New Technologies for Substation Cyber Hardening

Size: px
Start display at page:

Download "New Technologies for Substation Cyber Hardening"

Transcription

1 UNIDIRECTIONAL SECURITY GATEWAYS New Technologies for Substation Cyber Hardening Andrew Ginter VP Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright 2014 by Waterfall Security Solutions Ltd. 2014

2 Waterfall's Mission: Replace ICS Firewalls Waterfall s mission: revolutionize ICS perimeter security with technologies that are stronger than firewalls Enables safe IT/OT integration, remote services, industrial cloud Substations, Generation, Not For IT Offshore BES Control Batch Processing, Primary Production, Security Networks Platforms Centers Refining Safety Systems Routers Firewalls Secure Secure Inbound / Waterfall Unidirectional Bypass Outbound FLIP TM Security Gateways Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 2

3 Firewalls at Cyber Perimeters Really? Attack Type UGW Fwall 1) Phishing / drive-by-download victim pulls your attack through firewall 4 2 2) Social engineering steal a password / keystroke logger / shoulder surf 4 1 3) Compromise domain controller create ICS host or firewall account 4 2 4) Attack exposed servers SQL injection / DOS / buffer-overflowd 4 2 5) Attack exposed clients compromised web svrs/ file svrs / buf-overflows 4 2 6) Session hijacking MIM / steal HTTP cookies / command injection 4 2 7) Piggy-back on VPN split tunneling / malware propagation 4 2 8) Firewall vulnerabilities bugs / zero-days / default passwd/ design vulns 4 2 9) Errors and omissions bad fwall rules/configs / IT reaches through fwalls ) Forge an IP address firewall rules are IP-based 4 2 Total Score: Attack Success Rate: Impossible Difficult Straight- Forward Photo: Red Tiger Security Firewall have been with us for 30 years now. The good guys and the bad guys both know how to defeat firewalls Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 3

4 Emerging Threat: Targeted Attacks Use spear phishing to punch through corporate firewalls or sometimes more conventional attacks on web & other servers Use custom malware to evade anti-virus Operate malware by interactive remote control Steal administrator passwords / password hashes Create new administrator accounts on domain controller Use new accounts to log in no need to break in any more defeats software update programs Bypasses standard IT security controls: firewalls, encryption, AV, security updates Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 4

5 Waterfall's Mission: Replace ICS Firewalls Waterfall s mission: revolutionize ICS perimeter security with technologies that are stronger than firewalls Enables safe IT/OT integration, remote services, industrial cloud Substations, Generation, Not For IT Offshore BES Control Batch Processing, Primary Production, Security Networks Platforms Centers Refining Safety Systems Routers Firewalls Secure Secure Inbound / Waterfall Unidirectional Bypass Outbound FLIP TM Security Gateways Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 5

6 Firewall Conventional Network Integration Corporate users reach into plant historian through firewall Corporate users send queries/requests, historian responds Industrial Network Corporate Network Workstations Historian PLCs RTUs Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 6

7 Unidirectional Security Gateways Hardware-enforced unidirectional server replication Replica server contains all data and functionality of original Corporate workstations communicate only with replica server Industrial network and critical assets are physically inaccessible from corporate network & 100% secure from any online attack Industrial Network Historian Server Waterfall TX agent Corporate Network Waterfall RX agent Replica Server Workstations PLCs RTUs Waterfall TX appliance Waterfall RX appliance Unidirectional Historian replication Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 7

8 DNP3 Replication TX agent is DNP3 master polls substation & accepts exception reports RX agent is DNP3 slave responds to EMS polls and sends report by exception reports to EMS No DNP3 packets pass through gateway Industrial Network Substation Controller Waterfall TX agent Corporate Network Waterfall RX agent EMS RTUs DNP3 Waterfall TX appliance Waterfall RX appliance DNP3 WAN Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 8

