SlideShare ist ein Scribd-Unternehmen logo

S C A D A Security Keynote C K

Narinrit Prem-apiwathanokul
Narinrit Prem-apiwathanokul

"Protecting your SCADA system against cyber security threat" presented in "SCADA Asia Summit 2009" in Singapore. (June 2009)

1 von 34
Downloaden Sie, um offline zu lesen
Protecting your SCADA system against cyber security threats 17 June 2009
CHAIYAKORN APIWATHANOKUL CISSP, IRCA:ISMS, SANS GCFA Chief Security Officer PTT ICT Solutions A Company of PTT Group
CHAIYAKORN APIWATHANOKUL SCADA Security National Critical Infrastructure Cyber Terrorist
Now that the Hollywood is knocking on your door Chaiyakorn Apiwathanokul
Transportation System Chaiyakorn Apiwathanokul
Building Automation System (BAS) Chaiyakorn Apiwathanokul
Recent in the News 24th May 2009 http://www.us-cert.gov Chaiyakorn Apiwathanokul
Chaiyakorn Apiwathanokul
What is Industrial Control Systems (ICS), SCADA and DCS? Industrial Control Systems are computer-based systems that are used by many infrastructures and industries to monitor and control sensitive processes and physical functions. Typically, control systems collect sensor measurements and operational data from the field, process and display this information, and relay control commands to local or remote equipment. There are two primary types of Control Systems. – Distributed Control Systems (DCS) typically are used within a single processing or generating plant or over a small geographic area. – Supervisory Control and Data Acquisition (SCADA) systems typically are used for large, geographically dispersed distribution operations. Chaiyakorn Apiwathanokul NIST SP800-82 Final Public DRAFT (Sep. 2008)
Industrial Control System The term Industrial Control System (ICS) refers to a broad set of control systems, which include: SCADA (Supervisory Control and Data Acquisition) DCS (Distributed Control System) PCS (Process Control System) EMS (Energy Management System) AS (Automation System) SIS (Safety Instrumented System) Any other automated control system
Global Incidents • Siberia,1982 • 2002: FBI traced found CIA’s hacker attacked the visitors routed USSR’s pipeline operation through telecommunication software caused a massive network of Saudi Arabia, explosion during the Indonesia and summer of 1982 in the Pakistan studied controversial pipeline delivering Siberian natural emergency gas to Western Europe. telephone systems, from book At the Abyss: electric An Insider's History of the Cold War generation, and (Ballantine, 2004, ISBN 0-89141-821-0) transmission, water storage and distribution, nuclear power plants and haiyakorn Apiwathanokul C gas facilities. Key word: The Farewell Dossier http://www.washingtonpost.com/ac2/wp-dyn/A50765-2002Jun26 Gus W. Weiss
Global Incidents (cont.) • Based on evidence collected in Afghanistan, Al Qaeda had a “high level of interest” in DCS and SCADA devices. (AFI Intelligence Briefing - 28th June 2002) – Islamic terrorism looks for new methods of attack – 'Bombs and Bytes' The next Al Qa'ida terrorist threat – US faces an 'electronic Pearl Harbour' 2003: Slammer Worm crashed Ohio nuke plant network, Davis-Besse According to a document released by the North American Electric Reliability Council in June, Slammer downed one utility's critical SCADA network after moving from a corporate network, Recovery time: through a remote computer to a VPN connection SPDS – 4hours 50 minutes to the control center LAN. PPC – 6 hours 9 minutes (http://www.securityfocus.com/news/6767)
Cyber Incidents and Consequences Chaiyakorn Apiwathanokul
Italian Traffic Lights Event: Feb, 2009 Italian authorities investigating unauthorized changes to traffic enforcement system Impact: Rise of over 1,400 Lessons learned: traffic tickets costing > 250K Do not underestimate the Euros in two month period insider threat Specifics: Engineer accused of Ensure separation of conspiring with local authorities duties and auditing to rig traffic lights to have shorter yellow light causing spike in camera enforced traffic tickets
