Cyber Security for SCADA Systems

Size: px
Start display at page:

Download "Cyber Security for SCADA Systems"

Transcription

1 In this white paper Modern control systems are increasingly complex, digital and connected. Where in the past these were isolated from other networks, today s operators typically require data to be transferred between industrial and external networks. This has created the potential for malware and hackers to gain access to and disrupt real time control systems and dependent infrastructure. This white paper analyses the different types of control systems and their associated threats, the methods of countering cyber intrusions, and the services Thales is able to provide to counter these cyber security threats. White Paper Cyber Security for SCADA Systems Autumn 2013

2 Introduction What is SCADA? SCADA, or Supervisory Control and Data Acquisition, is a type of industrial control system (ICS). These are computer controlled systems that monitor and control industrial processes that exist in the physical world. SCADA systems historically distinguish themselves from other ICS systems by being large scale processes that can include multiple sites, and large distances. These processes include industrial, infrastructure, and facility-based processes. The security of SCADA (Supervisory Control and Data Acquisition) and realtime systems represents a significant challenge in today s world. High profile cyber security threats are a recent phenomenon think of the Stuxnet or Night Dragon attacks yet the systems running critical industrial processes are typically a generation older. Consequently, there are many legacy systems that may be vulnerable to cyber attack because cyber security was simply not a consideration at the time of initial design and installation. The security of even recently deployed systems may also be an issue, and often there are media reports of instances where systems are connected to the internet with inadequate protection, or the manufacturers of the equipment have used hardcoded usernames and passwords, thereby gifting cyber intruders with inside knowledge with the ability to manipulate the system settings. It is against this backdrop that we can consider the critical differences between real-time/scada systems versus the protection and risks associated the enterprise systems. Figure 1 summarises these issues. An organisation may be more concerned about intellectual property theft, persons gaining access to financial or strategic information, or just plain denial of service on IT systems. Although serious for a business, these risks are unlike those for industrial control systems (ICS) / SCADA where the impact may be to lose visibility of the system sensor readings, and consequently loss of control of the plant. So where threats against business systems may impact the financial viability of the company, the potential consequences of attacks on ICS/SCADA represent a threat to safety and human life in an extreme case. This is not to say Industrial IT Systems are not vulnerable to loss of critical Historical Records, loss of Data Integrity, loss of time-dependent or synchronised performance, progressive degradation and randomised effects. Business IT Systems Industrial Control Systems Over 1 million SCADA / ICS systems are connected to the internet with unique IPs General state of real time system security seen as poor by hackers Honeypot deployment of virtual SCADA proves attackers change settings Financial Integrity Denial of Service Financial and Reputational Risk Figure 1 - Business System versus ICS Risk Loss of Information Loss of View Impact on Systems Safety and Operational Risk Loss of Control Cyber Security for SCADA Systems - Autumn

3 A holistic view of security Before moving further into the Cyber aspects we must consider the wide range of threats that can be broadly categorised as below Threat Category Typical Represention Typical Mitigation Controls Personnel Insider attack, bribery & subversion Personnel Vetting Acceptable Use Policy, Audit regime, Logs & Alerting Physical Intruders, burglars, prohibited items (drugs, explosives, firearms) Locks, fences, CCTV, guards, alarms, C&C etc. Cyber Hackers, malware Security audits, IDS /SIEM, antivirus, firewalls, etc. Environmental Fire, flood, earthquake, power failure, severe weather DR facilities, BCP, redundancy, remote access controls etc. In some cases it may not be practical to enforce security controls that would be mandatory in a business environment. For example, common user accounts though preferable, in a real time plant environment accounts may be shared by a number of users in a control room under a group account. It is, however, necessary to take a holistic view and where practical a common approach to dealing with the personnel, physical, cyber and environmental threats. For example, with a critical site there is little point in only implementing physical controls by building a large fence with cameras around the periphery if a cyber attack can be used to disable the cameras in a certain location to replay a video loop, and allow access via the turnstiles into the site. Indeed, the ability to carry out a cyber attack negates the need for a physical attack if the systems within the site can be shut-down or put into an undesired and perhaps unstable mode from outside, perhaps overriding interlocks, and causing pressures, temperatures, rotational speeds and levels to go beyond safe limits. The cyber attack may be seen as the easy option by attackers, which may be undertaken from another country, with attribution of source difficult to prove. To put it simply, rather than travelling hundreds or thousands of miles to perform a physical attack on a well defended site, after months of planning, a competent belligerent is liable to instead to use SHODAN to determine the IP number of a SCADA system located on the other side of the world, download exploit code for the SCADA systems from Metasploit, then launch the attack via the anonymity services of TOR, perhaps within the time frame of 1 hour or less. In short, SCADA/ICS systems must be defended more robustly than they are now. Industrial Systems, Controllers and Risk The computerised equipment used in the control of equipment and industrial processes are deployed in every aspect of Critical National Infrastructure, such as: Nuclear Power Plants & Reprocessing Facilities Chemical Plants Mail Sorting Offices Oil Refineries Gas Processing Facilities Food Production Railway signalling systems Pharmaceutical Production LPG Tankers Distribution Centres and Ports Motor Vehicle Production Facilities Wind Turbines Cyber Security for SCADA Systems - Autumn

