How To Protect A Network From Attack
|
|
- Scott Hawkins
- 3 years ago
- Views:
Transcription
1 Risks & Solutions within the Manufacturing IT 4 Februari 2009 Jan Paul van Hall Portfolio Manager Security
2 Who is AXIANS? AXIANS, is a division of the VINCI Energies Group and is European network integrator specialized in advising, design, implementation and network administration. In the field of Network Security, Network Infrastructure, Storage, Server-Based-Computing, Unified Communication and Network management Focus on: > Implementing networks to support modern applications. > Increasing the availability and security of applications. > Increasing the manageability. > Lowering maintenance costs.
3 Facts & Figures Nederland Europa 15 Years of experience 58 branches 80 network specialists 212 annual revenue 475 customers employees managed voice ports managed network ports
4 Scheme Projectmanagement Sales Consultancy & Prepare Plan & Design Project Management Implement & Test Contract mng Service Network Infrastructure Security Storage UC Network Management Templates - Checklists - Project Management tools & reports
5 What is the AXIANS approach? AXIANS s full service life cycle: Advice Management Design Maintenance Implement
6 Industrial IT Security Mythes
7 5 Mythes in Industrial IT Security 1. The Control System is Safe if We Don t Connect to the Internet 2. We Need to Focus on those Terrorists 3. The Bad Guys are all on the Internet 4. The IT Department Looks After Process Security 5. Hackers Don t Understand SCADA/PLCs
8 Mythes? In March 2002, the industrial world was in denial for CyberCrime: Most public utilities rely on a highly customized SCADA system. No two are the same, so hacking them requires specific knowledge. Scott Berinato; Debunking the Threat to Water Utilities CIO Magazine.
9 Mythes? and then: The Incident in Harrisburg, USA: In October 2006 a foreign-based hacker (via Internet) infiltrates the laptop of an employee at the Harrisburg water system. Uses the employee s remote access as the entry point into the SCADA system. The hacker then installs malware and spyware in a SCADA HMI computer to make it a distribution center for s & piracy software.
10 Mythes? *(
11 Industrial IT Security Incidents
12 Incidents? Nuclear Plant 1. *( Not just a SCADA system, but a network.
13 Incidents? Nuclear plant 2. (* August Operators at Browns Ferry Nuclear plant had to shut down the reactor due to a potentially dangerous condition. Cause was determined to be excessive traffic" on the control systems network according to the NRC.
14 Incidents? Maroochy Shire sewage. *( Environmental damage, disgruntled employee.
15 Incidents? (* January 8, 2008 Teenage boy hacks into the track control system of the Lodz city tram system, derailing 4 vehicles. He had adapted a television remote control so it could change track switches.
16 Security Incidents in the Water Industry Salt River Project SCADA Hack Maroochy Shire Sewage Spill Software Flaw Makes MA Water Undrinkable Trojan/Keyloggeron Ontario Water SCADA System Viruses Found on Auzzie SCADA Laptops Audit/Blaster Causes Water SCADA Crash DoS attack on water system via Korean telecom Penetration of California irrigation district wastewater treatment plant SCADA. (*Intrinsically Secure Control Systems Eric Byres)
17 Security Incidents in the Oil Industry Electronic Sabotage of Venezuela Oil Operations CIA Trojan Causes Siberian Gas Pipeline Explosion Anti-Virus Software Prevents Boiler Safety Shutdown Slammer Infected Laptop Shuts Down DCS Virus Infection of Operator Training Simulator Electronic Sabotage of Gas Processing Plant Slammer Impacts Offshore Platforms SQL Slammer Impacts Drill Site Code Red Worm Defaces Automation Web Pages Penetration Test Locks-Up Gas SCADA (*Intrinsically Secure Control Systems Eric Byres)
18 Security Incidents in the Chemical Industry IP Address Change Shuts Down Chemical Plant Hacker Changes Chemical Plant Set Points via Modem Nachi Worm on Advanced Process Control Servers SCADA Attack on Plant of Chemical Company Contractor Accidentally Connects to Remote PLC Sasser Causes Loss of View in Chemical Plant Infected New HMI Infects Chemical Plant DCS Blaster Worm Infects Chemical Plant (*Intrinsically Secure Control Systems Eric Byres)
