SlideShare a Scribd company logo

Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012

Ahmed Al Enizi
Ahmed Al Enizi

Protecting Industrial Control Systems, my presentation at the Saudi SCADA Summit 2012

1 of 23
Download to read offline
• THE INFRASTRUCTURE, WHAT IS IT AND WHY IS IT CRITICAL? • CYBER ATTACKS ON ICS INFRASTRUCTURES • TYPICAL DCS AND SCADA NETWORK • Live SCADA Hacking Demonstration • POSSIBLE SECURITY THREATS AND IMPACTS ON ICS • COMMON ICS VULNERABILITIES • RISK, WHAT IS IT AND HOW TO CALCULATED? • SECURITY STRATEGIES • ISO27001 12/03/2012 Protecting DCS and SCADA 2
• It is the basic physical and organizational structures needed for the operation of a society or enterprise (Wikipedia) • What makes the infrastructure – Electricity – Oil and gas plants – Telecommunications – Water treatment plants – Food productions – Medical and Health – Transportation – Traffic control – Banks – Government security • Why is it critical? – The national security and economy depends on it – Supports the modern human life – Sustains inhabitable environment – Hard to replace – Expensive repairs – Catastrophic impacts 12/03/2012 Protecting DCS and SCADA 3
• Obviously it is not new • Why it is becoming a pressing issue? – It impacts the whole nation, resulting in loss of life, environment, and billions of dollars. – Why fighting battles while you can from a single computer do more damage? – Structured cyber attacks are becoming easier as automated tools are emerging (backtrack, malware). – Becoming more exposed to threats. – Designed with poor security Incident events by date from 1982 to June 1, 2006 THE INDUSTRIAL ETHERNETBOOK, May 2007 12/03/2012 Protecting DCS and SCADA 4
2010 Stuxnet worm The worm attacks windows machines and replaces a DLL file used by Siemens systems with a modified DLL file that provides the same functions but executes additional code which enables the attacker to spy on databases and projects and alter data sent to PLCs. The affected countries are Iran (58.85%), Indonesia (18.22%), India (8.31%), Azerbaijan (2.57%), United States (1.56%), Pakistan (1.28%), Others (9.2%) http://en.wikipedia.org/wiki/Stuxnet http://threatinfo.trendmicro.com/vinfo/web_attacks/Stuxnet% 20Malware%20Targeting%20SCADA%20Systems.html 12/03/2012 Protecting DCS and SCADA 5
2009 Disgruntled Employee Former IT consultant intentionally tampered with California’s oil and gas company computer systems, one of them is the system used to detect gas leaks http://www.theregister.co.uk/2009/09/24/scada_tampering_gu ilty_plea/ 12/03/2012 Protecting DCS and SCADA 6
2008 Network design After pushing software update from business network to SCADA network, the SCADA safety system forced an emergency shutdown causing Hatch nuclear power plant in Georgia millions of dollars and substantial expense of repair and restoration. The business network was in two-way communication with the plant's SCADA network and the update synchronized information on both systems which caused missing some data related to the cooling system. http://gspp.berkeley.edu/iths/Tsang_SCADA%20Attacks.pdf 12/03/2012 Protecting DCS and SCADA 7
2006 Hacker The hacker exploited Pennsylvania’s water treatment plant and injected virus and spyware into the computer systems and used them to distribute emails and pirated software which affected water treatment operations http://www.gao.gov/assets/270/268137.pdf 12/03/2012 Protecting DCS and SCADA 8
2005 Zotob worm 13 DaimlerChrysler’s U.S. automobile manufacturing plant was knocked offline for almost an hour Computer outages at heavy-equipment maker Caterpillar Inc. Computer outages at aircraft maker Boeing http://gspp.berkeley.edu/iths/Tsang_SCADA%20Attacks.pdf 12/03/2012 Protecting DCS and SCADA 9
2003 Slammer worm Crashed the network and disabled the safety monitoring system of Davis-Besse nuclear power plant in Oak Harbor, Ohio for nearly 5 hours 13,000 ATMs knocked offline in U.S. 11,000 Postal knocked office offline in Italy 911 service stopped in Seattle SCADA of two U.S. utilities stopped Flights delayed or canceled at Huston http://virus.wikia.com/wiki/Slammer http://www.securityfocus.com/news/6767 12/03/2012 Protecting DCS and SCADA 10
2003 Sobig email virus Knocked out the train signaling systems throughout the east coast of the U.S. http://gspp.berkeley.edu/iths/Tsang_SCADA%20Attacks.pdf 12/03/2012 Protecting DCS and SCADA 11
2000 Disgruntled contractor Through wireless link he broke into Maroochy’s Water Services SCADA system in Australia, and released 800,000 liters of raw sewage into local parks, rivers and even the grounds of a Hyatt Regency hotel. http://csrc.nist.gov/groups/SMA/fisma/ics/documents/Marooc hy-Water-Services-Case-Study_report.pdf 12/03/2012 Protecting DCS and SCADA 12
1999 Hacker Controlled the gas flows running in the pipelines of the Russian energy company, Gazprom, for a short time http://ciip.wordpress.com/tag/scada-incidents/ 12/03/2012 Protecting DCS and SCADA 13
1997 Hacker Broke into the Bell Atlantic computer system in Worcester, Massachusetts, and disabled part of the public switched telephone network using a dial-up modem connected to the system. This attack disabled phone service at the control tower, airport security, the airport fire department, the weather service, and carriers that use the airport. The tower’s main radio transmitter and another transmitter that activates runway lights were shut down, as well as a printer that controllers use to monitor flight progress. The attack also knocked out phone service to 600 homes and businesses in the nearby town of Rutland http://gspp.berkeley.edu/iths/Tsang_SCADA%20Attacks.pdf 12/03/2012 Protecting DCS and SCADA 14
