NextGen SCADA security. Erwin Kooi

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "NextGen SCADA security. Erwin Kooi"

Transcription

1 NextGen SCADA security Erwin Kooi

2 Setting the stage This talk is not An introduction to SCADA security AIC versus CIA The latest blinky-lights SCADA security appliance How to use IT security in OT envrionments This talk is About next steps in SCADA security 2

3 ~/$ whoami Ing. Erwin Kooi, MSIT CISSP SCP Security Manager at Alliander Primary focus on OT, IT Data Center and new developments Background in healthcare electronics & IT Hacker and avid lockpicker 3

4 ~/$ cat /etc/group grep erwin Dutch Smart Meter Privacy & Security working group Dutch Smart Grid Cyber Security working group European FP7 project CRISALIS various Dagstuhl scientific seminars on SCADA security 4

5 Meet DSO Alliander in key figures Electricity distribution Customers: 3,3 million Grid: km Stations (sub, distribution): Gas distribution Customers: 2,6 million Grid: km Stations (sub, distribution): Company 12 Billion asset value 1.4 Billion revenues 400 Million Investment / Annum FTE KPI, Performance 19.8 SVBM (outage time in minutes per end user) 5

6 Our assignment 1 Establish, maintain and manage energy networks 2 Ensure reliable, affordable and safe energy supply 3 Contribute to (sustainable) developments 4 Contribute to better society

7 Connect customers (prosumers) to energy via Information-intensive network The DSO s new grid world 1. Electricity 2. Gas 3. Data New sensors / distributed computing on Transmission and Distribution Lines alarm operators, resolve problems, integrate large scale renewable generation Smart Meters and HAN help users to deploy energy more wisely, mitigate peak demand and integrate local generation Generation Transmission Distribution Users / Customers 7

8 Connect customers (prosumers) to energy via Information-intensive network Introduction of IT in lower parts of the grid Information sharing across domains Need for fast, reliable communication networks Guarantied propagation times Communication network layout does not follow grid layout Own Cu / (SiO 2 ) n network 8

9 Old SCADA 9

10 New SCADA 10

11 Remote location 11

12 Even more remote location 12

13 OMG Average IT security expert 13

14 However 14

15 Security vision Alliander resilience vision*: Alliander is a resilient organization capable of anticipating and responding on a range or threats against her mission Alliander security vision: Protecting the mission of Alliander and her stakeholders by securing our crown jewels against intentionally caused damage through human actions * Underwriting the WEF resilience principles 15

16 Anatomy of an attack Attacker Intel Gathering Vuln Research Exploit Maintain Control Post Exploit Intel Gathering Threat Analysis Data Correlation Intrusion Detection Contain & Mitigate Defender 16

17 Security approach 17

18 Security approach Baseline + additional measures and detection detection detection + flexible response -> CERT / CSIRT Breaches will occur prevent the stupid ones detect and respond to the others This is me Design and build for failures This is me too This requires close cooperation with asset owners! 18

19 Anticipation overview Clear data ownership and responisbility Security one of the main topics in IOT integration program Security framework for IT based on ISO 2700x, IEC and SABSA in line with IT architecture (TOGAF) Security framework for OT based on nationally accepted OLF 104 (subset of ISO 2700x) National privacy & security framework for smart meters based on ISO 2700x National security framework for smart grid in progress 19

20 Anticipation standards Standards and frameworks are nice Standards and frameworks give direction Standards and frameworks are compromises Standards and frameworks take time to develop Standards and frameworks are someone elses risk decisions 20

21 Anticipation situational awareness Monitoring community for known vulnerabilities Need an up-to-date inventory Example: Ruggedcom Private Key / known ID s vulnerability Only switch certified for IEC Should I fix this? Where is it deployed in our networks? Is it in Metasploit? -> yes, took only days msf > use auxiliary/scanner/telnet/telnet_ruggedcom msf auxiliary(telnet_ruggedcom) > set RHOSTS [TARGET HOST RANGE] msf auxiliary(telnet_ruggedcom) > run 21

22 Attention monitoring Current IDS focussed on IT. How low can you go? IEC / -104? IEC 61850? ICCP? Modbus? But a chatty Windows / *NIX laptop on our 104 network is never acceptable -> easy to detect Known bots are never acceptable -> easy to detect What are your devices telling you (and are you listening)? 22

