Step by Step: The Journey to Secure SCADA Systems
|
|
- Karin Mills
- 8 years ago
- Views:
Transcription
1 Step by Step: The Journey to Secure SCADA Systems Miguel Chavero Dec 2012
2 IBERDROLA OVERVIEW Installed Capacity Total Production +286% % Dirección de Servicios Negocio Liberalizado Europa Continental 2
3 IBERDROLA OVERVIEW MW x MW Renewable, 3 Hydro, 21 Coal, 27 Renewable, 29 Hydro, 51 Nuclear, 7 Cogen, 2 Coal, 10 Nuclear, 20 Combined Cicle, Dirección de Servicios Negocio Liberalizado Europa Continental 3
4 IBERDROLA OVERVIEW EBITDA (MM ) EBITDA by Bussiness Renewable Liberalized Regulated Dirección de Servicios Negocio Liberalizado Europa Continental 4
5 IBERDROLA OVERVIEW EBITDA by Country KPI s (MM ) Brazil Spain USA Gross Margin Net Op. Exp. UK EBITDA Dirección de Servicios Negocio Liberalizado Europa Continental 5
6 IBERDROLA OVERVIEW SANTURCE 396 MW, 109FA CASTEJÓN 379 MW, 109FA We lead the construction of combined cycle power plants on Spain MW since 2001 TARRAGONA POWER 417 MW, 1FA CASTELLÓN A 782 MW, 209FA ARCOS I y II 783 MW, 2X109 FA ARCOS III 823 MW, 209FB ACECA 386 MW, 109FA CASTELLÓN B 839 MW, 209FB ESCOMBRERAS 816 MW, 209FB Dirección de Servicios Negocio Liberalizado Europa Continental 6
7 Chinese philosopher Lao-Tzu said, A journey of a thousand miles begins with a single step, SECURITY IS NOT A PRODUCT IS A PROCESS Dirección de Servicios Negocio Liberalizado Europa Continental 7
8 ISO Information is an asset that, like other important business assets, is essential to an organization s business and consequently needs to be suitably protected. This is especially important in the increasingly interconnected business environment. As a result of this increasing interconnectivity, information is now exposed to a growing number and a wider variety of threats and vulnerabilities. ASSETS => MANAGE RISKS => REVENUES CYBERSECURITY = RISK Dirección de Servicios Negocio Liberalizado Europa Continental 8
9 Electrical Sector After11-S, Department of Homeland Security appeared Since > CIP standards mandatory Since > Nuclear CyberSecurity Standards. 1M USD / day!! penalty UK leading (CNPI), EU still starting Dirección de Servicios Negocio Liberalizado Europa Continental 9
10 Our Journey 2005: EPRI Program 86 EIS (Energy Informatio n Security) 2005: Started AURA Project 2006: AURA.PER IN Project (Firewallin g) on CCGT s 2006: CISSP Certificati on and SANS training 2007: First CyberSecu rity Plan for Thermal Stations 2007: EPRI PowerSec (sectorial benchmar king) 2007: AURA.XXXX projects started 2009: Coal Stations projects 2011: COGEN stations projects 2012: Collaboration with Nuclear stations Dirección de Servicios Negocio Liberalizado Europa Continental 10
11 AURA PROJECT = The Beginning. Impact on your assets RISKS! Consecuences on your process ACTIONS! Dirección de Servicios Negocio Liberalizado Europa Continental 11
12 AURA PROJECT Dirección de Servicios Negocio Liberalizado Europa Continental 12