Either • We are doing a better job than 1st and 2nd world countries who invented these technologies. • Every body is happy and we don’t have any enemies. • We don’t care about losses and we are good at covering up. 12/03/2012 Protecting DCS and SCADA 15
• Different networks Internet – Field Network DMZ Extranet – Control Network Internet Security Control – Corporate network Intranet – WAN • Three-tier architecture Em Ad En De • Challenges – Management Cor. Con. Corporate Servers – Security Server Server – Resources – Support Cor. DB Con. DB – Vendor – Budget • Trends Control Control Center Corporate Field – Cut cost Center – Integration Business Control and Automation Field Services – Centralization Services – Consolidation Corporate Service Production Production Information – Virtualization and Could Computing – Shared Services IT Services Control Control Data Information – Outsourcing • Different Security Zones Field Gaining Maintainin Covering Have Reconnaissance Scanning Access g Access Tracks FUN Network Penetration 12/03/2012 Protecting DCS and SCADA 16
Live SCADA Hacking Demonstration 12/03/2012 Protecting DCS and SCADA 17
Possible Threats Possible Impacts • Humans, always the weakest link in the chain • Loss • Natural disasters and extreme conditions. • Life • Cyber warfare • Money • Foreign intelligence services. • Trust • Identity theft. • Reputation • Malicious code. • Competition • Data and information leakage • Disruption • Denial of service. • Destruction • Criminals, Hacktivists, terrorists. • Disclosure • Industrial spies. • Violation Natural Impact Areas Human/Political • Life Environmental/Physical • Environment Logical/Technical • Technology You • Business 12/03/2012 Protecting DCS and SCADA 18
• Weak security controls (design, configuration) • Poor network design • Improper input validation – Buffer overflow – Injections (SQL injection) – Cross-site encryption – Path traversal • Poor access and identity control • Weak communication protocols • Poor authentication • Code flaws • Poor patch and change management • Weak encryption US National Vulnerability Database Open Source Vulnerability Database SecurityFocus Vulnerability Database Exploit-DB 12/03/2012 Protecting DCS and SCADA 19
Consequences Catastrophic Insignificant Moderate • Minor Major Follow a proven approach to risk management (AS/NZ 4360, OCTAVE, NIST SP 800-30, ISO27005) Likelihood 1 2 3 4 5 • Qualitative Risk analysis: Scenario based that describes the likelihood of threat/event and A (almost certain) H H E E E its impact on the business. B (likely) M H H E E • Qualitative Risk analysis: calculation of ALE, very difficult to put monetary value on C (possible) L M H E E unquantifiable variables such as reputation. D (unlikely) L L M H E E (rare) L L M H H Annual Loss Expectancy = Annual Rate of Occurrence X (Asset Value X Percent of Loss) E Extreme Risk, immediate action High Risk, action should be taken to H Identify Identify and compensate Select vulnerabiliti evaluate Moderate Risk, action should be taken Identify Identify the Analyse and control es that options for M Identify Assets threats to impacts on evaluate objectives assets might be the assets the risks. the and to monitor exploited by treatment controls the threats of risks L Low Risk, routine acceptance of risk Risk Weakness/ Counter Technical Business Threat Source Vulnerability Safeguards Assets Measures Impact Impact Threat Agent Attack / Exploit Exposure Compromised Asset Controls Threat Based OWSAP Model CC Risk Management Concept Flow 12/03/2012 Protecting DCS and SCADA 20
Board • National ICS Security Strategy – Establish Saudi ICS Cyber Emergency Response Team (Saudi ICS-CERT) based on US- CERT example, the ICS-CERT • Respond to and analyze control systems related incidents Steering Committee • Conduct vulnerability and malware analysis • Provide onsite support for incident response and forensic analysis SE • Provide situational awareness in the form of actionable intelligence • Coordinate the responsible disclosure of vulnerabilities/mitigations GM GM • Share and coordinate vulnerability information and threat analysis through GM GM information products and alerts – Coordinate with Saudi CERT (cert.gov.sa) Enterprise strategy • Corporate Security Strategy Part of enterprise governance – Establish security governance, read the Information Security Governance Guidance Executives’ responsibility for Boards of Directors and Executive Management, 2nd Edition Business requirement – Establish Audit Program (ISO 19011), Vulnerability Management, Pen-Tests Support commitment – Design with security in mind (Security Zones) Roles and responsibilities are defined – Follow a proven security framework (ISO27001) and carefully design the scope and Based on risk objectives. Enforced Awareness – Choose certified ICS vendors. Continuous review and enhancement 12/03/2012 Protecting DCS and SCADA 21
• Why the ISO27001? • It is applicable on any business or system. 1. Establish the ISMS 1. Get management support. 2. Define scope and objectives 3. Define ISMS policy 4. Define the risk assessment approach 5. Identify the risks 6. Analyse and evaluate the risks 7. Identify and evaluate options for the treatment of risks 8. Select control objectives and controls for the treatment of risks 9. Obtain management approval of the proposed residual risks 10. Prepare a Statement of Applicability 2. Implement and operate the ISMS 3. Monitor and review the ISMS 4. Maintain and improve the ISMS 12/03/2012 Protecting DCS and SCADA 22
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012

