Industrial Control Systems Security. Denny Gregianin_Sales Area Manager

Transcription

1 Industrial Control Systems Security Denny Gregianin_Sales Area Manager

2 VEM in Numbers

3 Dipendenti e Fatturato

4 Design & Delivery NOC SOC HR & Quality Operations Custom Application Development IT Advisory Sales & Marketing Finance & Admin

5 Des& Delivery Design & Delivery Solutions Network & Data Center Infrastructure Building Efficiency & Controls Cloud Technologies Security & IT Governance Collaboration

6 Security & IT Governance Network Security Content Security Cyber Security Assessment IT Governance & Business Continuity

7 Comprendere le nuove minacce Ransomware on the rise Mobile Malware Social Media Malware & Malvertising Defacement Distributed Denial of Service (DDoS) Nuove forme di pagamento elettronico (i.e. Mobile, Digital Wallets, etc.) ICS e SCADA on the rise

8 Response Risk Anticipation Detection Prevention Identificare rapidamente i tentativi e gli attacchi informatici che riguardano gli asset del Cliente; Elaborare le procedure di risposta più idonee per contenere l attacco, rimuovere l infezione e ridurre gli impatti sul business; Supportare il Cliente nelle attività di gestione dell incidente riconducendo il problema di sicurezza ad una attività di IT Administration; Ottimizzare i sistemi di sicurezza del Cliente grazie ad una analisi del rischio basata sulle evidenze (Evidence-Based Risk Management);

9 Data Breach Detection, Investigation & Response Sensors Customer Collectors & Correlator Certego Incident Response Team Service Portal IRT Tools

10 Certego: la cybersecurity certificata Certego è l'unica azienda italiana ad essere citata come Regional Player per i servizi di Threat Intelligence nel report Competitive Landscape: Threat Intelligence Services, Worldwide, 2015 di Gartner. La qualifica di CERT, rilasciata dal SEI (Software Engineering Institute) della Carnegie Mellon University, ufficializza il nostro impegno nella protezione delle reti connesse ad Internet e ci permette di collaborare con gli altri team CERT internazionali nella gestione degli incidenti di sicurezza informatica.

11 Industrial Control Systems (ICS) & SCADA Security

12 ICS: Vulnerabilità rilevate THREAT INTELLIGENCE REPORT Up and to the Right ICS/ SCADA Vulnerabilities by the Numbers Summary Capabilities for attacks on ICS/SCADA 1 systems (collectively referred to as ICS below) are growing. The number of publicly disclosed vulnerabilities and off-the-shelf exploits targeting ICS systems continues to grow over time and well into 2015, even as awareness of dangers for critical infrastructure is improving. Vulnerability patterns are improving for some vendors but not for others. Our assumption is that investments in application and control logic security along with active threat intelligence efforts, are paying dividends for some vendors. Siemens and Schneider, the largest and fourth largest industrial automation vendors 2, account for the largest number of reported vulnerabilities, with close to 50% of the total. Of note, Siemens PLC product was the target of STUXNET, the predominant example of ICS/SCADA attacks. The combination of continued growth in ICS vulnerabilities along with off-the shelf exploits targeting these as well as credentials for critical infrastructure companies being routinely accessible in public forums leaves critical infrastructure open to potentially more aggressive motivations. Historically few cyber attacks on ICS have been observed; STUXNET continues to be the predominant example. Recently we ve seen novel patterns of attacks that are destructive and extortionist in nature such as the Sony attack, bank extortion by the Rex Mundi hacker group, and the more prevalent Cryptolocker strain of malware. Destructive/extortionist attacks on ICS are a potentially logical continuation, if yet observed in the wild. Introduction The capabilities for ICS attacks are growing and actual ICS probes and attacks are growing as well. Dell SecureWorks states in their 2015 Annual Threat Report, In 2014, Dell saw a 2X increase in SCADA attacks compared with Further, in terms of motivations, Dell states, SCADA attacks tend to be political in nature, since they target operational capabilities within power plants, factories, and refineries, rather than credit card information. DigitalBond introduces some alternative motivations in their blog Monetizing SCADA Attacks. Trend Micro very nicely lays out results of honeypots designed to catch ICS attacks in their report The SCADA That Didn t Cry Wolf. To study risks to ICS infrastructure we analyze a few datasets including the NIST Vulnerability database as well as the Recorded Future Web intelligence holdings, which includes data from the open, deep, and dark Web. The totality of the NIST Vulnerability database at the time of this analysis included over 71,500 vulnerabilities across many types of software systems. We used a series of search criteria to identify a subset of ICS vulnerabilities (such as SCADA, ICS, PLC, as well as a series of key vendor names, but then filtering out non-scada records for example, PLC is an overloaded term and some vendors are in multiple industries). Our result set was about 400 records in size.

13 Prevenire non è più sufficiente Le tecnologie di tipo Preventivo (Firewall, Antivirus, UTM, etc.) hanno progressivamente perso la capacità di contrastare in modo efficace le nuove minacce.

14

15 L evoluzione della security. Non abbiamo più un problema di Malware, abbiamo piuttosto un problema di confronto con un avversario. Shawn Henry, FBI Executive Assistant Director

16

17 Certego BDIR for ICS/SCADA SITUATIONAL AWARENESS CONTINOUS CONTROL ACTIONABLE SECURITY Capire cosa sta accadendo Rilevare anomalie Elaborare le procedure di risposta

18 Certego PanOptikon Architecture CSA + PanOptikon Service Portal Modbus/TCP EtherNet/IP DNP3 SNMP Cliente Incident Response Team

19