19 Security Incidents in the Power Industry Slammer Infects Control Central LAN via VPN Slammer Causes Loss of Commsto Substations Slammer Infects Ohio Nuclear Plant SPDS Iranian Hackers Attempt to Disrupt Israel Power System Utility SCADA System Attacked Virus Attacks a European Utility Facility Cyber Attacks Reported by Asian Utility E-Tag Forgery Incident in Power PSE Power Plant Security Details Leaked on Internet (*Intrinsically Secure Control Systems Eric Byres)
20 Industrial IT Security Trends
21 Trend in Industrial Security Incidents (database) ISID: Industrial Security Incidents Database Security Incidents Database Actual and predicted ISID incidents from 1994 to 2005 Database of Industrial Cyber Security Incidents to be Resurrected April
22 How do the problems enter? Incident by entry point How the Bad Guys Get In 1. Corporate WANs & Business Networks 49% 2. Trusted 3rd Party Connection 10% 3. Internet Directly 17% 4. VPN Connection 7% 5. Dial-up modem 7% 6. Telco Network 7% 7. Wireless System 3%
23 Which categories of attackers/incidents? Internal (employees, vendors and contractors) Accidental events Inappropriate employee/contractor behavior Disgruntled employees/contractor External opportunistic: Script kiddies Recreational hackers Virus writers External deliberate: Criminal groups Activists Terrorists Agencies of foreign states
24 Typical multiple entry points in process control network (ISID)
25 So why is this threat evolving? 1. Industrial networks are more and more connected with corporate networks (MES, ERP) and third parties. Networks becoming more and more open for day to day business. 2. Communication protocols are increasingly TCP/IP based, less unknown proprietary communication protocols. 3. Plant networks are not yet protected by default like in IT security networks. (awareness) 4. Loss of a day of production cost lots of, possible criminal gains as well. 5. More people with a combination of brains, time and no money...
26 Industrial IT Security Industrial IT versus Corporate IT
27 Industrial IT Security comparable with Corporate IT Security? YES It does compare,..current Industrial IT Security has parallels with corporate IT Security as is was, some years ago. 1. Firewall is seen of as 1st layer of defense, sometimes the only defense. 2. Both networks contain various types of datastreams. 3. More proprietary communication protocols are changing to TCP/IP. 4. Industrial IT Security: industrial network is trusted, but the connecting corporate IT network is not. In corporate IT Security: corporate network is trusted and the connecting Internet is not. 5. Patching challenges of systems. Especially Windows.
28 Industrial IT Security comparable with Corporate IT Security? YES 6. Usage of security acronym C.I.A. (Confidentiality, Integrity and Availability) 7. Security standards available: IT Security ISO27000 and Industrial IT Security: ISA99. (new) 8. Human factor plays a key role in security. 9. Still people are in denial. 10. always missing: IT Security Policy.
29 Industrial IT Security comparable with Corporate IT Security? NO Some things are very different.. 1. Corporate IT: (C.I.A.) Confidentiality and Integrity are most important, vs Industrial IT: Availability is priority. 2. Corporate IT: it is all about information. (documents), vs Industrial IT: it is control data, and lots of it. 3. Corporate IT: security first and acceptance for slower processes. vs Industrial IT: realtime data, no delays. 4. Corporate IT: years of development lead to Commercial Of The Self (COTS), vs Industrial IT: no accepted guidelines in standard in firewalls. 5. Corporate IT: many players: vendors and integrators, vs Industrial IT: just a growing market.
30 Industrial IT Security comparable with Corporate IT Security? NO 6. Corporate IT: offices opened 8x5, vs Industrial IT: 24x7. non-stop. 7. Corporate IT: patches available and easily applied, vs Industrial IT: never touch a running system. 8. Corporate IT: EoL product are decommissioned, vs Industrial IT: one can find unpatched older OS systems. 9. Corporate IT: personal strong passwords or authentication tokens, vs Industrial IT: easy and shared password. 10. Corporate IT: automated vulnerability scans easily performed, vs Industrial IT: it is a risk for some systems.