13 D N B T P W V AURA PROJECT ADH Contramedidas Punto Acceso #2: NINGUNA GT ST UDH/ ArcNet GE Atlanta OSM HMI HMI PDH Contramedidas Punto Acceso #6: NINGUNA WAN DCG PDA VIB PI AW AW NODE BUS RTU Router Contramedidas Punto Acceso #3: NINGUNA IT-MONITOR Contramedidas Punto Acceso #1: Firewall s WAN IBERDROLA INTERNET Otras Redes Contramedidas Punto Acceso #5: VPN s CP CP CP PLC CEMS PC-PLC PC-PLC MEDIOAMBIENTE Fabricante Contramedidas Punto Acceso #4: NINGUNA Casetas Gobierno Host Dirección de Servicios Negocio Liberalizado Europa Continental 13
14 AURA PROJECT Dirección de Servicios Negocio Liberalizado Europa Continental 14
15 AURA PROJECT La Laguna 500 MW Monterrey III 1000 MW Jun 02 Tamazunchale 1000 MW Junio 07 Altamira III y IV 1000 MW Altamira V Nov MW Jun 06 CT Pasajes 200 MW Jun 09 CT Velilla 400 MW Jun 09 Aceca MW Jun 05 Termopernambuco 500 MW Feb MW CT Lada Jul MW Jun 09 Arcos 1 y MW Dic 04 Arcos MW Jun 05 EW Vitoria, Aranda, Valladolid Santurce 4 EW Cartagena 150 MW Jul MW Ene 05 Escombreras MW Nov 06 Castejón MW Abr 03 Castellón MW Sep 02 CN Cofrentes MW Sep 10 CC Riga 400 MW Tarragona Power 400 MW Ene 04 Castellón MW Dic 07 Dirección de Servicios Negocio Liberalizado Europa Continental 15
16 D N B T P W V AURA PROJECT AURA.ANVIR AURA.CABSE AURA.NETMON AURA.SECDIS GT ST UDH/ ArcNet ADH Contramedidas Punto Acceso #2: Migrar a conexión Red a Red GERES-RT134 OSM PDA VIB PI HMI AW HMI AW PDH NODE BUS RTU Contramedidas Punto Acceso #6: A estudiar Router? PDTE. WAN DCG Fabricante IT-MONITOR Contramedidas Punto Acceso #1: Firewall s + Doble Factor + WAN Encriptación + IBERDROLA Detección Intrusión Host Contramedidas INTERNET Punto Acceso #5: VPN s + Doble Factor Otras Redes CP CP AURA.PERIN AURA.DETIN AURA.SECAR/GESUR AURA.ENCRIPTA AURA.SECAR/GESUR CP PLC CEMS PC-PLC PC-PLC MEDIOAMBIENTE AURA.DIALUP RAS Casetas Gobierno Contramedidas Punto Acceso #3 y #4: RAS con CHAP Dirección de Servicios Negocio Liberalizado Europa Continental 16
17 MODE SYST RPS MASTR STAT DUPLX SPEED 1X 2X X 12X 13X 14X X 24X Catalyst 2960 SERIES 1 2 MODE SYST RPS MASTR STAT DUPLX SPEED 1X 2X X 12X 13X 14X X 24X Catalyst 2960 SERIES 1 2 AURA.PERIN CABLE RED PLANO CABLE RED CRUZADO CABLE ALIMENTACIÓN RED CORPORATIVA IBERDROLA 220 V - SAI External FWPERCGARA01 Lan1/Sync External Lan1/Sync FWPERCGARA02 DMZ Consola Consola Internal 220 V - RED TV2 + TV2 Touch Pannel Internal DMZ Port 1 Fa1 Port 2 BOP/HSRG Port 3 CYCLACGARA Port 4 HMICGARA HMITV+Resto elementos SWPERCGARA01 Gi0/2 Gi0/1 Consola Fa0/1 Fa0/2 Fa0/1 Fa0/2 Consola Fa0/8Fa0/9 Fa0/17 Fa0/6 Fa0/15 Fa0/12 Fa0/5 Fa0/24 Fa0/11 Fa0/12 Fa0/24 Fa0/5 Fa0/16 Gi0/1 Gi0/2 Fa0/11 Fa0/6 Fa0/13 SWPERCGARA02 Woodward NetCon RED-2 VOLANTE (PDA) AP RWIFICGARA SWITCH OFICINA RSA RED-1 RED-2 RED-1 RED-3 RSA RED-1 RED-2 RSA OSMCGARA TV1 GW EMERSON HSTCGARA NIDSCGARA OPCCGARA PTA Dirección de Servicios Negocio Liberalizado Europa Continental 17
18 AURA.DETIN (NIDS + HIDS) Dirección de Servicios Negocio Liberalizado Europa Continental 18
19 AURA.ANVIR IBERDROLA Network Firewall Perimetral CMDS AutoFTP Manager Gestor Actualizaciones Ficheros Ciclo Combinado #1 Firewall Perimetral INTRANET INTERNET Firewall Corporativo Web Fabricante Ciclo Combinado #n Firewall Perimetral Dirección de Servicios Negocio Liberalizado Europa Continental 19
