Security in SCADA solutions
|
|
- Nickolas Simmons
- 8 years ago
- Views:
Transcription
1 Security in SCADA solutions Green Hills Software Peter Hoogenboom Engineering Manager - EMEA 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 1
2 Security in SCADA solutions - Agenda What is SCADA? 3 Generations of SCADA systems Should we care more about security in SCADA systems? Security Defined Security and Reliability Robustness Common Criteria: Protection Profiles and Evaluation Assurance Levels Virtualization (Hypervisors) Secure solutions References 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 2
3 What is SCADA? Supervisory Control and Data Acquisition Monitor and control a plant or equipment in industries such as: telecommunications, water and waste control, energy, oil and gas refining and transportation SCADA systems typically consist of: Field data interface devices Remote Terminal Units (RTUs), combined with PLCs and sensors/actuators Communication system Radio, Phone (PSN), cable, satellite, field buses etc. Central host computer(s) Also known as SCADA master or Master Terminal Unit (MTU) Operator computer(s) Human Machine Interface (HMI) Software on all these computers/devices HMI, MMI, Communication Protocols, Host/RTU/Operator applications etc Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 3
4 First Generation - Monolithic Typically Mainframe based Cable: inside the factory PSN lease line for continuous readings PSN dial-up line for say hourly updates Radio for remote sites Proprietary, very lean protocols used 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 4
5 Second Generation - Distributed Typically based on Minicomputers running different functions: HMI, Calculations, Database, Communications etc. LAN between different functions Local (no Internet!) Proprietary (vendor specific) LAN protocols used, often optimized for real-time 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 5
6 Third Generation - Networked Based on: Open system architecture Open standards Open protocols Standard/Industrial PCs Benefits (convenience): Off the shelf systems Distribute functions using Internet Protocol Disaster survivability: the SCADA system can survive a total loss of a location 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 6
7 Today Easy overview of all possible connections Wireless Access Points for Support Stations Protected with multiple firewalls Running standard commercial OSes on PCs Standard commercial Switches, Routers, Proxy Servers 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 7
8 Report on Critical Infrastructure Protection Quote from Robert Dacey, Director Information Security Issues (Oct 2003), Ref[2] For several years, security risks have been reported in control systems, upon which many of the nation s critical infrastructures rely to monitor and control sensitive processes and physical functions. In addition to general cyber threats, which have been steadily increasing, several factors have contributed to the escalation of risks specific to control systems, including (1) adoption of standardized technologies with known vulnerabilities (2) connectivity of control systems to other networks (3) constraints on the use of existing security technologies and practices (4) insecure remote connections (5) widespread availability of technical information about control systems 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 8
9 Should we care more about security in SCADA systems? IBM researchers hack into a nuclear power station. Plant owners claimed there was NO WAY that critical components could be accessed from the Internet IBM Researchers: It turned out to be one of the easiest penetration tests I d ever done. By the first day, we had penetrated the network. Within a week, we were controlling a nuclear power plant Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 9
10 Hackers Shut Down Foreign Power Grid (January 2008) Hackers Demand Extortion Payment after Breaking into Electrical Utilities Inside knowledge Outages occurred in several regions outside the US 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 10
11 Power, water and waste SCADA systems affected (September 2011) Zero day industrial control system exploits published 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 11
12 A laundry list of vulnerabilities in SCADA systems 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 12
13 The OS is key NCS Technical Information Bulletin on SCADA systems (Ref[1]) states: Operating systems can be compromised, even with proper patching, to allow network entry as soon as the network is activated. This is due to the fact that operating systems are the core of every computer system and their design and operating characteristics are well known world wide. As a result, operating systems are a prime target for hackers. Further, in- place operating system upgrades are less efficient and secure than design-level migration to new and improved operating systems Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 13
14 Security and Reliability Dan O Dowd: Reliability is proving that software behaves the way it s supposed to, security is proving that software doesn t behave the way it s not supposed to. Reliability requires planned paths to behave well Security requires that all paths behave well They share the same design as solution: Separate and minimize critical components All critical components scrutinized Chain is only as strong as its weakest link 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 14 Slide 14