31 Industrial IT Security comparable with Corporate IT Security? NO 11. Corporate IT: an incident is annoying and might cost some people s day work, vs Industrial IT: the damage can run into millions. 12. Corporate IT: TCP/IP, SMTP, FTP, HTTP(s), Telnet, vs Industrial IT: PCN, OPC, PLC, EtherNet/IP, MODBUS/IP, Profinet. 13. Corporate IT: a firewall is a 19inch rackmount, vs Industrial IT: it can be DIN rack format.
32 But if treated with care. The lessons learnt and the solutions available in corporate IT Security can be used, with care. Use years of experience.
33 Industrial IT Security Firewalling, first line of defense
34 Firewall sufficient? Firewall is not a goal but a tool. Better no firewall then a misconfigured one or with a difficult rulebase. A firewall is not a router, not a dual network connected PC. A firewall with no understanding of the communication inside used protocols can not see threats. Number of errors as a function of rule-set complexity. The green line represents the least-squares fit; the red and blue lines represent one standard deviation above and below the leastsquares fit. * Avishai Wool, A Quantitative Study of Firewall Configuration Errors, 2004.
35 Firewall sufficient? The Slammer Worm infiltrated a: 1. Nuclear plant via a contractor s T1 line; 2. Power utility SCADA system via a VPN; 3. Petroleum control system via laptop; 4. Paper machine HMI via dial-up modem. Firewalls existed in at least three of these cases. So or the firewalls were: mis-configured, bypassed or, could not intervene into bad data in an allowed connection.
36 Jericho Principle, Defense in Depth The Solution in the IT World: All IT network assets must have additional security software: 1.Firewall for De-Militarized-Zones 2.Patches 3.Anti-Virus Software in network 4.Intrusion Prevention 5.Laptop Firewalls + Anti-Virus 6.VPN Encryption, site-to-site, wireless, remote Eg: combined in 1 hardware solution: Unified Threath Management (UTM)
37 Industrial IT Security Vulnerabilities
38 Some vulnerabilities 1. One undefined network topology and assets 2. Connection with Internet 3. Unpatched software 4. Unpatchable software 5. Network worms and virussen from corporate network 6. New introduced proprietary process software 7. Weak passwords policy (default) 8. Wireless connections 9. Remote maintenance connections (laptop) 10. No responsible manager appointed 11. No awareness among users
39 Some vulnerabilities and possible solutions 1. One undefined network topology Segment network in zones divided with firewalls and apply De-Militarized Zones were needed. (DMZ) 2. Connection with Internet Only via properly configured firewall. Only necessary communication allowed. 3. Unpatched software Start patching procedures. 4. Unpatchable software Protect with Intrusion Prevention Systems. 5. Network worms and virussen from corporate network Introduce firewall with Anti Virus & Intrusion Prevention Systems in network. 6. New introduced proprietary process software Laboratory Test strength with software vulnerability scanning (Fuzzer). 7. Weak passwords policy (default) Adopt and enforce policy for passwords or adopt strong authentication methods.
40 Some vulnerabilities and possible solutions 8. Wireless connections Secure with VPN and authentication. 9. Remote maintenance connections (laptop) Force third parties to comply with policy. Use Firewall with IPS and VPN and NAC. 10. No responsible manager Appoint security officer for industrial IT Security networks. 11. No awareness among users Start awareness sessions, train personnel/administrators.
41 Industrial IT Security Security as a project
42 Project approach - Quick Security scan (network and assets), find vulnerabilities. - Quick Organisational scan (policies and responsibilites). - Find the risk and value them. - Take step-by-step approach when implementing a solution.
43 Project approach Other items - Selection of hardware and software. - Security magement (managed service?, SIEM). - Acknowledge responsibility whithin the company. - Report incidents and establish response team procedure.