23 Attention monitoring Vendors are catching up! SCADA protocols no longer exotic. Pilots in our 104 network with anomaly detection: 5 mins learning -> 7 false positives in a week 1 day learning -> 3 false positives in a month Doable! But who is going to monitor the logs and alerts? 23

24 Attention monitoring / action IDS -> IPS strategy Depending on the place in your network. Known badness (signature-based) blocked automatically? Anomalies passed to a human? Received From: >/var/log/auth.log Rule: 5712 fired (level 10) -> "SSHD brute force trying to get access to the system." Src Location: US,Pennsylvania,Scranton Portion of the log(s): Mar 12 04:39:33 vs3547 sshd[25648]: Invalid user user from Mar 12 04:39:33 vs3547 sshd[25622]: Invalid user x from Mar 12 04:39:29 vs3547 sshd[25514]: Invalid user mmroot from Mar 12 04:39:28 vs3547 sshd[25482]: Invalid user kai from Mar 12 04:39:24 vs3547 sshd[25373]: Invalid user mythtv from Mar 12 04:39:21 vs3547 sshd[25255]: Invalid user postgres from Mar 12 04:39:19 vs3547 sshd[25180]: Invalid user prueba from Mar 12 04:39:17 vs3547 sshd[25149]: Invalid user db2inst1 from

25 Attention research Security research is not our core business Partnering with research institutions ENCS University Twente Partnering with industry IBM Siemens Fox-IT 25

26 Attention research The CRISALIS consortium Security industry Control system industry/end users Academia

27 Attention correlation Not only network and system events, but also its surroundings (NOTE: these also introduce interesting vulnerabilities security devices!:= secure devices) 27

28 Attention correlation Data correlation, a scenario: Someone is entering a substation There are no work permits for this time at that station There is no disruption or malfunction in that station There is suddenly a HMI protocol running on the network + Intruder alert! Respond notify operators notify police limit network traffic from that station 28

29 Rational response contain & mitigate Computer Emergency Response Team (CERT) Also the team that does vulnerability / threat analysis Also the team that does monitoring Prepare and mandate common scenarios Temporary disconnect a substation from the Control Room Reboot systems in the Control Room Escalate to business crisis team if scenarios are not mandated Shutdown a substation Shutdown SCADA networks Shutdown Internet connection 29

30 Rational response evaluate & learn Share incidents with vendors and community Need to have establish trusted relations with your vendors and competitors Incidents are input for continuous improvenemt and growing to the next NextGen SCADA security 30

31 31

32

33 On a personal note Black out by Austrian writer Marc Elsberg ISBN (Dutch version) An European black out scenario with its impact on society, using a simple Smart Meter / SCADA hack with some physical sabotage Not sure if I should make this compulsory or banned 33

34 End-to-End SCADA Security: Implementing a robust cyber security strategy to protect SCADA systems in the digital age Creating a company-wide cyber security vision with SCADA systems in mind Translating this vision into a strategy with a roadmap and how a security architecture can help Defining how robust your security should be Identifying opportunities to increase (embedded) security measures for new and existing SCADA systems and processes, in line with your security strategy Erwin Kooi, Information Security Manager, Alliander 34

EU CIP Project DENSEK. Joining forces against cyber threats on European level

EU CIP Project DENSEK. Joining forces against cyber threats on European level EU CIP Project DENSEK Joining forces against cyber threats on European level DENSEK EU CIP Objectives Improving the resilience of the energy infrastructure i.e. improving the security of the Smart Energy

More information

European Network for Cyber Security

European Network for Cyber Security European Network for Cyber Security Cyber Security: a fundamental basis for Smart Grids Project Summary December 19, 2014 Introduction Smart grids are crucial to support the use of more sustainable energy

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids

Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids CPSR-SG 2016: Joint International Workshop on Cyber-Physical Security and Resilience in Smart Grids, 12th April 2016, Vienna Security for smart Electricity GRIDs Including Threat Actor Capability and Motivation

More information

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit Page 1 of 10 Events Partners Careers Contact Facebook Twitter LinkedIn Pike Research Search search... Home About Research Consulting Blog Newsroom Media My Pike Logout Overview Smart Energy Clean Transportation

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191 Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3