9 Waterfall Unidirectional Gateway Connectors Leading Industrial Applications/Historians OSIsoft PI, PI AF, GE ihistorian, GE ifix Scientech R*Time, Instep edna, GE OSM Siemens: WinCC/SINAUT/Spectrum Emerson Ovation, Wonderware Historian SQLServer, Oracle, MySQL, Postgres, SAP AspenTech IP21, Matrikon Alert Manager Schneider ClearSCADA Leading IT Monitoring Applications Log Transfer, SNMP, SYSLOG CA Unicenter, CA SIM, HP OpenView, IBM Tivoli HP ArcSight SIEM, McAfee ESM SIEM File/Folder Mirroring Folder, tree mirroring, remote folders (CIFS) FTP/FTFP/SFTP/TFPS/RCP Leading Industrial Protocols OPC: DA, HDA, A&E, UA DNP3, ICCP, Modbus GENA, IEC , IEC Remote Access Remote Screen View Secure Bypass Other connectors UDP, TCP/IP NTP, Multicast Ethernet Video/Audio stream transfer Mail server/mail box replication IBM MQ series, Microsoft MSMQ Antivirus updater, patch (WSUS) updater Remote print server World s largest collection of COTS industrial server replications Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 9

10 Waterfall's Mission: Replace ICS Firewalls Waterfall s mission: revolutionize ICS perimeter security with technologies that are stronger than firewalls Enables safe IT/OT integration, remote services, industrial cloud Substations, Generation, Not For IT Offshore BES Control Batch Processing, Primary Production, Security Networks Platforms Centers Refining Safety Systems Routers Firewalls Secure Secure Inbound / Waterfall Unidirectional Bypass Outbound FLIP TM Security Gateways Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 10

11 Waterfall FLIP Contains: TX module, RX Module, Trigger Controller (CPU) Trigger: button / key, schedule FLIP is a Unidirectional Gateway which can flip over Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 11

12 Waterfall Flip - Reversing Orientation Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 12

13 Waterfall Flip - Replicate to WAN Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 13

14 Waterfall Flip - Replicate to Substation Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 14

15 Possible FLIP States Relays: one way, other way, or neither way Nine possible states TX State: RX State Inside Inside Outside Disconnected Internal network is connected to internal network No connection to external network No harm done Outside network sends data unidirectionally to internal network Normal operation Networks are disconnected No harm done Outside Internal network sends data unidirectionally to external network Normal operation External network is connected to external network No connection to internal network No harm done Networks are disconnected No harm done Disconnected Networks are disconnected Networks are disconnected Networks are disconnected Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 15

16 FLIP: Stronger than Firewalls Designed to prevent interactive remote control: cannot allow data to flow both ways at once Trigger mechanism cannot be subverted by data passing through Firewalls forward messages, FLIP & Gateways do not TX Agents are clients. They ask for data and forward the answers/data No protocol-level attacks pass through no fuzzing/buffer overflows. All comms sessions terminate in agent hosts. FLIP: Stronger than firewalls Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 16

17 Firewall Use Case: Protecting Protection Equipment Deployed between protective relays and rest of substation Continuous monitoring of relays FLIP every 2 months or so send batch of new passwords and possibly new firmware into batch-mode update mechanism No interactive remote control for relays Substation Electronic Security Perimeter Relays FLIP RTUs WAN EMS Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 17

18 Use Case: Protecting Entire Substation Continuous monitoring of substation via DNP3 FLIP periodically new passwords, firmware, configurations, setpoints No interactive remote control for entire substation Substation Electronic Security Perimeter FLIP EMS Relays RTUs WAN Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 18

19 Evolving Best Practices New best practice: unidirectional gateways & FLIP defeat targeted attacks, insider attacks & malware propagation Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 19

20 Waterfall Security Solutions Headquarters in Israel, sales and operations office in the USA Hundreds of sites deployed in all critical infrastructure sectors 2012, 2013 & 2014 Best Practice awards for Industrial Network Security and Oil & Gas Security Practice IT and OT security architects should consider Waterfall for their operations networks Waterfall is key player in the cyber security market 2010, 2011, & 2012 The only unidirectional technology on US Department of Homeland Security s National SCADA Security Test Bed, and Japanese CSSC Test Bed Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 20