4 Clearly an adverse event taking place in any of these facilities could have serious health implications for those persons in the vicinity and nearby locations. Some attacks will have more serious implications than others a cyber attack on a wind-farm is unlikely to have the same impact as another attack on a Nuclear Reprocessing facility which may result in a long-lasting nuclear event, radioactive plume, and contamination. The consequences of a cyber, or other attack on these facilities should be given due consideration within site risk assessments, and national risk registers, so as to understand the extent of physical, cyber, personnel and environmental security controls that should be put in place. Exploitation of SCADA Systems Google Search is an everyday common tool for most people accessing the internet, which operates by indexing the content of web pages to allow rapid retrieval based on user search criteria. SHODAN on the other-hand is a search engine similar to Google except this search engine indexes HTTP (web message) header information allowing users to find routers, servers, traffic lights, and industrial control equipment. Project SHINE (SHodan Intelligence Extraction), uncovered that over 1 million SCADA / ICS systems are connected to the internet with unique IPs, and this figure is growing by between / day. It is most likely that many of these devices will be insecure and exploitable. All the attacker needs to do is use SHODAN to determine the device facing the internet based on the header information revealing the software version in place or other similar information, retrieve the appropriate exploit code for that device from a repository such as Metasploit, set up a proxy connection using TOR or similar, then exploit the remote system. It is commonly recognised that the robustness of SCADA/ICS in the face of a direct cyber attack is poor, as many systems were not intended to be connected to the internet. Systems should be designed such that there are security controls (such as firewalls/ data-diodes, and identity & access management systems) between the real time systems and the internet. The current state of SCADA/ICS systems is regarded as woeful by security researchers. It is common to find ActiveX, secure coding approaches are rare, and many systems are so brittle they are unable to withstand security scans & probing. Backdoor administrative accounts are present, and in some cases hardcoded authentication credentials used which if known guarantees hacker access. Basic fuzzing of ICS causes some to crash and buffer overflows are a serious problem, and some have no password timeouts allowing brute-force login attempts. Hacking of ICS is made easier with ready-made plug-ins for the Metasploit framework and Nessus, to allow hackers easy access to real-time systems. Cyber Security for SCADA Systems - Autumn

5 Once a system has been owned such as a PLC, then new ladder logic can be uploaded. During the attack on Natanz with Stuxnet, it was reported that the controller logic was changed to cause the centrifuges to speed up / slow down rapidly. A similar approach could be adopted on other systems to ignore multiple safety interlocks with catastrophic effects. Perhaps the controllers are duplicated for safety and availability, but if the cyber attack changes the logic in all systems, then the outlook is not good. Cyber attacks on SCADA/ICS are rare but increasing. The temptation is to dismiss the problem; however, a blackhat presentation in proved that if a honeypot was placed on the internet simulating a real-time system, some connecting parties changed settings to potentially hazardous levels. This was just a virtual honeypot, not a real SCADA system, but the outcome of external hackers connecting to real systems and changing settings, may have serious implications. If possible, robust SCADA/ICS products should be used, with security built in, not an afterthought. However, this may not be practical and it is therefore essential to segregate these systems from high risk networks such as the internet, and certainly do not allow IP numbers for SCADA/ICS to be directly accessible from the internet, unless there is a good reason and appropriate security controls are in place. Industrial Protocols A protocol, in the original sense of the word, is a code of conduct or defined procedures to be followed. With respect to Industrial IT systems, the protocol allows communication from one device to be understood by other devices. Given that Industrial IT hardware has a range of functionality, provided by many manufacturers, there has evolved a very wide range of industrial protocols, often vendor specific. There has been some standardisation around the use of Fieldbus, Profibus, and Modbus but these have all been developed and deployed long before IT security became a major issue. Modbus, for example, has no controls against unauthorized commands and interception of data. Therefore, routing of industrial protocols over the internet or other IP networks nowadays requires professional care and additional controls to maintain security of the data and ensure both commands interactions and critical information retain their integrity. Understanding the Business Risk The business risk will vary between different sectors of the CNI, but also within specific aspects of the same company. For example a key risk for a Gas Processing plant in an area of political unrest may be physical intrusion and/or terrorist attack. However, an oil rig off the coast of the UK will have a different risk profile perhaps relating no non-availability of systems due to severe weather or concerns of leaks causing environmental damage. It is this variability of threat and risk that must be considered during a risk assessment, which should be undertaken through the whole business cycle from conceptual design though to close-down and decommissioning. 1. https://media.blackhat.com/us-13/us-13-wilhoit-the-scada-that-didnt-cry-wolf-whos-really-attacking-your-ics-devices-slides.pdf Cyber Security for SCADA Systems - Autumn