More information

SCADA Security Training

SCADA Security Training SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,

More information

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com Internet of Things (IoT): Security Awareness Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com So What is the Internet of Things Network of physical objects embedded with: Electronics, software, sensors

More information

Smart Substation Security

Smart Substation Security Smart Substation Security SmartSec Europe 2014 Amsterdam 29/01/2014 Agenda Context Elia Introduction to the substation environment in Elia Security design and measures in the substation Near and far future

More information

Smart Grid Security: A Look to the Future

Smart Grid Security: A Look to the Future Smart Grid Security: A Look to the Future SESSION ID: TECH-W03A Gib Sorebo Chief Cybersecurity Technologist Leidos @gibsorebo Overview Distributed Energy Plug-in Vehicles Evolving Threats: Market Manipulation,

More information

Update On Smart Grid Cyber Security

Update On Smart Grid Cyber Security Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats

More information

Advance Malware protection in distribution and manufacturing environments. Rob Dolci, April 2016, copyright aizoon USA.

Advance Malware protection in distribution and manufacturing environments. Rob Dolci, April 2016, copyright aizoon USA. Advance Malware protection in distribution and manufacturing environments Rob Dolci, April 2016, copyright aizoon USA. aizoon at a glance Bologna New York, NY Cuneo USA Troy, MI Lewiston, ME Cambridge,

More information

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2. ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework

More information

Ecom Infotech. Page 1 of 6

Ecom Infotech. Page 1 of 6 Ecom Infotech Page 1 of 6 Page 2 of 6 IBM Q Radar SIEM Intelligence 1. Security Intelligence and Compliance Analytics Organizations are exposed to a greater volume and variety of threats and compliance

More information

Cisco Security Services

Cisco Security Services Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

Organizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation

Organizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation Organizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation Agenda Problem Description Issues for Consideration Mitigation of the Issues Options

More information

Robert Malmgren. Smart Grid. Security Challenges - Legacy and Infrastructure Burdens

Robert Malmgren. Smart Grid. Security Challenges - Legacy and Infrastructure Burdens Robert Malmgren Smart Grid Security Challenges - Legacy and Infrastructure Burdens Short bio Robert Malmgren Independent consultant that have worked with utility companies regarding IT- and info sec since

More information

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION ALBERTO AL HERNANDEZ, ARMY RESERVE OFFICER, SOFTWARE ENGINEER PH.D. CANDIDATE, SYSTEMS ENGINEERING PRESENTATION

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

The Importance of Cybersecurity Monitoring for Utilities

The Importance of Cybersecurity Monitoring for Utilities The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

GEARS Cyber-Security Services

GEARS Cyber-Security Services Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Data Security Concerns for the Electric Grid

Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical

More information

Cyber Security for the energy industry

Cyber Security for the energy industry ENERGY Cyber Security for the energy industry 28-03-2014 1 DNV GL 2014 10-03-2014 SAFER, SMARTER, GREENER 2 3 Challenges Utilities are thinking they are ok! The fence around the assets isn t enough anymore

More information

Claes Rytoft, ABB, 2009-10-27 Security in Power Systems. ABB Group October 29, 2009 Slide 1

Claes Rytoft, ABB, 2009-10-27 Security in Power Systems. ABB Group October 29, 2009 Slide 1 Claes Rytoft, ABB, 2009-10-27 Security in Power Systems October 29, 2009 Slide 1 A global leader in power and automation technologies Leading market positions in main businesses 120,000 employees in about

More information

Cyber Security and Privacy - Program 183

Cyber Security and Privacy - Program 183 Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology

More information

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Boeing Defense, Space & Security Ventures Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Tristan Glenwright - Boeing BOEING is a trademark of Boeing Management Company. The

More information

BREACHES HAPPEN. BE PREPARED. F-SECURE RAPID DETECTION SERVICE

BREACHES HAPPEN. BE PREPARED. F-SECURE RAPID DETECTION SERVICE BREACHES HAPPEN. BE PREPARED. F-SECURE RAPID DETECTION SERVICE TAKE A HOLISTIC APPROACH TO CYBER SECURITY. Sophisticated corporate cyber attacks have become commonplace. They circumvent even the best-defended

More information

ISACA rudens konference

ISACA rudens konference ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial

More information

Security in Smart Grid / IoT. Nenad Andrejević Comtrade Solutions Engineering

Security in Smart Grid / IoT. Nenad Andrejević Comtrade Solutions Engineering Security in Smart Grid / IoT Nenad Andrejević Comtrade Solutions Engineering Introduction Why is security important With so much of our lives connected to the Internet from our critical infrastructure

More information

Practical Steps To Securing Process Control Networks

Practical Steps To Securing Process Control Networks Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.

