Critical Infrastructure Cybersecurity

Similar documents
IT Security and OT Security. Understanding the Challenges

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

Cyber Security for NERC CIP Version 5 Compliance

Defending Against Data Beaches: Internal Controls for Cybersecurity

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

Verve Security Center

Continuous Network Monitoring

Preemptive security solutions for healthcare

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

COMPANY PROFILE- INDUSTRIAL DEFENDER

Practical Steps To Securing Process Control Networks

The Importance of Cybersecurity Monitoring for Utilities

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Caretower s SIEM Managed Security Services

TRIPWIRE NERC SOLUTION SUITE

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Ovation Security Center Data Sheet

GE Measurement & Control. Cyber Security for NERC CIP Compliance

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

How To Protect Your Network From Attack From A Network Security Threat

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

How To Manage Security On A Networked Computer System

Enterprise Cybersecurity: Building an Effective Defense

Concierge SIEM Reporting Overview

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Defending against modern cyber threats

Obtaining Enterprise Cybersituational

Are you prepared to be next? Invensys Cyber Security

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Cyber Watch. Written by Peter Buxbaum

Enterprise Cybersecurity: Building an Effective Defense

SANS Top 20 Critical Controls for Effective Cyber Defense

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

The SIEM Evaluator s Guide

Ovation Security Center Data Sheet

Rethinking Cyber Security for Industrial Control Systems (ICS)

Document ID. Cyber security for substation automation products and systems

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

The IBM Solution Architecture for Energy and Utilities Framework

Cyber Security Seminar KTH

Endpoint Security for DeltaV Systems

IBM SECURITY QRADAR INCIDENT FORENSICS

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

CyberArk Privileged Threat Analytics. Solution Brief

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

IBM QRadar Security Intelligence April 2013

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

Intelligence Driven Security

EnCase Endpoint Security Product Overview

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

ISACA rudens konference

Operational Continuity

Advanced Threat Protection with Dell SecureWorks Security Services

Symphony Plus Cyber security for the power and water industries

Das sollte jeder ITSpezialist über. Automations- und Produktionsnetzwerke wissen

Update On Smart Grid Cyber Security

Requirements When Considering a Next- Generation Firewall

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

Managed Security Services

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Injazat s Managed Services Portfolio

Current IBAT Endorsed Services

OPC & Security Agenda

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

CLOUD GUARD UNIFIED ENTERPRISE

Managed Security Services for Data

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

IBM Security Intelligence Strategy

NERC CIP VERSION 5 COMPLIANCE

Cisco Security Optimization Service

IBM Security IBM Corporation IBM Corporation

2012 North American Managed Security Service Providers Growth Leadership Award

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

First Line of Defense

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

Cyber Security nei prodotti di automazione

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Ecom Infotech. Page 1 of 6

Enterprise Security Tactical Plan

What is Security Intelligence?

Protecting productivity with Plant Security Services

Transcription:

Critical Infrastructure Cybersecurity Webinar July 23, 2014 Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Kim Legelis Vice President, Marketing Lockheed Martin Industrial Defender 2 0 1 4 L O C K H E E D M A R T I N I N D U S T R I A L D E F E N D E R. A L L R I G H T S R E S E R V E D.

Security Posture Proportional to + Program vs. Project 7/25/2014 2

Risk Management - A Fundamental Driver Risk Escalation is Real and Continuing Viruses More Integration More Connectivity Diverse Sophisticated Combination Attacks Criminals and Insider Threats Cyber Warfare Highly Targeted Governments Stuxnet Infected [Oil & Gas Companies] IT Networks Wall Street Journal November 2012 Obama Executive Order Redefines Critical Infrastructure Computerworld February 2013 House Democrats Report Says Power Grid is Vulnerable to Cyberattack The Washington Post May 2013 Major Cyber Attack Aimed at Natural Gas Pipeline Companies Msnbc.com May 2012 Iran Hacks Energy Firms, U.S. Says Wall Street Journal May 2013 Chinese Hackers Stole Plans For Dozens Of Critical US Weapons Systems Business Insider May 2013 Businesses Will Get More Help in Defining Risk 7/25/2014 3

