The Office of Infrastructure Protection

Similar documents
DHS Cyber Security & Resilience Resources: Cyber Preparedness, Risk Mitigation, & Incident Response

How To Protect Water Utilities From Cyber Attack

Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Water Sector Approach to Cybersecurity Risk Management

Defending Against Data Beaches: Internal Controls for Cybersecurity

The Four-Step Guide to Understanding Cyber Risk

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition

Seven Strategies to Defend ICSs

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Enterprise Security Tactical Plan

Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

ABB s approach concerning IS Security for Automation Systems

Department of Homeland Security

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

What s Inside. ICS-CERT Year in Review Welcome 1. ICS-CERT Introduction 2. ICS-CERT 2014 Highlights 3. ICS-CERT Watch Floor Operations 4

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

NCCIC/ICS-CERT Industrial Control Systems Assessment Summary Report

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Data Breach Response Planning: Laying the Right Foundation

Cyber Security for SCADA/ICS Networks

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

ICS-CERT Incident Response Summary Report

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

Industrial Control System Cyber Situational Awareness. Robert M. Lee* June 10 th, 2015

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Get the most out of Public Sector Cyber Security Associations & Collaboration

Top Ten Cyber Threats

DeltaV System Cyber-Security

Department of Management Services. Request for Information

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Resilient and Secure Solutions for the Water/Wastewater Industry

Homeland Security Lessons Learned: An Analysis from Cyber Security Evaluations

CYBER SECURITY. Is your Industrial Control System prepared?

NERC CIP VERSION 5 COMPLIANCE

FFIEC Cybersecurity Assessment Tool

Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems

Department of Homeland Security Federal Government Offerings, Products, and Services

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session

Click to edit Master title style

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

Cisco Advanced Malware Protection for Endpoints

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

GEARS Cyber-Security Services

U.S. Department of Homeland Security s National Cybersecurity and Communications Integration Center

Intrusion Detection and Threat Vectors Michael Arent EDS-Global Information Security

User Documentation Web Traffic Security. University of Stavanger

N-Dimension Solutions Cyber Security for Utilities

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Effective Defense in Depth Strategies

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center

Network/Cyber Security

Cybersecurity: What CFO s Need to Know

Practical Steps To Securing Process Control Networks

Best Practices: Reducing the Risks of Corporate Account Takeovers

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Cyber Watch. Written by Peter Buxbaum

U. S. Attorney Office Northern District of Texas March 2013

Protecting Critical Infrastructure

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Into the cybersecurity breach

UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)

IoT & SCADA Cyber Security Services

Network Architecture & Active Directory Considerations for the PI System. Bryan Owen - OSIsoft Joel Langill - SCADAhacker

Cybersecurity Training

The Landscape of Cyber, critical infrastructure and how Regulation fits in

Secure Software Update Service (SSUS ) White Paper

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

of firms with remote users say Web-borne attacks impacted company financials.

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Resilient and Secure Solutions for the Water/Wastewater Industry

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

Team Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr.

NCCIC/ICS-CERT Year in Review National Cybersecurity and Communications Integration Center/ Industrial Control Systems Cyber Emergency Response Team

IBM Security Strategy

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

White Paper. Five Steps to Firewall Planning and Design

Information Technology General Controls And Best Practices

What a Vulnerability Assessment Scanner Can t Tell You. Leveraging Network Context to Prioritize Remediation Efforts and Identify Options

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Ed McMurray, CISA, CISSP, CTGA CoNetrix

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6

I N T E L L I G E N C E A S S E S S M E N T

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

SCOPE. September 25, 2014, 0930 EDT

Developing National Frameworks & Engaging the Private Sector

Transcription:

8/27/205 The Office of Infrastructure Protection National Protection and Programs Directorate Department of Protective Advisor Cyber Threat Actors / Risks DHS Cyber Resources Marty J. Smith Protective Advisor Orlando, FL Marty.J.Smith@hq.dhs.gov Protective Advisors 96 PSAs and Regional Directors, including 89 field deployed personnel, serve as critical infrastructure security specialists Deployed to 73 Districts in 50 states and Puerto Rico State, local, tribal, territorial, and private sector link to Department of (DHS) infrastructure protection resources Coordinate vulnerability assessments, training, and other DHS products and services Provide a vital link for information sharing in steady-state and incident response Assist facility owners and operators with obtaining security clearances During contingency events, PSAs support the response, recovery, and reconstitution efforts of the States by serving as pre-designated Infrastructure Liaisons (IL) and Deputy ILs at the Joint Field Offices 2 Florida Protective Advisors Tallahassee PSA Billy Sasser Tampa Bay PSA Ollie Gagnon Orlando PSA Marty Smith Miami PSA Gary Warren 3

