Practical Steps To Securing Process Control Networks

Similar documents
Defending Against Data Beaches: Internal Controls for Cybersecurity

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Protecting critical infrastructure from Cyber-attack

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Protecting Your Organisation from Targeted Cyber Intrusion

SANS Top 20 Critical Controls for Effective Cyber Defense

Agenda , Palo Alto Networks. Confidential and Proprietary.

SPEAR PHISHING UNDERSTANDING THE THREAT

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Breaking the Cyber Attack Lifecycle

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

IBM Security Strategy

Who s Doing the Hacking?

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

September 20, 2013 Senior IT Examiner Gene Lilienthal

N-Dimension Solutions Cyber Security for Utilities

Advanced Threat Protection with Dell SecureWorks Security Services

Cybersecurity Awareness. Part 1

Concierge SIEM Reporting Overview

Modern Approach to Incident Response: Automated Response Architecture

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Developing Secure Software in the Age of Advanced Persistent Threats

Next Generation IPS and Reputation Services

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

The Protection Mission a constant endeavor

Cybersecurity and internal audit. August 15, 2014

Advanced Threats: The New World Order

Advanced Persistent Threats

Can We Become Resilient to Cyber Attacks?

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Are you prepared to be next? Invensys Cyber Security

Security and Privacy

PENETRATION TESTING GUIDE. 1

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Cyber Security Metrics Dashboards & Analytics

Telecom Testing and Security Certification. A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT

The Information Security Problem

Perspectives on Cybersecurity in Healthcare June 2015

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Gregg Gerber. Strategic Engagement, Emerging Markets

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Critical Controls for Cyber Security.

I N T E L L I G E N C E A S S E S S M E N T

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Enterprise Cybersecurity: Building an Effective Defense

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Cyber Security for NERC CIP Version 5 Compliance

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Information Security and Risk Management

SIEM is only as good as the data it consumes

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Breach Found. Did It Hurt?

After the Attack. The Transformation of EMC Security Operations

Presented by Evan Sylvester, CISSP

Information Security for the Rest of Us

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

Chapter 1 The Principles of Auditing 1

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats

Malicious Network Traffic Analysis

Incident Reporting Guidelines for Constituents (Public)

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats

Getting real about cyber threats: where are you headed?

External Supplier Control Requirements

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)

Protecting Organizations from Cyber Attack

ARC INDUSTRY FORUM 2015

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS

Beyond the Hype: Advanced Persistent Threats

Defending Against Cyber Attacks with SessionLevel Network Security

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

FBI CHALLENGES IN A CYBER-BASED WORLD

idata Improving Defences Against Targeted Attack

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

The Next Generation Security Operations Center

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

EC-Council. Certified Ethical Hacker. Program Brochure

Jumpstarting Your Security Awareness Program

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

How a Company s IT Systems Can Be Breached Despite Strict Security Protocols

Transcription:

Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved. This document ] shall not be reproduced, modified, distributed or displayed without the prior written consent of the Lockheed Martin Corporation 1

Discussion Topics The Threat Landscape Security Challenges in the Operations Environment Four Practical Steps for Securing your Process Control Network 2

Threat Activity Significant Increase in ICS Vulnerabilities (2001 2012) Industrial Control System (ICS) Computer Emergency Response Team (CERT) ICS CERT Incidents Increasing 3