6 Typical Threat sources listed by CPNI (Centre for Protection of National Infrastructure) that should be considered are - Threat Sources / Actors Contractors Corporate intelligence Criminals / Organised Crime Disgruntled Staff Foreign Intelligence Services Hackers Internal Attackers / bystanders Protestors and Activists Staff undertaking unauthorised actions Terrorists Representation of Threat Externally employed staff on company premises, that may not be trained in the appropriate measures that should be undertaken (e.g. removal of faulty IT equipment from site that contains sensitive information). These persons may not have appropriate vetting and represent a threat if influenced to undertake malevolent activities whilst on the CNI site (such as inserting USB key-loggers, or gathering site security details). Competitors, some of whom will target CNI facilities to understand the site and steal intellectual property such that this can be replicated elsewhere, perhaps in competitive bids. This threat can also be present where companies are requested to bid for lucrative contracts, only to have these designs copied and used elsewhere in competitive bids. Criminals will be an issue where financial gain is of interest. This could be a break-in to steal computer equipment, which if not backed-up would represent a threat to business continuity. Criminals may also subvert staff to undertake malicious activity. Persons with a grudge, who may have been passed over for promotion, notified of redundancy, have moral objections to what the organisation is undertaking, or with other circumstances such as financial difficulties that put them at risk of compromising security, perhaps giving information to outsiders. Highly capable nation state organisations that are able to deploy considerable resources to gain information, such as interception of data, influence other threat actors to steal data, or hack in to environments for industrial espionage purposes. It is not only state secrets that will interest the FIS. For countries that have a close link between state & industry, the FIS will actively seek industrial information, and intellectual property for financial gain of the state linked industries. Whether state sponsored, funded by serious organised crime, or independently motivated, hackers have the potential to compromise the confidentiality, integrity or availability of systems by their actions. Externally this action may manifest itself in website defacement, or theft of customer details. However for clients running real time / ICS systems, perhaps geographically spread, hackers may use search tools such as SHODAN to discover internet connected equipment, and perform malevolent actions on this infrastructure. Persons on-site perhaps temporarily, who are visitors or bystanders may pose a risk, by observing information when present in the facility, or perhaps unauthorised access systems that are logged in. Persons having an ideological grudge against the operations of the company. Traditionally this has been to blockade facilities, or intimidate staff to impede company operations or gain media publicity. However the recent emergence of Hacktivism has meant the wilful unauthorised penetration into company systems by politically motivated parties. Sometimes wilful, but other times may be due to inadvertent consequences. Unauthorised actions by staff, perhaps trying to get round what is seen as onerous / inflexible security controls can introduce threats. A typical example would be the use of personal USB sticks which contain malware, in the absence of an alternative and available route to transfer information. Persons with malicious intent whose primary aim to date has been physical attacks on systems to compromise availability. This does not necessarily mean that electronic attacks will not occur in future with respect to real time / SCADA systems as available exploits against these systems become common-place. Cyber Security for SCADA Systems - Autumn

7 Regulatory Compliance With the emergence of cyber threats and the need to secure data, standards have arisen for other industries such as defined in the Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI DSS). The difficulty with applying a modern compliance regime to SCADA systems would be the difficulty in adapting the old systems to a new framework of controls. With the landmark event of Stuxnet, the security issues of SCADA came into prominence. It became evident that organised parties were intent on performing cyber attacks to access SCADA/PLC systems to invoke damage of plant equipment. Given the difficult nature of implementing robust controls in industrial environments, various national authorities such as NIST and CPNI have produced standards and security guides for real-time systems integrators. With the abundance of poorly protected ICS equipment, which will be in place for many years to come, often running protocols where security was never a consideration, there has been considerable effort by national and international bodies to define standards for securing the CNI infrastructure. Notable examples being: UK CPNI Security Guides USA NIST ISA 99 IEC62443 Zoning, Segregation, and Protection of Industrial Networks It is the interconnected nature of environments, and the need and expectation for access to data generated in the real-time arena, that causes the challenges. For example, in a rail transport scenario it would be very useful for travellers to know the position of trains, but it would also represent a risk if hackers or malware could enter via this internet connectivity, and compromise the safety of the track signalling systems. It is only by performing thorough risk assessments, and designing secure gateways, perhaps including one-way diodes, that ICS/SCADA networks can be protected from external threats. ISA99 and IEC62443 propose the zoning of architectures, and this has been generalised in Figure 2. This shows that with no security controls, external malware and hackers may gain access to ICS/SCADA systems, but with secure controls such as one-way-diodes, the threats resident on the business systems cannot spread to the real time arena, with a Level 0 to Level 4 zoning approach in the segregation of systems. The principles of Figure 2 should be followed, but the practicality of securing a widespread ICS/SCADA infrastructure will be complex with the conduits (WAN, VPNs) needing to be secured to remote outstations, and the need for controlling support personnel having remote access into the infrastructure below the industrial DMZ. Cyber Security for SCADA Systems - Autumn

8 Enterprise / DMZ Gateway Devices Internet Enterprise Systems Level 5 Centralised ERP, ERM CRM, C&C, Helpdesk Internet Internet Middleware Level 4 MOM, ESB, etc. Enterprise Systems Enterprise Systems Industrial / DMZ Level 3 Site Manufacturing Operations and Control Gateway Devices Conduit Industrial Control Systems Industrial Control Systems Industrial Control Systems Level 2 Level 1 Level 0 PLC SCADA, ICS Critical I/O Infrastructure Sensors, Actuators, Motors Figure 2 - Segregation of Business and Real-Time Networks Situational Awareness Stuxnet graphically illustrated that even air gapped industrial controls systems (ICS) in high security environments are vulnerable to sophisticated attack, especially with many ICS directly controlled via the host company s business network. Appreciating that many ICS are directly connected to the internet, the attack vectors, attack surfaces and likelihood of a security incident increase dramatically. If it is not within the immediate remit of the organisation to change the design and configuration of the network supporting the ICS. It is vital to have full situational awareness of the nature of the attack even if it has proved impossible to prevent the successful compromise. In order to achieve this it is necessary to incorporate protective monitoring technology, supported by policies and process into the organisation, coupled with experienced analysts who can identify suspicious network activity. Should this not be a practical solution, if for example the company size does not justify the expenditure on full-time security monitoring, then engaging with a managed service provider should be considered, who is able to provide the services of a 24/7 SOC (Security Operating Centre) that can monitor vulnerable networks together with other crucial feeds, such as Access Control Systems. Security and Incident/Emergency Management solutions exist that build a full Situational Awareness picture of physical, environmental personnel and cyber domains, enabling effective controlled and recorded responses. Cyber Security for SCADA Systems - Autumn