21 Waterfall Product Accreditations Only unidirectional technology with a cyber security assessment by Idaho National Laboratories Certified Common Criteria EAL4+ (High Attack Potential) Strategic partnership agreements / cooperation with: OSIsoft, GE, Schneider Electric, Westinghouse, and many other industrial vendors Hold US patents for SCADA/control networks security using Unidirectional Gateways Market leader for unidirectional server replication in industrial environments Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 21

22 Improving BES Reliability Security: absolute protection of safety and reliability of control system assets, from network attacks originating on external networks Compliance: best-practice guidance, standards and regulations are evolving to recognize strong security Costs: reduces security operating costs improves security and saves money in the long run Waterfall s unique solutions have the potential to be the industry s next game changing standard BES will be measurably more reliable when Unidirectional Gateways are deployed more widely Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 22

Cyber Security Summit Milano, IT

Cyber Security Summit Milano, IT UNIDIRECTIONAL SECURITY GATEWAYS Cyber Security Summit Milano, IT Advanced Threats Require Advanced Defenses Michael A. Piccalo, CISSP Director of Industrial Security Waterfall Security Solutions Proprietary

More information

Stronger Than Firewalls: Unidirectional Security Gateways

Stronger Than Firewalls: Unidirectional Security Gateways UNIDIRECTIONAL SECURITY GATEWAYS Stronger Than Firewalls: Unidirectional Security Gateways Colin Blou VP Sales Waterfall Security Solutions Proprietary Information -- Copyright 2013 by Waterfall Security

More information

Safe Network Integration

Safe Network Integration UNIDIRECTIONAL SECURITY GATEWAYS Safe Network Integration Stronger than Firewalls Shaul Pescovsky, Sales Director Waterfall Security Solutions shaul@waterfall-security.com Proprietary Information -- Copyright

More information

UNIDIRECTIONAL SECURITY GATEWAYS. Utilizing Unidirectional Security Gateways to Achieve Cyber Security for Industrial Environments

UNIDIRECTIONAL SECURITY GATEWAYS. Utilizing Unidirectional Security Gateways to Achieve Cyber Security for Industrial Environments UNIDIRECTIONAL SECURITY GATEWAYS Utilizing Unidirectional Security Gateways to Achieve Cyber Security for Industrial Environments 2010 Introducing: Waterfall Security Solutions Ltd Located in Rosh-Ha ayin,

More information

Strong Security in NERC CIP Version 5: Unidirectional Security Gateways

Strong Security in NERC CIP Version 5: Unidirectional Security Gateways Strong Security in NERC CIP Version 5: Unidirectional Security Gateways Chris Humphreys CEO The Anfield Group Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information

More information

Maximize Security to Minimize Compliance Costs. Technical Solutions Focused Webinar July 28, 2015 Sponsored by Waterfall Security Solutions

Maximize Security to Minimize Compliance Costs. Technical Solutions Focused Webinar July 28, 2015 Sponsored by Waterfall Security Solutions Maximize Security to Minimize Compliance Costs Technical Solutions Focused Webinar July 28, 2015 Sponsored by Waterfall Security Solutions Agenda Welcome and Panel Introduction Goals Why consider unidirectional

More information

13 Ways Through A Firewall What you don t know will hurt you

13 Ways Through A Firewall What you don t know will hurt you Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter

More information

An Analysis of the Capabilities Of Cybersecurity Defense

An Analysis of the Capabilities Of Cybersecurity Defense UNIDIRECTIONAL SECURITY GATEWAYS An Analysis of the Capabilities Of Cybersecurity Defense Michael Firstenberg, Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright

More information

13 Ways Through A Firewall

13 Ways Through A Firewall Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright

More information

An International Perspective on Security and Compliance

An International Perspective on Security and Compliance UNIDIRECTIONAL SECURITY GATEWAYS An International Perspective on Security and Compliance ICSJWG Fall Conference 2014 Lior Frenkel, CEO and Co-Founder Waterfall Security Solutions Andrew Ginter, VP Industrial

