Process Control Cyber Security

•Als PPTX, PDF herunterladen•

0 gefällt mir•1,020 views

Presented @ Saudi Aramco Global Reliability Forum 2013 Houston, TX, June 19-20, 2013 The only totally secure system is one that is shutoff, unplugged, and locked in a completely sealed box. Security is a balancing act of managing risk and maintaining operations. Too little security and the system may become compromised. Too much security may affect core system functionality, usability, or reliability. Finding the right level of security for a particular system may seem like a daunting task for many industrial control system vendors, integrators, and end-users. There are many different aspects to security and there is no single countermeasure that will work in all situations. This talk will discuss some of the different aspects to security and discuss how some of the more common countermeasures may affect the overall reliability of the system.

Technologie Business

Process Control Cyber
Security
Jim Gilsinn
Senior Investigator
Kenexis Security Consulting

Before we start…
• Who wants a process that they can say is
secure?

2

Before we start…
• Who wants a process that they can say is
secure?
• Who wants a process that does what its
expected to do, when and for who its
expected to do it, and for the purposes it
was designed?

3

Safety

RELIABILITY
Performance

Security

6

Selected Aspects of Security
• Risk Management
• Network Segmentation

• Monitoring

7

Risk Management
• Risk management is
nothing new
– Safety, financial,
physical security have
all been around for a
long time

• Cyber security should
not try to reinvent the
wheel

8

Risk Management
• Brown Field
– Probably have some risk
management and
treatment in place
– Security should feed into
existing risk management
process, not be a separate
entity

• Green Field
– Security should be part of
the process from the
beginning

9

Risk Management
• Consequences are generally the same
– Many times they are already identified
– Difference comes about due to root cause

• Expand to include areas where:
– People don’t act as they are supposed
– Devices don’t act as they are designed

• Be wary of statements like “Well, that
could never happen” and “Why would
anyone do that”.
10

Network Segmentation
• Network segmentation as a security
technique:
– Prevents the spread of an incident
– Provides a front-line set of defenses

• Network segmentation is a lot more!

11

Network Segmentation
• Network segmentation is a process to
understand:
– What devices communicate
– How fast/often those devices communicate
– Where information flows
– What form that information takes

• Technology helps, but architecture is more
important

12

Network
Segmentation
• Limit the ingress and
egress points through zone
boundaries
• Protect the connections
between zones
• Zones & conduits are
logical
– For practical purposes,
match zones to network
architecture as much as
possible

13

Monitoring
• Do any of these sound familiar?
– It used to work.
– Something just seems to have failed.
– Not really sure what happened.
– Don’t do anything to that system over there,
its touchy.
– This system is just so slow.

15

Monitoring
• Monitoring is extremely important
– Firewalls are good, but useless if you aren’t
monitoring the rules and logs
– IDS are useful (if monitored). Not many are industrial
aware, but can be trained.
– Network performance indicators can give early
indications of something failing

16

Performance Monitoring
• Monitoring isn’t just for security
• Performance can be a leading indicator
– Small blips in performance can indicate
unusual activity

• Helps to eliminating false-positives

17

Performance Monitoring
2 ms Mean Measured Packet Interval
~ 0.8 ms Jitter

18

Performance Monitoring

2 ms Mean Measured Packet Interval
-0.8 ms to +2.2 ms Jitter

19

Performance Monitoring
50 ms Mean Measured Packet Interval
Bimodal (25 ms & 75 ms) with Outliers (100 ms)

20

Looking Forward
• Vulnerabilities
• Whitelisting

21

Vulnerabilities
• Vulnerabilities will always exist in the
industrial environment
– Zero-day vulnerabilities are inevitable
– Infinite-day vulnerabilities are not uncommon
– Industrial protocols themselves are vulnerable

• Well-crafted malware can exist for months
or years before detected
• Do vulnerabilities mean bad
things will happen?
22

Whitelisting
• Limits execution on a computer
– Known good set of applications
and libraries
– Monitors applications and memory-space
against changes

• Has been around for a while
• Makes sense for industrial environment
where things remain relatively static
• Not a silver bullet!
23

Contact Information
• Jim Gilsinn
Senior Investigator
Kenexis Security Consulting
• http://www.kenexis.com
• (614) 323-2254
• @JimGilsinn

24

Weitere ähnliche Inhalte

Mehr von Jim Gilsinn

Presented: September 21, 2017 At: CS2AI, Washington, DC A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.

ISA/IEC 62443: Intro and How To

Jim Gilsinn

Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016 The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.