The Threat Landscape Advanced Persistent Threats Understand your threat profile and who is targeting you! Cyber Crime Threats Hacktivism Threats Insider Threats Nuisance Threats Attack Profile: Targeted, organized and funded attacks potentially associated to Nation State sponsorship or other powerful entities. Opportunistic, broadbased, motivated by financial gain. Organized attacks associated to group of individuals with political, ethical, religious, or retaliatory motives. Legitimate internal user with hidden malicious intentions Unskilled attackers, scanners & crawlers, SPAM, worms/viruses, basic malware Primary Objectives: Typically medium to long term; exfiltration of intellectual property for purposes of eliminating years of R&D, competitive economic and/or nation state advantage Typically short term; Identity theft, credit card fraud, extortion, botnet creation & management Typically short term; cause havoc & chaos, disrupt operations, discredit and malign via disclosure of sensitive information. Short to long term; compromise of sensitive information, destruction, revenge, espionage, harassment Often unknown or irrelevant; recognition& status, reconnaissance, financial Attack Methods: Social engineering, spear phishing, watering hole and drive-by download attacks, espionage, focused perimeter breaches Phishing Attacks, Hosting Malware on Legitimate websites, SPAM related attacks, cyber extortion techniques. Distributed Denial of Service attacks (DDOS), traditional hacking techniques, spear phishing, etc. Access via legitimate credentials and privileges, data exfiltration, physical and logical sabotage, surveillance Automated scanners, public exploit kits, generic SPAM email, propagating worms/viruses, adware, scareware 4

The Cyber Kill Chain TM Cyber Kill Chain Reconnaissance Intrusion Weaponization Delivery Sequel Exploitation Installation Campaign Command & Control Action on Objectives (C) Lockheed Martin Corporation 2013 5

Indigo Qwerty Campaign Heatmap Campaign analysis is used to determine the patterns and behaviors of the intruders (C) Lockheed Martin Corporation 2013 6

Measuring Success Framing metrics in context of the Cyber Kill Chain identifies gaps and informs investments (C) Lockheed Martin Corporation 2013 7

IT vs. Operations Technology Information Technology (IT) ICS / Operations Technology (OT) Cyber Security Approach Cyber Security Priorities Confidentiality Integrity Availability Data Protection Availability, reliability, and human safety often trumps other concerns. Physical process control Lifecycles 3-5 year refresh cycle 10+ year refresh cycle Vendor Impact High degree of autonomy. Reliance on vendors for support (e.g. will not install patches without vendor approval) Visibility Assessment Techniques Industry Standards and Guidelines Intrusion Detection System (IDS)/ Intrusion Protection System (IPS), Centralized Logging, Security Incident and Event Management Active penetration testing. NIST 800 series and ISO Most traditional IT security visibility mechanisms do not exist. Passive testing or focus on lab and secondary/backup systems. NIST 800-82 (ICS), ANSI/AWWA G430, NEI,NRC, NERC Successful Teams are Integrated and Bilingual in IT and OT 8

Process Control Network (PCN) Design (sample) Corporate IT Domain IT Corporate Network Plant Demilitarized Zone (DMZ) Operational Technology (OT) Domain Logical / Physical Separation of PCN 9

Challenges in Process Control Security Lack of visibility Information and organizational silos Limited ICS/PCN specific cyber threat intelligence 10

Step 1: Get Visibility Process Control Visibility Easy Wins Perimeter Firewall Logs Perimeter Netflow IDS Next Steps Field Firewall Logs Control Center Netflow Control Center Host Logs Network Whitelisting Logs Advanced Visibility Field Network Netflow Field Network Host Logs ICS Protocol Situational Awareness ICS Protocol Whitelisting Logs Field Device Logs Full Packet Capture (FPC) 11

Step 2: Find and Leverage Intelligence Sources Prerequisite: Effective Asset Inventory Intelligence Sources Open Source Intelligence (OSINT) Government-sponsored Efforts Industry Groups Vendor Subscriptions Private Collaboration Agreements 12

Step 3: Build Your Own Intelligence Full intrusion: Analysis to recreate the defense lifecycle Recon Weaponize Delivery Exploit Install Analyze C2 Detect Act on Objectives Pre-compromise Stages Post-compromise Stages Mitigated intrusion: Analysis and synthesis Analyze Detect Synthesize Recon Weaponize Delivery Exploit Install C2 Act on Objectives Gather intel regardless of attack success 13

Step 4: Apply and Track Intelligence Detections and Mitigations Perimeter Intrusion Detection System (IDS) Host IDS / Anti-Virus tools Perimeter firewalls Field firewalls Field device configurations Develop metrics to track effectiveness over time Business Resiliency System Availability Return on Investment Collaborate on intelligence and metrics between Business and Process Control Networks 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information