SlideShare a Scribd company logo

Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System Cyber security

Download as PPTX, PDF
P
promediakw

7th Kuwait Info Security Forum 2015

Technology
1 of 37
Quality Assurance: The 80% of Industrial Control Systems (ICS) Cybersecurity -Rabbani Syed
About me Rabbani Syed 27 years of wide range of experience in Defense, Manufacturing, Energy, Oil & Gas industries Systems Analyst, IT Quality Management, Information Technology, Kuwait National Petroleum Company. Previous: Systems Engineer – Kuwait Controls Co. ◦ SCADA, DCS & Telemetry Systems for Ministry of Electricity & Water (MEW) – Kuwait. Senior Engineer, Bharat Electronics (BEL-India) ◦ Design & Development of Real Time Computer Systems for Electronic Warfare Systems (Anti-Radar and Electronic Counter Measure Systems) M. Engg. in ECE – Osmania University, B. Tech in ECE – JNTU, India Certifications: PMP, CISSP, CISA, CISM, CGEIT Certificates: ISO27001LA, ISA99 Cybersecurity Fundamentals Specialist
Quality Assurance: The 80% of Industrial Control Systems (ICS) Cybersecurity Overview: 1. The ICS Context 2. The Challenges 3. Technology, People, Processes 4. Quality Assurance: ◦ Processes & Frameworks
Changes in the ICS Architecture • ICS now use commercial technology • Highly connected to internet • Offer remote access In past few years, there has been an increase in number of Cyberattacks on ICS
The ICS Context ICS – Industrial Control Systems (SCADA, DCS, PLCs, Telemetry, Building Automation Systems etc.) OT – Operational Technology IT – Information Technology
The ICS Context Inversion of importance in Core Security Goals: Confidentiality Integrity Availability Confidentiality Integrity Availability IT OT
The ICS Context, in Contrast with IT Context Differing Performance Requirements:
The ICS Context Differing Reliability Requirements: IT Network ICS Network Scheduled Operations Continuous Operations Occasional Failures tolerated Outages Intolerable Beta testing in field acceptable Thorough QC testing expected in non-production environment Modifications possible with little paperwork Formal Certifications may be required after any change
The ICS Context Differing Risk Management Approaches
The ICS Context Differing Security Architectures: IT World ICS World Critical Systems to Protect: Servers, Storage etc.– reside in Computer Room Critical Systems to Protect: PLC and Smart Instruments – reside in the field
The ICS Challenges: 1. Multi-vendor EPC Contracts 2. Increasing Management Expectations 3. Over 20+ ICS Cybersecurity Standards 4. SIL Certification does not evaluate Cybersecurity 5. Hackers – No Experience required 6. Unintentional Security Incidents 7. Expanding depth and breadth of ICS Security Tasks
The Challenge: Multi-vendor EPC Contracts
The Challenge: Management Expectations
The Challenge: SIL Certification does not evaluate Cybersecurity • IEC 61508 Certification (SIL Certification) does not evaluate Cybersecurity.
The Challenges Over 20+ Standards 1. ISA 99 / IEC 62443 Cybersecurity Standard for ICS 2. NIST SP800-82 : Guide to Industrial Control Systems Security 3. NERC – CIP 002 through CIP -009 4. Oil & Gas Sector: API Standard 1164 – SCADA Security 5. Water & Waste Water Sector Standards 6. Chemical Sector Standards 7. ……
The Challenge: Hackers – No Experience required Nessus plugins and Metasploit modules have been publically released enabling anyone to find and exploit these vulnerabilities.
The Challenge: Hackers – No Experience required www.rapid7.com, www. shodan.com; Free code to crash PLCs available on internet.
The Challenge: Hackers – No Experience required
The Challenge: Unintentional incidents 80% of actual control system security incidents were unintentional (www.risidata.com)
Addressing ICS Cybersecurity: 1. Should controls be taken away from Smart Instruments? 2. Why can’t we build secure systems? 3. Is 100% Cybersecurity ever possible?
Addressing ICS Cybersecurity: Learning from History
Addressing ICS Cybersecurity: Technology, People and Processes 1. Technology ◦ The Cost-Benefit Analysis 2. People ◦ Is Cybersecurity awareness & training enough? 3. Processes ◦ Where is the end?
Addressing ICS Cybersecurity: Technology, People and ProcessesTECHNOLOGY • Hardening Servers, Workstations, Networks, DCS Systems, PLCs, Instruments… • Implement technical monitoring & controls PEOPLE • Awareness • Training • Cybersecurity drills PROCESSES • Implement Processes • Monitor Performance • Review • Improve
Addressing ICS Cybersecurity: Technology, People and ProcessesTECHNOLOGY • The Cost- Benefit Analysis • Constraint: • COST PEOPLE • The Human Factor • The End: • TRUST PROCESSES • Quality Assurance • Sky is the Limit
Quality Assurance 1. QA/QC – Definitions 2. The Processes 3. Standards & Frameworks ◦ The ICS Standards & Frameworks ◦ ISA99 ◦ ….. ◦ The IT Standards & Frameworks ◦ TOGAF ◦ COBIT ◦ ITIL ◦ ….
ICS Standards & Frameworks ISA99 / IEC 62443 Relevant part to End-Users: ISA 62443-2 Series Policies & Procedures
ICS Standards & Frameworks ISA99 / IEC 62443 – Zones & Conduits
IT Standards & Frameworks 1. ISO 27001 2. IT Governance - COBIT 5 2. IT Service Management - ITIL V3.1 3. Enterprise IT Architecture – TOGAF V9.1
The Contrast IT & ICS Standards & Frameworks 1. Technology Focus  ICS 2. Business Enablement  IT
TOGAF 9.1 1. Enterprise IT Architecture 2. Originated from TAFIM of early 1980s, developed by US Dept. of Defense 3. Provides an approach for designing, planning, implementing, and governing an enterprise Information Technology architecture.
COBIT 5 1. Governance & Management Framework for Enterprise IT – End to End 2. Building on 16 Year History 3. Provides Structure, Practices, Tools for: ◦ Proactively deliver value ◦ Manage Risk ◦ Maximize ROI
ITIL V3.1 1. IT Service Management Framework 2. Originated in late 1980s by UK Govt’s CCTA 3. Focus on optimal service provisioning at justifiable cost
NIST Cybersecurity Framework
NIST Cybersecurity Framework
NIST Cybersecurity Framework
IT Frameworks : Enabling ICS Security 1. ICS Security - Purchase Specifications 2. ICS Security Portfolio Management 3. Business Justification 4. Compliance to Regulations 5. Business Risk Management
Quality Assurance: The 80% of ICS Cybersecurity THANK YOU

