SlideShare a Scribd company logo

SANS Report: The State of Security in Control Systems Today

Download as PPTX, PDF
SurfWatch Labs
SurfWatch Labs

SANS conducted a survey of more than 300 ICS professionals and this presentation shares key highlights from the findings to give you insights on the cybersecurity challenges facing your peers and the approaches used to reduce cyber risks.

Technology
1 of 36
The State of Security in Control Systems Today: A SANS Survey Webcast Sponsored by SurfWatch Labs and Tenable Network Security © 2015 The SANS™ Institute – www.sans.org
© 2015 The SANS™ Institute – www.sans.org Today’s Speakers Derek Harp, SANS Director, ICS/SCADA Security Adam Meyer, Chief Security Analyst, SurfWatch Labs Ted Gary, Product Marketing Manager, Tenable Network Security 2
© 2015 The SANS™ Institute – www.sans.org Industries Represented 3 29.3% 20.7% 13.1% 5.1% 5.1% 4.8% 3.5% 3.2% 2.5% 2.5% 2.5% 1.9% 1.9% 1.6% 1.3% 0.6% 0.3% Industries Energy/Utilities Other Business services Engineering services Oil and gas production/Delivery Control system equipment manufacturer Control systems services High tech production Chemical production Health care/Hospital Water production and distribution Transportation Other manufacturing Pharmaceutical production Food production/Food service Mining Wastewater
© 2015 The SANS™ Institute – www.sans.org Top Threat Vectors to ICS Security 4 42.1% 19.4% 10.6% 0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 External threats (hacktivism, nation states) Integration of IT into control system networks Internal threat Top Three Threat Vectors
© 2015 The SANS™ Institute – www.sans.org Lack of Visibility into ICS Networks 5 48.8% 32.3% 12.2% 4.9% 1.8% Have your control system cyber assets and/or control system network ever been infected or infiltrated? Not that we know of Yes No, we’re sure we haven’t been infiltrated We’ve had suspicions but were never able to prove it We don’t know and have no suspicions
© 2015 The SANS™ Institute – www.sans.org Technology Convergence Strategy 6 17.5% 35.6% 29.4% 17.5% Does your company have a security strategy to address the convergence of information and operational technologies? We have no strategy and no plans to develop one. We have no strategy but are developing one. We have a strategy and are implementing it. We have a strategy in place.
© 2015 The SANS™ Institute – www.sans.org Recent Breaches 7 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 1 to 2 3 to 5 6 to 10 11 to 25 26 + Unknown/Unable to answer Known Breaches in Past 12 Months 2015 2014
© 2015 The SANS™ Institute – www.sans.org Cybersecurity Threat Level 8 0% 10% 20% 30% 40% 50% Severe High Moderate Low How high is the current cybersecurity threat to control systems? Decision Influencers Perception of Current Threat Decision Makers Perception of Current Threat
© 2015 The SANS™ Institute – www.sans.org Top Security Initiatives 9 17.2% 15.5% 13.3% 9.9% 9.0% 8.2% 6.4% 6.0% 6.0% 3.4% 2.6% 0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 20% Perform security assessment/audit Increased security awareness training Increased physical security Increased security staffing Implement intrusion detection tool Implement intrusion prevention tools Increased security training Implement anomaly detection tools Increased security consulting services Increased background security checks Greater mobile devices/wireless communications controls Top Three Control System Security Initiatives
© 2015 The SANS™ Institute – www.sans.org Highest Risk Components 10 0% 10% 20% 30% 40% 50% 60% 70% 80% Networkdevices(firewall,switches, routers,gateways) Computerassets(HMI,server, workstations)runningcommercial operatingsystems(Windows,UNIX, Linux) Connectionstootherinternal systems(officenetworks) Controlsystemapplications Physicalaccesssystems ConnectionstothefieldSCADA network Controlsystemcommunication protocolsused(Modbus,DNP3, Profinet,Profibus,Fieldbus,TCP/IP) Wirelesscommunicationdevices andprotocolsusedinthe automationsystem Planthistorian Embeddedcontrollersandother componentssuchasPLCs (programmablelogiccontrollers)and IEDs(intelligentelectronicdevices) OLEforprocesscontrol(OPC) Other Of the following system components, select those that you are collecting and correlating log data from.
