SlideShare ist ein Scribd-Unternehmen logo

Shared Situational Awareness: The Achievable Path. ICSJWG Spring 2014

Als PPTX, PDF herunterladen
I
icsisac
Präsentationen & VorträgeTechnologieBusiness
1 von 36
Chris Blask ICS-ISAC Chair chris@ics-isac.org Shared Situational Awareness: The Achievable Path
What Paths Are We Pursuing?
• Research and Find… – LOTS! – [insert vendor] [insert product] [insert vuln count] • The Answer: – Get vendors to fix all vulnerabilities – Get asset owns to apply all patches Vulnerabilities
• Flat Networks, Single Points of Failure • The Answer: – Get asset owners to re-architect all networks Architectures
• Operators, Architects and Coders Lack Skills • The Answer: – Train all Users to Control Behavior – Educate all System Designers – Train all vendor engineers to build Secure-By-Design Training
• Shodan / Project Shine – 1,000,000 connected networks • The Answer: – Air Gaps! – Forbid Remote Access Isolation
• ~6,000 Electric Utilities • 55,000 Substations • 100,000 EHV Transformers • 200,000 Miles of Transmission Lines • 2.2 Million Miles of Distribution Lines • 300,000 Electric Engineers Let’s Talk Scale…
• ~50,000 Water Utilities • 1 Million Miles of Water Pipes • 400B Gallons Potable Water Per Day • 80B Gallons of Wastewater Per Day Let’s Talk Scale…
• 150 Oil Refineries • 6.5B Barrels Annually • 120,000 Gas Stations • 2,000 Offshore Oil Rigs • 1,000,000 Oil Wells • 40,000 Petroleum Engineers Let’s Talk Scale…
• 200 Natural Gas Utilities • 300,000 Miles of Gas Transmission Pipelines • 2.4 Million Miles of Distribution Pipes • 2T Cubic Feet Annually • 600,000 Gas Sector Employees Let’s Talk Scale…
• 28,000 Food Processing Facilities • 2,200,000 Farms • 1B Tons of Food Products Annually Let’s Talk Scale…
• 100 Urban Rail Systems • 25,000 Locomotives • 1.3M Cars • 200,000 Rail Crossings • 140,000 Miles of Freight Rail • 1.5T Ton-Miles of Freight Let’s Talk Scale…
• 300,000 Manufacturing Plants • 17.4M Jobs • $2T in Manufactured Goods Let’s Talk Scale…
• Metals and Mining • Aviation • Maritime • Ports • Highways • … … … … … Let’s Talk Scale…
• To Find All Vulnerabilities? • To Apply All Patches? • To Create All New Devices? • To Re-Architect All Networks? • To Train Everyone? How Long Will All That Take?
• Infrastructure Vulnerable to Every Day Zero • Network Segments That Still Fail • Insider Threats that Succeed What Would We Gain?
• The Same Thing Operators Use Now: Visibility • At the Facility • Across Sectors • Nationally • Internationally What is Achievable?
Shared Knowledge Network Private Centers Public Centers Service Providers Knowledge Data & Information
Resilience of Shared Situational Awareness ICS-ISAC Integrators CERTs Sharing Node Knowledge Source Service Providers Trade Organizations Knowledge Centers Asset Owner
• Who We Are • What We Have • What it is Doing • How To Share We Need to Know:
• Tools and Process For Visibility • Common Language for Sharing • Compatible Plumbing • Local, State, National and Global Structures Pieces Falling Into Places
A Common Language for Sharing
Automated Knowledge Sharing TAXII™ defines a set of services and message exchanges that, when implemented, enable sharing of actionable cyber threat information across organization and product/service boundaries.
Project Avalanche • Open Source Sharing Platform • STIX Repository • TAXII Server • Pilot Operational • Open Source Summer 2014
• Identity – “Who are we?” • Inventory – “What do we have?” • Activity – “What is it doing?” • Sharing – “How do we communicate with others?” Situational Awareness Ref Arch (SARA)
• Reference Architecture for Shared Visibility • Guide • Network • Open Source Toolset • ICS-ISAC.org/sara SARA Overview
• Foundation for Rational Decisions – What capabilities do we have? – How do we make decisions? – What is our structure? • Existing Methodologies – all.net/Arch/index.html – CSET Identity
• Create and Maintain Inventory – Control System Components – Process Equipment – System Topology – Device Configurations • Open Source Tools – Snort, nmap, ossim Inventory
• Behavior Baseline – Device Relationships – Approved Patterns – Change Control • Anomaly Detection – Did Something Change? Activity
• Inbound – Receiving and Utilizing External Knowledge • Outbound – Deriving – Anonymizing • Communication – Schemas and Transports (STIX, TAXII, IODef, CIF…) – Policies and Practices Sharing
• Data – Atomic: syslog messages, device configurations… • Information – Aggregate: Lots of Data • Knowledge – Actionable, Sharable Information Types
Switch Schemas and Transports ActiveMQ, STIX, TAXII Message Bus ICS-ISAC PLC HMI SCADA Server SARA Server Internet Process Equipment SARA Pilot Enernex LAB Firewall/VPN Palo Alto Palo Alto Tripwire Tripwire Vendors GE Service Providers
SCADA Server SARA Server DNP3 Visibility Service Providers ICS-ISAC DNP3 Command Traffic
Act! ● Know Yourself ● Know Your Stuff ● Know What You Do ● Learn How to Share
Thanks to our Membership
Thank you for your time

