs Solution: adding IPS/IDS and Log Correlation 11
Content Filtering: the do’s and the dont’s Operating system is static, meaning that you can’t change it too often (good…), but that you won’t be able to patch (at all) either, which is NO GOOD! Dirty Traffic Virtual Patcher Clean Traffic Clean Traffic Threats Treatment Analysis: find critical vulnerabilities directly exposed to possible attacks Remediation: identify (& block) specific packets for the above vulnerabilities Solution: adding Virtual Patching 12
Near Realtime Asset Control • not a performance- or availability-driven tool, though it may help • based on static asset database loaded offline at project time Repeat as needed • perform differential discovery onsite for database tuning • acknowledge variations that should be allowed • what is left, deal with: either a missing sheep, or a mismatched one, or… go, bark, there’s a wolf! Clean Traffic Clean Traffic GUI Monitoring subnet WAN Know your flock, and beware of wolves! Barkin’, at the very least 13
The russian peasant of SIEMs at work: fast and light Events Console Message Correlation Minimize False Positives Realtime response (no archiving) Novelty detection for scheme-in-the-chaos Correlation Engine Log Files Sensor_1 Sensor_2 … Sensor_n Log Correlation 14
The 11th hour (a.m.?) Do we simply wait for vulnerabilities to become actual threats or Can we advance from here, and provide for new services? Cyber Security = Defense line 15

Empfohlen

Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data Center
Lancope, Inc.
 
Select idps
Select idpsSelect idps
Select idps
Info-Tech Research Group
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
MLG College of Learning, Inc
 
Trustport - Roman Veleba
Trustport - Roman VelebaTrustport - Roman Veleba
Trustport - Roman Veleba
Jan Fried
 
Embedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure DeviceEmbedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure Device
Priyanka Aash
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions
Dragos, Inc.
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
AlienVault
 

Empfohlen

Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data Center
Lancope, Inc.
 
Select idps
Select idpsSelect idps
Select idps
Info-Tech Research Group
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
MLG College of Learning, Inc
 
Trustport - Roman Veleba
Trustport - Roman VelebaTrustport - Roman Veleba
Trustport - Roman Veleba
Jan Fried
 
Embedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure DeviceEmbedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure Device
Priyanka Aash
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions
Dragos, Inc.
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
AlienVault
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
Dragos, Inc.
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
Charles Li
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
MLG College of Learning, Inc
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
mike parks
 
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsSOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
Anton Chuvakin
 
Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015
Dr Robert D. Childs
 
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougalNTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
North Texas Chapter of the ISSA
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM
Alert Logic
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security Sensemaking
Anita D'Amico
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Rsa report v14
Rsa report v14Rsa report v14
Rsa report v14
Nicholas Tan
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Intel Security Endpoint Protection
Intel Security Endpoint ProtectionIntel Security Endpoint Protection
Intel Security Endpoint Protection
Trustmarque
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damental
Satria Ady Pradana
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
AlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
AlienVault
 
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
North Texas Chapter of the ISSA
 
S4x20 Forescout Presentation
S4x20 Forescout Presentation S4x20 Forescout Presentation
S4x20 Forescout Presentation
Brian Proctor - GICSP, CISSP, CRISC
 
Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...
Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...
Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...
Francesco Flammini
 
CV_Magesh
CV_MageshCV_Magesh
CV_Magesh
magesh velu
 

Weitere ähnliche Inhalte

Was ist angesagt?

Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
Dragos, Inc.
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security Sensemaking
Anita D'Amico
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
AlienVault
 
S4x20 Forescout Presentation
S4x20 Forescout Presentation S4x20 Forescout Presentation
S4x20 Forescout Presentation
Brian Proctor - GICSP, CISSP, CRISC
 

Was ist angesagt? (20)

Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
 
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsSOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
 
Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015
 
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougalNTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security Sensemaking
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Rsa report v14
Rsa report v14Rsa report v14
Rsa report v14
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Intel Security Endpoint Protection
Intel Security Endpoint ProtectionIntel Security Endpoint Protection
Intel Security Endpoint Protection
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damental
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
 
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
 
S4x20 Forescout Presentation
S4x20 Forescout Presentation S4x20 Forescout Presentation
S4x20 Forescout Presentation
 

Andere mochten auch

Andere mochten auch (7)

Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...
Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...
Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...
 