15 Safe and Secure Component Management Processes (not threads) Each component is protected in its own memory space with guaranteed resources of memory and CPU time Separate, minimize and assure safety and security critical components 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 15 Slide 15
16 Security Defined (Common Criteria) 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 16
17 Security Defined (CIA) Integrity Data does not become altered or corrupted Confidentiality Information that you don t want disclosed does not get disclosed Availability Resources including data that need to be there are there Confidentiality Integrity Availability 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 17
18 Robustness requirements High robustness requires high assurance 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 18
19 What is Common Criteria? International standard for evaluation of security in IT products The purpose of the Common Criteria process is to Develop standard packages of commonly found requirements (called Protection Profiles) Have a standard process of independent evaluation by which an expert evaluation team arrives at a level of assurance for some particular software product Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 19
20 EAL: Evaluation Assurance Level EAL 1 = functionally tested EAL 2 = structurally tested EAL 3 = methodically tested and checked EAL 4 = methodically designed, tested, and reviewed analysis of security functions informal model of security policy & independent testing vulnerability analysis for low attack potential attackers EAL 5 = semiformally designed and tested semiformal functional spec & HL design + semiformal correspondence covert channel analysis vulnerability analysis for moderate attack potential attackers EAL 6 = semiformally verified design and tested structured development process & more structured architecture vulnerability analysis for high attack potential attackers structured presentation + semiformal LL design systematic covert channel analysis more comprehensive vulnerability analysis improved CM and development environment controls EAL 7 = formally verified design and tested formal functional spec and HL design + formal correspondence comprehensive testing 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 20
21 Protection Profile Categories Access Control Devices and Systems Boundary Protection Devices and Systems Databases Data Protection Detection Devices and Systems ICs, Smart Cards and Smart Card related Devices and Systems Key Management Systems Network and Network related Devices and Systems Operating Systems Other Devices and Systems 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 21
22 Common OS Protection Profiles (Ref[6]) CAPP Low robustness profile Protection profile that Microsoft Windows 2000 and Linux have met (EAL4+) SLOS/MLOS Medium robustness profiles High number of SFRs. EAL4+ assurance RBAC PP Adds access control based on roles, not just user IDs. Part of Trusted Solaris LSPP Adds labeled security attributes to access control requirements Part of Trusted Solaris SKPP High robustness profile Separation Kernel Protection Profile Protection profile that GHS has met with INTEGRITY (EAL6+) 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 22
23 Can we get the best of two worlds? So, is there a technology that enables the incorporation of huge legacy applications and traditional operating systems, such as Windows and Linux (Usability) in a high robustness environment together with secure applications (Restrictions)? 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 23
24 Virtualization (Guest Operating System) Allows consolidation of disparate systems onto dedicated virtual machines Benefits Minimize Size, Weight, Power and Bill Of Materials Enable rapid migration to new hardware Sandboxing of untrusted applications Does virtualization make the system more secure? This heavily depends on the architecture and robustness of the underlying Hypervisor 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 24
25 Monolithic Hypervisor Architecture Either Type-1 (on top of bare-metal) or Type-2 (on top of OS) When the Hypervisor is attacked and compromised, all the Guest Operating Systems are affected Malware and rootkits are more difficult to detect, as they install themselves below the operating system, intercepting messages Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 25
26 Microkernel-based Hypervisor Architecture When the Hypervisor is attacked and compromised, only one Guest Operating System is affected. No impact on safety critical partitions. Remember: Separate, minimize and assure security critical components: the microkernel Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 26
27 User / Application Space Security Critical Applications High Availability Applications Safety Critical Applications Real-time Applications Ethernet Driver Graphics Driver Bluetooth, NFC, other Drivers File Systems, PJFS USB, Additional Middleware, etc. Network Management GateD Routing and Switching GHNet TCP/IP v4/v6 Application 1 Application 2 Application 3 Application 1 Application 2 Application 3 Secure Microkernel-based Hypervisor Solution used in Defense The ultimate solution for SCADA systems security Critical Applications Virtual Device Drivers Middleware Networking Guest Operating Systems INTEGRITY Secure VM INTEGRITY Secure VM ASP BSP INTEGRITY Multivisor Core 1 Core 2 Core 3 Core 4 Core N VGA USB Eth 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 27