© 2015 The SANS™ Institute – www.sans.org Highest Risk Components 11 0% 10% 20% 30% 40% 50% Other OLE for process control (OPC) Plant historian Physical access systems Connections to the field SCADA network Control system applications Wireless communication devices and protocols used in the automation system Control system communication protocols used (Modbus, DNP3, Profinet, Profibus, Fieldbus, TCP/IP) Embedded controllers and other components such as PLCs (programmable logic controllers) and IEDs (intelligent… Network devices (firewall, switches, routers, gateways) Connections to other internal systems (office networks) Computer assets (HMI, server, workstations) running commercial operating systems (Windows, UNIX, Linux) Which control system components do you consider at greatest risk for compromise? Rank the top three, with “1” indicating the component at greatest risk. 1 2 3
© 2015 The SANS™ Institute – www.sans.org ICS Security Certification 12 0% 10% 20% 30% 40% 50% 60% Other GIACIndustrialCyber SecurityCertification (GICSP) ISA99/IEC62443 Cybersecurity Fundamentals SpecialistCertificate IACRB’sCertified SCADASecurity Architect(CSSA) Do you hold any certifications relevant to control systems security? Select all that apply.
© 2015 The SANS™ Institute – www.sans.org Incident Response 13 0% 10% 20% 30% 40% 50% Internalresources Government organizations(e.g., NERC,FERC,ICSCERT, lawenforcement) Controlsystemvendor Securityconsultant Cybersecuritysolution provider ITconsultant Peers(e.g.,SCADA operators) SCADAsystemintegrator Engineeringconsultant Other Whom do you consult in case of signs of an infection or infiltration of your control system cyber assets or network? Select all that apply.
© 2015 The SANS™ Institute – www.sans.org Security Budget Size 14 0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10% None Lessthan$19,999 $20,000–$49,999 $50,000–$99,999 $100,000–$499,999 $500,000–$999,999 $1million–$2.49million $2.5million–$9.99million Greaterthan$10million What is your organization’s total control system security budget for 2015?
© 2015 The SANS™ Institute – www.sans.org Security Budget Ownership 15 19.4% 23.9% 45.0% 6.1% 5.6% Who controls the control systems security budget for your company? Information technology (IT) Operations Both IT and operations Unknown Other
Adam Meyer Chief Security Strategist
Take a Data Driven Approach to Mitigating Your Cyber Risk 17
18 Take a Data Driven Approach to Mitigating Your Cyber Risk
19 A Look at Cybercrime Across the Board
20 Cyber Risks Facing Industrials Sector
21 Cyber Risks Facing Energy Sector
22 Cyber Risks Facing Utilities Sector
Conclusion 23 • The Top Targets: Your IT user base and web environment • The Top Practices: Network intrusion and access control – Inadequate patching of vulnerabilities gives “bad guys” a way in – Insecure system configurations allow freedom of movement • The Top Effects: Stolen or leaked data - especially personal and financial information – The commodity appears to be data exfiltration
Thank You! www.surfwatchlabs.com
Continuous Network Monitoring for Effective Control Systems Cybersecurity SANS ICS Survey Webcast, June 25, 2015
Tenable provides Continuous Network Monitoring™ to identify vulnerabilities, reduce risk and ensure compliance.
Our family of products includes SecurityCenter Continuous View™ and Nessus®
Gain Visibility into ICS Networks Map all devices, physical interconnections, logical data channels, and implemented ICS protocols among devices.
Know What Is Normal • Lack of visibility is one of the greatest barriers to securing resources • Without awareness of normal communications and activity, it’s impossible to properly evaluate or improve security of assets • Operations and security staff must be able to visualize and verify normal network operations
Learn More / Next Steps • tenable.com/industries/energy • tenable.com/whitepapers/scada-network- security-monitoring-protecting-critical- infrastructure • tenable.com/whitepapers/definitive-guide-to- continuous-network-monitoring • tenable.com/blog • tenable.com/evaluate
Thank you! tenable.com
© 2015 The SANS™ Institute – www.sans.org Q & A Please use GoToWebinar’s Questions tool to submit questions to our panel. Send to “Organizers” and tell us if it’s for a specific panelist. 35
© 2015 The SANS™ Institute – www.sans.org Acknowledgements Thanks to our sponsors: SurfWatch Labs Tenable Network Security To our special guests: Adam Meyer Ted Gary And to our attendees, Thank you for joining us today! 36

