Vulnerabilities in Process Control Networks: What Are We Protecting Against?
|
|
- Lewis Charles
- 6 years ago
- Views:
Transcription
1 Vulnerabilities in Process Control Networks: What Are We Protecting Against? Mark Benedict Ultra Electronics, 3eTI Standards Certification Education & Training Publishing Conferences & Exhibits 2014 ISA Water / Wastewater and Automatic Controls Symposium 1 August 5-7, 2014 Orlando, Florida, USA
2 Mark Benedict VICE PRESIDENT, BUSINESS DEVELOPMENT Nearly 20 years of experience in network, data systems, information security, military research, technology acquisition, and operations Expertise in the field of Information Assurance, cryptography, high availability data centers, and network security Prior to joining 3eTI directed Department of Defense engineering and technology organizations with Top Secret /TK/SI/SCI security clearance. Senior Colonel in the Information Assurance Directorate, National Security Agency (NSA), responsible for development of secure communications used for space based reconnaissance and communication satellite platforms Source selection for Army officers on NSA Red Team and managed the sustainment of the Electronic Key Management System Retired from active military service to lead 3eTI s Business Development efforts, including directing 3eTI s strategic Sales and Marketing activities 2
3 Session Overview What are we talking about? ICS Security Challenges Standards: the defender s approach Vulnerabilities: the attacker s approach Who to trust? Owning your risk Risk = Threat x Vulnerability x Impact
4 3eTI & Ultra Electronics At A Glance 3eTI Leading provider of military-grade secure communications that enable critical systems security, infrastructure security, and facility management for customers worldwide. 3eTI was founded in US employees Subsidiary of Ultra Electronics Accredited and proven products and solutions 80+ years of industry expertise, including two NATO expert advisors Flexible OEM models for easy integration Ultra Electronics An internationally successful Defense and Aerospace, Security & Cyber, Transport and Energy company with a long, consistent track record of development and growth. Founded in 1993 Group consists of 30 specialized subsidiaries employees Over 180 specialty capabilities areas $1,238.4m in revenue $183.2m in profit Revenue by capability
5 The Real Security Challenge Connecting everything has given us great value, but also a lot of new risks Risk is individual and unique, so mitigations and solutions are too Technology and attackers often outpace the assumptions made in the risk assessment Stop adopting a protect against the last attack approach this just wastes resources If we accept that this is ICS not IT, don t just look at IT-centric solutions If the attack is new or paradigm shifting (e.g. Stuxnet, Target) it takes the industry a long time to even begin to address it But, you are not alone and risk management is possible. People have been doing it a long time! The current way of operating is insecure and potentially unsafe!
6 REAL-LIFE DANGERS Staged cyber attack reveals vulnerability in power grid Russia's Sayano- Shushenskaya Hydroelectric disaster
7 Cyber Security Standards Enabling a business risk-driven security regime
8 ISO INFORMATION SECURITY MANAGEMENT CODE OF PRACTICE What it is Overarching standard for operational security process in the IT world Comprehensive catalog of security practices for IT system managers ISO How to establish and maintain an information security management system Conclusion Management focused making security and business management function Weak on implementation Process driven, not results driven
9 IEC 62443/ISA99 INDUSTRIAL & ENTERPRISE NETWORK INTEGRATION What it is Security for industrial automation and control systems (IACS) Prevention of illegal or unwanted penetration, intentional or unintentional interference with the proper and intended operation, or inappropriate access to confidential information in IACS Zone and Conduit Model A network segmentation countermeasure strategy Barrier devices shall block all non-essential communications in and out of the security zone Asset owner shall establish zones and conduits by grouping assets based on functionality Conclusion Risk-based rather than process driven Industrial focused rather than IT focused Dependent on right choice of zone/conduit architecture
10 IEC TYPICAL ZONE & CONDUIT DEPLOYMENT Zones Definition Assets with common security requirements and functionality Reality impact area (compromise of one is the compromise of all) The size of a zone should be equal to the size of the accepted impact Level 1 (Zone) Level 2 (Zone) Level 1 Level 2 (Conduit) Level 3 (Zone) Level 2 Level 3 (Conduit) Level 4 (Zone) Level 3 Level 4 (Conduit)
11 DIACAP DOD INFORMATION ASSURANCE CERTIFICATION PROCESS What it is Certifies and accredits information systems through an enterprise process Process parallels the system life-cycle Achieve DoD IA through a defense-indepth approach that integrates the capabilities of personnel, operations, and technology, and supports the evolution of network centric warfare Conclusion Very thorough, backed up with STIGs IT focused Heavily dependent on quality of assessors and assessments
12 Independent Validation ASSURES SECURITY ROBUSTNESS Component Validation Test components using standards such as FIPS 1402 and Common Criteria. Use national technical authorities (e.g. NSA) to conduct deep dive component vulnerability assessments System Validation Take system through thorough risk and vulnerability assessment to ensure mitigations and configurations are implemented correctly Solution Validation Thoroughly penetration-test a reference system by expert SCADA/ICS security red teams (e.g. DHS/INL) Installed Validation Undertake on-site live red-team exercise to test cyber and physical security in operation
13 Vulnerabilities & Threats What are the attackers thinking?
14 A Growing List of Uncovered Vulnerabilities
15 Bringing the Internet to You CYBER WEAPONS
16 Cyber Attackers WHO CAN LAUNCH A CYBER ATTACK You don t need to be a hacker to hack. To launch a sophisticated cyber attack you need: Motivation why would they attack me? Money 30 min. watching a YouTube video Political protest $100 equipment from Amazon Environmental activism Notoriety Industrial espionage Those with the capability: Nation states Retaliation Criminals Job security Activists Fun Employees Children! Cyber attacks are a great equalizer. An attacker need not know what he/she is doing to cause a large impact!