More information

Cyber Security Seminar KTH 2011-04-14

Cyber Security Seminar KTH 2011-04-14 Cyber Security Seminar KTH 2011-04-14 Defending the Smart Grid erik.z.johansson@se.abb.com Appropriate Footer Information Here Table of content Business Drivers Compliance APT; Stuxnet and Night Dragon

More information

Goals. Understanding security testing

Goals. Understanding security testing Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

IT Security and OT Security. Understanding the Challenges

IT Security and OT Security. Understanding the Challenges IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control

More information

New Era in Cyber Security. Technology Development

New Era in Cyber Security. Technology Development New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security

More information

Big Data and Security: At the Edge of Prediction

Big Data and Security: At the Edge of Prediction Big Data and Security: At the Edge of Prediction Mark Seward Splunk Inc. Fred Wilmot Splunk Inc. Session ID: Session Classification: SPO2-T17 Intermediate The Way Cyber Adversaries Think Where is the most

More information

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008 U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October

More information

Legislative Council Panel on Information Technology and Broadcasting. Information Security

Legislative Council Panel on Information Technology and Broadcasting. Information Security For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?

More information

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark The self-defending network a resilient network By Steen Pedersen Ementor, Denmark The self-defending network - a resilient network What is required of our internal networks? Available, robust, fast and

More information

State of Vermont. Intrusion Detection and Prevention Policy. Date: 11-02-10 Approved by: Tom Pelham Policy Number:

State of Vermont. Intrusion Detection and Prevention Policy. Date: 11-02-10 Approved by: Tom Pelham Policy Number: State of Vermont Intrusion Detection and Prevention Policy Date: 11-02-10 Approved by: Tom Pelham Policy Number: 1 Table of Contents 1.0 Introduction... 3 1.1 Authority... 3 1.2 Purpose... 3 1.3 Scope...

More information

Intrusion Tolerance to Mitigate Attacks that Persist

Intrusion Tolerance to Mitigate Attacks that Persist Intrusion Tolerance to Mitigate Attacks that Persist Arun Sood Professor (Computer Science) and Co-Director International Cyber Center George Mason University, Fairfax, VA asood@gmu.edu The variety and

More information

1. Thwart attacks on your network.

1. Thwart attacks on your network. An IDPS can secure your enterprise, track regulatory compliance, enforce security policies and save money. 10 Reasons to Deploy an Intrusion Detection and Prevention System Intrusion Detection Systems

More information

IEEE-Northwest Energy Systems Symposium (NWESS)

IEEE-Northwest Energy Systems Symposium (NWESS) IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific

More information

Network Security Forensics

Network Security Forensics Network Security Forensics As hacking and security threats grow in complexity and organizations face stringent requirements to document access to private data on the network, organizations require a new

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

Information Technology Policy

Information Technology Policy ITP Number ITP-SEC024 Category Security Contact RA-ITCentral@pa.gov Information Technology Policy IT Security Incident Policy Effective Date August 2, 2012 Supersedes Scheduled Review Annual 1. Purpose

More information

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation

More information

Panel Session: Lessons Learned in Smart Grid Cybersecurity

Panel Session: Lessons Learned in Smart Grid Cybersecurity PNNL-SA-91587 Panel Session: Lessons Learned in Smart Grid Cybersecurity TCIPG Industry Workshop Jeff Dagle, PE Chief Electrical Engineer Advanced Power and Energy Systems Pacific Northwest National Laboratory

More information

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually

More information

You Don t Know What You Can t See: Network Security Monitoring in ICS Rob Caldwell

You Don t Know What You Can t See: Network Security Monitoring in ICS Rob Caldwell You Don t Know What You Can t See: Network Security Monitoring in ICS Rob Caldwell Mandiant, a FireEye company [2014 SANS European ICS Summit] About me Currently: Principal Consultant on Mandiant s Industrial