Recommended

160415 lan and-wan-ctap
160415 lan and-wan-ctap160415 lan and-wan-ctap
160415 lan and-wan-ctap
Lan & Wan Solutions
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
Kyle Lai
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
Scalar Decisions
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security Superhero
Skycure
 
Check Point mission statement
Check Point mission statementCheck Point mission statement
Check Point mission statement
Moti Sagey מוטי שגיא
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
Moti Sagey מוטי שגיא
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco Canada
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesHow Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile Devices
Skycure
 

Recommended

160415 lan and-wan-ctap
160415 lan and-wan-ctap160415 lan and-wan-ctap
160415 lan and-wan-ctap
Lan & Wan Solutions
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
Kyle Lai
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
Scalar Decisions
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security Superhero
Skycure
 
Check Point mission statement
Check Point mission statementCheck Point mission statement
Check Point mission statement
Moti Sagey מוטי שגיא
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
Moti Sagey מוטי שגיא
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco Canada
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesHow Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile Devices
Skycure
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Skybox Security
 
CPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor LandscapeCPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor Landscape
Moti Sagey מוטי שגיא
 
Tools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsTools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense Solutions
Skycure
 
Ransomware in targeted attacks
Ransomware in targeted attacksRansomware in targeted attacks
Ransomware in targeted attacks
Kaspersky
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
tswong
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile Security
Skycure
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Kaspersky
 
Ecosystem
EcosystemEcosystem
Ecosystem
Moti Sagey מוטי שגיא
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast Mobile
MarketingArrowECS_CZ
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
Cisco Canada
 
OFFICE 365 SECURITY
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITY
Sylvain Martinez
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
Cisco Canada
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-Adversaries
Kaspersky
 
Cisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide Deck
Cisco Security
 
Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey מוטי שגיא
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Skycure
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
Cisco Canada
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
Sylvain Martinez
 
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky Lab Transparency Principles
Kaspersky Lab Transparency Principles
Kaspersky
 
Protecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero ToleranceProtecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero Tolerance
Check Point Software Technologies
 
GITEX 2016, Dubai
GITEX 2016, Dubai GITEX 2016, Dubai
GITEX 2016, Dubai
Quick Heal Technologies Ltd.
 
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical RisksGathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
SurfWatch Labs
 

More Related Content

What's hot

Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Skybox Security
 
Ransomware in targeted attacks
Ransomware in targeted attacksRansomware in targeted attacks
Ransomware in targeted attacks
Kaspersky
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
tswong
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-Adversaries
Kaspersky
 

What's hot (20)

Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
CPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor LandscapeCPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor Landscape
 
Tools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsTools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense Solutions
 
Ransomware in targeted attacks
Ransomware in targeted attacksRansomware in targeted attacks
Ransomware in targeted attacks
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile Security
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
 
Ecosystem
EcosystemEcosystem
Ecosystem
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast Mobile
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
 
OFFICE 365 SECURITY
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITY
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-Adversaries
 
Cisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide Deck
 
Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
 
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky Lab Transparency Principles
Kaspersky Lab Transparency Principles
 
Protecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero ToleranceProtecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero Tolerance
 

Viewers also liked

Viewers also liked (20)

GITEX 2016, Dubai
GITEX 2016, Dubai GITEX 2016, Dubai
GITEX 2016, Dubai
 
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical RisksGathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
 
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...
 