20 AURA.BACKUP Automated Backups/Restores Dirección de Servicios Negocio Liberalizado Europa Continental 20
21 AURA.BACON Users Off-Line On-Line Networking devices OS + APP s Cyphered e-safe Dirección de Servicios Negocio Liberalizado Europa Continental 21
22 AURA.SECAR Network to Network Dirección de Servicios Negocio Liberalizado Europa Continental 22
23 AURA.SECAR Network to Network Dirección de Servicios Negocio Liberalizado Europa Continental 23
24 AURA.SECAR Host to Network Dirección de Servicios Negocio Liberalizado Europa Continental 24
25 -0,2-0,4 The Journey to Secure SCADA Systems -0,6 AURA.CPD ,00 horas /05/2012 7:44:28 not available not available not available not available 0-0, /05/2012 7:44:28 24,00 horas 08/05/2012 7:44:28 UNIT 1 - Valor Sensor 1 20,000 50,000 52,000 20,000 0,0000 0,0000 0,0000 0,0000 0,0000 0,0000 0,0000 0,0000 0,0000 0,0000 0,0000 0, , , , :unit1SensorValue:1 20, :unit1SensorValue:2 50, :unit1SensorValue:3 52, :unit1SensorValue:4 20, , ,00 horas /05/2012 7:44: /05/2012 7:44: /05/2012 7:44:29 UNIT 1 - Valor Sensores Temperatura :unit1SensorValue:1 20, :unit1SensorValue:4 20,000 SETPOINT LOW.Value 10 SETPOINT WARNING.value 30 SETPOINT HIGH.Value /05/2012 7:44:29 24,09 horas UNIT 1 - Valor Sensores Humedad 08/05/2012 7:50: :unit1SensorValue:2 50, :unit1SensorValue:3 52, SETPOINT LOW_.Value SETPOINT WARNING_.Value /05/2012 7:44:29 24,09 horas 08/05/2012 7:50:02 SETPOINT HIGH_.Value 85 Dirección de Servicios Negocio Liberalizado Europa Continental 25
26 AURA.CPD Dirección de Servicios Negocio Liberalizado Europa Continental 26
27 AURA LABCON DCS MKVI de GE Turbogrup DCS I/A Invensys BOP & Boiler PLC S7400 Siemens Real Sensors LAB Field Points - National Instruments Real PROCESS (Combined Cycels, Coal, Cogen, etc) LAB PC with Models using Labview 2 Dirección de Servicios Negocio Liberalizado Europa Continental 27
28 AURA.xxxx Other Projects AURA.ARMIA: Physical SAFES for backups and media devices. AURA.CABSE: Physical protection against wilfull damages on Network pactch cords and networking devices AURA.ENCRIPTA: Comunnication channels encryptation (256 AES) AURA.NETMON: SCADA end-point and network devices monitoring AURA.DAPLI: Lay-Out and protocols documentation AURA.CENLOG: SIEM tool AURA.DETIN 2.0: Netwitness tool Dirección de Servicios Negocio Liberalizado Europa Continental 28
29 AURA PROJECT: AWARENESS AND POLICIES INFORMATION CLASSIFICATION CRITICAL CYBER ASSETS ASSESMENT EQUIPMENT INVENTORY APPLICATION INVENTORY PHYSICAL LAY- OUTS NELIB Global Criteria BY BUSSINESS LOGIC LAY-OUTS CYBERSECURITY INCIDENT RESPONSE CHANGE MANAEMENT INCIDENT DATABASE CHANGE DATABASE Dirección de Servicios Negocio Liberalizado Europa Continental 29
30 AURA PROJECT: AWARENESS AND POLICIES MALWARE PROTECTION End-Point Secured Inventory BACKUP/RESTORE Maintenance procedures REMOVABLES DEVICES Granted Devices Inventory Procedure Records TECHNICAL PROCEDURES THIRD PARTY DEVICES USAGE Approval Form CREDENTIAL MANAGEMENT Chypered Safe REMOTE ACCESS Granted Provides Inventory NETWORK GUIDELINES Lay-Out Templates Dirección de Servicios Negocio Liberalizado Europa Continental 30