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Lessons learned from the new Smart Meter Risk Analysis Methodology in the Netherlands

Lessons learned from the new Smart Meter Risk Analysis Methodology in the Netherlands Lessons learned from the new Smart Meter Risk Analysis Methodology in the Netherlands Johan Rambi Alliancemanager Privacy & Security Alliander Chairman Policy Committee Privacy & Security Netbeheer Nederland

More information

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009 Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods

More information

Patching & Malicious Software Prevention CIP-007 R3 & R4

Patching & Malicious Software Prevention CIP-007 R3 & R4 Patching & Malicious Software Prevention CIP-007 R3 & R4 Scope Compliance Assessment Summary Introspection & Analysis Program-In Review Maturity Model review Control Design review Process Components of

More information

N-Dimension Solutions Cyber Security for Utilities

N-Dimension Solutions Cyber Security for Utilities AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential

More information

Applied Security Metrics

Applied Security Metrics Applied Security Metrics Planning, design and implementation of security metrics Doug Streit, ODU Dan Han, VCU Designing a Security Metrics Framework Doug Streit, ODU Metrics Program Getting Started 1.

More information

Personal Security Practices of the CAO

Personal Security Practices of the CAO Personal Security Practices of the CAO 1. Do you forward your government email to your personal email account? 2. When is the last time you changed your Enterprise password? Within the last 60 days Within

More information

Cyber Security Health Test

Cyber Security Health Test ENERGY Cyber Security Health Test Robin Massink 20-05-2014 1 DNV GL 2013 2014 20-12-2013 SAFER, SMARTER, GREENER Cyber security issues facing the utility industry We are moving from IEC60870-5-101/ DNP3

More information

Cyber Security for NERC CIP Version 5 Compliance

Cyber Security for NERC CIP Version 5 Compliance GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...

More information

Network Detection: What Is It Really? Introduction

Network Detection: What Is It Really? Introduction Cyber adapt Network Detection: What Is It Really? Introduction Network detection is now the hottest area of growth for cyber security. Verizon s 2015 Data Breach Investigations Report notes that the volume

More information

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHAT S INSIDE: 1. GENERAL INFORMATION 1 2. EXECUTIVE SUMMARY 1 3. BACKGROUND 2 4. QUESTIONS FOR CONSIDERATION

More information

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808 cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

More information

Franchise Data Compromise Trends and Cardholder. December, 2010

Franchise Data Compromise Trends and Cardholder. December, 2010 Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee

More information

Lessons learned from the new Smart Meter Risk Analysis Methodology in the Netherlands

Lessons learned from the new Smart Meter Risk Analysis Methodology in the Netherlands Lessons learned from the new Smart Meter Risk Methodology in the Netherlands Johan Rambi Alliancemanager Privacy & Security Alliander Chairman Policy Committee Privacy & Security Netbeheer Nederland 6

More information

Missing the Obvious: Network Security Monitoring for ICS

Missing the Obvious: Network Security Monitoring for ICS Missing the Obvious: Network Security Monitoring for ICS If ICS are so vulnerable, why haven t we seen more attacks? We aren t looking! Two Key Reasons Intent Visibility Intent Why are targeted attacks

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Bridging the gap between COTS tool alerting and raw data analysis

Bridging the gap between COTS tool alerting and raw data analysis Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading

More information

Cyber Security of the Power Grid

Cyber Security of the Power Grid Cyber Security of the Power Grid Chen-Ching Ching Liu Professor of Power Systems University College Dublin Research for Ireland s Future Ireland -Country of natural beauty -Quality of life ranked among

More information

Jim Sheppard, Director of Business Processes CenterPoint Energy, Texas, USA

Jim Sheppard, Director of Business Processes CenterPoint Energy, Texas, USA Jim Sheppard, Director of Business Processes CenterPoint Energy, Texas, USA About Us... Public company traded on the New York Stock Exchange (CNP) Headquartered in Houston, TX Operating 3 business segments

More information

future data and infrastructure

future data and infrastructure White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

Waterfall for NERC-CIP Compliance

Waterfall for NERC-CIP Compliance Waterfall for NERC-CIP Compliance Using Waterfall s Unidirectional Security Solution to Achieve True Security & NERC-CIP Compliance Date: Jul. 2009 The material in this document is proprietary to Waterfall