Empfohlen

Cyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contributeCyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contribute
APNIC
 
OpenStack Swift: Panoramic View
OpenStack Swift: Panoramic ViewOpenStack Swift: Panoramic View
OpenStack Swift: Panoramic View
Atul Jha
 
It committee np ch 2013
It committee np ch 2013It committee np ch 2013
It committee np ch 2013
Salih Odabasi
 
Meetup Openstack : At the heart of IT revolution
Meetup Openstack : At the heart of IT revolutionMeetup Openstack : At the heart of IT revolution
Meetup Openstack : At the heart of IT revolution
Laurent Grangeau
 
Inattentional blindness wikicog
Inattentional blindness wikicogInattentional blindness wikicog
Inattentional blindness wikicog
Jackie Parker
 
CRM for Pilots
CRM for PilotsCRM for Pilots
CRM for Pilots
pbojar
 
Inattentional blindness wikicog
Inattentional blindness wikicogInattentional blindness wikicog
Inattentional blindness wikicog
Jackie Parker
 
Cognitive Blindness in Emergency Services
Cognitive Blindness in Emergency ServicesCognitive Blindness in Emergency Services
Cognitive Blindness in Emergency Services
Rommie Duckworth
 

Empfohlen

Cyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contributeCyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contribute
APNIC
 
OpenStack Swift: Panoramic View
OpenStack Swift: Panoramic ViewOpenStack Swift: Panoramic View
OpenStack Swift: Panoramic View
Atul Jha
 
It committee np ch 2013
It committee np ch 2013It committee np ch 2013
It committee np ch 2013
Salih Odabasi
 
Meetup Openstack : At the heart of IT revolution
Meetup Openstack : At the heart of IT revolutionMeetup Openstack : At the heart of IT revolution
Meetup Openstack : At the heart of IT revolution
Laurent Grangeau
 
Inattentional blindness wikicog
Inattentional blindness wikicogInattentional blindness wikicog
Inattentional blindness wikicog
Jackie Parker
 
CRM for Pilots
CRM for PilotsCRM for Pilots
CRM for Pilots
pbojar
 
Inattentional blindness wikicog
Inattentional blindness wikicogInattentional blindness wikicog
Inattentional blindness wikicog
Jackie Parker
 
Cognitive Blindness in Emergency Services
Cognitive Blindness in Emergency ServicesCognitive Blindness in Emergency Services
Cognitive Blindness in Emergency Services
Rommie Duckworth
 
Inattentional blindness wikicog redo
Inattentional blindness wikicog redoInattentional blindness wikicog redo
Inattentional blindness wikicog redo
Jackie Parker
 
Fatigue and Situational Awareness
Fatigue and Situational AwarenessFatigue and Situational Awareness
Fatigue and Situational Awareness
AtlantaSafetyCouncil
 
Human Factors Workshop
Human Factors WorkshopHuman Factors Workshop
Human Factors Workshop
Ramnik Tiwana
 