Transportation – Road Signs Event: Jan 2009, Texas road signs compromised Impact: Motorists distracted and provided false information Specifics: Some commercial road signs, can be easily altered because their instrument panels Lessons learned: are frequently left unlocked and Use robust physical access their default passwords are not controls changed. "Programming is as Change all default passwords simple as scrolling down the menu selection," a blog reports. "Type Work with manufacturers to whatever you want to display … In identify and protect password reset procedures all likelihood, the crew will not have changed [the password]." 15
Activity Timeline of U.S. Critical Infrastructure Protection Chaiyakorn Apiwathanokul
U.S. Critical Infrastructure Sectors Homeland Security Presidential Directive 7 (HSPD-7) along with the National Infrastructure Protection Plan (NIPP) identified and categorized U.S. critical infrastructure into the following 18 CIKR sectors • Agriculture and Food • National Monuments and • Banking and Finance Icons • Chemical • Nuclear Reactors, • Commercial Facilities Materials, and Waste • Critical Manufacturing • Postal and Shipping • Dams • Public Health and • Defense Industrial Healthcare Base • Telecommunications • Emergency Services • Transportation • Energy • Water and Water • Government Facilities Treatment • Information Technology Many of the processes controlled by computerized control systems have advanced to the point that they can no longer be operated without the control system.
Obama elevates the priority of Cybersecurity concerns May 29, 2009 U.S. President Barack Obama will appoint a government-wide cybersecurity coordinator and elevate cybersecurity concerns to a top management priority for the U.S. government, he announced Friday. The White House will also develop a new, comprehensive national cybersecurity strategy, with help from private experts, and it will invest in "cutting edge" cybersecurity research and development, Obama said in a short Chaiyakorn Apiwathanokul speech.
Risk Drivers: Modernization and Globalization Connections between Information Technology and Control System networks (inheriting vulnerabilities) Shift from isolated systems to open protocols Access to remote sites through the use of modems, wireless, private, and public networks Shared or joint use systems for e-commerce
General Findings Default vendor accounts and passwords still in use Some systems unable to be changed! Guest accounts still available Unused software and services still on systems No security-level agreement with peer sites No security-level agreement with vendors Poor patch management (or patch programs) Extensive auto-logon capability
General Findings continued Typical IT protections not widely used (firewalls, IDS, etc.). This has been improving in the last 6 months Little emphasis on reviewing security logs (Change management) Common use of dynamic ARP tables with no ARP monitoring Control system use of enterprise services (DNS, etc.) Shared passwords Writeable shares between hosts User permissions allow for admin level access Direct VPN from offsite to control systems Web enabled field devices
Issue #1: Lo Chance – Hi Impact Incident is focused more after 9/11 incident Impact H High L Low Medium P1 P2 Probability P3 L H P4 • What’s never happened, may happen. P5 • 0.0001% = POSSIBLE P6 P7 • RISK = Likelihood x Impact
Issue #1: (cont.) Lo Chance – Hi Impact Incident is focused more after 9/11 incident • National Critical Infrastructure "critical infrastructure" -- industrial sectors that are "essential to the minimum operations of the economy and government." – PDD63, 1998 – Telecommunications – Energy P1 – Banking and Finance P2 P3 – Transportation P4 – Water Systems P5 – Emergency Services Chaiyakorn Apiwathanokul P6 P7
Issue #2: A Gap of Coordination • Different vocabulary – ICT: “I know TCP/IP, NetBIOS, MSSQL, SAP and etc.” – Operation: “I know Profibus, FieldBus, MODBUS, Solenoid valve, Turbine, Hydraulic, Pneumatic and etc.” • SCADA/DCS could be somewhat frighteningly exciting to ICT people. Inadequate knowledge and experience on the system lowers the confident to provide appropriate P1 support. P2 • Operation people should work with IT Security P3 Professionals from ICT Department or consultancies P4 • Educating IT Department about Process Control & SCADA P5 operations Chaiyakorn Apiwathanokul P6 P7