44 Leveranciers Hardware vendors with products based on own proprietary solutions. - Siemens - Tofino - Fortinet - Honeywell - Phion - Cisco - Innominate - Archilles -.And many more to come
45 but remember.. Security is not a project but an ongoing process.
46 Thank you!
47 Deming: Plan-Do-Check-Act Quality of Security level
48 ISO Mindmap
49 SCADA diagram
50 Scada in oil production environments SCADA = Supervisory Control and Data Acquisition Protocols: Modbus, DNP3, ICCP, UCA 2.0, IEC, CAN, CIP, DeviceNet, ControlNet, OLE for Porcess Control (OPC), Profibus. SCADA components: Human operator, HMI, MTU, RTU
51 SCADA with firewalled segmentation in DMZ s.
52 IPS Intrusion Prevention Systems
53 Nomenclature Firewall Device through which network traffic passes. Communication is allowed or denied based on policy. (Source destination and protocol) VPN Virtual Private Network. Encrypted network traffic. Safe from others. DMZ De-Militarized Zone. Network zone only reachable by passing through firewalls. IPS Intrusion Prevention System. Against hacking activities. All network traffic is read and based on signature or behaviour the communication is allowed or stopped. Router device to guide traffic from one network segment to others. AV Antivirus, based on a signature database virussen are detected and stopped. Patch additional softwarecode to be executed to resolve (security) issues of existing sofware. SCADA - Supervisory Control and Data Acquisition. MES - Manufacturing Execution Systems, used to execute for process activities such as Production planning, maintenance, quality and insurance, logistic, etc. ERP - Enterprise resource planning, a central computer program for process support within a company. SIEM Security Information and Event Management. NAC Network Access Control.
54 SCADA display scheme
55 Everything is for sell. Current Previous Goods and Current Previous Range of prices Rank Rank services Percentage Percentage 1 2 Bank Accounts 22% 21% $10 $ Credit cards 13% 22% $0.40 $ Full identities 9% 6% $1 $15 4N/A Online auction site accounts 7% N/A $1 $8 5 8 Scams 7% $2.50/week $50/week for hosting, $25 for 6% design 6 4 Mailers 6% 8% $1 $ addresses 5% 6% $0.83/MB $10/MB 8 3 passwords 5% 8% $4 $30 9N/A Drop (request or offer) 5% N/A 10% 50% of total drop amount 10 6 Proxies 5% 6% $1.50 $30 * Symantec Global Internet Security Threat Report July-December 07
Cyber Security in a Modern Process Network. Philip Nunn Product Manager - Industrial Networks
Cyber Security in a Modern Process Network Philip Nunn Product Manager - Industrial Networks 2 Philip Nunn Philip started work in the wider electrical industry with Crabtree Electrical, now a part of the
More informationCyber Security Initiatives and Issues
Cyber Security Initiatives and Issues NARUC Summer Committee Meetings Robert Schreiber, CISSP, CISA Director, Client Services and Security Operations ITS July 19, 2009 Water Utility History of SCADA Yesterday
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationfor Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs
for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationThe Myths and Facts behind Cyber Security Risks for Industrial Control Systems
The Myths and Facts behind Cyber Security Risks for Industrial Control Systems Eric Byres, P. Eng. Research Faculty Critical Infrastructure Security British Columbia Institute of Technology Burnaby, BC,
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationState of the State of Control System Cyber Security
State of the State of Control System Cyber Security Joe Weiss, PE, CISM IEEE PES San Francisco Section October 15, 2007 What Are the Goals Maintain reliability and availability Minimize intentional and
More informationIntegrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation.
Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems Enzo M. Tieghi etieghi@visionautomation.it Security IT & Control System Security: where are we?