28 Proof by independent certification Certifying Authority Level Achieved Applicability Industry FAA DO-178B Level A Reliability, Safety Avionics EASA DO-178B Level A Reliability, Safety Avionics NSA EAL6+, High Robustness, Type 1 Security Defense FDA Class II, III Reliability, Safety Medical TUV Nord, Exida IEC 61508: SIL 3 Safety Industrial Automation TUV Nord, Exida EN 50128: SWSIL 4 Safety Rail, Transportation Transdyne Corp. SEI/CMMI Certified Quality All IEEE and The Open Group IEEE POSIX Certified Open, Interoperable All 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 28
29 References 1. NCS Technical Information Bulletin 04-1, Supervisory Control and Data Acquisition (SCADA) Systems, Oct Critical Infrastructure Protection Challenges in Securing Control Systems, General Accounting Office (GAO) Report, GAO T, October 1, Information Security, General Accounting Office (GAO) Report, GAO T, May 19, Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 29
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationSecurity Testing in Critical Systems
Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base
More informationCloud Computing for SCADA
Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationAUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005
AUDITOR GENERAL S REPORT Protection of Critical Infrastructure Control Systems Report 5 August 2005 Serving the Public Interest Serving the Public Interest THE SPEAKER LEGISLATIVE ASSEMBLY THE PRESIDENT
More informationfor Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs
for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote
More informationDecrease your HMI/SCADA risk
Decrease your HMI/SCADA risk Key steps to minimize unplanned downtime and protect your organization. Are you running your plant operations with serious risk? Most industrial applications lack recommended
More informationSecurity Aspects of SCADA and Corporate Network Interconnection: An Overview
Security Aspects of SCADA and Corporate Network Interconnection: An Overview Paulo S. Motta Pires Luiz Affonso H.G. Oliveira Departamento de Engenharia de Computação e Automação Universidade Federal do
More informationPLCs and SCADA Systems
Hands-On Programmable Logic Controllers and Supervisory Control / Data Acquisition Course Description This extensive course covers the essentials of SCADA and PLC systems, which are often used in close
More informationVulnerabilities in SCADA and Critical Infrastructure Systems
International Journal of Future Generation Communication and Networking 99 Vulnerabilities in SCADA and Critical Infrastructure Systems Rosslin John Robles 1, Min-kyu Choi 1, Eun-suk Cho 1, Seok-soo Kim
More informationOptimizing and Securing an Industrial DCS with VMware
Optimizing and Securing an Industrial DCS with VMware Global Process Automation deploys a new DCS using VMware to create a secure and robust operating environment for operators and engineers. by Doug Clarkin
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationSecurity 4.0 - Security by Separation
Security 4.0 - Security by Separation Making Industrial Control Systems More Secure Author(s): Date: Version Mehmet Özer 19.05.2015 v1.0 SYSGO AG 1 Agenda Security Challenges IoT Architecture for Industrial
More informationSCADA Security Training
SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,
More informationInformation Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014
QUESTIONS ANSWERS Q1 How many locations and can all locations be tested from a A1 5 locations and not all tests can be performed from a central location? central location. Q2 Connection type between location
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationPenetration testing & Ethical Hacking. Security Week 2014
Penetration testing & Ethical Hacking Security Week 2014 Agenda Penetration Testing Vulnerability Scanning Social engineering Security Services offered by Endava 2 3 Who I am Catanoi Maxim Information
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationDNP Serial SCADA to SCADA Over IP: Standards, Regulations Security and Best Practices
DNP SCADA to SCADA Over : Standards, Regulations Security and Best Practices Earl Emerson, Director Systems Engineering RAD Data Communications 2014 Utilities Telecom Council of Canada Motivations for
More informationNetwork Security Infrastructure Testing
Network Security Infrastructure Testing Version 1.2 October 12, 2005 Prepared by: Sandia National Laboratories Center for SCADA Security Project Lead Ray Parks Technical Lead Jason Hills Technical Support
More informationBefore we can talk about virtualization security, we need to delineate the differences between the
1 Before we can talk about virtualization security, we need to delineate the differences between the terms virtualization and cloud. Virtualization, at its core, is the ability to emulate hardware via
More informationCyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity)
Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity) Abstract Strong identity management enforced with digital authentication mechanisms
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationHigh rate and Switched WiFi. WiFi 802.11 QoS, Security 2G. WiFi 802.11a/b/g. PAN LAN Cellular MAN
Security Issues and Quality of Service in Real Time Wireless PLC/SCADA Process Control Systems Dr. Halit Eren & Dincer Hatipoglu Curtin University of Technology (Perth Australia) 2/27/2008 1 PRESENTATION
More informationINTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT
Utilities WHITE PAPER May 2013 INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Table of Contents Introduction...3 Problem Statement...4 Solution Requirements...5 Components of an Integrated
More informationSession 14: Functional Security in a Process Environment
Abstract Session 14: Functional Security in a Process Environment Kurt Forster Industrial IT Solutions Specialist, Autopro Automation Consultants In an ideal industrial production security scenario, the