Issue #3: Unsynchronized Technology Lifecycle P1 P2 P3 P4 P5 Chaiyakorn Apiwathanokul P6 P7
Issue #3: (cont.) Unsynchronized Technology Lifecycle • ICT technology keep changing while Control System is here to stay. • Production processes are rarely changed. • “We can operate as we always do. So, WHY UPGRADE ???” P1 • ICT equipment life is ~3-5 years P2 • Control equipment life is ~10+ years P3 • SCADA Security today is where enterprise security P4 was 5-10 years ago P5 Chaiyakorn Apiwathanokul P6 P7
Issue #4: Sharing the SAME CHALLENGES • The information or data from devices or controllers shall be sent or processed at a server of that system which could expose many possibility to attack as follow: – Communication Media • Radio : Jammer • Protocol Anomaly – Operating System running on the server • Microsoft Windows • Unix P1 – Database P2 • MS-SQL P3 • Oracle P4 • System running standard Operating System is P5 vulnerable to standard attacks Chaiyakorn Apiwathanokul P6 – Malware/Virus/Worm/SpyWare P7
Issue #5: We are Connected • The operation network is somehow connected to the corporate network or even able to access the Internet. Without proper protection and control, P1 the operation P2 environment is truely P3 P4 in high risk. P5 Chaiyakorn Apiwathanokul P6 P7
Issue #6: Is the system integrator have security in mind when engineering the system? • Is all possible condition properly handled? • Ex. The engineer may knows that the reading equipment would never yield a negative value, so he wrote program to only handle the > 0 value. WHAT IF…someone injects a negative value to that P1 variable by tapping the media or at the database P2 level? Can you tell what will happen? P3 • Is the program running in the controller a security- P4 P5 aware by design? Chaiyakorn Apiwathanokul P6 P7
Issue #6: cont. • “None of the industrial control systems used to monitor and operate the nation's utilities and factories were designed with security in mind. Moreover, their very nature makes them difficult to secure. Linking them to networks and the public Internet only makes them harder to protect.” P1 P2 Said by Joseph Weiss, executive consultant for P3 KEMA Consulting P4 http://www.memagazine.org/backissues/dec02/features/scadavs/scadavs.html P5 Chaiyakorn Apiwathanokul P6 P7
Issue #7: Policy Enforcement • People + Process + Technology are needed to work in harmony. Sometime we need certain technology or tool to ensure that the defined process or policy is in good shape. • The most vulnerable entity is “PEOPLE”. So keep P1 them aware of what they are doing and risk they P2 are fronting, plus the consequent damages and P3 responsibility if they are not complied with the P4 policy. P5 Chaiyakorn Apiwathanokul P6 P7
Summary • The journey began • Something to start with • Collaboration matters • NIST SP800-82 • ISA99ANSI/ISA-99.00.01-2007 – Division / Department Security for Industrial Automation – Public / Private and Control Systems Part 1: – Country / Country Terminology, Concepts, and – Regional / Global Models • ANSI/ISA-99.02.01-2009 Security • The clock is ticking for Industrial Automation and • You don’t want to say Control Systems: Establishing an “Gossh…, I didn’t even think Industrial Automation and Control it would happen to me.” Systems Security Program • ISO27001, ISO27002 (ISO17799) Chaiyakorn Apiwathanokul
Resources • Guide to Industrial Control Systems (ICS) Security http://csrc.nist.gov/publications/drafts/800-82/draft_sp800- 82-fpd.pdf • Control System Security Program at US-CERT http://www.us-cert.gov/control_systems • Control System Security Resource and Podcast http://www.digitalbond.com/ • http://www.tswg.gov/subgroups/ps/infrastructure- protection/documents/21_Steps_SCADA.pdf Chaiyakorn Apiwathanokul
Chaiyakorn Apiwathanokul 34