9 Forensic Readiness In the event of the worst case scenario occurring and a security compromise is suspected or has been identified, time is not a luxury that will be available. In the event of a serious incident, how the incident is managed and the time it takes to investigate and remediate it is likely be scrutinized closely by various organisations. Depending on the industry sector concerned, various compliance requirements may be mandated, this is highly likely to include Forensic Readiness. As an example ISO series of security control measures recommend that responsibilities and procedures should be established in order to quickly and effectively respond to security incidents, this includes cyber security breaches. In the UK, the Government has published the Security Policy Framework that mandates baseline security measures in 20 different areas to address technical security risks; this document is applicable to all Government employees (including contractors) and covers all areas of government and associated departments. The Risk Treatment section (Mandatory Requirement 9) states that Departments and Agencies must have a forensic readiness policy that will maximise the ability to preserve and analyse data generated by an ICT system that may be required for legal and management purposes. To assist with the drafting and implementation of a forensic readiness policy, CESG (Communications-Electronics Security Group, part of the state intelligence agency, GCHQ) have produced a Good Practice Guide (GPG 18) together with Information Assurance Implementation Guide Forensic Readiness Planning. This guide recommends a scenario-based approach to forensic readiness planning, examining hypothetical risks and real previous incidents. Each of these potential incidents should have a corresponding incident response policy that is documented and exercised. Incident Response Key to successful investigation and remediation is to have an assured Cyber Incident Response provider identified and preferably engaged as a forensic service provider in advance of an incident. This way the client has the confidence that the supplier has the availability, technology and capability to manage the incident on the client s behalf. Engaging a forensic company that employs manual techniques to identify and remediate a malware incident on a large enterprise network is likely to result in a protracted cyber version of Whack a Mole. Technical solutions now exist where entire enterprise networks can be examined concurrently for malware or an unknown APT, for example by looking for suspicious applications that are running in computer memory. Once the malware is identified a forensic snapshot of the data can be taken and all systems on the network forensically searched, whereupon remediation of infected devices can take place. The remediation option could then include (if required) the simultaneous stopping of processes or the forensic wiping of all traces of the malware across the entire domain. Previously, the manual approach would probably have taken weeks onsite or may not have fully remediated the attack. Now, new technology dramatically brings the response and remediation time down, allowing companies to resume normal business in a timely fashion. Cyber Security for SCADA Systems - Autumn

10 Integration of Cyber Monitoring and Defence can be combined into modern Security Facilities enabling Cyber Security, Physical Security and Process Management to be combined into holistic Situational Awareness and Tactical Response Management control rooms. Cyber Incident Reporting Depending on the industry sector there is likely to be a requirement for the mandatory reporting of the incident to one of the UK Computer Emergency Response Teams such as GovCertUK or MODCERT (MODWARP). How quickly and accurately the information on your cyber attack is passed to that authority will reflect in their ability to alert in a timely fashion other areas of industry, especially critical national infrastructure. It may also be reflected in any enforcement measures that the Information Commissioner (or similar organisation) may wish to take as a result of the cyber breach. So where does Thales fit in? When it comes to security and critical systems Thales is a world leader. There are many statistics, here are some Thales technology secures 80% of the world s financial transactions (90% in the UK) 3 billion rail passengers carried annually by the Thales SelTrac CBTC systems Thales implementation of the World s largest urban security project in Mexico City Thales implementation of security for the world s largest oil terminal Thales securing thousands of kilometres of pipelines and border surveillance Road toll collection on 4000 lanes of 30 motorways worldwide Significant involvement in air-traffic management, and airport security IT should be noted that CNI & ICS/SCADA spreads over a multitude of industries, and Thales is a major player in these arenas, if not a world leader, with much experience in implementing large-scale operation critical secure systems. Cyber Security for SCADA Systems - Autumn

