AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets
The cyber threat is escalating - Confidential & Restricted - -2-
Energy is the most targeted sector All Others 116 (59%) Energy 82 (41%) 198 disclosed attacks in 2012 Up 52% vs. 2011 Many of these incidents targeted information pertaining to the ICS/ environment, including data that could facilitate remote access and unauthorized operations.. Source: ICS-CERT Incidents by Sector (+Internet-Facing) 198 in total FY 2012 - Confidential & Restricted - -3-
Threat emphasized at leading hacker conferences By Heather Kelly, CNN updated 2:02 PM EDT, Mon August 5, 2013 The five scariest hacks we saw last week Industrial facilities Remote-controlled cars Compromising smartphones The too-smart home Hackers get personal most frightening targets highlighted at the conference. Multiple demonstrations showed just how simple it is to hack energy systems. on an actual oil well, the (mock) hack could result in an environmental catastrophe, according to the researchers. It's possible to shut down an entire industrial facility from 40 miles away There is no built-in system for releasing software patches, like there is with personal computers. - Confidential & Restricted - -4-
Cyber Security Threats - Stuxnet Stuxnet worm first discovered in July 2010 First Windows-specific worm that infects and reprograms industrial control systems Bypasses and exploits security products such as firewalls Extremely advanced and powerful Duqu, a derivative of Stuxnet has been detected, potentially more derivatives to come - Confidential & Restricted - -5-
Technology Trends Increasing Cyber Security Risk Technology Trends Increasing Cyber Security Risks Adoption of common technology Connectivity of utility control systems to other systems Increasing automation Creates increased attack surface that can be exploited External Attackers: Hackers conferences are identifying utility systems as valuable target Hackers Tool Kits specific to Utility systems are available for download and use Internal Users (Insiders) can knowingly or unknowingly exploit systems Increasingly advanced and persistent threats to a growing attack surface - Cyber Security Protection for Critical Infrastructure Assets TM - -6-
Medium sized utilities are at greatest risk HIGHER Cyber-security resources LOWER o Most Vulnerable Smallest Utilities Impact from Attack o Most Impact o Largest IOUs o Other IOUs Public Power & Cooperatives HIGHER - Confidential & Restricted - -7-
There is no official solution If I had a cyber threat that was revealed to me in a letter tomorrow, there is little I could do the next day to ensure that that threat was mitigated effectively by the utilities that were targeted. Federal Energy Regulatory Commission Chairman Jon Wellinghoff September, 2012 Source: The Hill - Confidential & Restricted - -8-
Big flat network Operations Personnel Host Smart Meters Collectors Operations Servers Corporate Personnel Corporate Servers AMI Head-End Server - Cyber Security Protection for Critical Infrastructure Assets TM -
Threat vectors Vendors ASP Grid Network ISO Operations Personnel Host Smart Meters Collectors Operations Servers Corporate Personnel Internet Corporate Servers AMI Head-End Server - Cyber Security Protection for Critical Infrastructure Assets TM -
Your org chart may be your biggest security gap Accountability gaps between IT and Operations make critical assets vulnerable to attack Functional Role Area of Responsibility Sr. Management Overall Results Point of Attack IT / Asset interconnections Departmental silos Areas of overlap are vague Asset and IT inroads open Information Tech. Operations IT Systems Assets - Confidential & Restricted - -11-
OT closes security gaps between IT and Operations An independent world of "operational technology" (OT) is developing separately from IT groups. If IT organizations do not engage with OT environments they may be sidelined from major technology decisions - and place OT systems at risk. Source: Sr. Management OT IT Systems Assets - Confidential & Restricted - -12-
Built on a Defense-in-Depth strategy Identify Isolate Insulate Electronic security perimeters Monitoring Layered defenses Cyber-resilience Frustrate threat progression Mitigate impact Speed recovery and reconstitution Elements of a Defense in Depth Strategy People Technology Operations - Confidential & Restricted - -13-
Cyber Security Planning Education Basic to advanced Assessments Monitoring Software/appliance deployment - Cyber Security Protection for Critical Infrastructure Assets TM - -14-
PHISHING: Cyber Awareness Training Example What is a Phishing? Phishing is the act of attempting to gain credentials or other confidential information by impersonating a trusted entity in an electronic transaction. Examples: A user attempts to go to their banking website and is redirected by malicious code to a website that looks identical to their bank s. The attacker obtains the user s username and password and redirects them to the actual banking site after they have entered their login credentials. --
Cyber security technical services Vulnerability Assessments Can be condensed or detailed Provides a road map for priorities Exposes any issues with OT systems Can expand into penetration testing White hat testing looking for exposed ports, software vulnerabilities Physical and cyber Sub station security Fiber vulnerabilities Development of Cyber Security Plans Development of Cyber Security Programs - Cyber Security Protection for Critical Infrastructure Assets TM - -16-
Typical Utility Flat Network With No Monitoring Service Hacker 1. Hacker starts finding out information to get into the utility s network 2. Hacker finds a hole and easily penetrates through the firewall & scans the network. 3. Since there is no defense-in-depth or any type of monitoring, hacker easily compromises the system. - Cyber Security Solutions for The Smart Grid TM - -17-
Typical Utility Flat Network With Monitoring Service Incident Detected! Hacker 1. Hacker starts finding out information to get into the utility s network 2. Hacker finds a hole and easily penetrates through the firewall & scans the network. 3. IDS detects the intrusion & alerts Utility immediately. - Cyber Security Solutions for The Smart Grid TM - -18-
Monitoring discoveries- 3 utilities summary This is a summary of key issues from the most recent 30 day logs for Munis on the program: Priority 1: Malware-CNC Win.Trojan.AllAple Variant (possible illegal botnet) Priority 2: Sensitive Data: Credit Card Number (2,844 incidents) Priority 2: US Social Security Number (139 incidents) Priority # of Alerts 1 82,309 2 4,871,216 3 1,422,703 Total: 6,387,228 Priority 2: Decoy Portscan (225 incidents) - Cyber Security Protection for Critical Infrastructure Assets TM - -19-
Monitoring Vendors ASP Grid Network ISO Operations Personnel Host Smart Meters Collectors Operations Servers Corporate Personnel Internet Corporate Servers AMI Head-End Server - Cyber Security Protection for Critical Infrastructure Assets TM -
Network segregation Vendors ASP Grid Network ISO Terminal Server Operations Personnel Host Smart Meters Collectors Operations Servers Corporate Personnel Internet Corporate Servers AMI Head-End Server - Cyber Security Protection for Critical Infrastructure Assets TM -
Analysis and reporting Vendors ASP Grid Network ISO Terminal Server Operations Personnel Host Smart Meters Collectors Operations Servers Corporate Personnel Internet Corporate Servers AMI Head-End Server - Cyber Security Protection for Critical Infrastructure Assets TM -
Benefits of comprehensive cyber-security Reliability Less chance of service interruption Revenue Assurance Attack mitigation for core revenue producing assets Risk Mitigation Complies with indemnification requirements - Cyber Security Protection for Critical Infrastructure Assets TM - -23-
Thank You Bruce Gordon VP Sales and Marketing N-Dimension Solutions Inc. Office: 832-289-5735 bruce.gordon@n-dimension.com - Cyber Security Protection for Critical Infrastructure Assets TM - -24-