Recommended

Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 

Recommended

Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
Introduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsIntroduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsSean R. Bouchard, P.Eng
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsYokogawa1
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA SecurityNarinrit Prem-apiwathanokul
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityChris Sistrunk
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Jim Gilsinn
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...arnaudsoullie
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009Narinrit Prem-apiwathanokul
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
المركز الدولي للطب الطبيعي والتأهيل د يوسف سرحان
المركز الدولي للطب الطبيعي والتأهيل د يوسف سرحانالمركز الدولي للطب الطبيعي والتأهيل د يوسف سرحان
المركز الدولي للطب الطبيعي والتأهيل د يوسف سرحانالطب الطبيعي والعلاج الطبيعي
 
Cash for Gold
Cash for GoldCash for Gold
Cash for GoldSilver and Gold For Cash
 

More Related Content

What's hot

Introduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsIntroduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsSean R. Bouchard, P.Eng
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsYokogawa1
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityChris Sistrunk
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Jim Gilsinn
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...arnaudsoullie
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 

What's hot (20)

Introduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsIntroduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water Operators
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA Security
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS Security
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentation
 
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of Standards
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security Presentation
 

Viewers also liked

Archiving challanges v 1.0 ahmed shawki
Archiving challanges v 1.0 ahmed shawkiArchiving challanges v 1.0 ahmed shawki
Archiving challanges v 1.0 ahmed shawkipromediakw
 
Preliminary work – cover lines for school magazine
Preliminary work – cover lines for school magazinePreliminary work – cover lines for school magazine
Preliminary work – cover lines for school magazineAmir Mohseny
 
Roadway Ordinance
Roadway OrdinanceRoadway Ordinance
Roadway Ordinancegscplanning
 
13 C class notes for Teen Trouble documentary
13 C class notes for Teen Trouble documentary13 C class notes for Teen Trouble documentary
13 C class notes for Teen Trouble documentarylaneford
 
X pages day発表_20141118
X pages day発表_20141118X pages day発表_20141118
X pages day発表_20141118Takashi Yamori
 
X pages day発表_part1
X pages day発表_part1X pages day発表_part1
X pages day発表_part1Takashi Yamori
 