More information

CRITICAL INFRASTRUCTURE

CRITICAL INFRASTRUCTURE Owl Computing Technologies, Inc. CRITICAL INFRASTRUCTURE Securing Digital Assets Against Cyber Threats 38A Grove St, Ste 101 Ridgefield, CT 06877, USA Toll Free: 866-695-3387 Phone: +1 203-894-9342 Fax:

More information

13 Ways Through A Firewall What you don t know will hurt you

13 Ways Through A Firewall What you don t know will hurt you Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter Director of Industrial Security Waterfall Security Solutions

More information

Introduction to Waterfall Unidirectional Security Gateways: True Unidirectionality, True Security

Introduction to Waterfall Unidirectional Security Gateways: True Unidirectionality, True Security Proprietary Information Copyright 2011 by Introduction to Waterfall Unidirectional Security Gateways: True Unidirectionality, True Security Date: August, 2012 Proprietary Information Copyright 2012 by

More information

DHS ICSJWG Fall Conference 2011. Maintaining Necessary Information Paths Over Unidirectional Gateways

DHS ICSJWG Fall Conference 2011. Maintaining Necessary Information Paths Over Unidirectional Gateways DHS ICSJWG Fall Conference 2011 Maintaining Necessary Information Paths Over Unidirectional Gateways Mohan Ramanathan Solutions Architect for Critical Infrastructure NitroSecurity Andrew Ginter Director

More information

Stronger than Firewalls And Cheaper Too

Stronger than Firewalls And Cheaper Too Stronger than Firewalls And Cheaper Too Andrew Ginter Director of Industrial Security Waterfall Security Solutions 2012 Emerging Threat: Low Tech, Targeted Attacks Night Dragon, Shady RAT, Anonymous Trick

More information

Applying NERC-CIP CAN-0024 Guidance for Data Diodes To Unidirectional Security Gateways

Applying NERC-CIP CAN-0024 Guidance for Data Diodes To Unidirectional Security Gateways Applying NERC-CIP CAN-0024 Guidance for Data Diodes To Unidirectional Security Gateways Date: January, 2012 P a g e 2 - Legal Notice & Disclaimer - This document contains text, images and other information

More information

IT Security and OT Security. Understanding the Challenges

IT Security and OT Security. Understanding the Challenges IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control

More information

Using Tofino to control the spread of Stuxnet Malware

Using Tofino to control the spread of Stuxnet Malware technical datasheet Application Note Using Tofino to control the spread of Stuxnet Malware This application note describes how to use the Tofino Industrial Security Solution to prevent the spread of the

More information

Waterfall for NERC-CIP Compliance

Waterfall for NERC-CIP Compliance Waterfall for NERC-CIP Compliance Using Waterfall s Unidirectional Security Solution to Achieve True Security & NERC-CIP Compliance Date: Jul. 2009 The material in this document is proprietary to Waterfall

More information

Meeting the Cybersecurity Standards of ANSI/ISA 62443 with Data Diodes

Meeting the Cybersecurity Standards of ANSI/ISA 62443 with Data Diodes Meeting the Cybersecurity Standards of ANSI/ISA 62443 with Data Diodes Dennis Lanahan June 1, 2015 Securing the convergence of OT and IT with ST 1 Introduction to Owl US US Owned and & Operated Product

More information

Remote Access Considered Dangerous. Andrew Ginter, VP Industrial Security Waterfall Security Solutions

Remote Access Considered Dangerous. Andrew Ginter, VP Industrial Security Waterfall Security Solutions Access Considered Dangerous Andrew Ginter, VP Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 2015 "Secure" Access Behind lots

More information

Innovative Defense Strategies for Securing SCADA & Control Systems

Innovative Defense Strategies for Securing SCADA & Control Systems 1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet

More information

RuggedCom Solutions for

RuggedCom Solutions for RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application

More information

Experience with Unidirectional Security Gateways Protecting Industrial Control Systems