11 Thales Critical Infrastructure & Cyber-security Services Thales believes Good Cyber is Good Business. Taking a holistic approach to security is the critical factor. Layered architectural models should be built that bring together world leading products from both the system/technology integrator and third parties to ensure that the holistic security requirements of the customer are met. It should be part of a solution to ensure the integrity of both the integration layer and the operation elements. Individual components of the solution should be understood in conjunction with concept of operation, policies, training, maintenance, supportability and the service aspects. Possible individual components and services are listed below but it should be understood that the real benefits come from solution providers, who can deliver all encompassing holistic security solutions. Critical Infrastructure Service CCTV / Site Security Controls Command Centre Design Physical Intrusion Tests Physical Security Audits Comment Selection of appropriate CCTV systems, calculation of field of view, illumination requirements, and other fence technology such as PIDs. Calculation of zoning for image analytics, and physical control selection such as inner / outer fence, camera poles, towers, bunds, biometrics, access control, video analytics and other measures to deter & detect intruders. With involvement in the largest and most sophisticated command centres on a worldwide basis, Thales is well placed to select the most appropriate technologies for inclusion in the command centre to support user requirements. The physical security aspects of the command centre will be considered, together with the internal IT system requirements / systems integration, and secure connectivity to local and remote stakeholders to offer holistic Situational Awareness and Response Capabilities. Covert intrusion by specialised Thales employees with skills in physical entry into critical facilities, using various techniques to overcome existing controls are used to test existing controls and operational processes in place to stop intruders. Thales personnel will leave agreed markers which will signify places that were reached which could signify the placement of explosives or theft of material whatever the client values and is trying to protect. Visiting client sites to understand existing security controls such as guard mechanisms, fences, doors, alarms, CCTV, and other aspects including security management systems and reporting mechanisms, and production of reports for clients highlighting shortfalls and what should be done with respect to security improvements. Cyber Security for SCADA Systems - Autumn

12 Security and Emergency / Event Management Integration Communications Network Design Process Control and Automation Selection of appropriate event management software to cover security, incident and emergency management. These systems can be highly sophisticated, and require integration with a large number of other system / site & remote sensors & CCTV, and stakeholders for management of events to give maximum operational benefit. CNI sites may have a lot of on-site sensors such as CCTV / PIDs, or ground based sensors and radar technology for detection of threats further away. GPS tracked assets such as vehicles and personnel may need to be monitored, for dynamic display on the video wall in the command centre. This entire site based data, plus data to / from offsite stakeholders, needs to be secure. Thales is skilled in the design of such networks allowing fixed cable, wireless / microwave / laser / radio / satellite communications in a secure, integrated, highly available and resilient manner. Thales has decades of experience in providing comprehensive Process Control and Automation systems. SCADA, Monitoring, DCS and Command Centres, both fixed, multi-site and mobile. The integration of traditional Industrial IT System expertise with Security System and Cyber System expertise sets Thales as a key total solution provider. Cyber Security Service Cyber-Range Activities Cyber Security Training Enterprise / Solutions Architecture Design & Systems Integration Hardware / Software Evaluation Holistic Security / Cyber Maturity Audits Incident Response Load Testing Comment Ability to undertake cyber engagements against other participants acting as APT actors or DDOS attackers. Ability for users of the Cyber Integration Centre to practice incident response, and configuration of hardware / software on both virtual and real industrial systems. Analysis of the customer requirements and determine whole enterprise architecture requirements, such as server architecture, SANs, enterprise software components, ESB, Databases, etc. Design of whole solution. Evaluation of hardware appliances and / or software for external clients Deployment of Thales personnel onto client sites, to gather information on current client cyber maturity and make recommendations regarding controls that should be put in place. Thales operate teams where personnel are members of CLAS, and recognised under the CCP scheme. Emergency deployment to client sites on a worldwide basis to resolve issues relating to APT and other cyber incidents. Ability to deploy hardware network appliances and client probes to capture indicator of compromise information, analyse the date and remove the cyber intrusion. Ability to take customer appliances and apply severe data loading to understand behaviour. Similarly for server based software to understand that the specified servers will be able to support the expected user community. Cyber Security for SCADA Systems - Autumn

13 Security Architecture Design Virtualised DR Failover Testing Virtualised Enterprise Environment (VEE) Virtualised Vulnerability Testing Vulnerability Assessment / Penetration Testing Analysis of existing or new architecture requirements, and determine the security controls that should be in place to secure the architecture. Selection of products & detailed design. Use of Cyber Integration Centre to test disaster recovery scenarios to prove that is one virtualised instance fails, other infrastructure can recover the situation, and human processes defined & users trained. Ability within the Cyber Integration Centre to simulate whole enterprise networks including servers, routers, switches, LAN/WAN issues (bottlenecks, jitter, time delays), real time infrastructure, and user communities. This enables clients to understand systems prior to deployment, or test changes prior to roll-out and understand how the system will operate under user load. Similar to VEE above, except ability to use Thales VA team to analyse software / firmware build status to understand components that should be patched or have lockdown policies applied. Deployment of Thales teams to client sites to perform vulnerability assessments against existing architecture, allowing current build status and vulnerabilities to be identified, and a report produced on these findings. Similarly, if the customer wishes, Thales is able to take these vulnerabilities and exploit these to gain access to further resources. Thales team members are recognised under the CREST scheme. Gateway Services Service NOC as a service PSN Gateway Services CSOC as a service Comment Thales is able to link to client sites and undertake a Network Operations Centre (SOC) Service, where client network infrastructure is managed & monitored, and software updates / patching is applied. Thales is a provider of gateway services to the PSN and other networks, and is able offer clients the ability to connect to the UK Public Sector Network (PSN) is required Thales is able to link to client sites and undertake a Cyber Security Operations Centre (CSOC) service, where these networks are monitored for cyber attacks, and APT characteristics. This is a particularly useful service for those clients who have taken advantage of the Thales Incident Response service, allowing through life aftercare. Cyber Security for SCADA Systems - Autumn