31 AURA PROJECT: AWARENESS AND POLICIES Key-Users awareness through webex Upper Management reporting Key-Users Technical reporting Never give up.keep fighting.. Dirección de Servicios Negocio Liberalizado Europa Continental 31
32 The journey never ends doing now Dirección de Servicios Negocio Liberalizado Europa Continental 32
33 AURA.MARS CONCEPT What is MARS? A hollistic approach to Security Monitoring and Response Why MARS? Because threats are complex, resources are scarce, and response time is critical How is MARS different from standard approaches? We use both the standard and the most advanced Security Strategies and Technologies and highly integrate and automate them so they can work together efficiently Dirección de Servicios Negocio Liberalizado Europa Continental 33
34 AURA.MARS CONCEPT (Note: Nothing to do with Cisco MARS) Dirección de Servicios Negocio Liberalizado Europa Continental 34
35 AURA.MARS CONCEPT Dirección de Servicios Negocio Liberalizado Europa Continental 35
36 AURA SECDIS End-Point Security Whitelisting + Sandboxing Dirección de Servicios Negocio Liberalizado Europa Continental 36
37 AURA e-conseg Reporting Web Console Dirección de Servicios Negocio Liberalizado Europa Continental 37
38 Fighting with STANDARS ISO ISA-99 NIST CIP RG 5.71 SANS CERT CPNI Getting the most Fitting legal/bussiness requirements Dirección de Servicios Negocio Liberalizado Europa Continental 38
39 SANS TOP 20 CONTROLS SANS CONTROL Critical Control 1: Inventory of Authorized and Unauthorized Devices Critical Control 2: Inventory of Authorized and Unauthorized Software Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers Critical Control 4: Continuous Vulnerability Assessment and Remediation Critical Control 5: Malware Defenses IBERDROLA STATUS COMMENTS Nowadays defining templates Procedure in place, resources pending Dirección de Servicios Negocio Liberalizado Europa Continental 39
40 SANS TOP 20 CONTROLS SANS CONTROL Critical Control 6: Application Software Security IBERDROLA STATUS COMMENTS Whitelisting Critical Control 7: Wireless Device Control Critical Control 8: Data Recovery Capability Critical Control 9: Security Skills Assessment and Appropriate Training to Fill Gaps Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Never ending Vendor restrictions Dirección de Servicios Negocio Liberalizado Europa Continental 40
41 SANS TOP 20 CONTROLS SANS CONTROL Critical Control 11: Limitation and Control of Network Ports, Protocols, and Services IBERDROLA STATUS COMMENTS Critical Control 12: Controlled Use of Administrative Privileges Very difficult on SCADA environment Critical Control 13: Boundary Defense Critical Control 14: Maintenance, Monitoring, and Analysis of Audit Logs Critical Control 15: Controlled Access Based on the Need to Know Very difficult on SCADA environment Dirección de Servicios Negocio Liberalizado Europa Continental 41