Recommended

Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
System of security controls
System of security controlsSystem of security controls
System of security controlsS.E. CTS CERT-GOV-MD
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation SlidesIvanti
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains Aparajita Banerjee
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecuritySounil Yu
 

Recommended

Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
System of security controls
System of security controlsSystem of security controls
System of security controlsS.E. CTS CERT-GOV-MD
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation SlidesIvanti
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains Aparajita Banerjee
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecuritySounil Yu
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeSounil Yu
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...solarisyougood
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And SecurityConstantine Karbaliotis
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Luca Moroni ✔✔
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Avirot Mitamura
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaLuca Moroni ✔✔
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Mukesh Chinta
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
ICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceAustin Eppstein
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentationtsteh
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 
War in the 5th domain: Cyber Offensive Capability
War in the 5th domain: Cyber Offensive CapabilityWar in the 5th domain: Cyber Offensive Capability
War in the 5th domain: Cyber Offensive CapabilityAhmed Al Enizi
 
التعرف على الاختراقات في الشبكات المحلية
التعرف على الاختراقات في الشبكات المحليةالتعرف على الاختراقات في الشبكات المحلية
التعرف على الاختراقات في الشبكات المحليةAhmed Al Enizi
 

More Related Content

What's hot

Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeSounil Yu
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...solarisyougood
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Luca Moroni ✔✔
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Avirot Mitamura
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaLuca Moroni ✔✔
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Mukesh Chinta
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
ICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceAustin Eppstein
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentationtsteh
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 