More informationThe Advantages of an Integrated Factory Acceptance Test in an ICS Environment
The Advantages of an Integrated Factory Acceptance Test in an ICS Environment By Jerome Farquharson, Critical Infrastructure and Compliance Practice Manager, and Alexandra Wiesehan, Cyber Security Analyst,
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationDeltaV System Cyber-Security
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
More informationIT Security and OT Security. Understanding the Challenges
IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control
More informationCYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric
CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial
More informationAn Introduction to SCADA-ICS System Security. Document Number IG-101 Document Issue 0.1 Issue date 03 February 2015
An Introduction to SCADA-ICS System Security Document Number IG-101 Document Issue 0.1 Issue date 03 February 2015 Overview Supervisory Control And Data Acquisition (SCADA) for Industrial Control Systems
More informationVirtualization. Michael Tsai 2015/06/08
Virtualization Michael Tsai 2015/06/08 What is virtualization? Let s first look at a video from VMware http://bcove.me/x9zhalcl Problems? Low utilization Different needs DNS DHCP Web mail 5% 5% 15% 8%
More informationThe State-of-the-State of Control System Cyber Security
The State-of-the-State of Control System Cyber Security Prepared for HTCIA September 19, 2012 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com Summary Control systems are
More informationFundamental Issues: Nuclear Generators Lead Cyber Security
power eng.com http://www.power eng.com/articles/npi/print/volume 8/issue 5/nucleus/fundamental issues nuclear generators lead cybersecurity.html Fundamental Issues: Nuclear Generators Lead Cyber Security
More informationIndustrial Internet of Things Bears Fruit with Connected Services for Plant Assets and Fleet Migration
Industrial Internet of Things Bears Fruit with Connected Services for Plant Assets and Fleet Migration Peter Reynolds Director of Consulting ARC Advisory Group PReynolds@ARCweb.com Twitter @PeterDReynolds
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationBuilding a Penetration Testing Virtual Computer Laboratory
Building a Penetration Testing Virtual Computer Laboratory User Guide 1 A. Table of Contents Collaborative Virtual Computer Laboratory A. Table of Contents... 2 B. Introduction... 3 C. Configure Host Network
More informationWhen a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.
Ethical Hacking and Countermeasures Course Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationIntegrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation.
Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems Enzo M. Tieghi etieghi@visionautomation.it Security IT & Control System Security: where are we?
More informationUnderstanding SCADA System Security Vulnerabilities
Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen
More informationNetwork Cyber Security. Presented by: Motty Anavi RFL Electronics
Network Cyber Security Presented by: Motty Anavi RFL Electronics Agenda Cyber Security Threats Defense Strategy & Consequences Next Generation Networking ICS Vulnerabilities Liabilities Next Gen Networking
More informationSCADA Security: Challenges and Solutions
SCADA Security: Challenges and Solutions June 2011 / White paper by Metin Ozturk, Philip Aubin Make the most of your energy Summary Executive Summary... p 2 Protecting Critical Infrastructure Includes
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationErik Johansson, 091027, erik.z.johansson@se.abb.com Virtualization in Control Systems Possibilities and Challenges
Erik Johansson, 091027, erik.z.johansson@se.abb.com Virtualization in Control Systems Possibilities and Challenges ABB Group October 19, 2009 Slide 1 Possibilities and Challenges The open debate of virtualization
More informationINSPIRE: INcreasing Security and Protection through Infrastructure REsilience
INSPIRE: INcreasing Security and Protection through Infrastructure REsilience Salvatore D Antonio University of Naples Parthenope Consorzio Interuniversitario Nazionale per l Informatica 20th of May 2010
More informationTest di sicurezza in ambienti Smart Grid e SCADA
Test di sicurezza in ambienti Smart Grid e SCADA Simone Riccetti, IBM Italy simone.riccetti@it.ibm.com Agenda SCADA/Smart Grid overview SCADA/Smart Grid security issues Security test challenges Testing
More informationDr. György Kálmán gyorgy@mnemonic.no
COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats
More informationSECURITY CONSIDERATIONS FOR LAW FIRMS
SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,
More informationConsiderations for Hybrid Communications Network Technology for Pipeline Monitoring
Considerations for Hybrid Communications Network Technology for Pipeline Monitoring Craig Held White Paper April 2012 Abstract The concept of automation (and its corresponding technologies) is a primary
More informationSymphony Plus Cyber security for the power and water industries
Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber Security_3BUS095402_(Oct12)US Letter.indd 1 01/10/12 10:15 Symphony Plus Cyber security for the power and water industries
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationVMWARE Introduction ESX Server Architecture and the design of Virtual Machines
Introduction........................................................................................ 2 ESX Server Architecture and the design of Virtual Machines........................................
