SCADA / Smart Grid Security Who is really in control of our Control Systems?

Similar documents

Test di sicurezza in ambienti Smart Grid e SCADA

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Are you prepared to be next? Invensys Cyber Security

SCADA Security Training

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

OPC & Security Agenda

HACKING RELOADED. Hacken IS simple! Christian H. Gresser

Industrial Control Systems Security. Denny Gregianin_Sales Area Manager

Security Testing in Critical Systems

Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG All rights reserved

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Industrial Security for Process Automation

The State of Industrial Control Systems Security and National Critical Infrastructure Protection

Source code security testing

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

What is Really Needed to Secure the Internet of Things?

Sicurezza Data Center 22 giugno Fabio Paravani Regional Account Manager

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Vulnerabilità e Attacchi alle Infrastrutture IT Simone Riccetti. Sr. IT Security Architect

N-Dimension Solutions Cyber Security for Utilities

Effective OPC Security for Control Systems - Solutions you can bank on

Utility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008

Cyber Security nei prodotti di automazione

Cyber Security for SCADA/ICS Networks

Designing a security policy to protect your automation solution

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

Goals. Understanding security testing

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Protecting productivity with Plant Security Services

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Innovative Defense Strategies for Securing SCADA & Control Systems

Corso: Supporting and Troubleshooting Windows 10 Codice PCSNET: MW10-3 Cod. Vendor: Durata: 5

The Internet of Things

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

IT Security and OT Security. Understanding the Challenges

Hong Kong Information Security Outlook 2015 香港資訊保安展望

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

A Strategic Approach to Protecting SCADA and Process Control Systems

SCADA Security: Challenges and Solutions

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

Making the most out of substation IEDs in a secure, NERC compliant manner

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Securing Distribution Automation

Using Tofino to control the spread of Stuxnet Malware

Stuxnet Malware. Official communication presented at CIP Seminar by Thomas Brandstetter. Siemens AG All Rights Reserved.

a Post-Stuxnet World The Future of Critical Infrastructure Security Eric Byres, P.Eng.

Security in SCADA solutions

Document ID. Cyber security for substation automation products and systems

Percorso Mcsa Managing and Mainting Windows 8

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

future data and infrastructure

ICS Cyber Security Briefing

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

Vendor Risk Assessment Questionnaire

Corso: Configuring and Administering Windows 7 Codice PCSNET: MSW7-8 Cod. Vendor: Durata: 5

ABB s approach concerning IS Security for Automation Systems

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012

Cyber Security and Privacy - Program 183

Who is Watching You? Video Conferencing Security

Introduction to Cyber Security / Information Security

Dr. György Kálmán

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

Defending Against Data Beaches: Internal Controls for Cybersecurity

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Smart Substation Security

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.

IBM Security Services

Increasing Situational Awareness and Multi-zone Protection of Utility Infrastructure

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Cyber Security Health Test

Using ISA/IEC Standards to Improve Control System Security

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Protecting Organizations from Cyber Attack

Unifying Smart Grid Communications using SIP

Cybersecurity considerations for electrical distribution systems

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012

Understanding SCADA System Security Vulnerabilities

A 360 degree approach to security

The Cyber Security Modeling Language and Cyber Security research at department for Industrial Information and Control Systems

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Verve Security Center

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

13 Ways Through A Firewall What you don t know will hurt you

CYBER SECURITY. Is your Industrial Control System prepared?

Transcription:

SCADA / Smart Grid Security Who is really in control of our Control Systems? Simone Riccetti Certified SCADA Security Architect

Agenda Overview of Security landscape SCADA security problem How to protect the infrastructure Conclusions Questions 2

2011 Threats landscape 3

2011 Vulnerabilities landscape 4

Stuxnet Sfrutta 4 vulnerabilità di Windows come punto di inizio dell attacco ai sistemi SCADA (al 12 ottobre 2010 solo tre sono state chiuse, e solo per versioni di Windows supportate) Attacco tipo 0-Day Si propaga attraverso la rete e periferiche USB (per superare l Air Gap tra la rete SCADA e quella di Office Automation) Gli attackers hanno integrato nell attacco 2 certificati digitali trusted (probabilmente rubati) Sfrutta la password hard-coded di un particolare sistema SCADA di Siemens (WinCC e PCS 7) Può modificare il codice dei PLC Le macchine compromesse si connettono tra loro e con un C&C esterno, con le stesse modalità di una rete peer-to-peer E uno degli attacchi più complessi Ha diverse tecniche per mascherarsi, inclusa l auto cancellazione