What's hot (20)

Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
 
ICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceICS_WhitePaper_Darktrace
ICS_WhitePaper_Darktrace
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentation
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
 

Viewers also liked

War in the 5th domain: Cyber Offensive Capability
War in the 5th domain: Cyber Offensive CapabilityWar in the 5th domain: Cyber Offensive Capability
War in the 5th domain: Cyber Offensive CapabilityAhmed Al Enizi
 
التعرف على الاختراقات في الشبكات المحلية
التعرف على الاختراقات في الشبكات المحليةالتعرف على الاختراقات في الشبكات المحلية
التعرف على الاختراقات في الشبكات المحليةAhmed Al Enizi
 
Developing excellence in information security from corporate enterprise to ...
Developing excellence in information security from corporate enterprise to ...Developing excellence in information security from corporate enterprise to ...
Developing excellence in information security from corporate enterprise to ...Ahmed Al Enizi
 
الاختراقت
الاختراقتالاختراقت
الاختراقتacc
 
Datwyler dcs it_safe_the modular compact data centre_ Info Tech Middle East
Datwyler dcs it_safe_the modular compact data centre_ Info Tech Middle EastDatwyler dcs it_safe_the modular compact data centre_ Info Tech Middle East
Datwyler dcs it_safe_the modular compact data centre_ Info Tech Middle EastAli Shoaee
 
I wanna be a hacker / لو سمحت إزاي أبقى هاكر
I wanna be a hacker / لو سمحت إزاي أبقى هاكرI wanna be a hacker / لو سمحت إزاي أبقى هاكر
I wanna be a hacker / لو سمحت إزاي أبقى هاكرAbd4llA
 
Wireless SCADA Data Communications
Wireless SCADA Data CommunicationsWireless SCADA Data Communications
Wireless SCADA Data CommunicationsDaniel Ehrenreich
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 
Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016
Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016
Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016Schneider Electric
 
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Ahmed Al Enizi
 
آليات التعامل مع الإعلام في الجهات الحكومية
آليات التعامل مع الإعلام في الجهات الحكوميةآليات التعامل مع الإعلام في الجهات الحكومية
آليات التعامل مع الإعلام في الجهات الحكوميةHani AlGhofaily
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
Summer Training Report,Oil India Limited
Summer Training Report,Oil India LimitedSummer Training Report,Oil India Limited
Summer Training Report,Oil India LimitedRijumoni Boro
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 

Viewers also liked (20)

War in the 5th domain: Cyber Offensive Capability
War in the 5th domain: Cyber Offensive CapabilityWar in the 5th domain: Cyber Offensive Capability
War in the 5th domain: Cyber Offensive Capability
 
التعرف على الاختراقات في الشبكات المحلية
التعرف على الاختراقات في الشبكات المحليةالتعرف على الاختراقات في الشبكات المحلية
التعرف على الاختراقات في الشبكات المحلية
 
Developing excellence in information security from corporate enterprise to ...
Developing excellence in information security from corporate enterprise to ...Developing excellence in information security from corporate enterprise to ...
Developing excellence in information security from corporate enterprise to ...
 
الاختراقت
الاختراقتالاختراقت
الاختراقت
 
Datwyler dcs it_safe_the modular compact data centre_ Info Tech Middle East
Datwyler dcs it_safe_the modular compact data centre_ Info Tech Middle EastDatwyler dcs it_safe_the modular compact data centre_ Info Tech Middle East
Datwyler dcs it_safe_the modular compact data centre_ Info Tech Middle East
 
I wanna be a hacker / لو سمحت إزاي أبقى هاكر
I wanna be a hacker / لو سمحت إزاي أبقى هاكرI wanna be a hacker / لو سمحت إزاي أبقى هاكر
I wanna be a hacker / لو سمحت إزاي أبقى هاكر
 
Wireless SCADA Data Communications
Wireless SCADA Data CommunicationsWireless SCADA Data Communications
Wireless SCADA Data Communications
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
 
Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016
Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016
Foxboro Evo DCS - Εκδήλωση Explore Innovation - Αθήνα, Ιούνιος 2016
 