CV_Magesh
CV_MageshCV_Magesh
CV_Magesh
 
The Digital Disruption of CCTV
The Digital Disruption of CCTVThe Digital Disruption of CCTV
The Digital Disruption of CCTV
 
Texmaco-STP5
Texmaco-STP5Texmaco-STP5
Texmaco-STP5
 
"The Great Train Cyber Robbery" SCADAStrangeLove
"The Great Train Cyber Robbery" SCADAStrangeLove"The Great Train Cyber Robbery" SCADAStrangeLove
"The Great Train Cyber Robbery" SCADAStrangeLove
 
Signalling and Interlocking
Signalling and InterlockingSignalling and Interlocking
Signalling and Interlocking
 
It's time to change the basics of Cyber Security
It's time to change the basics of Cyber SecurityIt's time to change the basics of Cyber Security
It's time to change the basics of Cyber Security
 

Ähnlich wie Cyber Security in Railways Systems, Ansaldo STS experience

Research of Intrusion Preventio System based on Snort
Research of Intrusion Preventio System based on SnortResearch of Intrusion Preventio System based on Snort
Research of Intrusion Preventio System based on Snort
Francis Yang
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
Raffael Marty
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
Aparajita Banerjee
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation
♟Sergej Epp
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewski
Stonesoft
 

Ähnlich wie Cyber Security in Railways Systems, Ansaldo STS experience (20)

CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
Research of Intrusion Preventio System based on Snort
Research of Intrusion Preventio System based on SnortResearch of Intrusion Preventio System based on Snort
Research of Intrusion Preventio System based on Snort
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
 
Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
Cyber Security in Power Systems
Cyber Security in Power SystemsCyber Security in Power Systems
Cyber Security in Power Systems
 
IOT presentation.pptx
IOT presentation.pptxIOT presentation.pptx
IOT presentation.pptx
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Web security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud versionWeb security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud version
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake final
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewski
 

Mehr von Community Protection Forum

Mehr von Community Protection Forum (20)

The Role of the Commonwealth in Cyberspace
The Role of the Commonwealth in CyberspaceThe Role of the Commonwealth in Cyberspace
The Role of the Commonwealth in Cyberspace
 
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...Critical Infrastucture Protection: a strategic opportunity for countries’ mod...
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...
 
Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020
 
New Frontiers for Nuclear Power Plants Safety
New Frontiers for Nuclear Power Plants SafetyNew Frontiers for Nuclear Power Plants Safety
New Frontiers for Nuclear Power Plants Safety
 
New Models and New Technologies for an Integrated Risk Management in Complex ...
New Models and New Technologies for an Integrated Risk Management in Complex ...New Models and New Technologies for an Integrated Risk Management in Complex ...
New Models and New Technologies for an Integrated Risk Management in Complex ...
 
Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
 
Security Projects & Projects Safety
Security Projects & Projects SafetySecurity Projects & Projects Safety
Security Projects & Projects Safety
 
Security of the Supply Chain & Commerce Facilitation with a PM approach
Security of the Supply Chain & Commerce Facilitation with a PM approachSecurity of the Supply Chain & Commerce Facilitation with a PM approach
Security of the Supply Chain & Commerce Facilitation with a PM approach
 
A Cyberwarfare Weapon: Slowreq
A Cyberwarfare Weapon: SlowreqA Cyberwarfare Weapon: Slowreq
A Cyberwarfare Weapon: Slowreq
 
Emergency Electrical Power Supply to Nuclear Safety Systems: design basis and...
Emergency Electrical Power Supply to Nuclear Safety Systems: design basis and...Emergency Electrical Power Supply to Nuclear Safety Systems: design basis and...
Emergency Electrical Power Supply to Nuclear Safety Systems: design basis and...
 
Touristic Port Security
Touristic Port SecurityTouristic Port Security
Touristic Port Security
 
Cyber Security Applications for Smart Communities
Cyber Security Applications for Smart CommunitiesCyber Security Applications for Smart Communities
Cyber Security Applications for Smart Communities
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
 
Accidents in the Energy Sector and Energy Infrastructure Attacks in the conte...
Accidents in the Energy Sector and Energy Infrastructure Attacks in the conte...Accidents in the Energy Sector and Energy Infrastructure Attacks in the conte...
Accidents in the Energy Sector and Energy Infrastructure Attacks in the conte...
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challenges
 
Safety and Security Task in the Operation of Multipurpose Italian Navy Units
Safety and Security Task in the Operation of Multipurpose Italian Navy UnitsSafety and Security Task in the Operation of Multipurpose Italian Navy Units
Safety and Security Task in the Operation of Multipurpose Italian Navy Units
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
 
Smart Cities: Technologies for Efficient and Sustainable Cities
Smart Cities: Technologies for Efficient and Sustainable CitiesSmart Cities: Technologies for Efficient and Sustainable Cities
Smart Cities: Technologies for Efficient and Sustainable Cities
 

Kürzlich hochgeladen

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Kürzlich hochgeladen (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Cyber Security in Railways Systems, Ansaldo STS experience