Rethinking Cyber-Security We Now have Years of Experience Security is Complex Security Issues Cost is High Motivations for Investing in Security is Changing Solving Persistent Security Problems Securing Remote Access Accelerating Standards Development Explanation The cost of implementation and maintaining security is high, it adds nothing to the value of most manufactured products and security is never 100% no matter how much is invested. Over recent years, regulations and government involvement have driven security investments, especially in critical infrastructure industries. Regulations are likely to broaden and spread to other industries, changing security strategies significantly. One example: Patches cannot be tested and installed fast enough for systems operations because of the large variety of applications and system configurations. Consequently, the period of high exposure to successful attack is too long Effective maintenance of business assets requires that service providers remotely access the assets, yet the risk of connecting assets to the internet is high. Many approaches are used but a consistent, cost effective, and highly secure solution is needed. Standards are critical for improving security but the process is too slow and the results are barely adequate. Most standards must be adapted and extended for systems in operations. Making Sure We Are on Track Cyber security activity is intense; it is a good time to step back and be sure we are working on the right problems and solutions Are We on the Right Track? What are the Emerging Opportunities Are We Investing in the Right Security Activities? 7/25/2014 4

Security Is Not a One-time Investment Practices are Maturing - It Is Difficult Skills Shortage? New Business Initiatives Acquisitions Partners Regulations Cost Pressures Applications Systems New Technologies Architectures Practices Design Assess Renovate Test, Monitor, Mitigate, Adapt Audit New Vulnerabilities Threats Patches People Organizations Governments Cyber Security is a Very Dynamic Activity Continued Investment is Required 7/25/2014 5

Evolutionary Security Maturity Where Are You Today? Intelligence Driven Defense (Predictive) Cyber Intelligence Integrated in Operations Sustainable Security (Proactive) Automation and Efficient IT/OT Process Integration Compliant Security (Reactive) Procedures and Documentation Basic Security Foundational Security Technologies Developing a Security Roadmap is Essential to Your Long Term Program Success Where Do You Want to be Tomorrow? 7/25/2014 6

Integrated Risk Management at All Levels Board of Directors Aware of Cyber Threats Ensures Controls and Adequate Resources Exist Understands Risk Exposure Executive Management Alignment of Resources to Risk Measures Success of Cyber Defenses Ensures Return on Security Investment Cyber Intel Analysts Understands the Adversary Derives Intelligence from Internal & External Sources Integrates Cyber Intelligence into Security Operations 7/25/2014 7

Understand the Challenges Business Adverse impact on critical infrastructure from potential cyber attacks Increasing level of government oversight and regulatory interest Complex mix of IT and OT environments Disciplined programmatic approaches to safety and availability Business investment constraints Security staffing and training challenges for security Varying security maturity levels across business areas & supply chains Measure of security effectiveness/roi Operational Fragmented situational awareness across the enterprise Overabundance of technology point solutions Challenged to stay ahead of the threat landscape Priority & fidelity of intelligence sources Strategic and sustainable cybersecurity roadmap Governance & risk management Regulatory reporting requirements (internal & external) Uptime and reliability drivers 7/25/2014 8

Unique Requirements of IT & OT Enterprise IT Systems Management Business critical Confidentiality and integrity take priority reboot common Transactional orientation HP, Cisco, McAfee, etc. PCs, servers and cloud Web services model is dominant Many commercial OTC software products installed Protocol is primarily HTTP/HTTPS over TCP/IP - widely known Office environment, plus mobile Governance and compliance OT Systems Management Safety first Zero downtime focus & real-time focus Few people; many, many devices ABB, Siemens, GE, Honeywell, Emerson, etc. Sensors, Controllers, Servers, Industrial Devices (IED, RTU, PLC) Polled process control model Purpose-specific devices Industrial Protocols: ICCP, Modbus, DNP3, some over TCP/IP Harsh operating plant environments Industry regulations 7/25/2014 9