Situational Awareness for Complex Environments
Situational Awareness for Complex EnvironmentsSituational Awareness for Complex Environments
Situational Awareness for Complex Environments
VDC Research Group
 
Situational Awareness and Why It's Important
Situational Awareness and Why It's ImportantSituational Awareness and Why It's Important
Situational Awareness and Why It's Important
Alien Gear Holsters
 
Situational awareness
Situational awarenessSituational awareness
Situational awareness
personalprotector
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational Awareness
rcoats7
 
Situational awareness
Situational awarenessSituational awareness
Situational awareness
Casey Roy
 
Using BPM for Situational Awareness and Decision Making
Using BPM for Situational Awareness and Decision MakingUsing BPM for Situational Awareness and Decision Making
Using BPM for Situational Awareness and Decision Making
Michael Ruiz
 
BBS Overview
BBS OverviewBBS Overview
BBS Overview
tpuyleart
 
Chapter 08
Chapter 08Chapter 08
Chapter 08
snoshoesam
 
Behavior based safety
Behavior based safetyBehavior based safety
Behavior based safety
Adnan Masood
 
Top 10 Causes of FATAL General Aviation Accidents
Top 10 Causes of FATAL General Aviation AccidentsTop 10 Causes of FATAL General Aviation Accidents
Top 10 Causes of FATAL General Aviation Accidents
FAA Safety Team Central Florida
 
Behavioral Safety Leadership in Oil & Gas construction
Behavioral Safety Leadership in Oil & Gas constructionBehavioral Safety Leadership in Oil & Gas construction
Behavioral Safety Leadership in Oil & Gas construction
B-Safe Management Solutions Inc.
 
Creating a Behavioral Safety Process
Creating a Behavioral Safety ProcessCreating a Behavioral Safety Process
Creating a Behavioral Safety Process
B-Safe Management Solutions Inc.
 
Behaviour-based safety (BBS) is the “application of science of behaviour chan...
Behaviour-based safety (BBS) is the “application of science of behaviour chan...Behaviour-based safety (BBS) is the “application of science of behaviour chan...
Behaviour-based safety (BBS) is the “application of science of behaviour chan...
Indohaan Technology
 
Immutable Service Delivery Shenzhen 2016
Immutable Service Delivery Shenzhen 2016Immutable Service Delivery Shenzhen 2016
Immutable Service Delivery Shenzhen 2016
John Willis
 
MicroServices architecture @ Ctrip v1.1
MicroServices architecture @ Ctrip v1.1MicroServices architecture @ Ctrip v1.1
MicroServices architecture @ Ctrip v1.1
William Yang
 
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko VancsaStarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
Vietnam Open Infrastructure User Group
 
Beyond DevOps: How Netflix Bridges the Gap?
Beyond DevOps: How Netflix Bridges the Gap?Beyond DevOps: How Netflix Bridges the Gap?
Beyond DevOps: How Netflix Bridges the Gap?
C4Media
 
Radio Free Asia
Radio Free AsiaRadio Free Asia
Radio Free Asia
laurabeckcahoon
 
Using a Canary Microservice to Validate the Software Delivery Pipeline
Using a Canary Microservice to Validate the Software Delivery PipelineUsing a Canary Microservice to Validate the Software Delivery Pipeline
Using a Canary Microservice to Validate the Software Delivery Pipeline
XebiaLabs
 

Weitere ähnliche Inhalte

Andere mochten auch

Inattentional blindness wikicog redo
Inattentional blindness wikicog redoInattentional blindness wikicog redo
Inattentional blindness wikicog redo
Jackie Parker
 
Human Factors Workshop
Human Factors WorkshopHuman Factors Workshop
Human Factors Workshop
Ramnik Tiwana
 
Behavior based safety
Behavior based safetyBehavior based safety
Behavior based safety
Adnan Masood
 
Behaviour-based safety (BBS) is the “application of science of behaviour chan...
Behaviour-based safety (BBS) is the “application of science of behaviour chan...Behaviour-based safety (BBS) is the “application of science of behaviour chan...
Behaviour-based safety (BBS) is the “application of science of behaviour chan...
Indohaan Technology
 