8/27/205 Cyber Threat Actors DHS is concerned with the recent rise in targeted and successful malware campaigns against industrial control systems (ICSs). These campaigns were associated with sophisticated threat actors with demonstrated capabilities to compromise control system networks. The depth of intrusion into the control system network provided the threat actors with the ability to potentially: Manipulate control system settings Control the process Destroy data and/or equipment. Cyber Threats Pose an Enormous Challenge President Barack Obama: Speech at the National Cybersecurity and Communications Integration Center Jan 3, 205: It's one of the most serious economic and national security challenges we face as a nation. Foreign governments, criminals, and hackers probe America s computer networks every single day. President Obama also noted that protecting the nation s critical infrastructure is essential to public health and safety stating that, Neither government, nor the private sector can defend the nation alone. It s going to have to be a shared mission government and industry working hand in hand, as partners. Growing Concerns for Control Systems NSA Director, Admiral Michael Rogers Testimony to House Select Intelligence Committee Nov. 20, 204: There shouldn t be any doubt in our minds that there are nation-states and groups out there that have the capability to enter industrial control systems and to shut down [and] forestall our ability to operate our basic infrastructure. All of that leads me to believe it is only a matter of the when, not the if that we are going to see something dramatic. 2

8/27/205 jkw6 Examples: Havex and BlackEnergy Malware Havex: Sophisticated cyber threat actors have been probing for and compromising control systems worldwide since at least 203. - This malware campaign is known publicly as DragonFly, Crouching Yeti, Koala Team, and Energetic Bear. - Over 2,800 victims identified globally. BlackEnergy: A second sophisticated cyber threat group has obtained direct access to control system networks worldwide since at least 20. - This campaign has compromised dozens of control systems in the United States and hundreds globally. Water Utility Loses Control Event: Residents of a rural town experienced loss of water pressure Impact: Approximately 0,000 residents without water Specifics: Utility operator updated its HMI OS (Windows) with a direct connection to the Internet and evidence points to a virus infecting the SCADA system; causing it to crash. The ICS was outdated, not supported by the vendor, and not patched to current updates. Lacked a firewall between the business and control networks Lessons learned: Utilize DMZ to ensure isolation from business side and Internet Keep systems patched Establish and enforce sound security policies SCADA Accessed via Default Password Event: January 200 - Cyber researcher used SHODAN to identify an online remote access link to a utility company s SCADA system. The system was then accessed using default user name and passwords Impact: None, the researcher only looked around, but touched nothing Specifics: Key word internet searching revealed the default info Lessons learned: Change system default user names and passwords Avoid posting system details to public facing sites 3

Slide 7 jkw6 Notes:Bullet : Sent 2: "when then..." Doesn't make sense. jkwright, 3//205

8/27/205 Water System Infected Event: October 2006, Foreign hacker penetrated security at a water filtering plant. Impact: The intruder planted malicious software that was capable of affecting the plant s water treatment operations. Specifics: The infection occurred through the Internet and did not seem to be an attack that directly targeted the control system. Lessons learned: Secure remote computers Defense-in-depth strategies, firewalls & intrusion detection systems Critical patches and antivirus needs to be applied and updated regularly 0 Cyber Offerings for Critical Infrastructure National Cybersecurity and Communications Integration Center (NCCIC) US CERT Operations Center Remote and On Site Assistance Malware Analysis Incident Response Teams ICS CERT Operations Center ICS CERT Malware Lab Cyber Evaluation Tool Incident Response Teams NCATS Cyber Hygiene service Risk and Vulnerability Assessment US CERT NationalCyberAwareness System Vulnerability Notes Database Publications Control Systems Program Cybersecurity Training Information Products and Recommended Practices Cyber Exercise Program Cyber Evaluations Program Cyber Resilience Review Cyber Infrastructure Survey Tool Critical Infrastructure Cyber Community (C 3 ) DHS launched the C 3 Program in February 204 to complement the launch of the National Institute of Standards and Technology Cyber Framework (CSF). The C³ Voluntary Program helps sectors and organizations that want to use the CSF by connecting them to existing cyber risk management capabilities provided by DHS, other U.S. Government organizations and the private sector. The C3 website (http://www.us- cert.gov/ccubedvp) describes the various programs DHS offers to critical infrastructure partners, including Federal, State, local, and private sector organizations 2 4

