Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services



Similar documents
Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Effective Defense in Depth Strategies

Process Control Networks Secure Architecture Design

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Are you prepared to be next? Invensys Cyber Security

Verve Security Center

Defending Against Data Beaches: Internal Controls for Cybersecurity

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Looking at the SANS 20 Critical Security Controls

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

Protecting productivity with Plant Security Services

Continuous Industrial Cyber Risk Mitigation with Managed Services Monitoring and Alerting Konstantin Rogalas and Arjen van Es, Honeywell

SCADA City of Raleigh. Martin Petherbridge, CPA, CIA Internal Audit Manager Shirley McFadden, CPA, CIA Senior Internal Auditor

Cybersecurity Health Check At A Glance

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

SCADA Security Training

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Session 14: Functional Security in a Process Environment

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

Industrial Security for Process Automation

The Four-Step Guide to Understanding Cyber Risk

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

THE TOP 4 CONTROLS.

Innovative Defense Strategies for Securing SCADA & Control Systems

Protecting Organizations from Cyber Attack

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

The Protection Mission a constant endeavor

IT Security and OT Security. Understanding the Challenges

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

DeltaV System Cyber-Security

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Ovation Security Center Data Sheet

Best Practices For Department Server and Enterprise System Checklist

Cisco Advanced Services for Network Security

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Lifecycle Solutions & Services

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

Remote Services. Managing Open Systems with Remote Services

Critical Security Controls

Jumpstarting Your Security Awareness Program

F G F O A A N N U A L C O N F E R E N C E

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

Cyber Security Metrics Dashboards & Analytics

Dr. György Kálmán

Security Policy for External Customers

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

INCIDENT RESPONSE CHECKLIST

Critical Controls for Cyber Security.

Industrial Cyber Security 101. Mike Spear

New Era in Cyber Security. Technology Development

Stronger than Firewalls And Cheaper Too

ABB s approach concerning IS Security for Automation Systems

This is a preview - click here to buy the full publication

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

Assessing the Effectiveness of a Cybersecurity Program

Industrial Security Solutions

Ovation Security Center Data Sheet

GOOD PRACTICE GUIDE PROCESS CONTROL AND SCADA SECURITY

Introduction to Cyber Security / Information Security

OPC & Security Agenda

How To Manage A System Vulnerability Management Program

Altius IT Policy Collection Compliance and Standards Matrix

CONCEPTS IN CYBER SECURITY

Practical Steps To Securing Process Control Networks

Breakthrough Cyber Security Strategies. Introducing Honeywell Risk Manager

How To Ensure The C.E.A.S.A

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

APPENDIX 3 TO SCHEDULE 3.3 SECURITY SERVICES SOW

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Building a More Secure and Prosperous Texas through Expanded Cybersecurity

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Computer Security: Principles and Practice

5 Steps to Advanced Threat Protection

3. Are employees set as Administrator level on their workstations? a. Yes, if it is necessary for their work. b. Yes. c. No.

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Security Management. Keeping the IT Security Administrator Busy

GE Measurement & Control. Cyber Security for NERC CIP Compliance

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

GEARS Cyber-Security Services

Chapter 1 The Principles of Auditing 1

Network and Security Planning Guide

SECURITY. Risk & Compliance Services

Computer System Security Updates

Managing internet security

Security aspects of e-tailing. Chapter 7

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Client Security Risk Assessment Questionnaire

Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations

Cyber Security for NERC CIP Version 5 Compliance

Transcription:

Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services

Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance Connections IT Cyber Security Firewall Level 3.5 DMZ Domain Controller ESF PHD Server Experion Server EAS Terminal Server Patch Mgmt Server Anti Virus Server 3 RD Party App Subsystem Interface eserver PHD Shadow Server Level 3 Router ESC ESF ACE Experion Server EST ESVT Optional HSRP Router Safety Manager Terminal Server Domain Controller Industrial Cyber Security Level 2 Qualified Cisco Switches Level 1 2 2015 Honeywell International All Rights Reserved

ICS Continuous Monitoring: Making the Case 3 2015 Honeywell International All Rights Reserved