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

Increasing Situational Awareness and Multi-zone Protection of Utility Infrastructure

Increasing Situational Awareness and Multi-zone Protection of Utility Infrastructure Increasing Situational Awareness and Multi-zone Protection of Utility Infrastructure Reference implementation demonstrates a comprehensive end-to-end security solution based on leading McAfee* and Intel

More information

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy

More information

Facilitated Self-Evaluation v1.0

Facilitated Self-Evaluation v1.0 Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Patricia Hoffman Facilitated Self-Evaluation v1.0 Assistant Secretary Office of Electricity Delivery and Energy Reliability U.S.

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security SIEM Optimization 101 ReliaQuest E-Book Fully Integrated and Optimized IT Security Introduction SIEM solutions are effective security measures that mitigate security breaches and increase the awareness

More information

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection

More information

Secure SCADA Summit. Dan Mintz, CTO. Civil Health Services Group dmintz@csc.com. Twitter: technogeezer, December 2009

Secure SCADA Summit. Dan Mintz, CTO. Civil Health Services Group dmintz@csc.com. Twitter: technogeezer, December 2009 Secure SCADA Summit Dan Mintz, CTO Civil Health Services Group dmintz@csc.com Twitter: technogeezer, December 2009 For 50 years, CSC Has Helped Clients Ride Every Major Business- Driven Technology Wave

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

Cyber Security for SCADA/ICS Networks

Cyber Security for SCADA/ICS Networks Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats

More information

Integrating Security into Your Corporate Infrastructure

Integrating Security into Your Corporate Infrastructure Integrating Security into Your Corporate Infrastructure December 13, 2001 Matthew K. Miller, CISSP, GIAC Manager, Security Services RedSiren Technologies 1 Who is RedSiren? We are a MSSP Managed Security

More information

Protecting Critical Infrastructure

Protecting Critical Infrastructure Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security

More information

Service-Aware Security for Distributed Automation. Ilan Barda GRIPS SciREX Symposium February 2 nd 2015

Service-Aware Security for Distributed Automation. Ilan Barda GRIPS SciREX Symposium February 2 nd 2015 Service-Aware Security for Distributed Automation Ilan Barda GRIPS SciREX Symposium February 2 nd 2015 The market Securing the Industrial IoT Source: MarketsandMarkets, December 2014-2- Radiflow Mission

More information

Solving Big Data Challenges US Electric Utility Industry

Solving Big Data Challenges US Electric Utility Industry 1 Solving Big Data Challenges US Electric Utility Industry IEEE PES Meeting July 29, 2014 Sunil Pancholi 2 Agenda Smart Grid and Big Data Lockheed Martin Big Data Expertise Lockheed Martin Solutions in

More information

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013 Enterprise Security Architecture for Cyber Security M.M.Veeraragaloo 5 th September 2013 Outline Cyber Security Overview TOGAF and Sherwood Applied Business Security Architecture (SABSA) o o Overview of

More information

Integration and Big Data A Centralized Management Approach

Integration and Big Data A Centralized Management Approach Integration and Big Data A Centralized Management Approach The role of data and modelling in energy systems integration September 9, 2014 Schneider Electric 1 Convergence of Utility IT & OT Realtime Operations

More information

Why the Global Cyber Security Landscape Paints a Concerning Picture

Why the Global Cyber Security Landscape Paints a Concerning Picture SESSION ID: SPO-W07A Why the Global Cyber Security Landscape Paints a Concerning Picture Simon Goldsmith Director of Cyber Security (Commercial Sectors) BAE Systems @BAE_AI Today s Discussion PART 1 THE

More information

Cyber Threats in Physical Security Understanding and Mitigating the Risk

Cyber Threats in Physical Security Understanding and Mitigating the Risk Cyber Threats in Physical Security Understanding and Mitigating the Risk Synopsis Over the last few years, many industrial control systems, including security solutions, have adopted digital technology.

More information

Cisco Advanced Malware Protection

Cisco Advanced Malware Protection Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line

More information

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security

More information

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment The Advantages of an Integrated Factory Acceptance Test in an ICS Environment By Jerome Farquharson, Critical Infrastructure and Compliance Practice Manager, and Alexandra Wiesehan, Cyber Security Analyst,

More information