Empfohlen

SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber SecurityOWASP EEE
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
The Stuxnet Worm creation process
The Stuxnet Worm creation processThe Stuxnet Worm creation process
The Stuxnet Worm creation processAjay Ohri
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 

Empfohlen

SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber SecurityOWASP EEE
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
The Stuxnet Worm creation process
The Stuxnet Worm creation processThe Stuxnet Worm creation process
The Stuxnet Worm creation processAjay Ohri
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016David Glover
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael FirstenbergTI Safe
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 
[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel LinaresTI Safe
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
BSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS securityBSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS securityChris Sistrunk
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSChris Sistrunk
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityChris Sistrunk
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009Narinrit Prem-apiwathanokul
 
Cyber security colombo meetup
Cyber security colombo meetupCyber security colombo meetup
Cyber security colombo meetupEguardian Global Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016David Glover
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael FirstenbergTI Safe
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 
[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel LinaresTI Safe
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
BSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS securityBSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS securityChris Sistrunk
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSChris Sistrunk
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityChris Sistrunk
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 

Was ist angesagt? (20)

ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
 
[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
 
BSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS securityBSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS security
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICS
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS Security
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
 

Ähnlich wie S C A D A Security Keynote C K

ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Leonardo ENERGY
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampEnergySec
 
2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation2012 02 14 Afcom Presentation
2012 02 14 Afcom PresentationEric Gallant
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos, Inc.
 
American Bar Assoc. ISC 2009
American Bar Assoc. ISC 2009American Bar Assoc. ISC 2009
American Bar Assoc. ISC 2009infracritical
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident PreparationCimation
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Power System Operation
 
Raoul Chiesa Hacking A Impianti Industriali
Raoul Chiesa Hacking A Impianti IndustrialiRaoul Chiesa Hacking A Impianti Industriali
Raoul Chiesa Hacking A Impianti IndustrialiGoWireless
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA NetworksIJRES Journal
 
Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADARichard Umbrino
 
Wireless-Sensor-Systems-Security-Implications-for-the-Industrial-Environment-...
Wireless-Sensor-Systems-Security-Implications-for-the-Industrial-Environment-...Wireless-Sensor-Systems-Security-Implications-for-the-Industrial-Environment-...
Wireless-Sensor-Systems-Security-Implications-for-the-Industrial-Environment-...Rishabhkumar224575
 

Ähnlich wie S C A D A Security Keynote C K (20)

SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009
 
Cyber security colombo meetup
Cyber security colombo meetupCyber security colombo meetup
Cyber security colombo meetup
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentation
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot Camp
 
115.pdf
115.pdf115.pdf
115.pdf
 
2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware
 
American Bar Assoc. ISC 2009
American Bar Assoc. ISC 2009American Bar Assoc. ISC 2009
American Bar Assoc. ISC 2009
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
 
Introduction to INFOSEC Professional
Introduction to INFOSEC ProfessionalIntroduction to INFOSEC Professional
Introduction to INFOSEC Professional
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
 
Raoul Chiesa Hacking A Impianti Industriali
Raoul Chiesa Hacking A Impianti IndustrialiRaoul Chiesa Hacking A Impianti Industriali
Raoul Chiesa Hacking A Impianti Industriali
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA Networks
 
SCADA Security
SCADA SecuritySCADA Security
SCADA Security
 
Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADA
 
Wireless-Sensor-Systems-Security-Implications-for-the-Industrial-Environment-...
Wireless-Sensor-Systems-Security-Implications-for-the-Industrial-Environment-...Wireless-Sensor-Systems-Security-Implications-for-the-Industrial-Environment-...
Wireless-Sensor-Systems-Security-Implications-for-the-Industrial-Environment-...
 

Mehr von Narinrit Prem-apiwathanokul

Infosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For ThailandInfosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For ThailandNarinrit Prem-apiwathanokul
 

Mehr von Narinrit Prem-apiwathanokul (12)

How to address C-Level properly?
How to address C-Level properly?How to address C-Level properly?
How to address C-Level properly?
 