Practical Approaches to Securely Integrating Business and Production

Jim Gilsinn

Presented @ Frederick Linux Users Group (KeyLUG) May 7, 2016 A presentation on protecting Small Office/Home Office (SOHO) networks that I made at the Frederick Linux Users Group (KeyLUG). I work virtually from my home, and this presentation goes through some of my experiences setting up my home network to be better and more secure. I ditched my consumer-grade NAT router and have installed a firewall, commercial-grade wireless access points, and an intrusion detection system (IDS). I'm not finished yet, but this presentation will give you an idea of some of the things that I've done, where I'm thinking about going, and as some things to consider as you setup your own network.

Network Security: Protecting SOHO Networks

Jim Gilsinn

Presented: BSidesDC 2015, Washington, DC, October 18, 2015 YouTube Video @ https://youtu.be/v3LBywLthjY Determining the overall health and security of an industrial control system (ICS) network is currently done by looking at the negative case. If the network infrastructure devices indicate that all the devices are connected and communicating, then the network must be operating correctly. If the controllers indicate that they are able to communicate with the other devices in the system, then the system must be operating correctly. If the network security monitoring (NSM) or security information and event management (SIEM) system are not indicating any security events, then the system must be operating correctly. In each of these cases, the assumption is that the system is operating correctly if there are no errors or events being indicated by any of the devices. In reality, the actual health and security of the system can only be determined by positive conditions. The communication streams need to be measured to determine that they are operating within certain limits based upon a desires set of conditions, like rate and maximum latency. Many controllers keep track of these factors for real-time communications, however they are often only recorded as averages and not high-fidelity measurements. This paper presents an approach to analyzing the real-time network traffic performance of an ICS by measuring the jitter and latency associated with individual network traffic streams in the system. By using statistical and mathematical analysis of the high-fidelity jitter and latency data, a network reliability factor can be determined and used to indicate the health of those traffic streams. The author will present a method to combine the individual network reliability factors into a network reliability monitoring system. Lastly, the author will discuss how network reliability monitoring can be used to indicate potential security problems by observing the network traffic patterns.

Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM

Jim Gilsinn

Presented @ BSidesDE, November 14, 2014 Cook like a hacker, and I don’t mean Ramen noodles, take-out pizza, and a bowl of cereal. A lot of hacking involves using a basic set of equipment, learning a powerful set of tools, following a basic set of procedures, a lot of improvising and experimenting, and learning from your mistakes. Cooking is the same. You can cook amazing meals, but it means that you have to be willing to apply a hacker-type mindset to an area that doesn’t involve computers.

Cook Like a Hacker!

Jim Gilsinn

Presented @ 2014 ICS Cyber Security Conference October 21, 2014 It’s been over a year since the NIST Cybersecurity Framework and ISA-62443-3-3 were published, ISA-62443-2-1 has been out for almost 5 years, and ISO/IEC 27001 & 27002 have been out for nearly a decade. NIST has already started their process for revisions, ISA is actively working to overhaul 62443-2-1, and ISO/IEC just published a major revision to their standard. In addition to these cross-domain standards, there are a multitude of local and sector-specific standards as well. As a consultant, we are often asked to use one of these as a baseline to help our customers generate an ICS cyber security program. This presentation will discuss some of the strengths and weaknesses of these different standards and the effort to integrate them into a realistic set of ICS cyber security program requirements.

Integrating the Alphabet Soup of Standards

Jim Gilsinn

ICS Performance Lab

Jim Gilsinn

Presented @ Emerson Exchange October 7, 2014 Industrial control systems (ICS) are large information technology (IT) systems. Office IT systems, failure of ICS can cause plant outages and even physical damage. Management of ICS needs to be different and smarter. IT vendors frequently recommend patches and configuration changes. Most have no impact to the ICS, which cannot implement changes in real time. ICS typically get one chance every few years to make changes - the turnaround. This paper describes optimization of ISC turnaround work, using cyber-vulnerability assessment to focus turnaround work to only what is necessary.

Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...

Jim Gilsinn

Presented at the OPC Foundation's "The Information Revolution 2014" in Redmond, WA August 5-6, 2014 This presentation discusses the modes and methodologies an attacker may use against an industrial control system in order to create a complex process attack. The presentation then discusses some specific examples, both real and hypothetical. The presentation finishes with a description of some common ways in which an organization could defend itself against these types of attacks.