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationSecure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation
Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples
More informationDeltaV System Cyber-Security
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More information13 Ways Through A Firewall What you don t know will hurt you
Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter
More informationSecurity for. Industrial. Automation. Considering the PROFINET Security Guideline
Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationEvery month security researchers discover hundreds of new worms and viruses attacking the world s computer systems. Usually, few in supervisory
Cyber wars Kevin Staggs, Honeywell ACS Advanced Technology Labs, USA, and Eric Byres, Byres Security Inc., Canada, discuss the importance of cyber security. Every month security researchers discover hundreds
More informationABB s approach concerning IS Security for Automation Systems
ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More informationSession 14: Functional Security in a Process Environment
Abstract Session 14: Functional Security in a Process Environment Kurt Forster Industrial IT Solutions Specialist, Autopro Automation Consultants In an ideal industrial production security scenario, the
More informationHow To Protect Your Data From Being Stolen
DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA WHAT IS PCI DSS? PAYMENT CARD INDUSTRY DATA SECURITY STANDARD A SET OF REQUIREMENTS FOR ANY ORGANIZATION OR MERCHANT THAT ACCEPTS, TRANSMITS
More informationSCADA Security: Challenges and Solutions
SCADA Security: Challenges and Solutions June 2011 / White paper by Metin Ozturk, Philip Aubin Make the most of your energy Summary Executive Summary... p 2 Protecting Critical Infrastructure Includes
More informationNetwork Instruments white paper
Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features
More informationIT Security and OT Security. Understanding the Challenges
IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationSecurity Testing in Critical Systems
Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base
More informationHACKING RELOADED. Hacken IS simple! Christian H. Gresser cgresser@nesec.de
HACKING RELOADED Hacken IS simple! Christian H. Gresser cgresser@nesec.de Agenda About NESEC IT-Security and control Systems Hacking is easy A short example where we currently are Possible solutions IT-security
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationUnderstanding Security Testing
Understanding Security Testing Choosing between vulnerability assessments and penetration testing need not be confusing or onerous. Arian Eigen Heald, M.A., Ms.IA., CNE, CISA, CISSP I. Introduction Many
More informationINSPIRE: INcreasing Security and Protection through Infrastructure REsilience
INSPIRE: INcreasing Security and Protection through Infrastructure REsilience Salvatore D Antonio University of Naples Parthenope Consorzio Interuniversitario Nazionale per l Informatica 20th of May 2010
More informationThe Internet of Things (IoT) and Industrial Networks. Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015
The Internet of Things (IoT) and Industrial Networks Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015 Increasingly Everything will be interconnected 50 Billion Smart Objects
More informationHow To Protect Your Network From Attack From A Hacker (For A Fee)
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter Director of Industrial Security Waterfall Security Solutions
More informationUsing ISA/IEC 62443 Standards to Improve Control System Security
Tofino Security White Paper Version 1.2 Published May 2014 Using ISA/IEC 62443 Standards to Improve Control System Security Contents 1. Executive Summary... 1 2. What s New in this Version... 1 3. Why
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationThe SCADA Security Challenge: The Race Is On
The SCADA Security Challenge: The Race Is On Steven S. Smith November 25, 2006 Abstract SCADA is not a term many are familiar with but ironically it plays a very important role in our daily lives. Supervisory
More informationCybersecurity considerations for electrical distribution systems
White Paper WP152002EN Supersedes January 2014 electrical distribution systems Authors Max Wandera, Brent Jonasson, Jacques Benoit, James Formea, Tim Thompson, Zwicks Tang, Dennis Grinberg, Andrew Sowada,
More informationNetwork Security Infrastructure Testing
Network Security Infrastructure Testing Version 1.2 October 12, 2005 Prepared by: Sandia National Laboratories Center for SCADA Security Project Lead Ray Parks Technical Lead Jason Hills Technical Support
More informationBest Practices for DanPac Express Cyber Security
March 2015 - Page 1 Best Practices for This whitepaper describes best practices that will help you maintain a cyber-secure DanPac Express system. www.daniel.com March 2015 - Page 2 Table of Content 1 Introduction
More informationKeeping the Lights On
Keeping the Lights On Fundamentals of Industrial Control Risks, Vulnerabilities, Mitigating Controls, and Regulatory Compliance Learning Goals o Understanding definition of industrial controls o Understanding
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationEffective OPC Security for Control Systems - Solutions you can bank on
Effective Security for Control Systems - Solutions you can bank on Darek Kominek Manager, Marketing, Matrikon Eric Byres, P. Eng., ISA Fellow CTO, Byres Security Inc. Executive Summary There is a perception
More informationProtecting Organizations from Cyber Attack
Protecting Organizations from Cyber Attack Cliff Glantz and Guy Landine Pacific Northwest National Laboratory (PNNL) PO Box 999 Richland, WA 99352 cliff.glantz@pnnl.gov guy.landine@pnnl.gov 1 Key Topics
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationEffective Defense in Depth Strategies
Honeywell.com 2014 Honeywell Users Group Asia Pacific Effective Defense in Depth Strategies for Industrial Systems 1 Document control number Honeywell Proprietary Honeywell.com Chee Ban, Ngai About the
More informationFundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals
Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.