More informationVirtualization System Security
Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability
More informationTufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.
Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationCritical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn
Critical Infrastructure Security: The Emerging Smart Grid Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn Overview Assurance & Evaluation Security Testing Approaches
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY
ISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY Dr. Gregg Wildes DornerWorks www.dornerworks.com Embedded Systems Engineering for Security and Safety-Critical Systems Where Hardware
More informationEnabling Technologies for Distributed Computing
Enabling Technologies for Distributed Computing Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF Multi-core CPUs and Multithreading Technologies
More informationWhat is Really Needed to Secure the Internet of Things?
What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices
More informationUpdate On Smart Grid Cyber Security
Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats
More informationVirtualization Technology
Virtualization Technology A Manifold Arms Race Michael H. Warfield Senior Researcher and Analyst mhw@linux.vnet.ibm.com 2008 IBM Corporation Food for Thought Is Virtual Reality an oxymoron or is it the
More informationWIND RIVER SECURE ANDROID CAPABILITY
WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion
More informationWindows Server Virtualization & The Windows Hypervisor
Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick
More informationParavirtualization Figure 1.
HRG Insight: Virtualization Virtualization? Everyone has heard about it but even the term conjures up a hazy, intangible image. It is one of those technology topics many CIOs and IT decision-makers would
More informationAre you prepared to be next? Invensys Cyber Security
Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber
More informationGE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems
GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used
More informationVirtualization and Cloud Computing
Virtualization and Cloud Computing Security is a Process, not a Product Guillermo Macias CIP Security Auditor, Sr. Virtualization Purpose of Presentation: To inform entities about the importance of assessing
More informationRED HAT ENTERPRISE VIRTUALIZATION
Giuseppe Paterno' Solution Architect Jan 2010 Red Hat Milestones October 1994 Red Hat Linux June 2004 Red Hat Global File System August 2005 Red Hat Certificate System & Dir. Server April 2006 JBoss April
More informationM.Sc. IT Semester III VIRTUALIZATION QUESTION BANK 2014 2015 Unit 1 1. What is virtualization? Explain the five stage virtualization process. 2.
M.Sc. IT Semester III VIRTUALIZATION QUESTION BANK 2014 2015 Unit 1 1. What is virtualization? Explain the five stage virtualization process. 2. What are the different types of virtualization? Explain
More informationN-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
More informationProcess Control Networks Secure Architecture Design
Process Control Networks Secure Architecture Design Guest Speaker Robert Alston Principle Lead Network and Security Consultant Over 25 years network experience including design, implementation, troubleshooting
More informationCritical IT-Infrastructure (like Pipeline SCADA systems) require cyber-attack protection
Critical IT-Infrastructure (like Pipeline SCADA systems) require cyber-attack protection Tobias WALK ILF Consulting Engineers GmbH Germany Abstract Pipeline Supervisory Control And Data Acquisition (SCADA)
More informationA Concise Model to Evaluate Security of SCADA Systems based on Security Standards
A Concise Model to Evaluate Security of SCADA Systems based on Security Standards Nasser Aghajanzadeh School of Electrical and Computer Engineering, Shiraz University, Shiraz, Iran Alireza Keshavarz-Haddad
More informationProtecting Organizations from Cyber Attack
Protecting Organizations from Cyber Attack Cliff Glantz and Guy Landine Pacific Northwest National Laboratory (PNNL) PO Box 999 Richland, WA 99352 cliff.glantz@pnnl.gov guy.landine@pnnl.gov 1 Key Topics
More informationMaintaining HMI and SCADA Systems Through Computer Virtualization
Maintaining HMI and SCADA Systems Through Computer Virtualization Jon Reeser Systems Engineer PROFI-VISION Automation 1150 Glenlivet Drive Allentown, PA 18106 jon.reeser@profi-vision.com Thomas Jankowski
More informationHow Secure is Your SCADA System?