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
التشفير
التشفيرالتشفير
التشفير
 
آليات التعامل مع الإعلام في الجهات الحكومية
آليات التعامل مع الإعلام في الجهات الحكوميةآليات التعامل مع الإعلام في الجهات الحكومية
آليات التعامل مع الإعلام في الجهات الحكومية
 
Prgramming paradigms
Prgramming paradigmsPrgramming paradigms
Prgramming paradigms
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrol
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
DCS Or PLC
DCS Or PLCDCS Or PLC
DCS Or PLC
 
Summer Training Report,Oil India Limited
Summer Training Report,Oil India LimitedSummer Training Report,Oil India Limited
Summer Training Report,Oil India Limited
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 

Similar to Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012

Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADARichard Umbrino
 
David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Null Feb 13
Null Feb 13Null Feb 13
Null Feb 13Sundar N
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Power System Operation
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...TI Safe
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA NetworksIJRES Journal
 
2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation2012 02 14 Afcom Presentation
2012 02 14 Afcom PresentationEric Gallant
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
 

Similar to Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012 (20)

Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADA
 
David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
 
Null Feb 13
Null Feb 13Null Feb 13
Null Feb 13
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
 
chile-2015 (2)
chile-2015 (2)chile-2015 (2)
chile-2015 (2)
 