Experience with Unidirectional Security Gateways Protecting Industrial Control Systems Experience with Unidirectional Security Gateways Protecting Industrial Control Systems Lior Frenkel 1, Danny Berko 1, Andrew Ginter 2 1Waterfall Security Solutions Ltd., Tel-Aviv, Israel 2Waterfall Security

More information

NERC CIP Version 5 and the PI System

NERC CIP Version 5 and the PI System Industry: Transmission/Distribution/Smarts Presented by NERC CIP Version 5 and the PI System Bryan Owen PE OSisoft Cyber Security Manager Agenda Update on OSIsoft Cyber Initiatives War Story CIP Version

More information

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

Cyber Security nei prodotti di automazione

Cyber Security nei prodotti di automazione Cyber Security nei prodotti di automazione Marco Biancardi, ABB SpA, Power System Division 11 dicembre 2013, Roma Why is it an issue? Isolated devices Point to point interfaces Proprietary networks Standard

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation

More information

The Information Revolution for the Enterprise

The Information Revolution for the Enterprise Click Jon Butts to add IBM text Software Group Integration Manufacturing Industry jon.butts@uk.ibm.com The Information Revolution for the Enterprise 2013 IBM Corporation Disclaimer IBM s statements regarding

More information

Security Testing in Critical Systems

Security Testing in Critical Systems Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base

More information

OPC & Security Agenda

OPC & Security Agenda OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information

More information

Missing the Obvious: Network Security Monitoring for ICS

Missing the Obvious: Network Security Monitoring for ICS Missing the Obvious: Network Security Monitoring for ICS If ICS are so vulnerable, why haven t we seen more attacks? We aren t looking! Two Key Reasons Intent Visibility Intent Why are targeted attacks

More information

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..

More information

The SCADA That Didn t Cry Wolf: Who s Really Attacking Your SCADA Devices

The SCADA That Didn t Cry Wolf: Who s Really Attacking Your SCADA Devices The SCADA That Didn t Cry Wolf: Who s Really Attacking Your SCADA Devices Kyle Wilhoit Sr. Threat Researcher Trend Micro 1 Glossary HMI: Human Machine Interface IED: Intelligent Electronic Device SCADA:

More information

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc. Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources

More information

Cyber Security for NERC CIP Version 5 Compliance

Cyber Security for NERC CIP Version 5 Compliance GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A. 21, rue d Artois, F-75008 PARIS D2-102 CIGRE 2012 http : //www.cigre.org CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS Massimo Petrini (*), Emiliano Casale

More information

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008 Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities

More information

Holistic View of Industrial Control Cyber Security

Holistic View of Industrial Control Cyber Security Holistic View of Industrial Control Cyber Security A Deep Dive into Fundamentals of Industrial Control Cyber Security Learning Goals o Understanding security implications involving industrial control systems

More information

Lessons Learned from AMI Pioneers Follow the Path to Success

Lessons Learned from AMI Pioneers Follow the Path to Success welcome Lessons Learned from AMI Pioneers Follow the Path to Success Joe Cummins, PCIP UTC TELECOM May 2010 394 Simcoe Street South Oshawa, ON L1H 4J4 (905) 404-2009 2 outline security risks in smart grid

More information

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top

More information

Secure Access Control for Control System Operations. Andrew Wright, CTO andrew.wright@n-dimension.com

Secure Access Control for Control System Operations. Andrew Wright, CTO andrew.wright@n-dimension.com Secure Access Control for Control System Operations Andrew Wright, CTO andrew.wright@n-dimension.com ... Access Control... Authentication who you are Authorization AAA what you may do Audit what did you

More information

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015 NovaTech NERC CIP Compliance Document and Product Description Updated June 2015 This document describes the NovaTech Products for NERC CIP compliance and how they address the latest requirements of NERC

More information

patriotscada Distributed Firewall for SCADA and Industrial Networks

patriotscada Distributed Firewall for SCADA and Industrial Networks 1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.303.DATA Fax: 800.864.6249 Email: info@plantdata.com patriotscada Distributed Firewall for SCADA and Industrial Networks What Makes This

More information

Network Security Infrastructure Testing

Network Security Infrastructure Testing Network Security Infrastructure Testing Version 1.2 October 12, 2005 Prepared by: Sandia National Laboratories Center for SCADA Security Project Lead Ray Parks Technical Lead Jason Hills Technical Support

More information

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts.