More informationThe self-defending network a resilient network. By Steen Pedersen Ementor, Denmark
The self-defending network a resilient network By Steen Pedersen Ementor, Denmark The self-defending network - a resilient network What is required of our internal networks? Available, robust, fast and
More informationNERC CIP Whitepaper How Endian Solutions Can Help With Compliance
NERC CIP Whitepaper How Endian Solutions Can Help With Compliance Introduction Critical infrastructure is the backbone of any nations fundamental economic and societal well being. Like any business, in
More informationRoger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative
Roger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative November 2014 Disclaimer Current SCADA Vulnerability Factors Industrial Control Systems 101 Proposed Countermeasures
More informationUNIDIRECTIONAL SECURITY GATEWAYS. Utilizing Unidirectional Security Gateways to Achieve Cyber Security for Industrial Environments
UNIDIRECTIONAL SECURITY GATEWAYS Utilizing Unidirectional Security Gateways to Achieve Cyber Security for Industrial Environments 2010 Introducing: Waterfall Security Solutions Ltd Located in Rosh-Ha ayin,
More informationThe Leading Provider of Endpoint Security Solutions
The Leading Provider of Endpoint Security Solutions Innovative Policies to Defend Against Next-Generation Threats Conrad Herrmann CTO and Co-Founder Zone Labs, Inc. Network Security Is an Uphill Battle
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationOCR LEVEL 3 CAMBRIDGE TECHNICAL
Cambridge TECHNICALS OCR LEVEL 3 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT NETWORKED SYSTEMS SECURITY J/601/7332 LEVEL 3 UNIT 28 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 NETWORKED SYSTEMS SECURITY
More informationCYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric
CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial
More informationAre you prepared to be next? Invensys Cyber Security
Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber
More informationCyber Security. Smart Grid
Cyber Security for the Smart Grid Peter David Vickery Executive Vice President N-Dimension Solutions Inc. APPA National Conference June 21, 2010 Cyber Security Solutions For Cyber Security
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationCritical IT-Infrastructure (like Pipeline SCADA systems) require cyber-attack protection
Critical IT-Infrastructure (like Pipeline SCADA systems) require cyber-attack protection Tobias WALK ILF Consulting Engineers GmbH Germany Abstract Pipeline Supervisory Control And Data Acquisition (SCADA)
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationNetwork/Cyber Security
Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security
More informationHow To Protect Power System From Attack From A Power System (Power System) From A Fault Control System (Generator) From An Attack From An External Power System
Network Security in Power Systems Maja Knezev and Zarko Djekic Introduction Protection control Outline EMS, SCADA, RTU, PLC Attacks using power system Vulnerabilities Solution Conclusion Introduction Generator
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationOverview. Firewall Security. Perimeter Security Devices. Routers
Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security
More informationBypassing Network Access Control Systems
1 Bypassing Network Access Control Systems Ofir Arkin, CTO Blackhat USA 2006 ofir.arkin@insightix.com http://www.insightix.com 2 What this talk is about? Introduction to NAC The components of a NAC solution
More information8. Firewall Design & Implementation
DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or
More informationa Post-Stuxnet World The Future of Critical Infrastructure Security Eric Byres, P.Eng.