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA Networks
 
2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
 

Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012

  • 1.
  • 2. • THE INFRASTRUCTURE, WHAT IS IT AND WHY IS IT CRITICAL? • CYBER ATTACKS ON ICS INFRASTRUCTURES • TYPICAL DCS AND SCADA NETWORK • Live SCADA Hacking Demonstration • POSSIBLE SECURITY THREATS AND IMPACTS ON ICS • COMMON ICS VULNERABILITIES • RISK, WHAT IS IT AND HOW TO CALCULATED? • SECURITY STRATEGIES • ISO27001 12/03/2012 Protecting DCS and SCADA 2
  • 3. It is the basic physical and organizational structures needed for the operation of a society or enterprise (Wikipedia) • What makes the infrastructure – Electricity – Oil and gas plants – Telecommunications – Water treatment plants – Food productions – Medical and Health – Transportation – Traffic control – Banks – Government security • Why is it critical? – The national security and economy depends on it – Supports the modern human life – Sustains inhabitable environment – Hard to replace – Expensive repairs – Catastrophic impacts 12/03/2012 Protecting DCS and SCADA 3
  • 4. Obviously it is not new • Why it is becoming a pressing issue? – It impacts the whole nation, resulting in loss of life, environment, and billions of dollars. – Why fighting battles while you can from a single computer do more damage? – Structured cyber attacks are becoming easier as automated tools are emerging (backtrack, malware). – Becoming more exposed to threats. – Designed with poor security Incident events by date from 1982 to June 1, 2006 THE INDUSTRIAL ETHERNETBOOK, May 2007 12/03/2012 Protecting DCS and SCADA 4
  • 5. 2010 Stuxnet worm The worm attacks windows machines and replaces a DLL file used by Siemens systems with a modified DLL file that provides the same functions but executes additional code which enables the attacker to spy on databases and projects and alter data sent to PLCs. The affected countries are Iran (58.85%), Indonesia (18.22%), India (8.31%), Azerbaijan (2.57%), United States (1.56%), Pakistan (1.28%), Others (9.2%) http://en.wikipedia.org/wiki/Stuxnet http://threatinfo.trendmicro.com/vinfo/web_attacks/Stuxnet% 20Malware%20Targeting%20SCADA%20Systems.html 12/03/2012 Protecting DCS and SCADA 5
  • 6. 2009 Disgruntled Employee Former IT consultant intentionally tampered with California’s oil and gas company computer systems, one of them is the system used to detect gas leaks http://www.theregister.co.uk/2009/09/24/scada_tampering_gu ilty_plea/ 12/03/2012 Protecting DCS and SCADA 6
  • 7. 2008 Network design After pushing software update from business network to SCADA network, the SCADA safety system forced an emergency shutdown causing Hatch nuclear power plant in Georgia millions of dollars and substantial expense of repair and restoration. The business network was in two-way communication with the plant's SCADA network and the update synchronized information on both systems which caused missing some data related to the cooling system. http://gspp.berkeley.edu/iths/Tsang_SCADA%20Attacks.pdf 12/03/2012 Protecting DCS and SCADA 7
  • 8. 2006 Hacker The hacker exploited Pennsylvania’s water treatment plant and injected virus and spyware into the computer systems and used them to distribute emails and pirated software which affected water treatment operations http://www.gao.gov/assets/270/268137.pdf 12/03/2012 Protecting DCS and SCADA 8
  • 9. 2005 Zotob worm 13 DaimlerChrysler’s U.S. automobile manufacturing plant was knocked offline for almost an hour Computer outages at heavy-equipment maker Caterpillar Inc. Computer outages at aircraft maker Boeing http://gspp.berkeley.edu/iths/Tsang_SCADA%20Attacks.pdf 12/03/2012 Protecting DCS and SCADA 9
  • 10. 2003 Slammer worm Crashed the network and disabled the safety monitoring system of Davis-Besse nuclear power plant in Oak Harbor, Ohio for nearly 5 hours 13,000 ATMs knocked offline in U.S. 11,000 Postal knocked office offline in Italy 911 service stopped in Seattle SCADA of two U.S. utilities stopped Flights delayed or canceled at Huston http://virus.wikia.com/wiki/Slammer http://www.securityfocus.com/news/6767 12/03/2012 Protecting DCS and SCADA 10
  • 11. 2003 Sobig email virus Knocked out the train signaling systems throughout the east coast of the U.S. http://gspp.berkeley.edu/iths/Tsang_SCADA%20Attacks.pdf 12/03/2012 Protecting DCS and SCADA 11
  • 12. 2000 Disgruntled contractor Through wireless link he broke into Maroochy’s Water Services SCADA system in Australia, and released 800,000 liters of raw sewage into local parks, rivers and even the grounds of a Hyatt Regency hotel. http://csrc.nist.gov/groups/SMA/fisma/ics/documents/Marooc hy-Water-Services-Case-Study_report.pdf 12/03/2012 Protecting DCS and SCADA 12
  • 13. 1999 Hacker Controlled the gas flows running in the pipelines of the Russian energy company, Gazprom, for a short time http://ciip.wordpress.com/tag/scada-incidents/ 12/03/2012 Protecting DCS and SCADA 13
  • 14. 1997 Hacker Broke into the Bell Atlantic computer system in Worcester, Massachusetts, and disabled part of the public switched telephone network using a dial-up modem connected to the system. This attack disabled phone service at the control tower, airport security, the airport fire department, the weather service, and carriers that use the airport. The tower’s main radio transmitter and another transmitter that activates runway lights were shut down, as well as a printer that controllers use to monitor flight progress. The attack also knocked out phone service to 600 homes and businesses in the nearby town of Rutland http://gspp.berkeley.edu/iths/Tsang_SCADA%20Attacks.pdf 12/03/2012 Protecting DCS and SCADA 14