IMC: risk base security
IMC: risk base securityIMC: risk base security
IMC: risk base security
 
Cloud Security by CK
Cloud Security by CKCloud Security by CK
Cloud Security by CK
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ck
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
 
Infosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For ThailandInfosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For Thailand
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA Security
 
Addressing CIP
Addressing CIPAddressing CIP
Addressing CIP
 
SecurityExchange2009-Key Note
SecurityExchange2009-Key NoteSecurityExchange2009-Key Note
SecurityExchange2009-Key Note
 
Chaiyakorn
ChaiyakornChaiyakorn
Chaiyakorn
 
CCA Preparation for Organization
CCA Preparation for OrganizationCCA Preparation for Organization
CCA Preparation for Organization
 
IT Security EBK2008 Summary
IT Security EBK2008 SummaryIT Security EBK2008 Summary
IT Security EBK2008 Summary
 

S C A D A Security Keynote C K

  • 1. Protecting your SCADA system against cyber security threats 17 June 2009
  • 2. CHAIYAKORN APIWATHANOKUL CISSP, IRCA:ISMS, SANS GCFA Chief Security Officer PTT ICT Solutions A Company of PTT Group
  • 3. CHAIYAKORN APIWATHANOKUL SCADA Security National Critical Infrastructure Cyber Terrorist
  • 4. Now that the Hollywood is knocking on your door Chaiyakorn Apiwathanokul
  • 5. Transportation System Chaiyakorn Apiwathanokul
  • 6. Building Automation System (BAS) Chaiyakorn Apiwathanokul
  • 7. Recent in the News 24th May 2009 http://www.us-cert.gov Chaiyakorn Apiwathanokul
  • 9. What is Industrial Control Systems (ICS), SCADA and DCS? Industrial Control Systems are computer-based systems that are used by many infrastructures and industries to monitor and control sensitive processes and physical functions. Typically, control systems collect sensor measurements and operational data from the field, process and display this information, and relay control commands to local or remote equipment. There are two primary types of Control Systems. – Distributed Control Systems (DCS) typically are used within a single processing or generating plant or over a small geographic area. – Supervisory Control and Data Acquisition (SCADA) systems typically are used for large, geographically dispersed distribution operations. Chaiyakorn Apiwathanokul NIST SP800-82 Final Public DRAFT (Sep. 2008)
  • 10. Industrial Control System The term Industrial Control System (ICS) refers to a broad set of control systems, which include: SCADA (Supervisory Control and Data Acquisition) DCS (Distributed Control System) PCS (Process Control System) EMS (Energy Management System) AS (Automation System) SIS (Safety Instrumented System) Any other automated control system
  • 11. Global Incidents • Siberia,1982 • 2002: FBI traced found CIA’s hacker attacked the visitors routed USSR’s pipeline operation through telecommunication software caused a massive network of Saudi Arabia, explosion during the Indonesia and summer of 1982 in the Pakistan studied controversial pipeline delivering Siberian natural emergency gas to Western Europe. telephone systems, from book At the Abyss: electric An Insider's History of the Cold War generation, and (Ballantine, 2004, ISBN 0-89141-821-0) transmission, water storage and distribution, nuclear power plants and haiyakorn Apiwathanokul C gas facilities. Key word: The Farewell Dossier http://www.washingtonpost.com/ac2/wp-dyn/A50765-2002Jun26 Gus W. Weiss
  • 12. Global Incidents (cont.) • Based on evidence collected in Afghanistan, Al Qaeda had a “high level of interest” in DCS and SCADA devices. (AFI Intelligence Briefing - 28th June 2002) – Islamic terrorism looks for new methods of attack – 'Bombs and Bytes' The next Al Qa'ida terrorist threat – US faces an 'electronic Pearl Harbour' 2003: Slammer Worm crashed Ohio nuke plant network, Davis-Besse According to a document released by the North American Electric Reliability Council in June, Slammer downed one utility's critical SCADA network after moving from a corporate network, Recovery time: through a remote computer to a VPN connection SPDS – 4hours 50 minutes to the control center LAN. PPC – 6 hours 9 minutes (http://www.securityfocus.com/news/6767)
  • 13. Cyber Incidents and Consequences Chaiyakorn Apiwathanokul