Andere mochten auch (16)

Inattentional blindness wikicog redo
Inattentional blindness wikicog redoInattentional blindness wikicog redo
Inattentional blindness wikicog redo
 
Fatigue and Situational Awareness
Fatigue and Situational AwarenessFatigue and Situational Awareness
Fatigue and Situational Awareness
 
Human Factors Workshop
Human Factors WorkshopHuman Factors Workshop
Human Factors Workshop
 
Situational Awareness for Complex Environments
Situational Awareness for Complex EnvironmentsSituational Awareness for Complex Environments
Situational Awareness for Complex Environments
 
Situational Awareness and Why It's Important
Situational Awareness and Why It's ImportantSituational Awareness and Why It's Important
Situational Awareness and Why It's Important
 
Situational awareness
Situational awarenessSituational awareness
Situational awareness
 
Situational Awareness
Situational AwarenessSituational Awareness
Situational Awareness
 
Situational awareness
Situational awarenessSituational awareness
Situational awareness
 
Using BPM for Situational Awareness and Decision Making
Using BPM for Situational Awareness and Decision MakingUsing BPM for Situational Awareness and Decision Making
Using BPM for Situational Awareness and Decision Making
 
BBS Overview
BBS OverviewBBS Overview
BBS Overview
 
Chapter 08
Chapter 08Chapter 08
Chapter 08
 
Behavior based safety
Behavior based safetyBehavior based safety
Behavior based safety
 
Top 10 Causes of FATAL General Aviation Accidents
Top 10 Causes of FATAL General Aviation AccidentsTop 10 Causes of FATAL General Aviation Accidents
Top 10 Causes of FATAL General Aviation Accidents
 
Behavioral Safety Leadership in Oil & Gas construction
Behavioral Safety Leadership in Oil & Gas constructionBehavioral Safety Leadership in Oil & Gas construction
Behavioral Safety Leadership in Oil & Gas construction
 
Creating a Behavioral Safety Process
Creating a Behavioral Safety ProcessCreating a Behavioral Safety Process
Creating a Behavioral Safety Process
 
Behaviour-based safety (BBS) is the “application of science of behaviour chan...
Behaviour-based safety (BBS) is the “application of science of behaviour chan...Behaviour-based safety (BBS) is the “application of science of behaviour chan...
Behaviour-based safety (BBS) is the “application of science of behaviour chan...
 

Ähnlich wie Shared Situational Awareness: The Achievable Path. ICSJWG Spring 2014

Manging Container Deployments at Scale
Manging Container Deployments at ScaleManging Container Deployments at Scale
Manging Container Deployments at Scale
Mofizur Rahman
 
SwiftRiver Overview
SwiftRiver OverviewSwiftRiver Overview
SwiftRiver Overview
Ushahidi
 
Fifty Years of Software Engineering
Fifty Years of Software EngineeringFifty Years of Software Engineering
Fifty Years of Software Engineering
twasserman
 
DCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to Microservices
Docker, Inc.
 
Software Architecture as Systems Dissolve
Software Architecture as Systems DissolveSoftware Architecture as Systems Dissolve
Software Architecture as Systems Dissolve
Eoin Woods
 
Why is DDS the Right Technology for the Industrial Internet?
Why is DDS the Right Technology for the Industrial Internet?Why is DDS the Right Technology for the Industrial Internet?
Why is DDS the Right Technology for the Industrial Internet?
Real-Time Innovations (RTI)
 

Ähnlich wie Shared Situational Awareness: The Achievable Path. ICSJWG Spring 2014 (20)

Immutable Service Delivery Shenzhen 2016
Immutable Service Delivery Shenzhen 2016Immutable Service Delivery Shenzhen 2016
Immutable Service Delivery Shenzhen 2016
 
MicroServices architecture @ Ctrip v1.1
MicroServices architecture @ Ctrip v1.1MicroServices architecture @ Ctrip v1.1
MicroServices architecture @ Ctrip v1.1
 
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko VancsaStarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
 
Beyond DevOps: How Netflix Bridges the Gap?
Beyond DevOps: How Netflix Bridges the Gap?Beyond DevOps: How Netflix Bridges the Gap?
Beyond DevOps: How Netflix Bridges the Gap?
 