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution Demonstration
 
Shining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark WebShining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark Web
 
SurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution Demo
 
25th Japan IT Week 2016
25th Japan IT Week 201625th Japan IT Week 2016
25th Japan IT Week 2016
 
Create a Safer Learning Environment with Absolute Safe Schools
Create a Safer Learning Environment with Absolute Safe Schools Create a Safer Learning Environment with Absolute Safe Schools
Create a Safer Learning Environment with Absolute Safe Schools
 
Treat Cyber Like a Disease
Treat Cyber Like a DiseaseTreat Cyber Like a Disease
Treat Cyber Like a Disease
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution Demonstration
 
Point of Sale Insecurity: A Threat to Your Business
Point of Sale Insecurity: A Threat to Your BusinessPoint of Sale Insecurity: A Threat to Your Business
Point of Sale Insecurity: A Threat to Your Business
 
Containing the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicContaining the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemic
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
 
Cyber Security Lessons from the NSA
Cyber Security Lessons from the NSACyber Security Lessons from the NSA
Cyber Security Lessons from the NSA
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
 

Similar to SANS Report: The State of Security in Control Systems Today

Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Enterprise Management Associates
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
Jyothi Satyanathan
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
amiable_indian
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
SolarWinds
 
Company Profile
Company ProfileCompany Profile
Company Profile
3SC World
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
CA Technologies
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
SolarWinds
 
IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016 IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016
Great Bay Software
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Qualys
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
Aparajita Banerjee
 

Similar to SANS Report: The State of Security in Control Systems Today (20)

Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectives
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
Company Profile
Company ProfileCompany Profile
Company Profile
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
 
Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)
 
IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016 IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 

More from SurfWatch Labs

How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskHow to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
SurfWatch Labs
 
Completing the Risk Picture: Adding a business intelligence and collaborative...
Completing the Risk Picture: Adding a business intelligence and collaborative...Completing the Risk Picture: Adding a business intelligence and collaborative...
Completing the Risk Picture: Adding a business intelligence and collaborative...
SurfWatch Labs
 

More from SurfWatch Labs (12)

Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
 
Know Your Adversary: Analyzing the Human Element in Evolving Cyber Threats
Know Your Adversary: Analyzing the Human Element in Evolving Cyber ThreatsKnow Your Adversary: Analyzing the Human Element in Evolving Cyber Threats
Know Your Adversary: Analyzing the Human Element in Evolving Cyber Threats
 
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskUsing SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
 
Using Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital RiskUsing Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital Risk
 
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsUsing SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital Presence
 
IoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintIoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital Footprint
 
Using Threat Information to Build Your Cyber Risk Intelligence Program
Using Threat Information to Build Your Cyber Risk Intelligence ProgramUsing Threat Information to Build Your Cyber Risk Intelligence Program
Using Threat Information to Build Your Cyber Risk Intelligence Program
 
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskHow to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Completing the Risk Picture: Adding a business intelligence and collaborative...
Completing the Risk Picture: Adding a business intelligence and collaborative...Completing the Risk Picture: Adding a business intelligence and collaborative...
Completing the Risk Picture: Adding a business intelligence and collaborative...
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