  • 15. Either • We are doing a better job than 1st and 2nd world countries who invented these technologies. • Every body is happy and we don’t have any enemies. • We don’t care about losses and we are good at covering up. 12/03/2012 Protecting DCS and SCADA 15
  • 16. Different networks Internet – Field Network DMZ Extranet – Control Network Internet Security Control – Corporate network Intranet – WAN • Three-tier architecture Em Ad En De • Challenges – Management Cor. Con. Corporate Servers – Security Server Server – Resources – Support Cor. DB Con. DB – Vendor – Budget • Trends Control Control Center Corporate Field – Cut cost Center – Integration Business Control and Automation Field Services – Centralization Services – Consolidation Corporate Service Production Production Information – Virtualization and Could Computing – Shared Services IT Services Control Control Data Information – Outsourcing • Different Security Zones Field Gaining Maintainin Covering Have Reconnaissance Scanning Access g Access Tracks FUN Network Penetration 12/03/2012 Protecting DCS and SCADA 16
  • 17. Live SCADA Hacking Demonstration 12/03/2012 Protecting DCS and SCADA 17
  • 18. Possible Threats Possible Impacts • Humans, always the weakest link in the chain • Loss • Natural disasters and extreme conditions. • Life • Cyber warfare • Money • Foreign intelligence services. • Trust • Identity theft. • Reputation • Malicious code. • Competition • Data and information leakage • Disruption • Denial of service. • Destruction • Criminals, Hacktivists, terrorists. • Disclosure • Industrial spies. • Violation Natural Impact Areas Human/Political • Life Environmental/Physical • Environment Logical/Technical • Technology You • Business 12/03/2012 Protecting DCS and SCADA 18
  • 19. Weak security controls (design, configuration) • Poor network design • Improper input validation – Buffer overflow – Injections (SQL injection) – Cross-site encryption – Path traversal • Poor access and identity control • Weak communication protocols • Poor authentication • Code flaws • Poor patch and change management • Weak encryption US National Vulnerability Database Open Source Vulnerability Database SecurityFocus Vulnerability Database Exploit-DB 12/03/2012 Protecting DCS and SCADA 19
  • 20. Consequences Catastrophic Insignificant Moderate • Minor Major Follow a proven approach to risk management (AS/NZ 4360, OCTAVE, NIST SP 800-30, ISO27005) Likelihood 1 2 3 4 5 • Qualitative Risk analysis: Scenario based that describes the likelihood of threat/event and A (almost certain) H H E E E its impact on the business. B (likely) M H H E E • Qualitative Risk analysis: calculation of ALE, very difficult to put monetary value on C (possible) L M H E E unquantifiable variables such as reputation. D (unlikely) L L M H E E (rare) L L M H H Annual Loss Expectancy = Annual Rate of Occurrence X (Asset Value X Percent of Loss) E Extreme Risk, immediate action High Risk, action should be taken to H Identify Identify and compensate Select vulnerabiliti evaluate Moderate Risk, action should be taken Identify Identify the Analyse and control es that options for M Identify Assets threats to impacts on evaluate objectives assets might be the assets the risks. the and to monitor exploited by treatment controls the threats of risks L Low Risk, routine acceptance of risk Risk Weakness/ Counter Technical Business Threat Source Vulnerability Safeguards Assets Measures Impact Impact Threat Agent Attack / Exploit Exposure Compromised Asset Controls Threat Based OWSAP Model CC Risk Management Concept Flow 12/03/2012 Protecting DCS and SCADA 20
  • 21. Board • National ICS Security Strategy – Establish Saudi ICS Cyber Emergency Response Team (Saudi ICS-CERT) based on US- CERT example, the ICS-CERT • Respond to and analyze control systems related incidents Steering Committee • Conduct vulnerability and malware analysis • Provide onsite support for incident response and forensic analysis SE • Provide situational awareness in the form of actionable intelligence • Coordinate the responsible disclosure of vulnerabilities/mitigations GM GM • Share and coordinate vulnerability information and threat analysis through GM GM information products and alerts – Coordinate with Saudi CERT (cert.gov.sa) Enterprise strategy • Corporate Security Strategy Part of enterprise governance – Establish security governance, read the Information Security Governance Guidance Executives’ responsibility for Boards of Directors and Executive Management, 2nd Edition Business requirement – Establish Audit Program (ISO 19011), Vulnerability Management, Pen-Tests Support commitment – Design with security in mind (Security Zones) Roles and responsibilities are defined – Follow a proven security framework (ISO27001) and carefully design the scope and Based on risk objectives. Enforced Awareness – Choose certified ICS vendors. Continuous review and enhancement 12/03/2012 Protecting DCS and SCADA 21
  • 22. Why the ISO27001? • It is applicable on any business or system. 1. Establish the ISMS 1. Get management support. 2. Define scope and objectives 3. Define ISMS policy 4. Define the risk assessment approach 5. Identify the risks 6. Analyse and evaluate the risks 7. Identify and evaluate options for the treatment of risks 8. Select control objectives and controls for the treatment of risks 9. Obtain management approval of the proposed residual risks 10. Prepare a Statement of Applicability 2. Implement and operate the ISMS 3. Monitor and review the ISMS 4. Maintain and improve the ISMS 12/03/2012 Protecting DCS and SCADA 22