Preliminary Front Cover 3 Main images
Preliminary Front Cover 3 Main imagesPreliminary Front Cover 3 Main images
Preliminary Front Cover 3 Main imagesAmir Mohseny
 
Dr. Basel Al - Othman - Live mobilehacking
Dr. Basel Al - Othman - Live mobilehackingDr. Basel Al - Othman - Live mobilehacking
Dr. Basel Al - Othman - Live mobilehackingpromediakw
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01promediakw
 

Viewers also liked (20)

المركز الدولي للطب الطبيعي والتأهيل د يوسف سرحان
المركز الدولي للطب الطبيعي والتأهيل د يوسف سرحانالمركز الدولي للطب الطبيعي والتأهيل د يوسف سرحان
المركز الدولي للطب الطبيعي والتأهيل د يوسف سرحان
 
Cash for Gold
Cash for GoldCash for Gold
Cash for Gold
 
Archiving challanges v 1.0 ahmed shawki
Archiving challanges v 1.0 ahmed shawkiArchiving challanges v 1.0 ahmed shawki
Archiving challanges v 1.0 ahmed shawki
 
Preliminary work – cover lines for school magazine
Preliminary work – cover lines for school magazinePreliminary work – cover lines for school magazine
Preliminary work – cover lines for school magazine
 
Evidence 1
Evidence 1Evidence 1
Evidence 1
 
Roadway Ordinance
Roadway OrdinanceRoadway Ordinance
Roadway Ordinance
 
13 C class notes for Teen Trouble documentary
13 C class notes for Teen Trouble documentary13 C class notes for Teen Trouble documentary
13 C class notes for Teen Trouble documentary
 
Gremio 2015
Gremio 2015Gremio 2015
Gremio 2015
 
Geoff's Gym
Geoff's GymGeoff's Gym
Geoff's Gym
 
X pages day発表_20141118
X pages day発表_20141118X pages day発表_20141118
X pages day発表_20141118
 
Bayern Monachium
Bayern MonachiumBayern Monachium
Bayern Monachium
 
X pages day発表_part1
X pages day発表_part1X pages day発表_part1
X pages day発表_part1
 
Preliminary Front Cover 3 Main images
Preliminary Front Cover 3 Main imagesPreliminary Front Cover 3 Main images
Preliminary Front Cover 3 Main images
 
Dr. Basel Al - Othman - Live mobilehacking
Dr. Basel Al - Othman - Live mobilehackingDr. Basel Al - Othman - Live mobilehacking
Dr. Basel Al - Othman - Live mobilehacking
 
Lr2n
Lr2nLr2n
Lr2n
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
Kpi for manager
Kpi for managerKpi for manager
Kpi for manager
 
Definition of a kpi
Definition of a kpiDefinition of a kpi
Definition of a kpi
 
kolonisasyon sa asya
kolonisasyon sa asyakolonisasyon sa asya
kolonisasyon sa asya
 
Media Buy
Media BuyMedia Buy
Media Buy
 

Similar to Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System Cyber security

Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...TI Safe
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...Dale Butler
 
European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada securityYulia Rotar
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn Kingsley
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and productsJavier Tallón
 
Smart Manufacturing
Smart ManufacturingSmart Manufacturing
Smart ManufacturingCSA Group
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsShah Sheikh
 
Get yourself trained or Certified for IEC 62443 and other trainings.pdf
Get yourself trained or Certified for IEC 62443 and other trainings.pdfGet yourself trained or Certified for IEC 62443 and other trainings.pdf
Get yourself trained or Certified for IEC 62443 and other trainings.pdfJohn Kingsley
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryAshley Zupkus
 
Cybersecurity of powergrid
Cybersecurity of powergrid Cybersecurity of powergrid
Cybersecurity of powergrid Rajesh Sawale
 
Cyber security of power grid
Cyber security of power gridCyber security of power grid
Cyber security of power gridP K Agarwal
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Nathan Wallace, PhD, PE
 
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...Gaurav Singh Rajput
 
Anti Hack Solution
Anti Hack Solution Anti Hack Solution
Anti Hack Solution Naved Ahmed
 

Similar to Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System Cyber security (20)

Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
 
European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada security
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
 
Industrial_Cyber_Security
Industrial_Cyber_SecurityIndustrial_Cyber_Security
Industrial_Cyber_Security
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
 
Smart Manufacturing
Smart ManufacturingSmart Manufacturing
Smart Manufacturing
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
 