SANS Report: The State of Security in Control Systems Today

  • 1. The State of Security in Control Systems Today: A SANS Survey Webcast Sponsored by SurfWatch Labs and Tenable Network Security © 2015 The SANS™ Institute – www.sans.org
  • 2. © 2015 The SANS™ Institute – www.sans.org Today’s Speakers Derek Harp, SANS Director, ICS/SCADA Security Adam Meyer, Chief Security Analyst, SurfWatch Labs Ted Gary, Product Marketing Manager, Tenable Network Security 2
  • 3. © 2015 The SANS™ Institute – www.sans.org Industries Represented 3 29.3% 20.7% 13.1% 5.1% 5.1% 4.8% 3.5% 3.2% 2.5% 2.5% 2.5% 1.9% 1.9% 1.6% 1.3% 0.6% 0.3% Industries Energy/Utilities Other Business services Engineering services Oil and gas production/Delivery Control system equipment manufacturer Control systems services High tech production Chemical production Health care/Hospital Water production and distribution Transportation Other manufacturing Pharmaceutical production Food production/Food service Mining Wastewater
  • 4. © 2015 The SANS™ Institute – www.sans.org Top Threat Vectors to ICS Security 4 42.1% 19.4% 10.6% 0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 External threats (hacktivism, nation states) Integration of IT into control system networks Internal threat Top Three Threat Vectors
  • 5. © 2015 The SANS™ Institute – www.sans.org Lack of Visibility into ICS Networks 5 48.8% 32.3% 12.2% 4.9% 1.8% Have your control system cyber assets and/or control system network ever been infected or infiltrated? Not that we know of Yes No, we’re sure we haven’t been infiltrated We’ve had suspicions but were never able to prove it We don’t know and have no suspicions
  • 6. © 2015 The SANS™ Institute – www.sans.org Technology Convergence Strategy 6 17.5% 35.6% 29.4% 17.5% Does your company have a security strategy to address the convergence of information and operational technologies? We have no strategy and no plans to develop one. We have no strategy but are developing one. We have a strategy and are implementing it. We have a strategy in place.
  • 7. © 2015 The SANS™ Institute – www.sans.org Recent Breaches 7 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 1 to 2 3 to 5 6 to 10 11 to 25 26 + Unknown/Unable to answer Known Breaches in Past 12 Months 2015 2014
  • 8. © 2015 The SANS™ Institute – www.sans.org Cybersecurity Threat Level 8 0% 10% 20% 30% 40% 50% Severe High Moderate Low How high is the current cybersecurity threat to control systems? Decision Influencers Perception of Current Threat Decision Makers Perception of Current Threat
  • 9. © 2015 The SANS™ Institute – www.sans.org Top Security Initiatives 9 17.2% 15.5% 13.3% 9.9% 9.0% 8.2% 6.4% 6.0% 6.0% 3.4% 2.6% 0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 20% Perform security assessment/audit Increased security awareness training Increased physical security Increased security staffing Implement intrusion detection tool Implement intrusion prevention tools Increased security training Implement anomaly detection tools Increased security consulting services Increased background security checks Greater mobile devices/wireless communications controls Top Three Control System Security Initiatives
  • 10. © 2015 The SANS™ Institute – www.sans.org Highest Risk Components 10 0% 10% 20% 30% 40% 50% 60% 70% 80% Networkdevices(firewall,switches, routers,gateways) Computerassets(HMI,server, workstations)runningcommercial operatingsystems(Windows,UNIX, Linux) Connectionstootherinternal systems(officenetworks) Controlsystemapplications Physicalaccesssystems ConnectionstothefieldSCADA network Controlsystemcommunication protocolsused(Modbus,DNP3, Profinet,Profibus,Fieldbus,TCP/IP) Wirelesscommunicationdevices andprotocolsusedinthe automationsystem Planthistorian Embeddedcontrollersandother componentssuchasPLCs (programmablelogiccontrollers)and IEDs(intelligentelectronicdevices) OLEforprocesscontrol(OPC) Other Of the following system components, select those that you are collecting and correlating log data from.
  • 11. © 2015 The SANS™ Institute – www.sans.org Highest Risk Components 11 0% 10% 20% 30% 40% 50% Other OLE for process control (OPC) Plant historian Physical access systems Connections to the field SCADA network Control system applications Wireless communication devices and protocols used in the automation system Control system communication protocols used (Modbus, DNP3, Profinet, Profibus, Fieldbus, TCP/IP) Embedded controllers and other components such as PLCs (programmable logic controllers) and IEDs (intelligent… Network devices (firewall, switches, routers, gateways) Connections to other internal systems (office networks) Computer assets (HMI, server, workstations) running commercial operating systems (Windows, UNIX, Linux) Which control system components do you consider at greatest risk for compromise? Rank the top three, with “1” indicating the component at greatest risk. 1 2 3
