SCADA Security Training

Transcription

1 SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: phone: page 1 of 6

2 Introduction Corporate Background Axenic Ltd Since 2009, Axenic has been delivering independent information security consultancy services specialising in governance, risk and assurance. Our partners and senior staff have been involved in all aspects of ICT infrastructure design, implementation and review, with a focus on security and we have the most highly qualified and experienced Enterprise Security Architects in NZ. At Axenic, we know that good information security is a business risk discipline that empowers you to make the best use of the information assets that support your organisation in achieving its objectives. Our mission is to empower our clients to use information assets to their full potential, with confidence, by enabling informed decision making on information security and privacy risk. Axenic has delivered services to a range of Government sector, NGO and private sector organisations and has helped define the risk management framework promoted by the GCIO for NZ Government agencies while using the framework to deliver its services to those agencies. Most organisations have difficulty in getting a real understanding of the risks that they are exposed to through their use of technology. There is frequently a communication gap between those responsible for managing risk and those implementing and managing controls. Axenic has partnered with Red Tiger Security to bring its 5-day course to New Zealand in order to give the designers, implementers and operators of Industrial Control and SCADA systems an in-depth technical understanding of the risks they are required to manage. Corporate Background Red Tiger Security The founder and team members at Red Tiger Security have been leaders in securing SCADA, EMS, DCS, and process control systems since We have the right mix of Electrical Engineering, Cyber Security, Control Systems, SCADA, IT Security, Hacker Mentality, and NERC CIP compliance experience. Our team has performed over 200 SCADA Vulnerability Assessments on live operating equipment. We have written numerous whitepapers on this subject, spoken at over 75 industry conferences and workshops, planned and led NERC CIP compliance workshops, and established a 5-day training curriculum to pass on this knowledge to others. SCADA Security and compliance is our main focus and mission, and we have been doing this since Since then, we have developed into a trusted resource in the industry for SCADA Security, and we have a proven methodology specifically for executing this scope of work. The following items describe some of the areas where the Red Tiger Security team has already made a lasting impact in securing Critical Infrastructure: Conducted more than 200 security assessments of real-time, live SCADA and Industrial Process Control System environments. Sought out by the US DHS, FBI, DOD, London NISCC, Canadian PSEPC, and Australian Ministries of Defense for Critical Infrastructure Security Training from 2001 through present. web: phone: page 2 of 6

3 Consultants to Idaho National Labs, Sandia National Labs, and the US National SCADA Test Bed initiative. Active participants and authors of portions of the ISA SP99 security standard, NERC CIP energy security standard, the ISA Certified Automation Professional (CAP) Certification, and the PCIP (Professional in Critical Infrastructure Protection) certification. Keynote speakers on security at many leading security conferences from 2002 to the present. Instructors for all DHS-sponsored training courses offered through the Idaho National Labs. Developers of the 1-Day Awareness Training, 3-Day SCADA Security Intermediate, and 5-day SCADA Security Advanced Training, and trained over 1,400 professionals around the world since Appointed to the Smart Grid Networks Council in 2009, and still an active member. web: phone: page 3 of 6

4 Why Red Tiger Developed the SCADA Security Training Course Since 2001, Red Tiger have participated in over 200 security assessments of various power plants, chemical plants, refineries, pipeline systems, banks, military bases, water / waste water, and other critical infrastructure facilities. Many of the employees and system administrators working at these facilities asked us where they could obtain additional training in this field. We often referred them to several books and online resources, but many came back asking for instructor-lead, hands-on training in specific Advanced Technical topics that covered both IT security and SCADA and Critical Infrastructure Protection concepts. Many also wanted to put theoretical concepts into direct use by learning how to use hacking tools in live operations. To solve these issues, we have taken our own Red Tiger Security methodology and mindset, along with advanced hacking techniques, and weaved them into a 5-day course that applies these methodologies and techniques to attacking and defending various types of advanced technology fields that include SCADA, DCS, Building Automation, Smart Grid, Telecom, and Wireless Systems. We also built a fully functional portable SCADA Lab complete with PLCs, RTUs, Building Automation controllers, industrial DIN-rail mounted computers running embedded Windows XP, various wireless RF and telemetry products, and protocol gateways. This lab has been built to travel onsite with our instructors and all equipment is mounted on Plexiglas stands for quick assembly and teardown. In summary, the training has been designed to be mobile and bring onsite anywhere in the world, and since early 2009, we have trained over 1,400 professionals. web: phone: page 4 of 6

5 Workshop Outline Morning Session > Security Threats to ICS / SCADA Systems 1.1 Course Overview, Introductions and Ground rules Introduce the Course, Instructor, and Students Review the Workshop Outline and Ground Rules 1.2 Recent Threats to ICS / SCADA Systems Malware, Social Networking Sites, USB devices, and Smartphones APT (Advanced Persistent Threats) How Night Dragon and other C&C attacks work How Stuxnet specifically targeted SCADA computers and PLCs Other additional real-world incidents due to SCADA attacks 1.3 SCADA and DCS Vulnerabilities and Weaknesses SCADA Vulnerabilities from a data set of over 40,000 vulnerabilities from over 250 assessments performed out in the field and in industrial facilities Most Common Security Findings within SCADA and DCS Workstations, Servers, and Applications Weaknesses in Embedded Devices (PLCs and RTUs) Mid-Morning Break 1.4 Cyber Security 101 Introduction to Cyber Security CIA Defined C. I. A vs. A. I. C Cyber Attack Triangle Threat, Vulnerabilities, and Exploits Defined Examples of Threats, Vulnerabilities, and Exploits on SCADA Systems Afternoon Session > Defending ICS / SCADA Systems 1.5 SCADA Security Maturity Model and Strategic Planning Introduction to the SCADA Security Maturity Model Introduction to the ISA S99 Secure Architecture for Industrial Control Systems How to build a Strategic Roadmap for Securing ICS / SCADA Systems Where Security Assessments fit into the overall strategy, and what comes next after the assessments are complete web: phone: page 5 of 6

6 1.6 Secure Architecture Design, Network Segmentation, and Remote Access Compare and Contrast insecure and best practice network designs DMZ Architectures for SCADA Networks Review of insecure methods for remote access and dial-up solutions 2-Factor Remote Access Solutions Designed Specifically for SCADA Managing Employee, Contractor, and Vendor Access to SCADA Mid-Afternoon Break 1.7 Security Log Management and Collection Where and how to properly deploy IDS and IPS sensors Where and how to properly deploy IDS and IPS sensors HIDS versus Application Whitelisting Security Event Monitoring - what systems create events/logs? Alert Management - Incident Response 1.8 Overview of Security Control Frameworks that impact SCADA (NIST , NIST , ISA S99, CFATS, NERC CIP) Review several major SCADA Security Standards and Regulations Show how they can map to one all-inclusive security controls matrix with the NIST Cybersecurity Framework for Critical Infrastructure Systems Map components of the matrix to fundamental security capabilities: Identify, Protect, Detect, Respond, and Recover web: phone: page 6 of 6