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts. Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS

More information

Industrial Security for Process Automation

Industrial Security for Process Automation Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has

More information

Advanced Endpoint Protection Overview

Advanced Endpoint Protection Overview Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking

More information

Goals. Understanding security testing

Goals. Understanding security testing Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3

More information

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

Log Audit Ensuring Behavior Compliance Secoway elog System

Log Audit Ensuring Behavior Compliance Secoway elog System As organizations strengthen informatization construction, their application systems (service systems, operating systems, databases, and Web servers), security devices (firewalls and the UTM, IPS, IDS,

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

SECURING THE MOVE TO IP-BASED SCADA/PLC NETWORKS

SECURING THE MOVE TO IP-BASED SCADA/PLC NETWORKS SECURING THE MOVE TO IP-BASED SCADA/PLC NETWORKS November 2011 Purpose The purpose of this guide is to provide examples/types of SCADA and control systems and their typical use in industry. This document

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

On-Premises DDoS Mitigation for the Enterprise

On-Premises DDoS Mitigation for the Enterprise On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

More information

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices The Payment Card Industry (PCI) Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process. The Payment Application Data Security Standard

More information

IBM. Vulnerability scanning and best practices

IBM. Vulnerability scanning and best practices IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration

More information

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial

More information

Achieving PCI-Compliance through Cyberoam

Achieving PCI-Compliance through Cyberoam White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline

More information

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance

More information

HoneyBOT User Guide A Windows based honeypot solution

HoneyBOT User Guide A Windows based honeypot solution HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3

More information

Open Enterprise Architectures for a Substation Password Management System

Open Enterprise Architectures for a Substation Password Management System CIGRÉ Canada 21, rue d Artois, F-75008 PARIS (154) Conference on Power Systems http : //www.cigre.org Toronto, October 4-6, 2009 Open Enterprise Architectures for a Substation Password Management System

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Lesson 5: Network perimeter security

Lesson 5: Network perimeter security Lesson 5: Network perimeter security Alejandro Ramos Fraile aramosf@sia.es Tiger Team Manager (SIA company) Security Consulting (CISSP, CISA) Perimeter Security The architecture and elements that provide

More information

Data and Command Encryption for SCADA

Data and Command Encryption for SCADA Data and Command Encryption for SCADA Kevin Mackie Smart Infrastructure Oil and Gas Division Schneider Electric Calgary, Canada Abstract This paper discusses the encryption of data and commands in oil

More information

Guidance Regarding Skype and Other P2P VoIP Solutions

Guidance Regarding Skype and Other P2P VoIP Solutions Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,

More information

Stateful Inspection Technology

Stateful Inspection Technology Stateful Inspection Technology Security Requirements TECH NOTE In order to provide robust security, a firewall must track and control the flow of communication passing through it. To reach control decisions

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.

More information

GE Measurement & Control. Cyber Security for NERC CIP Compliance

GE Measurement & Control. Cyber Security for NERC CIP Compliance GE Measurement & Control Cyber Security for NERC CIP Compliance GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used for purposes

More information

Scalable Secure Remote Access Solutions

Scalable Secure Remote Access Solutions Scalable Secure Remote Access Solutions Jason Dely, CISSP Principal Security Consultant jdely@ra.rockwell.com Scott Friberg Solutions Architect Cisco Systems, Inc. sfriberg@cisco.com Jeffrey A. Shearer,

More information

Making the most out of substation IEDs in a secure, NERC compliant manner

Making the most out of substation IEDs in a secure, NERC compliant manner Making the most out of substation IEDs in a secure, NERC compliant manner Jacques Benoit, Product Marketing Manager, Cybectec Inc. Jean-Louis Pâquet, Chief of Technology, Cybectec Inc. Abstract An increasing