Cyber & Process Attack Scenarios for ICS

Jim Gilsinn

Network performance testing for devices and systems can be a daunting task for vendors and end-users given the cost of test equipment and the investment that the companies have to spend in developing relevant tests and understanding the results. During the last couple years, a group of low cost computing systems have been introduced that are very capable from a functional point of view, but how well do they actually perform? Can they be used in a low-cost performance testing lab system to validate ICS devices before they go into production? Can end-users use them to capture live traffic in their network and get reliable performance results? This talk will discuss how and when different types of equipment can be used to develop a low-cost network performance testing lab. It will also show results from a series of performance tests conducted on some of the equipment and with different testing architectures.

Low-Cost ICS Network Performance Testing

Jim Gilsinn

With the recent publication of ANSI/ISA-62443-3-3-2013, it is possible for end-users, system integrators, and vendors to qualify the capabilities of their systems from an ICS cyber security perspective. This process is not as simple as it may seem, though. In many cases, the capabilities of individual components of a system can be determined from specifications and manuals. The capabilities of the system also needs to be evaluated as a whole to determine how those individual components work together. Component-level and System-level certifications are common practice in the safety environment, and will eventually become common in the ICS cyber security environment as well. Certification bodies, like the ISA Security Compliance Institute (ISCI), have begun the process to develop certification efforts around ISA-62443-3-3. Until many more groups of components and systems have been officially certified, third-party assessments and evaluations will be common. This presentation will discuss an example of how Kenexis Consulting has evaluated a particular vendor’s components and systems to determine compliance with ISA-62443-3-3. The presentation will go through the evaluation methodology used and describe how Kenexis used the evaluation to develop a series of real-world use-cases of the components and system in the ICS environment.

Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3

Jim Gilsinn

With the ever increasing number of networking protocols, it can be difficult for vendors, integrators, and end-users to determine how well different products and systems perform in real-world networking situations. Each protocol has their own method of defining traffic streams and message structures. Packet analyzers, like Wireshark, have been developed to interpret individual network packets and can perform rudimentary analysis of traffic streams for well-known packet types. Analyzing industrial protocols usually requires much more massaging of the data and in many cases requires a user to do much of the work by hand. This session will present a method to break-down industrial traffic streams into the core components necessary to analyze their performance. By identifying a few key fields in each protocol, a user can define their own method to identify individual traffic streams and analyze their performance.

You name it, we analyze it

Jim Gilsinn

Wireshark Network Protocol Analyzer

Jim Gilsinn

Presented @ ISA Safety & Security Symposium 2012 Aneheim, CA, April 2012 Wireshark is the de facto network packet analysis tool used in the industry today. It is an easily extensible open–source tool that provides a large number of capabilities for users. It’s not just for IT–based protocols either. Many industrial protocols have created packet decoders for Wireshark. This tutorial will provide the user with: * An introduction to protocol layering * A basic overview of packet capture and analysis * A demonstration of how Wireshark can be used for packet capture and analysis * Examples of some industrial protocol in Wireshark * An explanation of some more advanced features available in Wireshark

Network Packet Analysis with Wireshark

Jim Gilsinn

Presented @ 55th International Instrumentation Symposium League City, Texas, 1–5 June 2009 Ethernet is being used by a wider variety of industrial devices and applications. Industrial applications and systems require deterministic operations that traditional Ethernet and Transport Control Protocol / Internet Protocol (TCP/IP) suites were not originally designed to support. A standardized way to describe and test industrial devices is needed in order to aid users to characterize the performance of their software and hardware applications. The Manufacturing Engineering Laboratory (MEL) of the National Institute of Standards & Technology (NIST) has been working to develop a set of standardized network performance metrics, tests, and tools since 2002. NIST has cooperated with standards organizations and other groups during that time. NIST is presently working on developing an open-source test tool, called Industrial Ethernet Network Performance (IENetP), to aid vendors in characterizing the performance of their devices. The IENetP test tool will be capable of conducting a full series of performance tests and reporting the results to the user. The current version of the software is capable of analyzing network traffic and producing statistics and graphs showing the network performance of a device.

Test Tool for Industrial Ethernet Network Performance (June 2009)

Jim Gilsinn

Mehr von Jim Gilsinn (15)

ISA/IEC 62443: Intro and How To

Practical Approaches to Securely Integrating Business and Production

Network Security: Protecting SOHO Networks

Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM

Cook Like a Hacker!

Integrating the Alphabet Soup of Standards

ICS Performance Lab

Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...