Threat Trends for Control Systems 7/25/2014 10

Impacts to Automation Systems Loss of Control, Production and Physical Damage STUXNET Exfiltration of data related to ICS DUQU Theft of legitimate user accounts Flame Espionage, Data theft Gauss Operator Error 7/25/2014 11

Technology Sophistication Security Evolution in Industrial Control Systems Firewalls Business connectivity Locks on the Door Intrusion Detection Network Based Host Based Known Bad Industrial Protocols Alarm Sensors Event Monitor Central Logging Monitor and respond Alert on Events of interest Log everything and apply forensics Incident Management Flight recorder Intrusion Prevention Network Based Host Based Deep packet inspection Known Bad signatures Known Good Signatures Whitelisting System hardening System locked down Security Management Automate manual process Enforce policy, process & procedures Leverage baselines Manage changes Audit reporting Continuous assessments Attestation data Doing it and Proving you are doing it 2003 2005 2007 2009 Today 7/25/2014 12

Converging Challenges Improving cybersecurity, addressing compliance mandates, and enhancing operational effectiveness. Cybersecurity Threats exist from both malicious outsiders and well-intentioned insiders. Compliance Increasing external oversight from government (NERC CIP, BSI). Internal compliance with corporate policies, industry associations and best practices (NIST, CPNI, ISA99, API 1164, etc.) Change Management Need to know what assets are in your environment and when changes are made to those assets. 7/25/2014 13

Automation Systems Balancing Act Secure, Comply Gain Operational Advantage Security We need to do it Insurance Compliance We have to do it Corporate tax Operational Management We want to do it! Business Advantage! Striving for Operational Excellence via Improved, Reliability, Availability, Health and Safety 7/25/2014 14

Operational Challenges Balancing operational requirements with emerging cybersecurity, compliance and change management requirements: More complex automation systems Budgetary pressure Need for increased security Increasing compliance requirements Fewer resources and increasing skill set gaps Limited resources to allocate for change management and business process requirements 7/25/2014 15

Meeting the Challenge Vendor agnostic offering across disparate asset base Reduced manual labor through automation More complex automation systems Budgetary pressure Integrated defense-in-depth Need for increased security Automated collection tools and standardized reports Ease-of-use software. Outsourced partnership options Baseline archiving, variances, workflow, trouble-ticketing Increasing compliance requirements Fewer resources and increasing skill set gaps Limited resources to allocate for change management and business process requirements 7/25/2014 16

Lockheed Martin Cyber Security Solutions Risk Assessment Lockheed Martin Intelligence Driven Defense Risk Mitigation Risk Management Professional Services Enterprise Solutions Managed Services Intelligence Situational Awareness Actionable Intelligence 7/25/2014 17

Lockheed Martin Comprehensive Portfolio Intelligence Driven Defense Portfolio Professional Services Enterprise Solutions Managed Service Intelligence Security Risk assessment Cyber Architecture Systems Integration Incident Response SIC/SOC Transformation IT/SOC Insource/Outsource Training Cyber Intelligence Management Automation (OT) Systems Management Solution External and Insider Threat ID Solutions Security Education & Awareness SOC/SIC/MSSP Services Advanced Threat Mitigation LM & Classified Intelligence Analysis-on-Demand Managed IT Intelligence Driven Defense Cyber Kill Chain Analysis Industry-Specific and Cross-Industry Visibility 12-year Knowledge Base Across >25 SOC/SICs Risk Assessment Risk Mitigation Risk Management Risk Lifecycle Over 3,000 Cyber-Security Professionals on Staff 7/25/2014 18

Industrial Defender s ASM Architecture Asset Event Configuration Policy Compliance Work Automation Optional Agent Automation Systems End-Points 7/25/2014 19

