Cybersecurity in a Mobile IP World



Similar documents
NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Cyber R &D Research Roundtable

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

SCADA Security Training

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

NERC CIP VERSION 5 COMPLIANCE

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Risk Management Framework (RMF): The Future of DoD Cyber Security is Here

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Resilient and Secure Solutions for the Water/Wastewater Industry

future data and infrastructure

Cybersecurity for Energy Delivery Systems 2010 Peer Review. Dale Peterson Digital Bond, Inc. Bandolier and Portaledge

ISACA rudens konference

1 ISA Security Compliance Institute

Vision & Positioning Statement For Wurldtech Labs

ISA Security Compliance Institute ISASecure IACS Certification Programs

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Verve Security Center

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

The Importance of Cybersecurity Monitoring for Utilities

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

Compliance Risk Management IT Governance Assurance

Rethinking Cyber Security for Industrial Control Systems (ICS)

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Airports and their SCADA Systems. Dr Leigh Armistead, CISSP. Peregrine Technical Solutions

How Much Cyber Security is Enough?

AURORA Vulnerability Background

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

An International Perspective on Security and Compliance

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment

Keeping the Lights On

Special SCADA Overview (aka SCADA-Bowl )

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework

CIP Supply Chain Risk Management (RM ) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016

CYBER SECURITY FOR LONG TERM EVOLUTION

ISA Security Compliance Institute. ISASecure Embedded Device Security Assurance Certification

SECURITY. Risk & Compliance Services

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

White Paper. April Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks

Symphony Plus Cyber security for the power and water industries

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

Cyber Security nei prodotti di automazione

Cyber Security Seminar KTH

Effective Defense in Depth Strategies

Meeting the Cybersecurity Standards of ANSI/ISA with Data Diodes

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

DeltaV System Cyber-Security

White Paper. 7 Steps to ICS and SCADA Security. Tofino Security exida Consulting LLC. Contents. Authors. Version 1.0 Published February 16, 2012

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

Claes Rytoft, ABB, Security in Power Systems. ABB Group October 29, 2009 Slide 1

ISA Security. Compliance Institute. Role of Product Certification in an Overall Cyber Security Strategy

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

I n f o r m a t i o n S e c u r i t y

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

State of the State of Control System Cyber Security

Practical Steps To Securing Process Control Networks

Cyber Security and Privacy - Program 183

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Logging In: Auditing Cybersecurity in an Unsecure World

Safe Network Integration

The Electronic Arms Race of Cyber Security 4.2 Lecture 7

SCADA Cyber Security

How to Painlessly Audit Your Firewalls

Vulnerability Analysis of Energy Delivery Control Systems

Bellevue University Cybersecurity Programs & Courses

Decrease your HMI/SCADA risk

THE FUTURE OF SMART GRID COMMUNICATIONS

Cybersecurity Training

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

Joint Information Environment Single Security Architecture (JIE SSA)

EDSA-300. ISA Security Compliance Institute Embedded Device Security Assurance ISASecure certification requirements

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Utility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008

IEEE-Northwest Energy Systems Symposium (NWESS)

Redesigning automation network security

Cisco Security Optimization Service

RED HAT ENTERPRISE LINUX 6 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) OVERVIEW. Version 1, Release July 2015

SCADA/Business Network Separation: Securing an Integrated SCADA System

Roadmaps to Securing Industrial Control Systems

a Post-Stuxnet World The Future of Critical Infrastructure Security Eric Byres, P.Eng.

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Risk Management in Practice A Guide for the Electric Sector

Transcription:

Cybersecurity in a Mobile IP World Alexander Benitez, Senior Scientist, ComSource Introduction by Robert Durbin, Cybersecurity Program Manager, ComSource

Introduction ComSource s cybersecurity initiative is directed toward protecting critical infrastructure The primary customers are the process manufacturing industries using SCADA and other industrial control systems M2M systems supporting process manufacturing will take advantage of 4G data capability Providing security for critical infrastructure and the networks they use is a national security imperative A legislative mandate is coming, the only question is to what degree standards will or will not be mandatory. 2

Overview Mobile network architectures Implications of upgrade path Real security vs. compliance Application of a Vulnerability Assessment (VA) methodology to the Long Term Evolution (LTE) migration challenge

3G Mobile Network Architecture 3G 4

LTE/ 3.9 G Mobile Network Architecture 3G LTE 5

Implications of Upgrade Path from 3G to LTE 3G operators were phone companies LTE/4G operators are now ISPs! 3GPP, the standards organization for mobile networks, provides the standards for comms between all Evolved Packet Core servers. 3GPP does NOT specify the network architectures or security to be implemented within an operator network or over the Internet 6

Security vs. Compliance NIST SP800-53 Recommended Security Controls for Federal Information Systems and Organizations NIST SP800-82 Guide to Industrial Control System Security NIST SP800-115 Technical Guide to Information Security Testing and Assessment The International Society of Automation ISA-99 Industrial Automation and Control System Security North American Electric Reliability Corporation Critical Infrastructure Protection NERC CIP-002 => 009 DoD 8500.2 Information Assurance (IA) Implementation under DoD Information Assurance Certification and Accreditation Process (DIACAP) ISO/IEC 27001 Information technology -- Security techniques -- Information security management systems -- Requirements 7

Twenty Critical Security Controls for Effective Cyber Defense http://www.sans.org/critical-security-controls/winter-2012-poster.pdf 8

Application of a VA Methodology Analysis Network design (as-built) Configuration Data flow Findings Mitigation strategies Recast problem set using ISA-99 model Zones and conduits At choke-points establish: Firewalls Network monitoring Intrusion detection Life cycle support 9

Introduction of Vulnerabilities into Networks ABB s ac500 PLC with integrated 3G connectivity Comms path circumvents corporate firewalls! 10

SMS Injection Some microprocessors in use within selected Bulk Power System (BPS) control networks or physical security perimeter control networks today may have cellular signal reception capability but do not have adequate application space or CPU speeds to assure message confidentiality, integrity, or guarantee of origin. For this reason, attackers can inject malicious commands towards unsecured end points. The security researcher has indicated that these vulnerabilities potentially extend to any architecture dependent on chipset embedded application processors and subject to cellular intercept where target control system networks utilize unsecured end points. 11

INL Project Aurora Mark Zeller, Myth or Reality Does the Aurora Vulnerability Pose a Risk to My Generator, 2011 Conference for Protective Relay Engineers, Texas A&M 12

Project Aurora 13

Summary Overview of 3G and LTE/4G networks Migration from 3G to LTE Telephone companies become ISPs There is no requirements or roadmap to secure provider networks Overview of cybersecurity standards 20 Critical Security Controls http://www.sans.org/critical-security-controls/winter-2012-poster.pdf Vulnerability assessment methodology Mitigation Strategies Zones and Conduits Not a one-time exercise Current examples of system vulnerabilities introduced through normal system upgrades 14

ComSource Qualifications Software development, ISO testing certifications, lab management, large system characterization, and data analysis Objectives Address cybersecurity as it applies to critical business infrastructure ISAsecure certified embedded systems test lab Vulnerability assessment of complex industrial networks Uniquely placed in the wireline and wireless environments to handle migration of networks, performing vulnerability assessments, and deploying integrated security solutions Questions? 15

16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information