  • 14. Italian Traffic Lights Event: Feb, 2009 Italian authorities investigating unauthorized changes to traffic enforcement system Impact: Rise of over 1,400 Lessons learned: traffic tickets costing > 250K Do not underestimate the Euros in two month period insider threat Specifics: Engineer accused of Ensure separation of conspiring with local authorities duties and auditing to rig traffic lights to have shorter yellow light causing spike in camera enforced traffic tickets
  • 15. Transportation – Road Signs Event: Jan 2009, Texas road signs compromised Impact: Motorists distracted and provided false information Specifics: Some commercial road signs, can be easily altered because their instrument panels Lessons learned: are frequently left unlocked and Use robust physical access their default passwords are not controls changed. "Programming is as Change all default passwords simple as scrolling down the menu selection," a blog reports. "Type Work with manufacturers to whatever you want to display … In identify and protect password reset procedures all likelihood, the crew will not have changed [the password]." 15
  • 16. Activity Timeline of U.S. Critical Infrastructure Protection Chaiyakorn Apiwathanokul
  • 17. U.S. Critical Infrastructure Sectors Homeland Security Presidential Directive 7 (HSPD-7) along with the National Infrastructure Protection Plan (NIPP) identified and categorized U.S. critical infrastructure into the following 18 CIKR sectors • Agriculture and Food • National Monuments and • Banking and Finance Icons • Chemical • Nuclear Reactors, • Commercial Facilities Materials, and Waste • Critical Manufacturing • Postal and Shipping • Dams • Public Health and • Defense Industrial Healthcare Base • Telecommunications • Emergency Services • Transportation • Energy • Water and Water • Government Facilities Treatment • Information Technology Many of the processes controlled by computerized control systems have advanced to the point that they can no longer be operated without the control system.
  • 18. Obama elevates the priority of Cybersecurity concerns May 29, 2009 U.S. President Barack Obama will appoint a government-wide cybersecurity coordinator and elevate cybersecurity concerns to a top management priority for the U.S. government, he announced Friday. The White House will also develop a new, comprehensive national cybersecurity strategy, with help from private experts, and it will invest in "cutting edge" cybersecurity research and development, Obama said in a short Chaiyakorn Apiwathanokul speech.
  • 19. Risk Drivers: Modernization and Globalization Connections between Information Technology and Control System networks (inheriting vulnerabilities) Shift from isolated systems to open protocols Access to remote sites through the use of modems, wireless, private, and public networks Shared or joint use systems for e-commerce
  • 20. General Findings Default vendor accounts and passwords still in use Some systems unable to be changed! Guest accounts still available Unused software and services still on systems No security-level agreement with peer sites No security-level agreement with vendors Poor patch management (or patch programs) Extensive auto-logon capability
  • 21. General Findings continued Typical IT protections not widely used (firewalls, IDS, etc.). This has been improving in the last 6 months Little emphasis on reviewing security logs (Change management) Common use of dynamic ARP tables with no ARP monitoring Control system use of enterprise services (DNS, etc.) Shared passwords Writeable shares between hosts User permissions allow for admin level access Direct VPN from offsite to control systems Web enabled field devices
  • 22. Issue #1: Lo Chance – Hi Impact Incident is focused more after 9/11 incident Impact H High L Low Medium P1 P2 Probability P3 L H P4 • What’s never happened, may happen. P5 • 0.0001% = POSSIBLE P6 P7 • RISK = Likelihood x Impact
  • 23. Issue #1: (cont.) Lo Chance – Hi Impact Incident is focused more after 9/11 incident • National Critical Infrastructure "critical infrastructure" -- industrial sectors that are "essential to the minimum operations of the economy and government." – PDD63, 1998 – Telecommunications – Energy P1 – Banking and Finance P2 P3 – Transportation P4 – Water Systems P5 – Emergency Services Chaiyakorn Apiwathanokul P6 P7