14 Figure 3 - One of the growing number of Thales Cyber Integration Labs Figure 3 shows one of the interconnected network of labs used for staging and testing of concepts in relation to real-time / SCADA and enterprise systems. In this case a video wall is present for displays covering CCTV and security management. Simulations are present for nuclear reactor control, pipeline monitoring, and site perimeter security. Other systems allow the overlay of incidents and sensor / asset data on top of site maps. There are a number of SCADA, PLC and Security Management systems in place and the ability to feed these systems from a number of sensors. Within this lab a section of fence is present, together with physical intrusion sensors, and cameras to react to intrusion events. This lab is available for industrial control and physical security solution and it can be linked to other labs allowing cyber incidents to be simulated. Thales has access to thousands of malware signatures, and is able to simulate sophisticated attacks against the ICS/SCADA and Security equipment, then design appropriate security architectures to keep such attacks out. The virtualised labs can also act as a Cyber training centre enabling the deployment of cyber attacks, and allowing response personnel to train in containing the event and removal of the malware or attackers from the network. Although the labs can operate to support cyber range training in cyber-warfare-defence, the labs are primarily aimed at repelling existing cyber attacks, which are commonplace. The availability of such facilities is a formidable resource in allowing clients to test equipment & concepts prior to deployment with realistic simulated loads and architectures, having extensive server resources and state of the art network simulation equipment means that millions of users can be simulated, events timed to the nanosecond, and network problems such as bottlenecks / jitter / timedelays simulated to provide the most realistic of environments Thales can help solve client problems, test the real system software to be used with realistic loads and events, then deploy to client sites via our consultancy and implementation teams, wherever the client is located on a global basis. Physical Artefacts - Switches, CCTV, PIDS etc. External User Community External Components and Non-Virtualised Infrastructure Virtualised Enterprise Environment Virtual User Community Switch / Routing Infrastructure Company Enterprise Server / Application Infrastrucure Internal / External LANs/MANs Stage Complete / Partial Enterprise Infrastructure Replicate Processes & Workflow SCADA Simulation Simulate Network Infrastucture and Bottlenecks Stress Test Applications External Hacking Community External Hacking Community Security / Authentication Infrastructure Real-time Industrial Control Infrastructure and Process Supply Chain Interaction Pen Test / Vulnerbility Assessments Replicate Hacking and Incident Response Figure 4 - Virtualised Enterprise Environment Cyber Security for SCADA Systems - Autumn

15 Conclusion We live in a fast changing world. Unfortunately, this includes the threats against the SCADA integral to the functioning and prosperity of businesses and Critical National Infrastructure. There are many misconceptions on the levels of threat, the extent of damage or disruption and the effort and skills required for protection. The field of cyber security in relation to SCADA and Industrial Control Systems is complex, and the consequences of either ignoring the threats or implementing inadequate controls may have significant consequences, perhaps involving loss of life if an attack was launched which achieved the end objective. Cyber and SCADA Security is now of major concern for all industrial infrastructures. The nature of the threat demands rapid, accurate, and informed decision-making to ensure safety, security, and operational effectiveness are maintained regardless of any incidents or accidents that may occur. This requires the application of holistic security solutions, delivered by organisations such as Thales who is able to deliver the integrated security systems designed to meet the increasing threats and ensure that Critical Operations receive the best protection. This white paper has shown that vulnerable organisations should take a holistic approach to securing their SCADA systems. Interrelated cyber, physical, and industrial IT vulnerabilities must be managed effectively from the outset to meet new threats. With its wide range of services and state of the art testing, integration and simulation facilities, Thales is able to understand the nature of the customer environment, integrate security into the system design from the ground up to cover the main risks of physical, cyber, personnel or environmental security, or retrofit solutions to shield legacy solutions from the wide range of threats today. Cyber Security for SCADA Systems - Autumn

16 About Thales Whenever critical decisions need to be made, Thales has a role to play. World-class technologies and the combined expertise of 65,000 employees in 56 locally based country operations make Thales a key player in assuring the security of citizens, infrastructure and nations in all the markets we serve aerospace, space, ground transportation, security and defence. For more than 40 years, Thales has delivered state of the art physical and cyber security solutions to commercial, critical national infrastructure, government and military customers. Thales will help you refocus your security spend to defend your organisation and prevent significant loss of revenue and reputation. Thales will ensure your competitive advantage is maintained by being able to demonstrate resilient and secure use of physical and cyber security. Why Thales? As a world leader in providing modular, integrated physical and cyber security solutions, Thales is able to: Design and implement upgrades to the existing security of your organisation with minimal impact to your business operations. Thales is trusted to secure critical energy facilities, transport networks and defence assets in the UK and around the world. Pull through capabilities from the global Thales Group and our industry partners to deliver secure solutions that deliver tangible business benefits. For example, Thales implemented a fully integrated security management system in Mexico City as part of the Secure City project. Use our world leading encryption product suite to protect your data. Our encryption hardware help secure an estimated 80% of the world s payment transactions, including 3.7 billion BACS transactions every year. Contact Us Thales UK Ltd, Mountbatten House, Basing View, Basingstoke RG21 4HJ, UK Tel: +44 (0) Website: THALES UK LTD. This document and any data included are the property of Thales UK Ltd. No part of this document may be copied, reproduced, transmitted or utilised in any form or by any means without the prior written permission of Thales UK Limited having first been obtained. Thales has a policy of continuous development and improvement. Consequentially the equipment may vary from the description and specification in this document. This document may not be considered as a contract specification. Graphics do not indicate use or endorsement of the featured equipment or services. Cyber Security for SCADA Systems - Autumn

