Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION

Similar documents
AUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

ISACA rudens konference

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

Critical Infrastructure Security and Resilience

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Cyber Security for SCADA/ICS Networks

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

Industrial Security Solutions

SCOPE. September 25, 2014, 0930 EDT

The Comprehensive National Cybersecurity Initiative

This is a preview - click here to buy the full publication

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM

How To Manage Risk On A Scada System

Defending Against Data Beaches: Internal Controls for Cybersecurity

Keeping the Lights On

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

Panel Session: Lessons Learned in Smart Grid Cybersecurity

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Cyber security in an organization-transcending way

Preventing Cyber Security Attacks Against the Water Industry

Protecting Organizations from Cyber Attack

SCADA Security: Challenges and Solutions

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Increasing Energy Reliability & Resiliency NGA Policy Institute for Governors' Energy Advisors Denver Colorado, September 11, 2013

Which cybersecurity standard is most relevant for a water utility?

A Comparison of Oil and Gas Segment Cyber Security Standards

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Waterfall for NERC-CIP Compliance

Oil and Gas Industry A Comprehensive Security Risk Management Approach.

How Secure is Your SCADA System?

Building more resilient and secure solutions for Water/Wastewater Industry

Verve Security Center

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Effective Use of Assessments for Cyber Security Risk Mitigation

Techno Security's Guide to Securing SCADA

Innovative Defense Strategies for Securing SCADA & Control Systems

Securing Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

ICS CYBER SECURITY RKNEAL, INC. Protecting Industrial Control Systems: An Integrated Approach. Critical Infrastructure Protection

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

The State-of-the-State of Control System Cyber Security

SCADA SYSTEMS AND SECURITY WHITEPAPER

Security Testing in Critical Systems

Network & Information Security Policy

2 Gabi Siboni, 1 Senior Research Fellow and Director,

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Threat and Hazard Identification and Risk Assessment

FREQUENTLY ASKED QUESTIONS

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Supplier Vigilance: A Critical Layer of Defense

Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

SecFlow Security Appliance Review

IT Security and OT Security. Understanding the Challenges

DeltaV System Cyber-Security

The Protection Mission a constant endeavor

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

E-Commerce Security Perimeter (ESP) Identification and Access Control Process

Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes

Intelligent. Buildings: Understanding and managing the security risks

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Cybersecurity Delivering Confidence in the Cyber Domain

FFIEC Cybersecurity Assessment Tool

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

Improving SCADA Control Systems Security with Software Vulnerability Analysis

SANS Top 20 Critical Controls for Effective Cyber Defense

SCADA Security Training

Holistic View of Industrial Control Cyber Security

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

INSPIRE: INcreasing Security and Protection through Infrastructure REsilience

CYBER SECURITY GUIDANCE

UF IT Risk Assessment Standard

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

Network/Cyber Security

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Cybersecurity: What CFO s Need to Know

Information Technology Security Review April 16, 2012

Cyber Risk to Help Shape Industry Trends in 2014

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

A Proposed Integration of Hierarchical Mobile IP based Networks in SCADA Systems

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Cisco Security Optimization Service

New Era in Cyber Security. Technology Development

Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

Suzanne B. Schwartz, MD, MBA Director Emergency Preparedness/Operations & Medical Countermeasures (EMCM Program) CDRH/FDA

PACB One-Day Cybersecurity Workshop

How To Secure Your System From Cyber Attacks

Considerations for Hybrid Communications Network Technology for Pipeline Monitoring

Down the SCADA (security) Rabbit Hole. Alberto Volpatto

Oil & Gas Industry Towards Global Security. A Holistic Security Risk Management Approach.

The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency

Transcription:

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION ALBERTO AL HERNANDEZ, ARMY RESERVE OFFICER, SOFTWARE ENGINEER PH.D. CANDIDATE, SYSTEMS ENGINEERING PRESENTATION for ACT-IAC: JUNE 25, 2014

PRESIDENTIAL POLICY DIRECTIVE/PPD-21, February 12, 2013 SUBJECT: Critical Infrastructure Security and Resilience The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience advances a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure. Three strategic imperatives shall drive the Federal approach to strengthen critical infrastructure security and resilience: 1) Refine and clarify functional relationships across the Federal Government to advance the national unity of effort to strengthen critical infrastructure security and resilience; 2) Enable effective information exchange by identifying baseline data and systems requirements for the Federal Government; and 3) Implement an integration and analysis function to inform planning and operations decisions regarding critical infrastructure. The word Cyber is mentioned 18 times Example: Innovation, Research and Development Facilitating initiatives to incentivize cybersecurity investments and the adoption of critical infrastructure design features that strengthen all-hazards security and resilience;

Resilience PPD-21 defines resilience as the ability to prepare for and adapt to changing conditions, and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.

SCADA Supervisory control and data acquisition (SCADA) networks contain computers and software that perform critical tasks and provide essential services within critical infrastructure. Used to monitor key parameters of production processes Used to operate controls to ensure proper provisioning of critical services. Designed to monitor processes without considering security requirements and protection from external threats. Operate in a context totally different from the one the systems were designed for (many are decades old). SCADA and the Internet are not a happy marriage. Security risks are abundant (definitely no pre-nuptial agreement!). SCADA systems for the most part perform fairly well, except that they are not traditionally highly secured. Impacts to SCADA can take a huge toll on mission critical services, processes, resources, etc. The ultimate impact is to people and infrastructure.