  • 1. About us: Finmeccanica CP EXPO Workshop - «Risks and Security Management in Logistics and Transports» Cyber Security in Railways Systems, Ansaldo STS experience – Part 2: Cyber Security Strategy and Design Relator: Joint work with: Daniele Debertol, PhD. Ermete Meda, InfoSec Manager Finmeccanica is Italy’s leading manufacturer in the high technology sector. Genova, 29 October 2013 Finmeccanica is the largest shareholder in Ansaldo STS with a 40% stake. 1
  • 2. Signaling Systems: Safety-to-Security relationships “Vital Systems” • RBC (Radio Block Center) • Interlocking Environment Proprietary Infrastructure that ensures Railway Safety is not subject to computer attack Vital Systems “Non-Vital Systems” • Centralized Traffic Control Systems (e.g. TMS), Automation Systems Environment • Commercial ICT Infrastructure undergoing Cyber Security Risks (Operational Continuity, Financial losses, Reputational damage) Non-Vital Systems Non-Vital Systems 2
  • 3. … and between vital and non-vital layers Needs Protection… External Systems Non-vital layer Train Management System (TMS) Interlocking RBC Interlocking Vital layer ERTMS Euroradio T2 T1 Balise RBC: Radio-Block Center 3
  • 4. Evolution and Characteristics of Railway Signaling Systems Technology Platforms In the Past Today Proprietary HW/SW Isolated Systems Dedicated Applications Structured Information Commercial low cost HW/SW TCP/IP Protocol Interconnected Systems Heterogeneous Services (E-mail, Info-web, VoIP, CCTV, …) Structured and unstructured Information Operating Environment Today Distributed ICT infrastructure spread over long distances, and unattended systems Connections between safety critical and non-safety critical layers External systems connected to signaling infrastructure Human factor (operators, maintainers and… passengers) 4
  • 5. Cyber Space calling, Cyber Security knocking Cyber Security: protection of Cyber Space. But what is Cyber Space? Yesterday: many different environments, side-by-side Today: one single, big environment Consequences: Dynamic Threat Landscape in unique Cyber Domain Strategic & Tactical Cyber War Military Terrorism Politics Espionage Intellectual Property Organized Crime $ Vandalism & Hacktivism Ego, Curiosity Stuxnet, Operation Aurora, Botnets Zeus, Flame, Mandiant APT1 Report, AET attacks, Botnets, Phishing email DDoS attacks, Wikileaks, Anonymous 5
  • 6. Mature Cyber Security Process 1 Discovery & Assessment • • • 2 HW/SW Review & Redesign • • • 3 Identify key risks Identify key assets Identify gaps Countermeasure rationalization Security Infrastructure Assessment Fill technology gaps Intelligence & Analytics • • • Monitoring & Management Improvement Big Data Security Analytics Real-time Intelligence feeds 3 Phase Approach 6
  • 7. ICT Security Activities and Governance: Best Practices Incident Management Event Identification Countermeasures Effort 7
  • 8. ICT Security Activities and Governance: real life Reactive countermeasures Reaction WTF is Detection … and guess what? … and Monitoring… Monitoring… Prevention going on??? (not excluding Forensics) Proactive countermeasures 8
  • 9. Cyber Security: taking advantage of IT Building on top of Information Technology infrastructures, means that you get both its weaknesses, true, but its strenghts as well… … putting it the other way round: if a system is not secure by design – and they are not –, it will leave plenty of traces for you to follow! Leaving trace-routes behind 9
  • 10. Strategy: enhance monitoring and correlate Content Filtering Virtual Patching AAA Firewalling IDS/IPS So many eyes… giving a very broad view (say, at 365°degrees… to stay safe)… OK… ° But where to look for? And for what? And who? 10
  • 11. Perimeter Defence - Firewall shortcoming Signalling Plant_2 Signalling Plant_1 Signalling Plant_N ….. Firewall Module Firewall Module Firewall Module WAN Policy Installation Logs Traffic Firewall Module Management Console External Systems expected results from logs Solution: adding IPS/IDS and Log Correlation 11
  • 12. Content Filtering: the do’s and the dont’s Operating system is static, meaning that you can’t change it too often (good…), but that you won’t be able to patch (at all) either, which is NO GOOD! Dirty Traffic Virtual Patcher Clean Traffic Clean Traffic Threats Treatment Analysis: find critical vulnerabilities directly exposed to possible attacks Remediation: identify (& block) specific packets for the above vulnerabilities Solution: adding Virtual Patching 12
  • 13. Near Realtime Asset Control • not a performance- or availability-driven tool, though it may help • based on static asset database loaded offline at project time Repeat as needed • perform differential discovery onsite for database tuning • acknowledge variations that should be allowed • what is left, deal with: either a missing sheep, or a mismatched one, or… go, bark, there’s a wolf! Clean Traffic Clean Traffic GUI Monitoring subnet WAN Know your flock, and beware of wolves! Barkin’, at the very least 13
  • 14. The russian peasant of SIEMs at work: fast and light Events Console Message Correlation Minimize False Positives Realtime response (no archiving) Novelty detection for scheme-in-the-chaos Correlation Engine Log Files Sensor_1 Sensor_2 … Sensor_n Log Correlation 14
  • 15. The 11th hour (a.m.?) Do we simply wait for vulnerabilities to become actual threats or Can we advance from here, and provide for new services? Cyber Security = Defense line 15