Cyber Security for SCADA/ICS Networks

Cyber Security for SCADA/ICS Networks Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And

More information

CYBER SECURITY Audit, Test & Compliance

CYBER SECURITY Audit, Test & Compliance www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

Data Security Concerns for the Electric Grid

Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Five keys to a more secure data environment

Five keys to a more secure data environment Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational

More information

THALES. www.thalesgroup. corn

THALES. www.thalesgroup. corn THALES www.thalesgroup. corn c Understanding cyber security is a challenge faced by all businesses and organisations around the world. New threats emerge on a daily basis and it can be difficult to understand

More information

The Human Component of Cyber Security

The Human Component of Cyber Security www.thalescyberassurance.com In this white paper Humans, their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions,

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

SIEM is only as good as the data it consumes

SIEM is only as good as the data it consumes SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to

More information

Network/Cyber Security

Network/Cyber Security Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security

More information

THE HUMAN COMPONENT OF CYBER SECURITY

THE HUMAN COMPONENT OF CYBER SECURITY cybersecurity.thalesgroup.com.au People, with their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions, are the

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Security Issues with Integrated Smart Buildings

Security Issues with Integrated Smart Buildings Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions Managed Security Managed Security MANAGED SECURITY SOLUTIONS I would highly recommend for your company s network review... were by far the best company IT Manager, Credit Management Agency Presenting IT

More information

The Cyber Threat Profiler

The Cyber Threat Profiler Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Designing a security policy to protect your automation solution

Designing a security policy to protect your automation solution Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Best Practices in ICS Security for System Operators. A Wurldtech White Paper Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

More information

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS MARCH 2011 Acknowledgements This Viewpoint is based upon the Recommended Practice: Configuring and Managing Remote Access

More information

Are you prepared to be next? Invensys Cyber Security

Are you prepared to be next? Invensys Cyber Security Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber

More information

The evolution of data connectivity

The evolution of data connectivity Leveraging the Benefits of IP and the Cloud in the Security Sector The CCTV and alarm industry has relied on analogue or Integrated Services Digital Network (ISDN) communications to provide data connectivity

More information

Network & Information Security Policy

Network & Information Security Policy Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk

More information

developing your potential Cyber Security Training

developing your potential Cyber Security Training developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

Caretower s SIEM Managed Security Services

Caretower s SIEM Managed Security Services Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During

More information

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808 cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

AUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005

AUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005 AUDITOR GENERAL S REPORT Protection of Critical Infrastructure Control Systems Report 5 August 2005 Serving the Public Interest Serving the Public Interest THE SPEAKER LEGISLATIVE ASSEMBLY THE PRESIDENT

More information

INCIDENT RESPONSE CHECKLIST

INCIDENT RESPONSE CHECKLIST INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged

More information

Protecting Organizations from Cyber Attack

Protecting Organizations from Cyber Attack Protecting Organizations from Cyber Attack Cliff Glantz and Guy Landine Pacific Northwest National Laboratory (PNNL) PO Box 999 Richland, WA 99352 cliff.glantz@pnnl.gov guy.landine@pnnl.gov 1 Key Topics

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

White Paper. April 2006. Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks

White Paper. April 2006. Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks White Paper April 2006 Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks According to a recent Harris Interactive survey, the country s leading business executives consider

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

Cyber Threats in Physical Security Understanding and Mitigating the Risk

Cyber Threats in Physical Security Understanding and Mitigating the Risk Cyber Threats in Physical Security Understanding and Mitigating the Risk Synopsis Over the last few years, many industrial control systems, including security solutions, have adopted digital technology.

More information

Oil and Gas Industry A Comprehensive Security Risk Management Approach. www.riskwatch.com

Oil and Gas Industry A Comprehensive Security Risk Management Approach. www.riskwatch.com Oil and Gas Industry A Comprehensive Security Risk Management Approach www.riskwatch.com Introduction This white paper explores the key security challenges facing the oil and gas industry and suggests

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,

More information

MANAGE THIRD PARTY RISKS

MANAGE THIRD PARTY RISKS SECURITY FOR INDUSTRIAL CONTROL SYSTEMS MANAGE THIRD PARTY RISKS A GOOD PRACTICE GUIDE Disclaimer Reference to any specific commercial product, process or service by trade name, trademark, manufacturer,

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

Energy Cybersecurity Regulatory Brief

Energy Cybersecurity Regulatory Brief Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider

More information

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those

More information

What is Really Needed to Secure the Internet of Things?

