Network/Cyber Security

Transcription

1 Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: Security Breaches Several small, mostly rural, police and sheriff offices- Targeted by company they had investigated. Computer systems hacked, websites defaced, sensitive information exposed,( s, tips on suspected crimes and profiles of gang members) $200,000 theft of electronic fund transfers for schools and cities in a county Wastewater management system hacked by computer expert rejected for city job SCDOR SS Numbers of 3.6 million SC residents 40 million customer s credit and debit card data stolen through Target Point of Sale systems 1

2 The Security Challenge Topic can be overwhelming Concepts are confusing Seen as purely an IT issue Ignore until an event occurs Rapidly changing technology and tactics Large time investment to remain current Areas of focus Perimeter Security Device Security Monitoring Change control Testing User training Incident Response SCADA/ICS Specific Perimeter Security Protecting your networks from directed attacks Physical security Firewalls Network segmentation - VLANs Implement DMZs to contain any Internet facing services Wireless Networks Intrusion Detection Systems (IDS) Identify malicious traffic and notify Intrusion Prevention Systems (IPS) Identify malicious traffic and act 6 2

3 Device Security Preventative Maintenance Patch management (Servers,Workstations) Code management (Firewalls, switches, appliances) Lifecycle management Ensure security from deployment to decommission Anti-Virus Anti-Spam Mobile Device Management Data Encryption Remote wipe capabilities Network Access Control 7 Monitoring Tracking your security state IDS/IPS Need to know an event has happened Log and Event Management Systems (LEMS) Managed Security Services 3 rd Party Monitoring Do you know what s leaving your network? Malicious traffic Confidential documents and information 8 Change Control Does your change control process account for security? IT environments change constantly Change introduces new risk New systems brought online without current security patches Removal of legacy equipment leaves vulnerabilities Make sure your decommission process is complete! 9 3

4 Testing Scans & Audits Vulnerability scans External & Internal Periodic review of access rights Terminated employees Process audits Third party reviews 10 End Users Your #1 Security Risk Consider using a password management tool (forces regular change, authentication) Grant access rights on an as needed basis Don t click on links in s/texts Don t open attachments unless you are expecting them Don t click on or pop-up messages that ask for personal or financial information Don t download and install software Don t personal or financial information 11 End Users Your #1 Security Risk Implement encryption on laptops and mobile devices Exercise caution when accessing public hotspots Avoid risky sites (gambling, foreign, etc.) Install a comprehensive security suite Limit use of the Administrator account Don t ever share your password!!!! Implement dual factor authentication 12 4

5 End UserTraining Education is the first line of defense Explain the ramifications of a breach Start with basics as simple as password policies Document rules for various situations Expose your employees to real world scenarios Employee Termination Take the necessary steps Change password and disable users account Remote access Vendor sites Partner sites Mobile devices Hosted services 14 Incident Response Plan How will you react when the inevitable occurs? Assess and categorize impact Engage your Incident Response team Roles should be pre-defined Nature of incident dictates which roles are required Containment Stop the spread Eradicate Remove the cause of the incident Recovery Return to normal operation Lessons learned How did it happen? Complete Incident Report 15 5

6 Security and SCADA ICS / SCADA Specific Risks Blocked or delayed information flow Unauthorized changes Instruction sets, controls, alarm thresholds Inaccurate information ICS systems infected with malware Impact to safety systems 16 Homeland Security Policy Security policies, procedures, training and educational Addressing security throughout the lifecycle of the ICS Implementing a network topology for the ICS that has multiple layers Employing a DMZ network architecture Ensuring that critical components are redundant and are on redundant networks Disabling unused ports and services on ICS devices Restricting physical access to the ICS network and devices Restricting ICS user privileges to only those that are required to perform each person s job 17 Homeland Security Policy Separate authentication mechanisms and credentials for users of the ICS network and the corporate network Using modern technology, such as smart cards for Personal Identity Verification (PIV) Implementing security controls such as intrusion detection software, antivirus software and file integrity checking Applying security techniques such as encryption and/or cryptographic hashes to ICS data storage Expeditiously deploying security patches after testing all patches under field conditions on a test system if possible Tracking and monitoring audit trails on critical areas of the ICS

7 Practical Steps Isolate your SCADA networks Encrypt network traffic if possible Grant access to only those that need it Do not mix administrative and SCADA systems Implement dual factor authentication Define strict policies and procedures Leverage independent audits Joe Howland,VCIO (803) Larry Mattox,Account Executive (803)