8/27/205 CYBER SECURITY EVALUATIONS SUMMARY Name Cyber Resilience Review Cyber Infrastructure Survey Supply Chain / External (CRR) Tool (C IST) Dependency Management (EDM) Review Onsite Cyber Evaluation Tool (CSET) Assessment Purpose Identify cyber security management capabilities and maturity To calculate a comparative analysis and valuation of protective measures in place Identify external dependencies and the risks associated Provides a detailed, effective, and repeatable methodology for assessing control systems security while encompassing an organization s infrastructure, policies, and procedures. Scope Critical Service view Critical Cyber Service view Organization / Business Unit Industrial Control Systems Time to Execute 8 Hours ( business day) 2 ½ to 4 Hours 2 to 2 ½ Hours 8 Hours ( Business Day) Information Sought Capabilities and maturity indicators in 0 security domains Protective measures in place Third party security requirements and contract management info Industrial control system s core functions, infrastructure, policies, and procedures Preparation Short, hour questionnaire plus planning call(s) Planning call to scope evaluation Planning call to scope evaluation Coordinated via Email. Planning call(s) if requested. Participants IT/ Manager, Continuity Planner, and Incident Responders IT/ Manager IT / Manager with Contract Management control system operators/engineers, IT, policy/management personnel, and subject matter experts. 3 CYBER SECURITY EVALUATIONS SUMMARY 2 Name ICS CERT Design Architecture Review (DAR) ICS Network Architecture Verification and Validation (NAVV) Network Risk and Vulnerability Assessment (RVA) Cyber Hygiene (CH) Evaluation Purpose Supports the cybersecurity design via investigative analysis, production, and maintenance of control systems and ICS components. Provides analysis and baselining of ICS communication flows, based upon a passive (non intrusive) collection of TCP Header Data. Perform penetration and deep technical analysis of enterprise IT systems and an organization s external resistance to specific IT risks Identify public facing Internet security risks, at a high level, through service enumeration and vulnerability scanning Scope Industrial Control Systems/Network Architecture Industrial Control Systems/Network Architecture/Network Traffic Organization / Business Unit / Network Based IT Service Public Facing, Network Based IT Service Time to Execute 2 Days (8 Hours Each Day) Variable (Hours to Days) Variable (Days to Weeks) Variable (Hours to Continuous) Information Sought Network design, configurations, interdependencies, and its applications. Network traffic header data to be analyzed with Sophia Tool. Low level options and recommendations for improving IT network and system security High level network service and vulnerability information Preparation Coordinated via Email. Planning call(s). Coordinated via Email. Planning call(s). Formal rules of engagement and extensive pre planning Formal rules of engagement and extensive pre planning Participants control system operators/ engineers, IT personnel, and ICS network, architecture, and topologies SMEs control system operators/ engineers, IT personnel, and ICS network, architecture, and topologies SMEs IT/ Manager and Network Administrators IT/ Manager and Network Administrators 4 CRRSelf Assessment Package Released in February 204 to complement the launch of the NIST CSF. The CRR Self Assessment Kit allows organizations to conduct a review without outside facilitation. Contains the same questions, scoring, and reporting as the facilitatedassessment. The kit containsthe followingresources: Method Description and User Guide CompleteCRR QuestionSet withguidance Self AssessmentPackage (automated toolset) CRR tonist CSF Crosswalk CRR Self AssessmentKitwebsite: http://www.us cert.gov/ccubedvp/selfservice crr 5 5

8/27/205 Cyber Evaluation Tool (CSET R) Stand-alone software application Self-assessment using recognized standards Tool for integrating cybersecurity into existing corporate risk management strategy CSET Download: http:/us-cert.gov/control_systems/csetdownload.html 6 Protected Critical Infrastructure Information Established under the Critical Infrastructure Information Act of 2002 Protects voluntarily submitted critical infrastructure information from: Freedom of Information Act State and local sunshine laws Civil litigation proceedings Regulatory usage 7 For more information visit: www.dhs.gov/criticalinfrastructure Marty J. Smith Protective Advisor - Orlando Marty.J.Smith@hq.dhs.gov 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information