3. ICS and SCADA systems are important for our petroleum
business and for our national economic growth because
they automate and monitor the production processes.
ICS and SCADA systems are no longer isolated from
corporate and internet network.
Most ICS and SCADA protocols, Designs, and
Implementations were done without security in mind.
This made them even more exposed to threats and
vulnerabilities, and it made challenges even tougher.
3 10/3/2012
8. Someone Somewhere with
Motivation, Means, and Opportunity
Wants to Spy / Harm
Contractors - Partners - Support
Internet
Remote
Economic
Growth
3rd Party
Production $ Business
Monitor &
ICS /
Control
Report
Operations
SCADA
Local
IT
Logical Security
Physical Security
8 10/3/2012 Governance, Risk, and Compliance Assurance
9. It is not a menu that you choose from or an
advice from a very reliable source, you have to do
your homework in assessing your risks.
Solutions can be
◦ Administrative, e.g. GRC, policy, and process.
◦ Technical
Safeguards prevents the threat from happening, e.g. firewall.
Counter measures, e.g. antivirus, remediation and recovery
procedures.
◦ Physical, i.e. gates, doors, barriers… etc.
The right solution for you should help mitigate
identified risks and save you some money.
9 10/3/2012
10. Consultation MSS IT Security Network Security
Intelligence and
SOC End Point Protection Firewall / UTM
reports
Business Continuity Access Control and
and Disaster Penetration Testing IDS / IPS
Identity Management
Recovery
Encryption and Data
Crisis Management Threat Management Traffic Encryption
Protection
Data Leakage
Security Programs Forensics NAP/NAC
Prevention
Host and Web and Email
Awareness Application Security
Risk and Compliance Security
Fraud and Identity Vulnerability and
Security Assessment Protection Patch Management Wireless Security
and Health Check
Traffic Monitoring
10 10/3/2012
11. Security Roadmap and Continues Improvement Plan
Development
Security Program and Policy Review
and Amendment
Crisis Management, Business Continuity and Disaster
Recovery Readiness Assessment
Security Controls Effectiveness
Assessment
ICS/SCADA Risk
Assessment
11 10/3/2012
12. Remote sites …
◦ In the middle of the desert.
◦ Connectivity.
◦ Local support.
◦ Remote support.
◦ Log collection.
◦ Incident response and handling.
Security solutions not compatible with
ICS/SCADA software and communication
protocols.
Cyber Security standards for ICS/SCADA.
Centralized Cyber Security for monitoring,
control, and response.
12 10/3/2012
13. Directly or indirectly connected to the internet or to any 3rd
party or you allow data transfer or exchange electronically,
then you are facing Cyber Threats.
It is never too late to start fixing because you are going to be
targeted once again.
Cyber Security same as any complicated problem can be
concurred if simplified, abstracted, and divided into smaller
logical groups.
There is no 100% security and guarantee even if everybody is
saying so.
keep doing your best in assessing, discovering risks and
fortifying your security.
Make sure that you are ready to survive the crisis and restore
your business in very short time.
13 10/3/2012
A look into some ICS/SCADA Cyber AttacksStuxnet - June 2010FactsSeven Iranian organizations scoring 70% of infections compared to other countries. It exploited zero day vulnerabilities in Microsoft platformsTargeted Siemens SCADA software. It contained Programmable Logic Unit rootkit that allowed it to spy on specific automated industrials procedures.In other words it is a Cyber Espionage attackWikipedia – Symantec - TrendMicroBusiness ImpactIn countries that their Gross Domestic Product depends heavily on petroleum business, the major impact is the restrain of the national economic growth.Shamoon - August 2012ARAMCO and RasGas were hit by this Cyber AttackFactsMassive outbreak resulting in 30k computers.Loss of data on infected computers.Operation loss on infected computersData leakagesIn other words it is a Cyber Espionage and Destruction attack.Symantec - WikipediaBusiness ImpactImpact on Gross Domestic Product results majorly in restrain of the national economic growth due to the fact that in Saudi Arabia “The petroleum sector accounts for roughly 80% of budget revenues, 45% of GDP, and 90% of export earnings." (mundi index) ICS/SCADA HackingObviously anyone who doesn’t like you or competing with you and has nothing to stop him (Motivation, Means, Opportunity).Conventional or Typical HackingA hacker somewhere in the world doing his best to hack your networkMost of the companies deploy pretty good protection on their internet gateway so it is hard to gain access from that way.Insider ThreatDeliberate harmful act by Disgruntle employee.Simply a human mistake due to poor conduct. Advanced Persistent Threat aka Cyber ThreatA very intelligent group somewhere in the world deploying most sophisticated techniques you probably never have heard about (Zero Day) to spy on you and/or destroy you.
A look into some ICS/SCADA Cyber AttacksStuxnet - June 2010FactsSeven Iranian organizations scoring 70% of infections compared to other countries. It exploited zero day vulnerabilities in Microsoft platformsTargeted Siemens SCADA software. It contained Programmable Logic Unit rootkit that allowed it to spy on specific automated industrials procedures.In other words it is a Cyber Espionage attackWikipedia – Symantec - TrendMicroBusiness ImpactIn countries that their Gross Domestic Product depends heavily on petroleum business, the major impact is the restrain of the national economic growth.Shamoon - August 2012ARAMCO and RasGas were hit by this Cyber AttackFactsMassive outbreak resulting in 30k computers.Loss of data on infected computers.Operation loss on infected computersData leakagesIn other words it is a Cyber Espionage and Destruction attack.Symantec - WikipediaBusiness ImpactImpact on Gross Domestic Product results majorly in restrain of the national economic growth due to the fact that in Saudi Arabia “The petroleum sector accounts for roughly 80% of budget revenues, 45% of GDP, and 90% of export earnings." (mundi index) ICS/SCADA HackingObviously anyone who doesn’t like you or competing with you and has nothing to stop him (Motivation, Means, Opportunity).Conventional or Typical HackingA hacker somewhere in the world doing his best to hack your networkMost of the companies deploy pretty good protection on their internet gateway so it is hard to gain access from that way.Insider ThreatDeliberate harmful act by Disgruntle employee.Simply a human mistake due to poor conduct. Advanced Persistent Threat aka Cyber ThreatA very intelligent group somewhere in the world deploying most sophisticated techniques you probably never have heard about (Zero Day) to spy on you and/or destroy you.