42 SANS TOP 20 CONTROLS SANS CONTROL Critical Control 16: Account Monitoring and Control IBERDROLA STATUS COMMENTS Critical Control 17: Data Loss Prevention Critical Control 18: Incident Response and Management Critical Control 19: Secure Network Engineering Critical Control 20: Penetration Tests and Red Team Exercises Waiting for resources Dirección de Servicios Negocio Liberalizado Europa Continental 42
43 CONCLUSIONS TAKE YOUR TIME!!!! Holistic approach required. Be GLOBAL Focus on your own risks, each business is different!!! You have to assume some risks (i.e.: vendor restrictions) Be ready for the impact!!!!. Recovery Disaster procedures very important Do not miss forensics tools and procedures Testing facilities is a must There is not a super product. Integration is required Working close to your control system vendors, remember they are not good!!! Open Source helps do not miss it!!! Never walk alone.internal and external support is critical!!! Dirección de Servicios Negocio Liberalizado Europa Continental 43
44 Spanish writer Antonio Machado said, Caminante, no hay camino se hace camino al andar, Walker, there is no path, you do it when you walks Miguel Chavero CISSP#: Dirección de Servicios Negocio Liberalizado Europa Continental 44
Critical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationIT Security and OT Security. Understanding the Challenges
IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control
More informationFleet Optimization. How Enterprise Infrastructure Enables Utilities. By Mark Brown, Power Business Development Executive
Fleet Optimization How Enterprise Infrastructure Enables Utilities By Mark Brown, Power Business Development Executive Brief Agenda Overview of OSIsoft in Power Generation Overview of Iberdrola s Fossil
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationVerve Security Center
Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationGE Measurement & Control. Cyber Security for NERC CIP Compliance
GE Measurement & Control Cyber Security for NERC CIP Compliance GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used for purposes
More informationSupporting our customers with NERC CIP compliance. James McQuiggan, CISSP
Supporting our customers with NERC CIP compliance James, CISSP Siemens Energy Sector Energy products and solutions - in 6 Divisions Oil & Gas Fossil Power Generation Renewable Energy Service Rotating Equipment
More informationCheck Point and Security Best Practices. December 2013 Presented by David Rawle
Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationJumpstarting Your Security Awareness Program
Jumpstarting Your Security Awareness Program Michael Holcomb Director, Information Security HO20110473 1 Jumpstarting Your Security Awareness Program Classification: Confidential Owner: Michael Holcomb
More informationControl System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems
Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems James Goosby Manager I&C Systems and Field Support 19 th Annual ARC Industry Forum Agenda About Us Compliance
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?
ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationApplication White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off
Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.