Get yourself trained or Certified for IEC 62443 and other trainings.pdf
Get yourself trained or Certified for IEC 62443 and other trainings.pdfGet yourself trained or Certified for IEC 62443 and other trainings.pdf
Get yourself trained or Certified for IEC 62443 and other trainings.pdf
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in ics
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industry
 
Cybersecurity of powergrid
Cybersecurity of powergrid Cybersecurity of powergrid
Cybersecurity of powergrid
 
Cyber security of power grid
Cyber security of power gridCyber security of power grid
Cyber security of power grid
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
 
Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
CI_SCS_Intro
CI_SCS_IntroCI_SCS_Intro
CI_SCS_Intro
 
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
 
Anti Hack Solution
Anti Hack Solution Anti Hack Solution
Anti Hack Solution
 

More from promediakw

ورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمان
ورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمانورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمان
ورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمانpromediakw
 
دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق
دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق
دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق promediakw
 
إنجح في التوظيف ميلاد حدشيتي
إنجح في التوظيف ميلاد حدشيتيإنجح في التوظيف ميلاد حدشيتي
إنجح في التوظيف ميلاد حدشيتيpromediakw
 
الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي
الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي
الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي promediakw
 
2د. محمد كمال
2د. محمد كمال 2د. محمد كمال
2د. محمد كمال promediakw
 
د. محمد كمال
د. محمد كمال د. محمد كمال
د. محمد كمال promediakw
 
وليد حمود ورقة الأمانة العامة
وليد حمود ورقة الأمانة العامة وليد حمود ورقة الأمانة العامة
وليد حمود ورقة الأمانة العامةpromediakw
 
محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة
محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة
محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروةpromediakw
 
أمل الرشدان -التحسين المستمر بروميديا
أمل الرشدان -التحسين المستمر بروميديا أمل الرشدان -التحسين المستمر بروميديا
أمل الرشدان -التحسين المستمر بروميدياpromediakw
 
بناء الثقافة الوظيفية - محمد كمال
بناء الثقافة الوظيفية - محمد كمال بناء الثقافة الوظيفية - محمد كمال
بناء الثقافة الوظيفية - محمد كمال promediakw
 
Eng. salman zafar - Concept of zero wastes and role of material recovery faci...
Eng. salman zafar - Concept of zero wastes and role of material recovery faci...Eng. salman zafar - Concept of zero wastes and role of material recovery faci...
Eng. salman zafar - Concept of zero wastes and role of material recovery faci...promediakw
 
مؤتمر النفايات
مؤتمر النفاياتمؤتمر النفايات
مؤتمر النفاياتpromediakw
 
Eng. ch. rama krushna chary drilling waste management
Eng. ch. rama krushna chary drilling waste managementEng. ch. rama krushna chary drilling waste management
Eng. ch. rama krushna chary drilling waste managementpromediakw
 
Dr shirish naik - Decentralized wastewater treatment systems
Dr shirish naik - Decentralized wastewater treatment systemsDr shirish naik - Decentralized wastewater treatment systems
Dr shirish naik - Decentralized wastewater treatment systemspromediakw
 
Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...
Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...
Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...promediakw
 
Dr. Faten Al-Attar - Green building and waste management
Dr. Faten Al-Attar - Green building and waste managementDr. Faten Al-Attar - Green building and waste management
Dr. Faten Al-Attar - Green building and waste managementpromediakw
 
Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...
Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...
Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...promediakw
 
Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...
Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...
Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...promediakw
 
Dr. Ziyad Salloum - Geographical Passwords
Dr. Ziyad Salloum - Geographical PasswordsDr. Ziyad Salloum - Geographical Passwords
Dr. Ziyad Salloum - Geographical Passwordspromediakw
 
Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1
Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1
Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1promediakw
 

More from promediakw (20)

ورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمان
ورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمانورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمان
ورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمان
 
دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق
دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق
دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق
 
إنجح في التوظيف ميلاد حدشيتي
إنجح في التوظيف ميلاد حدشيتيإنجح في التوظيف ميلاد حدشيتي
إنجح في التوظيف ميلاد حدشيتي
 
الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي
الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي
الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي
 
2د. محمد كمال
2د. محمد كمال 2د. محمد كمال
2د. محمد كمال
 
د. محمد كمال
د. محمد كمال د. محمد كمال
د. محمد كمال
 
وليد حمود ورقة الأمانة العامة
وليد حمود ورقة الأمانة العامة وليد حمود ورقة الأمانة العامة
وليد حمود ورقة الأمانة العامة
 
محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة
محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة
محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة
 
أمل الرشدان -التحسين المستمر بروميديا
أمل الرشدان -التحسين المستمر بروميديا أمل الرشدان -التحسين المستمر بروميديا
أمل الرشدان -التحسين المستمر بروميديا
 
بناء الثقافة الوظيفية - محمد كمال
بناء الثقافة الوظيفية - محمد كمال بناء الثقافة الوظيفية - محمد كمال
بناء الثقافة الوظيفية - محمد كمال
 
Eng. salman zafar - Concept of zero wastes and role of material recovery faci...
Eng. salman zafar - Concept of zero wastes and role of material recovery faci...Eng. salman zafar - Concept of zero wastes and role of material recovery faci...
Eng. salman zafar - Concept of zero wastes and role of material recovery faci...
 
مؤتمر النفايات
مؤتمر النفاياتمؤتمر النفايات
مؤتمر النفايات
 
Eng. ch. rama krushna chary drilling waste management
Eng. ch. rama krushna chary drilling waste managementEng. ch. rama krushna chary drilling waste management
Eng. ch. rama krushna chary drilling waste management
 
Dr shirish naik - Decentralized wastewater treatment systems
Dr shirish naik - Decentralized wastewater treatment systemsDr shirish naik - Decentralized wastewater treatment systems
Dr shirish naik - Decentralized wastewater treatment systems
 
Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...
Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...
Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...
 
Dr. Faten Al-Attar - Green building and waste management
Dr. Faten Al-Attar - Green building and waste managementDr. Faten Al-Attar - Green building and waste management
Dr. Faten Al-Attar - Green building and waste management
 
Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...
Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...
Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...
 
Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...
Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...
Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...
 
Dr. Ziyad Salloum - Geographical Passwords
Dr. Ziyad Salloum - Geographical PasswordsDr. Ziyad Salloum - Geographical Passwords
Dr. Ziyad Salloum - Geographical Passwords
 
Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1
Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1
Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1
 