Critical Infrastructure Cybersecurity Framework Function IDENTIFY PROTECT DETECT RESPOND Maps controls to: - ISO 27001 - ISA 99/IEC 62443 - NIST SP 800-53 - COBIT 5 - CCS CSC RECOVER http://www.nist.gov/cyberframework/ 4 2015 Honeywell International All Rights Reserved

Critical Infrastructure Cybersecurity Framework Function IDENTIFY PROTECT Elements Hardware & Software Inventory, Policy & Procedures Network Topology, Security Risk Assessments Firewalls, Passwords, Antivirus, Patching, USB Control Physical Security, Change Control, Backup & Recovery DETECT? RESPOND? RECOVER? http://www.nist.gov/cyberframework/ 5 2015 Honeywell International All Rights Reserved

Industrial Cyber Attacks & Incidents Are Rising Worm Targeting SCADA and Modifying PLCs Large-Scale Advanced Persistent Threat Targeting Global Energy Virus Targeting Energy Sector Largest Wipe Attack APT Cyber Attack on 20+ High Tech, Security & Defense Cos. Virus for Targeted Cyber Espionage in Middle East Cyber-Espionage Malware Targeting Gov t & Research Organizations Worm Targeting ICS Information Gathering and Stealing Information Stealer Malware Security Bug and Vulnerability Exploited by Attackers Industrial Control System Remote Access Trojan & Information Stealer 6 2015 Honeywell International All Rights Reserved

What do these 3 Plants have in common? German Steel Plant Iranian Nuclear Facility Turkish Pipeline 7 2015 Honeywell International All Rights Reserved

Increased Activity & Success Nov 20, 2014 NSA Chief FINALY states: It s already happened! Jan 23, 2015 Cisco CEO states Cyber Attacks will double this year 8 2015 Honeywell International All Rights Reserved

Common Thread Most of these attacks could have been stopped using good protection and detection capabilities The results/effects of ALL of these attacks could have been reduced via continuous monitoring Is your ICS currently infected or under attack? 9 2015 Honeywell International All Rights Reserved

ICS Continuous Monitoring: Key Elements 10 2015 Honeywell International All Rights Reserved

Key Events to Monitor Network Activity Logs ACL Rules, Utilization Spikes, Passwords/Strings System Audit Logs Unauthorized Access, Disabling Controls, Configuration Changes System Availability/Performance Application Health, CPU Utilization, Hardware Errors, Overruns Administrative Changes GPO Modifications, Group Additions, Enabling USB Devices Software Update Compliance Aging for Virus Signatures, Security Patches, Software Updates Virus Infections 11 2015 Honeywell International All Rights Reserved

Key Devices to Monitor Control Systems Servers Controllers Safety Managers Historians Network Devices (firewall, switch, wireless) Windows Servers Workstations (operator & engineering) System Backups Virtual Hosts 12 2015 Honeywell International All Rights Reserved

Obstacles to effective Monitoring Budget for required utilities Intrusion Detection Systems Security Information & Event Management Logging Agents, Relay Servers, Databases, etc. Personnel required for administration Initial Installation of components above Analysis of events to determine what is critical Investigation of alerts to determine next steps Other concerns Competing DCS priorities Training on new technology Different expertise per location 13 2015 Honeywell International All Rights Reserved

Continuous Monitoring Best Practice Hire a company to monitor your systems for ¼ the price, but only if they have the following: Expertise in Control System security Methodology that complies with IEC 62443 Passive, Comprehensive, Secure 100s of current ICS customers Follow the sun support model Geographically separate operating facilities Vendor Agnostic 14 2015 Honeywell International All Rights Reserved

Questions??? 15 2015 Honeywell International All Rights Reserved

Voice of Customer 1. For patching updates, are you using manual or automated processes? Manual Automated 2. For antivirus updates, are you using manual or automated processes? Manual Automated 3. On a scale of 1-10 (10 being very satisfied), how satisfied are you with how you currently monitor the security of your control system? 4. If you are not currently using Whitelisting, how soon do you intend to add Whitelisting to your cyber security program? Within 6 months 1 year 2 years or beyond Never 16 2015 Honeywell International All Rights Reserved

Thank You 17 2015 Honeywell International All Rights Reserved

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information