Cyber & Process Attack Scenarios for ICS

Low-Cost ICS Network Performance Testing

Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3

You name it, we analyze it

Wireshark Network Protocol Analyzer

Network Packet Analysis with Wireshark

Test Tool for Industrial Ethernet Network Performance (June 2009)

Kürzlich hochgeladen

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Exploring Multimodal Embeddings with Milvus

Zilliz

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Architecting Cloud Native Applications

WSO2

ICT role in 21st century education and its challenges

rafiqahmad00786416

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Kürzlich hochgeladen (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Strategies for Landing an Oracle DBA Job as a Fresher

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The value of a flexible API Management solution for O...

MINDCTI Revenue Release Quarter One 2024

Exploring Multimodal Embeddings with Milvus

Corporate and higher education May webinar.pptx

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Artificial Intelligence Chap.5 : Uncertainty

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

presentation ICT roal in 21st century education

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Boost Fertility New Invention Ups Success Rates.pdf

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Architecting Cloud Native Applications

ICT role in 21st century education and its challenges

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Why Teams call analytics are critical to your entire business

Process Control Cyber Security

1. Process Control Cyber Security Jim Gilsinn Senior Investigator Kenexis Security Consulting

2. Before we start… • Who wants a process that they can say is secure? 2

3. Before we start… • Who wants a process that they can say is secure? • Who wants a process that does what its expected to do, when and for who its expected to do it, and for the purposes it was designed? 3

4. Before we start… • Who wants a process that they can say is secure? • Who wants a process that does what its expected to do, when and for who its expected to do it, and for the purposes it was designed? 4

5. Safety Performance Security 5

6. Safety RELIABILITY Performance Security 6

7. Selected Aspects of Security • Risk Management • Network Segmentation • Monitoring 7

8. Risk Management • Risk management is nothing new – Safety, financial, physical security have all been around for a long time • Cyber security should not try to reinvent the wheel 8

9. Risk Management • Brown Field – Probably have some risk management and treatment in place – Security should feed into existing risk management process, not be a separate entity • Green Field – Security should be part of the process from the beginning 9

10. Risk Management • Consequences are generally the same – Many times they are already identified – Difference comes about due to root cause • Expand to include areas where: – People don’t act as they are supposed – Devices don’t act as they are designed • Be wary of statements like “Well, that could never happen” and “Why would anyone do that”. 10

11. Network Segmentation • Network segmentation as a security technique: – Prevents the spread of an incident – Provides a front-line set of defenses • Network segmentation is a lot more! 11

12. Network Segmentation • Network segmentation is a process to understand: – What devices communicate – How fast/often those devices communicate – Where information flows – What form that information takes • Technology helps, but architecture is more important 12

13. Network Segmentation • Limit the ingress and egress points through zone boundaries • Protect the connections between zones • Zones & conduits are logical – For practical purposes, match zones to network architecture as much as possible 13

14. Network Segmentation 14

15. Monitoring • Do any of these sound familiar? – It used to work. – Something just seems to have failed. – Not really sure what happened. – Don’t do anything to that system over there, its touchy. – This system is just so slow. 15

16. Monitoring • Monitoring is extremely important – Firewalls are good, but useless if you aren’t monitoring the rules and logs – IDS are useful (if monitored). Not many are industrial aware, but can be trained. – Network performance indicators can give early indications of something failing 16

17. Performance Monitoring • Monitoring isn’t just for security • Performance can be a leading indicator – Small blips in performance can indicate unusual activity • Helps to eliminating false-positives 17

18. Performance Monitoring 2 ms Mean Measured Packet Interval ~ 0.8 ms Jitter 18

19. Performance Monitoring 2 ms Mean Measured Packet Interval -0.8 ms to +2.2 ms Jitter 19

20. Performance Monitoring 50 ms Mean Measured Packet Interval Bimodal (25 ms & 75 ms) with Outliers (100 ms) 20

21. Looking Forward • Vulnerabilities • Whitelisting 21

22. Vulnerabilities • Vulnerabilities will always exist in the industrial environment – Zero-day vulnerabilities are inevitable – Infinite-day vulnerabilities are not uncommon – Industrial protocols themselves are vulnerable • Well-crafted malware can exist for months or years before detected • Do vulnerabilities mean bad things will happen? 22

23. Whitelisting • Limits execution on a computer – Known good set of applications and libraries – Monitors applications and memory-space against changes • Has been around for a while • Makes sense for industrial environment where things remain relatively static • Not a silver bullet! 23

24. Contact Information • Jim Gilsinn Senior Investigator Kenexis Security Consulting • http://www.kenexis.com • (614) 323-2254 • @JimGilsinn 24

Process Control Cyber Security

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Mehr von Jim Gilsinn

Mehr von Jim Gilsinn (15)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Process Control Cyber Security