How Secure is Your SCADA System? Charles Drobny GlobaLogix, Inc. Houston, TX, USA Our Industry is a Target 40% of cyber attacks on Critical Infrastructure targets are aimed at the Energy Industry The potential
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationSecure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment
Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment Introduction 1 Distributed SCADA security 2 Radiflow Defense-in-Depth tool-set 4 Network Access
More informationPrinciples of Information Assurance Syllabus
Course Number: Pre-requisite: Career Cluster/Pathway: Career Major: Locations: Length: 8130 (OHLAP Approved) Fundamentals of Technology or equivalent industry certifications and/or work experience. Information
More informationDocument ID. Cyber security for substation automation products and systems
Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has
More informationOPCNet Broker TM for Industrial Network Security and Connectivity
OPCNet Broker TM for Industrial Network Security and Connectivity Tunneling Process Data Securely Through Firewalls A Solution To OPC - DCOM Connectivity from Integration Objects Compatible for DA, HDA
More informationSCADA System Security, Complexity, and Security Proof
SCADA System Security, Complexity, and Security Proof Reda Shbib, Shikun Zhou, Khalil Alkadhimi School of Engineering, University of Portsmouth, Portsmouth, UK {reda.shbib,shikun.zhou,khalil.alkadhimi}@port.ac.uk
More informationOff-the-shelf Packaged Software Systems And Custom Software Analysis By Gamal Balady MASS Group, Inc.
Off-the-shelf Packaged Software Systems And Custom Software Analysis By Gamal Balady MASS Group, Inc. April 1, 2004 1 Presentation Overview I. Packaged Software Systems vs. Custom Software Systems II.
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationHardware/microprocessor Run- time executive (real- time OS, hypervisor, etc.) Web messaging infrastructure
Firmware Strategy for the Internet of Cars David Kleidermacher, CTO Green Hills Software The Internet of Things (IoT) trend can be defined as the rapid assimilation of the world s objects (anything that
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g Virtualization: Architectural Considerations and Implementation Options Virtualization Virtualization is the
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationICT Category Sub Category Description Architecture and Design
A A01 Architecture and Design Architecture and Design Enterprise & Business Architecture A02 Architecture and Design Information Architecture A03 Architecture and Design Solution Architecture B Benchmarking
More informationA 360 degree approach to security
June 2012, issue 1-1 SCADA communications A 360 degree approach to security Contents 1. The need for 360 degree security 2 2. Considerations in a 360 degree approach 3 3. Implementing a 360 degree approach
More informationWHITE PAPER. Securing Process Control Networks
WHITE PAPER Securing Process Control Networks WHITE PAPER Securing Process Control Networks Page 1 Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), Programmable Logic
More informationFOXBORO. I/A Series SOFTWARE Product Specifications. I/A Series Intelligent SCADA SCADA Platform PSS 21S-2M1 B3 OVERVIEW
I/A Series SOFTWARE Product Specifications Logo I/A Series Intelligent SCADA SCADA Platform PSS 21S-2M1 B3 The I/A Series Intelligent SCADA Platform takes the traditional SCADA Master Station to a new
More informationSecurely Connect, Network, Access, and Visualize Your Data
Securely Connect, Network, Access, and Visualize Your Data 1 Who is Skkynet? Skkynet is the Parent company of; - Cogent Real-Time Systems Established in 1994 Focus on Industrial Automation software Cogent
More informationEnergy Cybersecurity Regulatory Brief
Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider
More informationState of the State of Control System Cyber Security
State of the State of Control System Cyber Security Joe Weiss, PE, CISM IEEE PES San Francisco Section October 15, 2007 What Are the Goals Maintain reliability and availability Minimize intentional and
More informationEnabling Technologies for Distributed and Cloud Computing
Enabling Technologies for Distributed and Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Multi-core CPUs and Multithreading
More information