Radio Free Asia
Radio Free AsiaRadio Free Asia
Radio Free Asia
 
Using a Canary Microservice to Validate the Software Delivery Pipeline
Using a Canary Microservice to Validate the Software Delivery PipelineUsing a Canary Microservice to Validate the Software Delivery Pipeline
Using a Canary Microservice to Validate the Software Delivery Pipeline
 
An Open and Collaborative Ecosystem for IoT
An Open and Collaborative Ecosystem for IoTAn Open and Collaborative Ecosystem for IoT
An Open and Collaborative Ecosystem for IoT
 
Istio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at ScaleIstio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at Scale
 
Manging Container Deployments at Scale
Manging Container Deployments at ScaleManging Container Deployments at Scale
Manging Container Deployments at Scale
 
Asia Pacific Internet Leadership Program
Asia Pacific Internet Leadership ProgramAsia Pacific Internet Leadership Program
Asia Pacific Internet Leadership Program
 
SwiftRiver Overview
SwiftRiver OverviewSwiftRiver Overview
SwiftRiver Overview
 
JavaTM – A Strategic Foundation for Your eOrganization
JavaTM – A Strategic Foundation for Your eOrganizationJavaTM – A Strategic Foundation for Your eOrganization
JavaTM – A Strategic Foundation for Your eOrganization
 
Fifty Years of Software Engineering
Fifty Years of Software EngineeringFifty Years of Software Engineering
Fifty Years of Software Engineering
 
DCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to Microservices
 
Iscram 2008 presentation
Iscram 2008 presentationIscram 2008 presentation
Iscram 2008 presentation
 
Software Architecture as Systems Dissolve
Software Architecture as Systems DissolveSoftware Architecture as Systems Dissolve
Software Architecture as Systems Dissolve
 
Measuring impact
Measuring impactMeasuring impact
Measuring impact
 
Why is DDS the Right Technology for the Industrial Internet?
Why is DDS the Right Technology for the Industrial Internet?Why is DDS the Right Technology for the Industrial Internet?
Why is DDS the Right Technology for the Industrial Internet?
 
ICON: Intelligent Container Overlays
ICON: Intelligent Container OverlaysICON: Intelligent Container Overlays
ICON: Intelligent Container Overlays
 
Iot cloud service v2.0
Iot cloud service v2.0Iot cloud service v2.0
Iot cloud service v2.0
 

Kürzlich hochgeladen

If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Delhi Call girls
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Kayode Fayemi
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
raffaeleoman
 

Kürzlich hochgeladen (20)

Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCauses of poverty in France presentation.pptx
Causes of poverty in France presentation.pptx
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 