  • 12. © 2015 The SANS™ Institute – www.sans.org ICS Security Certification 12 0% 10% 20% 30% 40% 50% 60% Other GIACIndustrialCyber SecurityCertification (GICSP) ISA99/IEC62443 Cybersecurity Fundamentals SpecialistCertificate IACRB’sCertified SCADASecurity Architect(CSSA) Do you hold any certifications relevant to control systems security? Select all that apply.
  • 13. © 2015 The SANS™ Institute – www.sans.org Incident Response 13 0% 10% 20% 30% 40% 50% Internalresources Government organizations(e.g., NERC,FERC,ICSCERT, lawenforcement) Controlsystemvendor Securityconsultant Cybersecuritysolution provider ITconsultant Peers(e.g.,SCADA operators) SCADAsystemintegrator Engineeringconsultant Other Whom do you consult in case of signs of an infection or infiltration of your control system cyber assets or network? Select all that apply.
  • 14. © 2015 The SANS™ Institute – www.sans.org Security Budget Size 14 0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10% None Lessthan$19,999 $20,000–$49,999 $50,000–$99,999 $100,000–$499,999 $500,000–$999,999 $1million–$2.49million $2.5million–$9.99million Greaterthan$10million What is your organization’s total control system security budget for 2015?
  • 15. © 2015 The SANS™ Institute – www.sans.org Security Budget Ownership 15 19.4% 23.9% 45.0% 6.1% 5.6% Who controls the control systems security budget for your company? Information technology (IT) Operations Both IT and operations Unknown Other
  • 17. Take a Data Driven Approach to Mitigating Your Cyber Risk 17
  • 18. 18 Take a Data Driven Approach to Mitigating Your Cyber Risk
  • 19. 19 A Look at Cybercrime Across the Board
  • 23. Conclusion 23 • The Top Targets: Your IT user base and web environment • The Top Practices: Network intrusion and access control – Inadequate patching of vulnerabilities gives “bad guys” a way in – Insecure system configurations allow freedom of movement • The Top Effects: Stolen or leaked data - especially personal and financial information – The commodity appears to be data exfiltration
  • 25. Continuous Network Monitoring for Effective Control Systems Cybersecurity SANS ICS Survey Webcast, June 25, 2015
  • 26. Tenable provides Continuous Network Monitoring™ to identify vulnerabilities, reduce risk and ensure compliance.
  • 27. Our family of products includes SecurityCenter Continuous View™ and Nessus®
  • 28. Gain Visibility into ICS Networks Map all devices, physical interconnections, logical data channels, and implemented ICS protocols among devices.
  • 29.
  • 30. Know What Is Normal • Lack of visibility is one of the greatest barriers to securing resources • Without awareness of normal communications and activity, it’s impossible to properly evaluate or improve security of assets • Operations and security staff must be able to visualize and verify normal network operations
  • 31.
  • 32. Learn More / Next Steps • tenable.com/industries/energy • tenable.com/whitepapers/scada-network- security-monitoring-protecting-critical- infrastructure • tenable.com/whitepapers/definitive-guide-to- continuous-network-monitoring • tenable.com/blog • tenable.com/evaluate
  • 34.
  • 35. © 2015 The SANS™ Institute – www.sans.org Q & A Please use GoToWebinar’s Questions tool to submit questions to our panel. Send to “Organizers” and tell us if it’s for a specific panelist. 35
  • 36. © 2015 The SANS™ Institute – www.sans.org Acknowledgements Thanks to our sponsors: SurfWatch Labs Tenable Network Security To our special guests: Adam Meyer Ted Gary And to our attendees, Thank you for joining us today! 36

Editor's Notes

  1. People don’t know what’s going on unless it disrupts operations. Ask Ted Gary (Tenable) about visibility into ICS networks
  2. Ask Adam Meyer (Surfwatch Labs) about communicating threat levels
  3. OPC is ranked lowest, the component least monitored and logged, yet research and reporting continually show it as one of the first targets for attackers because it lacks security and provides communication between corporate networks and control systems.
  4. OPC is ranked lowest. In another question it’s shown as the component least monitored and logged, yet research and reporting continually show it as one of the first targets for attackers because it lacks security and provides communication between corporate networks and control systems.
  5. Less than half have the GICSP, the most widely-held ICS security certification.
  6. Roughly half were unsure or unable to answer. This reflects those who provided figures.