Recently uploaded

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System Cyber security

  • 1. Quality Assurance: The 80% of Industrial Control Systems (ICS) Cybersecurity -Rabbani Syed
  • 2. About me Rabbani Syed 27 years of wide range of experience in Defense, Manufacturing, Energy, Oil & Gas industries Systems Analyst, IT Quality Management, Information Technology, Kuwait National Petroleum Company. Previous: Systems Engineer – Kuwait Controls Co. ◦ SCADA, DCS & Telemetry Systems for Ministry of Electricity & Water (MEW) – Kuwait. Senior Engineer, Bharat Electronics (BEL-India) ◦ Design & Development of Real Time Computer Systems for Electronic Warfare Systems (Anti-Radar and Electronic Counter Measure Systems) M. Engg. in ECE – Osmania University, B. Tech in ECE – JNTU, India Certifications: PMP, CISSP, CISA, CISM, CGEIT Certificates: ISO27001LA, ISA99 Cybersecurity Fundamentals Specialist
  • 3. Quality Assurance: The 80% of Industrial Control Systems (ICS) Cybersecurity Overview: 1. The ICS Context 2. The Challenges 3. Technology, People, Processes 4. Quality Assurance: ◦ Processes & Frameworks
  • 4. Changes in the ICS Architecture • ICS now use commercial technology • Highly connected to internet • Offer remote access In past few years, there has been an increase in number of Cyberattacks on ICS
  • 5. The ICS Context ICS – Industrial Control Systems (SCADA, DCS, PLCs, Telemetry, Building Automation Systems etc.) OT – Operational Technology IT – Information Technology
  • 6. The ICS Context Inversion of importance in Core Security Goals: Confidentiality Integrity Availability Confidentiality Integrity Availability IT OT
  • 7. The ICS Context, in Contrast with IT Context Differing Performance Requirements:
  • 8. The ICS Context Differing Reliability Requirements: IT Network ICS Network Scheduled Operations Continuous Operations Occasional Failures tolerated Outages Intolerable Beta testing in field acceptable Thorough QC testing expected in non-production environment Modifications possible with little paperwork Formal Certifications may be required after any change
  • 9. The ICS Context Differing Risk Management Approaches
  • 10. The ICS Context Differing Security Architectures: IT World ICS World Critical Systems to Protect: Servers, Storage etc.– reside in Computer Room Critical Systems to Protect: PLC and Smart Instruments – reside in the field
  • 11. The ICS Challenges: 1. Multi-vendor EPC Contracts 2. Increasing Management Expectations 3. Over 20+ ICS Cybersecurity Standards 4. SIL Certification does not evaluate Cybersecurity 5. Hackers – No Experience required 6. Unintentional Security Incidents 7. Expanding depth and breadth of ICS Security Tasks
  • 14. The Challenge: SIL Certification does not evaluate Cybersecurity • IEC 61508 Certification (SIL Certification) does not evaluate Cybersecurity.
  • 15. The Challenges Over 20+ Standards 1. ISA 99 / IEC 62443 Cybersecurity Standard for ICS 2. NIST SP800-82 : Guide to Industrial Control Systems Security 3. NERC – CIP 002 through CIP -009 4. Oil & Gas Sector: API Standard 1164 – SCADA Security 5. Water & Waste Water Sector Standards 6. Chemical Sector Standards 7. ……
  • 16. The Challenge: Hackers – No Experience required Nessus plugins and Metasploit modules have been publically released enabling anyone to find and exploit these vulnerabilities.
  • 17. The Challenge: Hackers – No Experience required www.rapid7.com, www. shodan.com; Free code to crash PLCs available on internet.
  • 18. The Challenge: Hackers – No Experience required
  • 19. The Challenge: Unintentional incidents 80% of actual control system security incidents were unintentional (www.risidata.com)
  • 20. Addressing ICS Cybersecurity: 1. Should controls be taken away from Smart Instruments? 2. Why can’t we build secure systems? 3. Is 100% Cybersecurity ever possible?
  • 22. Addressing ICS Cybersecurity: Technology, People and Processes 1. Technology ◦ The Cost-Benefit Analysis 2. People ◦ Is Cybersecurity awareness & training enough? 3. Processes ◦ Where is the end?
  • 23. Addressing ICS Cybersecurity: Technology, People and ProcessesTECHNOLOGY • Hardening Servers, Workstations, Networks, DCS Systems, PLCs, Instruments… • Implement technical monitoring & controls PEOPLE • Awareness • Training • Cybersecurity drills PROCESSES • Implement Processes • Monitor Performance • Review • Improve
  • 24. Addressing ICS Cybersecurity: Technology, People and ProcessesTECHNOLOGY • The Cost- Benefit Analysis • Constraint: • COST PEOPLE • The Human Factor • The End: • TRUST PROCESSES • Quality Assurance • Sky is the Limit
  • 25. Quality Assurance 1. QA/QC – Definitions 2. The Processes 3. Standards & Frameworks ◦ The ICS Standards & Frameworks ◦ ISA99 ◦ ….. ◦ The IT Standards & Frameworks ◦ TOGAF ◦ COBIT ◦ ITIL ◦ ….
  • 26. ICS Standards & Frameworks ISA99 / IEC 62443 Relevant part to End-Users: ISA 62443-2 Series Policies & Procedures
  • 27. ICS Standards & Frameworks ISA99 / IEC 62443 – Zones & Conduits
  • 28. IT Standards & Frameworks 1. ISO 27001 2. IT Governance - COBIT 5 2. IT Service Management - ITIL V3.1 3. Enterprise IT Architecture – TOGAF V9.1
  • 29. The Contrast IT & ICS Standards & Frameworks 1. Technology Focus  ICS 2. Business Enablement  IT
  • 30. TOGAF 9.1 1. Enterprise IT Architecture 2. Originated from TAFIM of early 1980s, developed by US Dept. of Defense 3. Provides an approach for designing, planning, implementing, and governing an enterprise Information Technology architecture.
  • 31. COBIT 5 1. Governance & Management Framework for Enterprise IT – End to End 2. Building on 16 Year History 3. Provides Structure, Practices, Tools for: ◦ Proactively deliver value ◦ Manage Risk ◦ Maximize ROI
  • 32. ITIL V3.1 1. IT Service Management Framework 2. Originated in late 1980s by UK Govt’s CCTA 3. Focus on optimal service provisioning at justifiable cost
  • 36. IT Frameworks : Enabling ICS Security 1. ICS Security - Purchase Specifications 2. ICS Security Portfolio Management 3. Business Justification 4. Compliance to Regulations 5. Business Risk Management
  • 37. Quality Assurance: The 80% of ICS Cybersecurity THANK YOU