More information

PCN Cyber-security Considerations for Manufacturers. Based on Chevron Phillips Chemical Company PCN Architecture Design and Philosophy

PCN Cyber-security Considerations for Manufacturers. Based on Chevron Phillips Chemical Company PCN Architecture Design and Philosophy PCN Cyber-security Considerations for Manufacturers Based on Chevron Phillips Chemical Company PCN Architecture Design and Philosophy Contents CPChem PCN Philosophy and Policy Remote Access Considerations

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense : Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced

More information

Lab Testing Summary Report

Lab Testing Summary Report Lab Testing Summary Report February 14 Report 132B Product Category: Web Security Gateway Vendor Tested: Key findings and conclusions: security appliance exhibits best rate to date, 91.3%, for classifying

More information

First Line of Defense to Protect Critical Infrastructure

First Line of Defense to Protect Critical Infrastructure RFI SUBMISSION First Line of Defense to Protect Critical Infrastructure Developing a Framework to Improve Critical Infrastructure Cybersecurity Response to NIST Docket # 130208119-3119-01 Document # 2013-044B

More information

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security

More information

IBM Security QRadar SIEM Version 7.1.0 MR1. Log Sources User Guide

IBM Security QRadar SIEM Version 7.1.0 MR1. Log Sources User Guide IBM Security QRadar SIEM Version 7.1.0 MR1 Log Sources User Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 108. Copyright

More information

Cyber Essentials. Test Specification

Cyber Essentials. Test Specification Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8

More information

Securely Connect, Network, Access, and Visualize Your Data

Securely Connect, Network, Access, and Visualize Your Data Securely Connect, Network, Access, and Visualize Your Data 1 Who is Skkynet? Skkynet is the Parent company of; - Cogent Real-Time Systems Established in 1994 Focus on Industrial Automation software Cogent

More information

RUGGEDCOM CROSSBOW. Secure Access Management Solution. siemens.com/ruggedcom. Edition 10/2014. Brochure

RUGGEDCOM CROSSBOW. Secure Access Management Solution. siemens.com/ruggedcom. Edition 10/2014. Brochure RUGGEDCOM CROSSBOW Secure Access Management Solution Brochure Edition 10/2014 siemens.com/ruggedcom Siemens RUGGEDCOM CROSSBOW Secure Access Manager and Station Access Controller Siemens RUGGEDCOM CROSSBOW

More information

TCP/IP Network Connectivity and ION Meters

TCP/IP Network Connectivity and ION Meters 70072-0170-04 TECHNICAL NOTE 12/2007 TCP/IP Network Connectivity and ION Meters This technical note describes how PowerLogic ION8800, ION8600, ION7550 and ION7650 meters are able to interact with several

More information

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005 SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

SECURITY TRENDS & VULNERABILITIES REVIEW 2015 SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall

More information

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Find your network example: 1. Basic network with and 2 WAN lines - click here 2. Add a web server to the LAN - click here 3. Add a web,

More information

Getting Started. Version 9.1

Getting Started. Version 9.1 Getting Started Version 9.1 Contents About this Guide 4 Other Resources 4 Product Documentation 4 Online Training Program 4 Daily Online Q & A sessions 4 Prepare Your Customer's Network 5 Create a Probe

More information

Jort Kollerie SonicWALL

Jort Kollerie SonicWALL Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential

More information

CompTIA Network+ (Exam N10-005)

CompTIA Network+ (Exam N10-005) CompTIA Network+ (Exam N10-005) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

What happens when you use nmap or a fuzzer on an ICS?

What happens when you use nmap or a fuzzer on an ICS? NSM 101 for ICS About me Chris Sistrunk, PE Electrical Engineer Sr. ICS Security Consultant Control system security assessments ICS Village (DEF CON & RSA Conference) Entergy (11+ years) SCADA Engineer

More information