Applications Asset Management Event Management Configuration Management A single unified view of all assets enables onboarding and decommissioning of assets, device status reporting, information access and state information. Brings visibility to control system and networks by providing event log data from multiple security sources, centralizes operations and reduces expenses. Track and audit device settings, software, firewall rules and user accounts and view and baseline the system configurations, ports & services, and software. Policy Management Communicate new policies, track acceptance and manage conformance. Compliance Reporting Work Automation Suite A comprehensive suite of standard configurable reports to meet audit requirements, internal or external. Enables users to define, generate and automate reports as needed. Integrates document management, ticketing, and reporting as part of a structured workflow enabling ICS professionals to initiate, track, approve, document, and report on changes made to control system assets. 7/25/2014 20

Capabilities Event logging, correlation, and archiving Customizable user interface dashboards Scalable architecture Configuration change management File integrity monitoring Device configuration file archiving Network traffic monitoring Critical process & service monitoring Report subscriptions User account change identification Network & system health and performance Analyze changes across asset base & environment Maintain central configuration policy Collect & report on settings, accounts, configurations Manage hardened electronic security perimeter Extensive Capabilities on a Single Platform 7/25/2014 21

In Depth Integration Integration with: ABB 800xA, ABB Symphony/Harmony, ABB Infi90, ABB FACTS and ABB SYS600C & MicroSCADA, Ventyx Network Manager Elster Calisto & EnergyAxis Emerson DeltaV and Emerson Ovation GE XA / 21 & PowerOn FUSION Foxboro I/A Series Honeywell Experion Itron OpenWay System Rockwell RSView Schneider Electric Momentum, Quantum, OASyS, Citec Siemens PCS7 and many more! Operating Systems Windows NIT, 2003, NT, 7, 8 HP-UX PA-RISC & Itanium Linux DEC Tru-64 Sun Solaris IBM AIX Industrial Rules DNP3 Modbus ICCP IEC Siemens S7 Protocol TCP/IP 7/25/2014 22

Industrial Defender FleetView Unprecedented situational awareness for control systems. a a a a Aggregates data across all sites for improved visibility Easily view trends over time at site-bysite level, or to specific systems and assets Quickly spot trends in changes between groups of assets including firewalls, switches, or routers Compare changes over time to see where anomalies exist for process improvements 7/25/2014 23

The Industrial Defender Platform is Open in its Ability to Integration with Enterprise IT & Security Systems Integrate with Enterprise IT & Security Systems Third Party Threat Intelligence Threat Intelligence Feeds Systems Management Change Management Policy Management Patch Management Infrastructure/Utility Event, Log Data End-Point Data Compliance SIEM 7/25/2014 24

Industrial Defender Solutions Simplify and scale with a complete turnkey solution. Asset Event Configuration Policy Compliance Work Automation a Infrastructure Address resource and expertise challenges with a single view, vendor agnostic platform. a Applications Tackle increasing security, compliance and change management challenges despite resource constraints. a Services Partner with Lockheed Martin s OT-experienced team so your team can deliver on reliability and availability of your systems. 7/25/2014 25

Best Practices Recommendation 1. Encourage Dialogue between the key stakeholders Engineering, Enterprise Security and Operations 2. Keep a regular inventory of Applications and Infrastructure dependencies Hardware, software, interdependencies 3. Understand that many OT systems were not designed with Security in mind Availability and operational efficiency 4. Understand your cybersecurity maturity Create an ongoing program 5. Ensure situational awareness across the entire organization: IT &OT Understand the differing requirements for cybersecurity Leverage vendors and expertise unique to your business and operations 7/25/2014 26

Questions Please use the Ask a Question button at the top of the Player to interactively text your questions in to our presenter Want to know more about Industrial Defender ASM? Join a Product Webinar and Demonstration: http://bit.ly/v6demo or visit http://id.lockheedmartin.com/ 7/25/2014 27

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information