More information5 Steps to Advanced Threat Protection
5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious
More informationBuilding a More Secure and Prosperous Texas through Expanded Cybersecurity
Building a More Secure and Prosperous Texas through Expanded Cybersecurity Bob Butler Chairman, Texas Cybersecurity, Education and Economic Development Council April 2013 About the Texas Cybersecurity
More informationThe Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole
The Future Is SECURITY THAT MAKES A DIFFERENCE Overview of the 20 Critical Controls Dr. Eric Cole Introduction Security is an evolution! Understanding the benefit and know how to implement the 20 critical
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationDecrease your HMI/SCADA risk
Decrease your HMI/SCADA risk Key steps to minimize unplanned downtime and protect your organization. Are you running your plant operations with serious risk? Most industrial applications lack recommended
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationGreat Now We Have to Secure an Internet of Things. John Pescatore SANS Director, Emerging Security Trends @John_Pescatore
Great Now We Have to Secure an Internet of Things John Pescatore SANS Director, Emerging Security Trends @John_Pescatore 1 What the Heck is That?? 2 Different Views of the Internet of Things 3 Different
More informationSecurity for. Industrial. Automation. Considering the PROFINET Security Guideline
Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures
More informationWasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute
Wasting Money on the Tools? Automating the Most Critical Security Controls Bonus: Gaining Support From Top Managers for Security Investments Mason Brown Director, The SANS Institute The Most Trusted Name
More informationSCADA/Business Network Separation: Securing an Integrated SCADA System
SCADA/Business Network Separation: Securing an Integrated SCADA System This white paper is based on a utility example but applies to any SCADA installation from power generation and distribution to water/wastewater
More informationSecure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationThree Simple Steps to SCADA Systems Security
Three Simple Steps to SCADA Systems Security Presented by: Gabe Shones, PE / Gilbert Kwan, PE Insert Photo Here Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationIndependent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN
Independent Security Operations Oversight and Assessment Captain Timothy Holland PM NGEN 23 June 2010 Independent Security Operations Oversight and Assessment Will Jordan NGEN Cyber Security 23 June 2010
More informationThe Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security
The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense Tony Sager The Center for Internet Security Classic Risk Equation Risk = { Vulnerability, Threat, Consequence } countermeasures
More informationDr. György Kálmán gyorgy@mnemonic.no
COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats
More informationNew Era in Cyber Security. Technology Development
New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security
More informationQUESTIONS & RESPONSES #2
QUESTIONS & RESPONSES #2 RFP / TITLE 070076 IT Cybersecurity Assessment and Plan CONTACT Michael Keim, CPPB, Sr. Contract Adminstrator EMAIL procurement@portoftacoma.com PHONE NUMBER 253-428-8608 SUBMITTAL
More informationCYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric
CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial
More informationAssessing the Effectiveness of a Cybersecurity Program
Assessing the Effectiveness of a Cybersecurity Program Lynn D. Shiang Delta Risk LLC, A Chertoff Group Company Objectives Understand control frameworks, assessment structures and scoping of detailed reviews
More informationIndustrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities
Industrial Cyber Security Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities WE HEAR ABOUT CYBER INCIDENTS EVERY DAY IN THE NEWS, BUT JUST HOW RELEVANT ARE THESE
More informationOne-Man Shop. How to build a functional security program with limited resources DEF CON 22
One-Man Shop How to build a functional security program with limited resources DEF CON 22 One-Man Shop Agenda Caveats & Considerations People and Processes Network Architecture System Design Continuous
More informationGE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems
GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used
More informationJohn M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com
NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)
More informationCYBER SECURITY. Is your Industrial Control System prepared?
CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect Operation & Optimization Software Activity Schneider-Electric Challenges What challenges are there
More informationSmall Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationIntegrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation.
Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems Enzo M. Tieghi etieghi@visionautomation.it Security IT & Control System Security: where are we?