What is Really Needed to Secure the Internet of Things? What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices

More information

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer

More information

Security Testing in Critical Systems

Security Testing in Critical Systems Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Risk Assessment Guide

Risk Assessment Guide KirkpatrickPrice Assessment Guide Designed Exclusively for PRISM International Members KirkpatrickPrice. innovation. integrity. delivered. KirkpatrickPrice Assessment Guide 2 Document Purpose The Assessment

More information

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October 2015. Page 1 of 9

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October 2015. Page 1 of 9 Security CLOUD VIDEO CONFERENCING AND CALLING Whitepaper October 2015 Page 1 of 9 Contents Introduction...3 Security risks when endpoints are placed outside of firewalls...3 StarLeaf removes the risk with

More information

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote

More information

Protecting Critical Infrastructure

Protecting Critical Infrastructure Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Accessing and sending data securely across security domains

Accessing and sending data securely across security domains In this White Paper Connectivity is good. Secure connectivity is essential. This white paper by Thales UK explains how Thales Gateway Services protect the exchange of data across security domains. It discusses

More information

SCADA SYSTEMS AND SECURITY WHITEPAPER

SCADA SYSTEMS AND SECURITY WHITEPAPER SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of

More information

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION ALBERTO AL HERNANDEZ, ARMY RESERVE OFFICER, SOFTWARE ENGINEER PH.D. CANDIDATE, SYSTEMS ENGINEERING PRESENTATION

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

IIABSC 2015 - Spring Conference

IIABSC 2015 - Spring Conference IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber

More information

The Four-Step Guide to Understanding Cyber Risk

The Four-Step Guide to Understanding Cyber Risk Lifecycle Solutions & Services The Four-Step Guide to Understanding Cyber Risk Identifying Cyber Risks and Addressing the Cyber Security Gap TABLE OF CONTENTS Introduction: A Real Danger It is estimated

More information

How Secure is Your SCADA System?

How Secure is Your SCADA System? How Secure is Your SCADA System? Charles Drobny GlobaLogix, Inc. Houston, TX, USA Our Industry is a Target 40% of cyber attacks on Critical Infrastructure targets are aimed at the Energy Industry The potential

More information

OPC & Security Agenda

OPC & Security Agenda OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Unit 3 Cyber security

Unit 3 Cyber security 2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:

More information

Information Security: A Perspective for Higher Education

Information Security: A Perspective for Higher Education Information Security: A Perspective for Higher Education A By Introduction On a well-known hacker website, individuals charged students $2,100 to hack into university and college computers for the purpose

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008 Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities

More information

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies

More information

Website Security: A good practice guide

Website Security: A good practice guide Authors: Computer Security Technology Ltd (CSTL) is a London based independent IT security specialist with over 15 years of experience. CSTL supply solutions, services, and advice to safeguard business

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?

More information

NERC CIP VERSION 5 COMPLIANCE

NERC CIP VERSION 5 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining

More information

SITECATALYST SECURITY

SITECATALYST SECURITY SITECATALYST SECURITY Ensuring the Security of Client Data June 6, 2008 Version 2.0 CHAPTER 1 1 Omniture Security The availability, integrity and confidentiality of client data is of paramount importance

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

Bio-inspired cyber security for your enterprise

Bio-inspired cyber security for your enterprise Bio-inspired cyber security for your enterprise Delivering global protection Perception is a network security service that protects your organisation from threats that existing security solutions can t

More information

Securing Industrial Control Systems on a Virtual Platform

Securing Industrial Control Systems on a Virtual Platform Securing Industrial Control Systems on a Virtual Platform How to Best Protect the Vital Virtual Business Assets WHITE PAPER Sajid Nazir and Mark Lazarides sajid.nazir@firstco.uk.com 9 Feb, 2016 mark.lazarides@firstco.uk.com

More information

Building Secure Networks for the Industrial World

Building Secure Networks for the Industrial World Building Secure Networks for the Industrial World Anders Felling Vice President, International Sales Westermo Group Managing Director Westermo Data Communication AB 1 Westermo What do we do? Robust data

More information

Intelligent. Buildings: Understanding and managing the security risks

Intelligent. Buildings: Understanding and managing the security risks Version 2 IET Sector Insights Intelligent Buildings: Understanding and managing the security risks More efficient and cost-effective use of the built environment is increasingly being driven by economic

More information

Lot 1 Service Specification MANAGED SECURITY SERVICES

Lot 1 Service Specification MANAGED SECURITY SERVICES Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Industrial Control Systems Security Guide

Industrial Control Systems Security Guide Industrial Control Systems Security Guide Keith Stouffer, Engineering Lab National Institute of Standards and Technology NIST SP 800-82, Rev 2 and ICS Cybersecurity Testbed Keith Stouffer Project Leader,

More information

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's: Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services

More information

Securing Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case

Securing Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case Securing Industrial Control Systems in the Chemical Sector Roadmap Awareness Initiative Making the Business Case Developed by the Chemical Sector Coordinating Council in partnership with The U.S. Department

More information

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1 JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us

More information

Music Recording Studio Security Program Security Assessment Version 1.1

Music Recording Studio Security Program Security Assessment Version 1.1 Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND

More information

Breach Found. Did It Hurt?

Breach Found. Did It Hurt? ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

SCADA Security Training

SCADA Security Training SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks 4 Best Practices for Building PCI DSS Compliant Networks Cardholder data is a lucrative and tempting target for cyber criminals. Recent highly publicized accounts of hackers breaching trusted retailers

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Top Five Ways to Protect Your Network. A MainNerve Whitepaper A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

SPEAR PHISHING UNDERSTANDING THE THREAT

SPEAR PHISHING UNDERSTANDING THE THREAT SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business

More information

HMG Security Policy Framework

HMG Security Policy Framework HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of

More information