Shared Situational Awareness: The Achievable Path. ICSJWG Spring 2014

  • 1. Chris Blask ICS-ISAC Chair chris@ics-isac.org Shared Situational Awareness: The Achievable Path
  • 2. What Paths Are We Pursuing?
  • 3. • Research and Find… – LOTS! – [insert vendor] [insert product] [insert vuln count] • The Answer: – Get vendors to fix all vulnerabilities – Get asset owns to apply all patches Vulnerabilities
  • 4. • Flat Networks, Single Points of Failure • The Answer: – Get asset owners to re-architect all networks Architectures
  • 5. • Operators, Architects and Coders Lack Skills • The Answer: – Train all Users to Control Behavior – Educate all System Designers – Train all vendor engineers to build Secure-By-Design Training
  • 6. • Shodan / Project Shine – 1,000,000 connected networks • The Answer: – Air Gaps! – Forbid Remote Access Isolation
  • 7. • ~6,000 Electric Utilities • 55,000 Substations • 100,000 EHV Transformers • 200,000 Miles of Transmission Lines • 2.2 Million Miles of Distribution Lines • 300,000 Electric Engineers Let’s Talk Scale…
  • 8. • ~50,000 Water Utilities • 1 Million Miles of Water Pipes • 400B Gallons Potable Water Per Day • 80B Gallons of Wastewater Per Day Let’s Talk Scale…
  • 9. • 150 Oil Refineries • 6.5B Barrels Annually • 120,000 Gas Stations • 2,000 Offshore Oil Rigs • 1,000,000 Oil Wells • 40,000 Petroleum Engineers Let’s Talk Scale…
  • 10. • 200 Natural Gas Utilities • 300,000 Miles of Gas Transmission Pipelines • 2.4 Million Miles of Distribution Pipes • 2T Cubic Feet Annually • 600,000 Gas Sector Employees Let’s Talk Scale…
  • 11. • 28,000 Food Processing Facilities • 2,200,000 Farms • 1B Tons of Food Products Annually Let’s Talk Scale…
  • 12. • 100 Urban Rail Systems • 25,000 Locomotives • 1.3M Cars • 200,000 Rail Crossings • 140,000 Miles of Freight Rail • 1.5T Ton-Miles of Freight Let’s Talk Scale…
  • 13. • 300,000 Manufacturing Plants • 17.4M Jobs • $2T in Manufactured Goods Let’s Talk Scale…
  • 14. • Metals and Mining • Aviation • Maritime • Ports • Highways • … … … … … Let’s Talk Scale…
  • 15. • To Find All Vulnerabilities? • To Apply All Patches? • To Create All New Devices? • To Re-Architect All Networks? • To Train Everyone? How Long Will All That Take?
  • 16. • Infrastructure Vulnerable to Every Day Zero • Network Segments That Still Fail • Insider Threats that Succeed What Would We Gain?
  • 17. • The Same Thing Operators Use Now: Visibility • At the Facility • Across Sectors • Nationally • Internationally What is Achievable?
  • 19. Resilience of Shared Situational Awareness ICS-ISAC Integrators CERTs Sharing Node Knowledge Source Service Providers Trade Organizations Knowledge Centers Asset Owner
  • 20. • Who We Are • What We Have • What it is Doing • How To Share We Need to Know:
  • 21. • Tools and Process For Visibility • Common Language for Sharing • Compatible Plumbing • Local, State, National and Global Structures Pieces Falling Into Places
  • 22. A Common Language for Sharing
  • 23. Automated Knowledge Sharing TAXII™ defines a set of services and message exchanges that, when implemented, enable sharing of actionable cyber threat information across organization and product/service boundaries.
  • 24. Project Avalanche • Open Source Sharing Platform • STIX Repository • TAXII Server • Pilot Operational • Open Source Summer 2014
  • 25. • Identity – “Who are we?” • Inventory – “What do we have?” • Activity – “What is it doing?” • Sharing – “How do we communicate with others?” Situational Awareness Ref Arch (SARA)
  • 26. • Reference Architecture for Shared Visibility • Guide • Network • Open Source Toolset • ICS-ISAC.org/sara SARA Overview
  • 27. • Foundation for Rational Decisions – What capabilities do we have? – How do we make decisions? – What is our structure? • Existing Methodologies – all.net/Arch/index.html – CSET Identity
  • 28. • Create and Maintain Inventory – Control System Components – Process Equipment – System Topology – Device Configurations • Open Source Tools – Snort, nmap, ossim Inventory
  • 29. • Behavior Baseline – Device Relationships – Approved Patterns – Change Control • Anomaly Detection – Did Something Change? Activity
  • 30. • Inbound – Receiving and Utilizing External Knowledge • Outbound – Deriving – Anonymizing • Communication – Schemas and Transports (STIX, TAXII, IODef, CIF…) – Policies and Practices Sharing
  • 31. • Data – Atomic: syslog messages, device configurations… • Information – Aggregate: Lots of Data • Knowledge – Actionable, Sharable Information Types
  • 32. Switch Schemas and Transports ActiveMQ, STIX, TAXII Message Bus ICS-ISAC PLC HMI SCADA Server SARA Server Internet Process Equipment SARA Pilot Enernex LAB Firewall/VPN Palo Alto Palo Alto Tripwire Tripwire Vendors GE Service Providers
  • 33. SCADA Server SARA Server DNP3 Visibility Service Providers ICS-ISAC DNP3 Command Traffic
  • 34. Act! ● Know Yourself ● Know Your Stuff ● Know What You Do ● Learn How to Share
  • 35. Thanks to our Membership
  • 36. Thank you for your time