More informationSCADA Security Training
SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationWhite Paper: Consensus Audit Guidelines and Symantec RAS
Addressing the Consensus Audit Guidelines (CAG) with the Symantec Risk Automation Suite (RAS) White Paper: Consensus Audit Guidelines and Symantec RAS Addressing the Consensus Audit Guidelines (CAG) with
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationSecurity Testing in Critical Systems
Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base
More informationCybersecurity Strategy
SYSTEM SOFT TECHNOLOGIES Cybersecurity Strategy Overview With the exponential growth of cyberspace over the past two decades has come increasing risk of data security breaches involving sensitive and private
More informationNERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com
NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)
More informationGE Measurement & Control. Cyber Security for Industrial Controls
GE Measurement & Control Cyber Security for Industrial Controls Contents Overview...3 Cyber Asset Protection (CAP) Software Update Subscription....4 SecurityST Solution Options...5 Centralized Account
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationNSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense
NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense Cyber Investigations Data Management Systems Security Data Security Analysis Digital Forensics Health Care Security Industrial
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationProtecting productivity with Plant Security Services
Protecting productivity with Plant Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. siemens.com/plant-security-services
More informationSecurity Policy for External Customers
1 Purpose Security Policy for This security policy outlines the requirements for external agencies to gain access to the City of Fort Worth radio system. It also specifies the equipment, configuration
More informationThe Role of Security Monitoring & SIEM in Risk Management
The Role of Security Monitoring & SIEM in Risk Management Jeff Kopec, MS, CISSP Cyber Security Architect Oakwood Healthcare Jeff Bell, CISSP, GSLC, CPHIMS, ACHE Director, IT Security & Risk Services CareTech
More informationSession 14: Functional Security in a Process Environment
Abstract Session 14: Functional Security in a Process Environment Kurt Forster Industrial IT Solutions Specialist, Autopro Automation Consultants In an ideal industrial production security scenario, the
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationAre you prepared to be next? Invensys Cyber Security
Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationNERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice
NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to
More informationNetwork Segmentation
Network Segmentation The clues to switch a PCI DSS compliance s nightmare into an easy path Although best security practices should be implemented in all systems of an organization, whether critical or
More informationAutomating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference
Automating NERC CIP Compliance for EMS Walter Sikora 2010 EMS Users Conference What do we fear? Thieves / Extortionists Enemies/Terrorists Stuxnet Malware Hacker 2025 Accidents / Mistakes 9/21/2010 # 2
More informationSymphony Plus Cyber security for the power and water industries
Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber Security_3BUS095402_(Oct12)US Letter.indd 1 01/10/12 10:15 Symphony Plus Cyber security for the power and water industries
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationSCADA. The Heart of an Energy Management System. Presented by: Doug Van Slyke SCADA Specialist
SCADA The Heart of an Energy Management System Presented by: Doug Van Slyke SCADA Specialist What is SCADA/EMS? SCADA: Supervisory Control and Data Acquisition Retrieves data and alarms from remote sites
More informationCybersecurity Health Check At A Glance
This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationWhat s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1
What s New in PCI DSS 2.0 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1 Agenda PCI Overview PCI 2.0 Changes PCI Advanced Technology Update PCI Solutions 2010 Cisco and/or
More informationSCAC Annual Conference. Cybersecurity Demystified
SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber
More informationInformation Technology Control Framework in the Federal Government Considerations for an Audit Strategy
Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy Presentation to The Institute of Internal Auditors Breakfast Session February 6, 2014 Outline of
More informationCIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System
CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System Purpose CIP-005-5 R2 is focused on ensuring that the security of the Bulk Energy System is not compromised
More informationSystem Security Plan University of Texas Health Science Center School of Public Health
System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many
More informationGE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance
GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationPCI DSS AND THE TOP 20 CRITICAL SECURITY CONTROLS COMPARING SECURITY FRAMEWORKS SERIES
CONFIDENCE: SECURED WHITE PAPER PCI DSS AND THE TOP 20 CRITICAL SECURITY CONTROLS COMPARING SECURITY FRAMEWORKS SERIES ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE BENCHMARKS, STANDARDS, FRAMEWORKS
More informationDHS Chemical Security Program: Cyber Security Requirements
DHS Chemical Security Program: Cyber Security Requirements Steven Burns Energy Bar Association Electricity Regulation & Compliance Committee System Reliability, Planning & Compliance Committee October
More informationDeltaV System Cyber-Security
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
More informationIndustrial Security Solutions
Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats
More informationUtility Modernization Cyber Security City of Glendale, California
Utility Modernization Cyber Security City of Glendale, California Cyber Security Achievements Cyber Security Achievements (cont) 1. Deploying IT Security Awareness training program Q4 2012 2. Purchased
More informationSolving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense
Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense John M. Gilligan Information systems Security Association National Capital Chapter January 19, 2010 1 Topics Background
More informationCONCEPTS IN CYBER SECURITY
CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More information