SCADA and CIP Security in a Post-Stuxnet World The Future of Critical Infrastructure Security Eric Byres, P.Eng. CTO, Byres Security Inc. What is Stuxnet? The Stuxnet Worm July, 2010: Stuxnet worm was
More informationCyber Security. Protecting the UK water industry
Cyber Security Protecting the UK water industry In today s connected world, cyber attacks are a daily occurrence. These attacks can have potentially disastrous consequences for water companies and the
More informationNetwork Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000
Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationBuilding Secure Networks for the Industrial World
Building Secure Networks for the Industrial World Anders Felling Vice President, International Sales Westermo Group Managing Director Westermo Data Communication AB 1 Westermo What do we do? Robust data
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationOur Mission. Provide traveling, remote and mobile laptop users with corporate-level security
Our Mission Provide traveling, remote and mobile laptop users with corporate-level security The Challenge When connecting to the Internet from within the corporate network, laptop users are protected by
More informationPCN Cyber-security Considerations for Manufacturers. Based on Chevron Phillips Chemical Company PCN Architecture Design and Philosophy
PCN Cyber-security Considerations for Manufacturers Based on Chevron Phillips Chemical Company PCN Architecture Design and Philosophy Contents CPChem PCN Philosophy and Policy Remote Access Considerations
More informationCyber Security for SCADA/ICS Networks
Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And
More informationInformation Technology Cyber Security Policy
Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please
More informationT46 - Integrated Architecture Tools for Securing Your Control System
T46 - Integrated Architecture Tools for Securing Your Control System PUBLIC PUBLIC - 5058-CO900G Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. The Connected Enterprise PUBLIC Copyright
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationHolistic View of Industrial Control Cyber Security
Holistic View of Industrial Control Cyber Security A Deep Dive into Fundamentals of Industrial Control Cyber Security Learning Goals o Understanding security implications involving industrial control systems
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationReducing Application Vulnerabilities by Security Engineering
Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information
More informationDr. György Kálmán gyorgy@mnemonic.no
COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats
More informationTowards End-to-End Security
Towards End-to-End Security Thomas M. Chen Dept. of Electrical Engineering Southern Methodist University PO Box 750338 Dallas, TX 75275-0338 USA Tel: 214-768-8541 Fax: 214-768-3573 Email: tchen@engr.smu.edu
More informationBest Practices for DeltaV Cyber- Security
January 2013 Page 1 Best Practices for DeltaV Cyber- Security This document describes best practices will help you maintain a cyber-secure DeltaV digital automation system. www.deltav.com January 2013
More informationSafe Network Integration
UNIDIRECTIONAL SECURITY GATEWAYS Safe Network Integration Stronger than Firewalls Shaul Pescovsky, Sales Director Waterfall Security Solutions shaul@waterfall-security.com Proprietary Information -- Copyright
More informationUpdate On Smart Grid Cyber Security
Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats
More informationThree Simple Steps to SCADA Systems Security
Three Simple Steps to SCADA Systems Security Presented by: Gabe Shones, PE / Gilbert Kwan, PE Insert Photo Here Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL
More informationSecondary DMZ: DMZ (2)
Secondary DMZ: DMZ (2) Demilitarized zone (DMZ): From a computer security perspective DMZ is a physical and/ or logical sub-network that resides on the perimeter network, facing an un-trusted network or
More informationCritical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn
Critical Infrastructure Security: The Emerging Smart Grid Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn Overview Assurance & Evaluation Security Testing Approaches
More informationAn Analysis of the Capabilities Of Cybersecurity Defense
UNIDIRECTIONAL SECURITY GATEWAYS An Analysis of the Capabilities Of Cybersecurity Defense Michael Firstenberg, Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationSCADA/Business Network Separation: Securing an Integrated SCADA System
SCADA/Business Network Separation: Securing an Integrated SCADA System This white paper is based on a utility example but applies to any SCADA installation from power generation and distribution to water/wastewater
More informationWhite Paper. April 2006. Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks
White Paper April 2006 Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks According to a recent Harris Interactive survey, the country s leading business executives consider
More information