SCADA Security problem 6

SCADA HMI Example 7

SCADA Architecture Example 8

SCADA Security Comparisons A comparison of Security used in U.S. companies vs. Security used in process systems: Topic Corporate IT Process Systems Anti Virus Widely used Used with care Lifetime 3-5 years 5-20 years Outsourcing Widely used Rarely used for operations Patching Frequent Slow (requires vendor approval or extensive testing) Change Frequent Rare Security Skills & Awareness Medium to High Poor IT security, no awareness training Security Testing Widely used Must be used with care Physical Security Usually secure & manned Good controls but often remote & unmanned 99

SCADA environment priorities Automation network Office network 10

A Smart Grid needs security enforcement at multiple points Utility Communication Link SCADA network systems Advanced metering data management system Substation Remote Monitoring equipment Meter to Cell Relay IP addressability and use of open standard protocols for the control grid necessitates it to be securely protected at multiple points 11

Bridging Networks Softest targets appear to be the control centers Greatest use of PC systems Frequent external connectivity Entry-point to critical plant systems Bridging control centers and the plant operational framework Network connectivity for ease of operational control Vulnerable to malware - proxy remote attacks 12

A TCP/IP Enabled World Process Control Systems (PCS) migrating to TCP/IP networks SCADA and DCS typically rely upon wrapped protocols Analog control and reporting protocols embedded in digital protocols Encryption and command integrity limitations Poor selection of TCP/IP protocols Problems with patching embedded operating systems Controllers typically running outdated OS s Security patches and updates not applied Difficulty patching the controllers 13

ICS-ALERT-10-301-01 Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) ha emesso un alert riguardo al motore di ricerca SHODAN, che può essere utilizzato per identificare I sistemi SCADA che sono connessi a Internet. Questo può essere sfruttato da parte di attacker per compromettere questi sistemi. ICS-ALERT-10-301-01 descrive una serie di raccomandazioni per ridurre questo rischio.

Cronologia di alcuni attacchi SCADA

Possible SCADA Threats How can we be open, yet secure? Directed Threats Industrial Sabotage Disgruntled employees Competing vendors Industrial espionage Coordinated Terrorist Threat Physical + Cyber Attack Internal and External Hackers Indirect Threats Operator Error Minor human errors can have disastrous effects Viruses/Worms (ie. Slammer) 16

IBM SCADA security approach 17

IBM ISS SCADA Security Assessment (Service description) Information Gathering Network Analysis Network Vulnerability Analysis Review environment Types of systems Timing requirements Locations Security requirements Gain understanding of network architecture and systems in place Identify security issues related to the network architecture Identify security issues based on observed network components and network traffic Identify interconnections with other networks - Intranets, wireless, dialup Identify vulnerabilities in devices Identify vulnerabilities in applications System Vulnerability Analysis Identify vulnerabilities in devices Identify system configuration and procedural vulnerabilities such as weak passwords, virus protection, patch management, system logging, etc. Application Vulnerability Analysis Identify vulnerabilities in SCADA application components Vulnerability Identification/Validation Review all data from automated tools and, where possible, check systems to verify identified vulnerabilities 18

SCADA Penetration Tests Remote Penetration test Local Penetration test National and International Two SCADA Pentest Examples Nuclear Power Station Remote Assessment Smart Meter Assessment 19

Attack Vectors Indirect Internet Attacks (e.g. VPN) Direct Internet Attacks Wireless WiFi Attacks Vulnerable networked services Wireless RF Attacks Control/Office Infrastructure Control Bridge Plant Infrastructure Indirect Malware Infections Malware infected hosts Guessed/stole n credentials Portable Media Attacks Embedded Command Attacks Device Contamination 20

SCADA Security: Soluzioni IBM

Questions? simone.riccetti@it.ibm.com 22