  • 24. Issue #2: A Gap of Coordination • Different vocabulary – ICT: “I know TCP/IP, NetBIOS, MSSQL, SAP and etc.” – Operation: “I know Profibus, FieldBus, MODBUS, Solenoid valve, Turbine, Hydraulic, Pneumatic and etc.” • SCADA/DCS could be somewhat frighteningly exciting to ICT people. Inadequate knowledge and experience on the system lowers the confident to provide appropriate P1 support. P2 • Operation people should work with IT Security P3 Professionals from ICT Department or consultancies P4 • Educating IT Department about Process Control & SCADA P5 operations Chaiyakorn Apiwathanokul P6 P7
  • 25. Issue #3: Unsynchronized Technology Lifecycle P1 P2 P3 P4 P5 Chaiyakorn Apiwathanokul P6 P7
  • 26. Issue #3: (cont.) Unsynchronized Technology Lifecycle • ICT technology keep changing while Control System is here to stay. • Production processes are rarely changed. • “We can operate as we always do. So, WHY UPGRADE ???” P1 • ICT equipment life is ~3-5 years P2 • Control equipment life is ~10+ years P3 • SCADA Security today is where enterprise security P4 was 5-10 years ago P5 Chaiyakorn Apiwathanokul P6 P7
  • 27. Issue #4: Sharing the SAME CHALLENGES • The information or data from devices or controllers shall be sent or processed at a server of that system which could expose many possibility to attack as follow: – Communication Media • Radio : Jammer • Protocol Anomaly – Operating System running on the server • Microsoft Windows • Unix P1 – Database P2 • MS-SQL P3 • Oracle P4 • System running standard Operating System is P5 vulnerable to standard attacks Chaiyakorn Apiwathanokul P6 – Malware/Virus/Worm/SpyWare P7
  • 28. Issue #5: We are Connected • The operation network is somehow connected to the corporate network or even able to access the Internet. Without proper protection and control, P1 the operation P2 environment is truely P3 P4 in high risk. P5 Chaiyakorn Apiwathanokul P6 P7
  • 29. Issue #6: Is the system integrator have security in mind when engineering the system? • Is all possible condition properly handled? • Ex. The engineer may knows that the reading equipment would never yield a negative value, so he wrote program to only handle the > 0 value. WHAT IF…someone injects a negative value to that P1 variable by tapping the media or at the database P2 level? Can you tell what will happen? P3 • Is the program running in the controller a security- P4 P5 aware by design? Chaiyakorn Apiwathanokul P6 P7
  • 30. Issue #6: cont. • “None of the industrial control systems used to monitor and operate the nation's utilities and factories were designed with security in mind. Moreover, their very nature makes them difficult to secure. Linking them to networks and the public Internet only makes them harder to protect.” P1 P2 Said by Joseph Weiss, executive consultant for P3 KEMA Consulting P4 http://www.memagazine.org/backissues/dec02/features/scadavs/scadavs.html P5 Chaiyakorn Apiwathanokul P6 P7
  • 31. Issue #7: Policy Enforcement • People + Process + Technology are needed to work in harmony. Sometime we need certain technology or tool to ensure that the defined process or policy is in good shape. • The most vulnerable entity is “PEOPLE”. So keep P1 them aware of what they are doing and risk they P2 are fronting, plus the consequent damages and P3 responsibility if they are not complied with the P4 policy. P5 Chaiyakorn Apiwathanokul P6 P7
  • 32. Summary • The journey began • Something to start with • Collaboration matters • NIST SP800-82 • ISA99ANSI/ISA-99.00.01-2007 – Division / Department Security for Industrial Automation – Public / Private and Control Systems Part 1: – Country / Country Terminology, Concepts, and – Regional / Global Models • ANSI/ISA-99.02.01-2009 Security • The clock is ticking for Industrial Automation and • You don’t want to say Control Systems: Establishing an “Gossh…, I didn’t even think Industrial Automation and Control it would happen to me.” Systems Security Program • ISO27001, ISO27002 (ISO17799) Chaiyakorn Apiwathanokul
  • 33. Resources • Guide to Industrial Control Systems (ICS) Security http://csrc.nist.gov/publications/drafts/800-82/draft_sp800- 82-fpd.pdf • Control System Security Program at US-CERT http://www.us-cert.gov/control_systems • Control System Security Resource and Podcast http://www.digitalbond.com/ • http://www.tswg.gov/subgroups/ps/infrastructure- protection/documents/21_Steps_SCADA.pdf Chaiyakorn Apiwathanokul