SCADA Structure Human-machine interface (HMI) - interface between operator and the commands relevant to SCADA system Master terminal unit (MTU) - client system that collects data locally and transmits it to remote terminal unit Remote terminal unit (RTU) - server that gathers data remotely and sends control signals to field control systems Field control systems - systems that have a direct interface to field data elements such as sensors, pumps, and switches

Why SCADA? SCADA systems have operated behind the scenes for many years. SCADA is more visible now due to the Internet. Everybody wants to be CONNECTED. We all want to share information, but that opens the door for the bad guys wanting the information that we share. SCADA is loaded with confidential data among other critically important information that terrorist groups, hostile governments, business competitors, and malicious intruders will love access and control. Let s not forget insider threat. SCADA systems control critical infrastructure such as large physical assets, IT networks and associated services that are mission critical. Degradation or destruction will cause great impact to our financial, health, security, industrial, transportation, and other systems.

SCADA Exposure to Threats SCADA control systems are exposed because of : Availability of Technical Information public information about infrastructure and control systems is on the Internet and readily available to professional hackers and intruders. From design, production, maintenance, and physical layout, it s all out there, and many times we are proud of having all that information exposed. Have you checked out our website? It is awesome, full of information Vulnerability Associated with Remote Connections We want to be connected and not miss anything that is happening while we travel or work remotely. Often, remote and wireless connections are utilized to conduct maintenance, diagnostics, monitoring, testing, etc. Without strong measures of access and authentication, as we all know, our information is vulnerable.

SCADA and Cyber Strategy There are many solutions available to protect SCADA systems. The biggest challenge for the government is including SCADA systems and Critical Infrastructure IT systems in the corresponding Cyber strategy. Many government audits have been conducted and the results are alarming, with many systems around the world lacking cyber security and many don t have robust physical security measures in place. SCADA systems Cyber security status is not completely known. Then, there is the issue of the diversity of systems and their implementation, operation, and maintenance.

SCADA Scares Me! SCADA systems traditionally have the programmable logic controllers (PLCs) directly connected to infield sensors that provide data to control critical components. Many times, the passwords to access the system are hard-coded into the Ethernet cards the systems use. Those cards funnel commands into devices, allowing administrators to remotely log into the machinery. Hard-coded passwords are a common weakness built into many industrial control systems. As we know, these are the systems that control machinery connected to dams, gasoline refineries, and water treatment plants, among other facilities. I m sure we get the picture of the level of vulnerabilities and potential threats.

What can happen? US CERT has alerted in recent past to the continuous spear-phishing campaign that targeted the energy sector to gain remote access to control systems. SCADA systems protection must be approached from a systems engineering perspective, where component inter-dependencies, as well as networks that serve the systems, undergo a thorough risk analysis process, to identify the protection required. There is also the need to educate the workforce that manages, operates and maintains SCADA systems on Cyber threats and Cyber security measures and practices.

How to Protect A layered approach is essential. Collaboration between government and the Cyber security industry is critical. This sometimes means collaboration with competitors as if they were partners. The goal is securing SCADA systems and Critical Infrastructure against the Cyber Enemy. National Security and our way of life is at stake. In my opinion, we need to move away from becoming millionaires overnight and aim more towards a long lasting relationship with our customers, especially government. It can likely result in billion dollar deals over the course of many years. When it comes to Cyber security, is not necessarily a short sprint, it is a marathon because the enemy never sleeps. Preparation, Stamina and Resilience will carry us through. Layers, we know what they are: Perimeter Control Employees, Policies, Procedures Network Architecture and Operating Systems SECURITY, layered of course! ETC..

SCADA Security Best Practices 1 - Understand the Business Risk - risk is a function of threats, impacts and vulnerabilities. 2 - Implement Secure Architecture - it is important that the selection process ensures that the level of protection is commensurate with the business risk and does not rely on one single security measure. 3 - Establish Response Capabilities - obtaining management support, determining responsibilities, establishing communication channels, drafting policies, and procedures, identifying pre-defined actions, providing suitable training and exercising the whole process prior to incidents enables a quick, effective and appropriate response which can minimize the business impacts and their cost. 4 - Improve Awareness and Skills - Personnel need to know what to do to prevent attacks and what to do in the event of an incident. 5 - Manage Third Party Risk - the security of an organization's SCADA systems can be put at significant risk by third parties, e.g. vendors, support organization and other links in the supply chain. 6 - Engage Projects - there are often a number of SCADA systems related projects underway at any point in time, any of which could have security implications. 7 - Establish Ongoing Governance - governance for the management of SCADA systems Cyber security will ensure that a consistent and appropriate approach is followed. Without such governance the protection of SCADA systems can be ad-hoc or insufficient.

Conclusion SCADA systems are increasing in complexity, due to the integration of different components (diverse manufacturers, supply chain). Approach Cyber security from a component to a system level environment. This requires also an understanding of the supply chain. Continues reporting of the security status of critical infrastructures and related SCADA systems. The overall security of critical infrastructures must be audited during the entire lifecycle of its components. Think Systems Engineering, holistic approach. Federal Bureau of Investigation (FBI), Department of Homeland Security, and National Counterterrorism Center understand that cyber attacks are the most likely form of terrorism against the United States in the coming years. The World has become ONE neighborhood. There are no Cyber borders, only the ones we can create to protect SCADA systems and their corresponding supply chain.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information