17 Everyone is a Potential Target
18 Approach & Mitigations What is the answer?
19 Holistic Cyber Security ATTACKS & MITIGATIONS Federal Gov t DoD /Military Corporate/Financial Telcomms Healthcare Utilities Distribution Building Automation Industrial Facilities Energy Mgt
20 Multi-dimensional Approach RIGHT TOOL FOR THE RIGHT JOB Firewalls Keeps unauthorized traffic out Intentional holes for authorized traffic Encryption Maintains confidentiality and integrity of data Works just as well on malware as legitimate traffic Key management as important as algorithms Anti-Virus Prevents known malware from running Doesn t handle new malware Doesn t run on embedded systems VLANs Segregates traffic on networks Not originally designed as a security control Port Authentication Limits network resource access Can be hijacked Robust & Resilient End-point, network, and perimeter defense End-to-end security Multi-vendor approach Mitigate vulnerabilities not previous attacks
21 A Holistic Risk-Based Approach INTEGRATING CYBERSECURITY Security is not a destination; it s a journey. The better and more informed your risk management is, the farther you will get Policy Risk management is not risk elimination Understand your risk appetite Mitigate vulnerabilities not attack vectors Appropriate solutions for realistic threats Operate & Monitor Plan & Design Don t rely on COTS security by design Leverage known security approaches ISO NIST/FISMA DIACAP ISA99 CIP-005 Implement security the correct way by using independent validation Risk Management Review & Approve Develop & Deploy Solution should be easy to deploy, manage and maintain and should not interfere with existing operation An incomplete risk assessment will result in unaddressed risks & unacceptable impacts
22 How Much Risk is Acceptable? Office Network Historian Workstation Wider Enterprise Network Facility Network Engineering Terminal SCADA Server HMI Control Network Remote Site 1 Remote Site 2 Remote Site N Maintenance Laptop 1 Risk from an external attack 2 Risk from the large control network 3 Risk from internal device connections 4 Risk from internal compromise 5 Risk from unpatched zero-day vulnerabilities What risk will you accept today? Tomorrow?
23 Case Study Highlights US NAVY NDW OBJECTIVE: To build an enterprise industrial control system (EICS) using a secure platform that would meet government energy mandates under the customer s Smart Grid Program REQUIREMENTS Efficiency savings through automation Optimization of plant operations and processes Safe and Reliable operations Share information among stakeholders Connect equipment over an IP network Utilize open and common protocols CONCERNS Unauthorized external access to networks and systems Loss of command and control or data integrity Loss or degradation of system availability Malware infection manipulating operations Cyber-attack causing physical impact Reputation loss due to publicized vulnerabilities or attacks Intentional misuse of systems causing physical impacts Cybersecurity attacks impacting normal operations
24 Summary The cyber risks are real, but probably not what you imagine It s getting easier and cheaper all the time Computers don t look like computers anymore Don t inadvertently drive attackers to your unprotected side Perimeter protection is not enough The Internet will be brought to you, whether you like it or not! You can t cheat off the person next to you - risk is something you must own and understand Be aware of YOUR threats, vulnerabilities, and impacts This is a business problem, not an IT or ICS problem Don t just specify security requirements demand validated security There is no one size fits all or single bullet solution Trust must be earned, but even then also verify (you get what you ask for!) Security done right Push security to the edge (device level not network level) Security is end-to-end: how do you know that what was received was what was sent? Security is NOT standard compliance there s a reason why they don t specify validation Security is not about eliminating the threat, but frustrating the attacker
25 Questions & Answers Mark Benedict Ultra Electronics, 3eTI Phone
26 About Ultra Electronics, 3eTI Leading provider of certified communications that enable critical systems security, infrastructure security, and secure facility management for customers worldwide. Founded in 1995 Subsidiary of Ultra Electronics a $1.1B electronics group employees - sells systems, products and services in more than 60 countries Accredited and proven products and solutions 80+ years of industry expertise, including two NATO expert advisors 17 technology patents OIL & GAS PORT & CNI Adaptable systems meet customized requirements for government and industrial markets COMMUNICATION S NAVAL/MARINE LAND
27 EtherGuard END-POINT PROTECTION FOR EMBEDDED DEVICES Core End-point Security Features Control who communicates with the embedded device Protects the integrity of those communications Monitors and validates the commands being communicated Validated Capabilities Layer 2 and Layer 3 encryption Firewall Port authenticator Deep Packet Inspection (DPI) 3rd Party Independent Validations Component validation - Accredited for IA, industrial operation and implementation System validation Risk and vulnerability assessments to ensure mitigations and configurations implemented correctly Solution validation - Penetration tested by SCADA/ICS security team experts Installed validation - On-site live team tested for cyber and physical security in operation Flexible Deployment Options Enables bolt-on retro-fit security for existing deployments Available as OEM module for built-in new solutions Applications ICS/SCADA system cybersecurity Embedded systems cybersecurity M2M cyber security Encryption/ authentication Intrusion detection/prevention Network systems security Remote device connectivity Network-within-network provision
Frank Ignazzitto Ultra Electronics, 3eTI
Demystifying Government-Validated Solutions: A Standards Based Approach to Protecting Process Control Networks Standards Certification Education & Training Publishing Conferences & Exhibits Frank Ignazzitto
More informationNAVAL DISTRICT WASHINGTON SMARTSHORE CASE STUDY Jeff Johnson NDW CIO (N6)
NAVAL DISTRICT WASHINGTON SMARTSHORE CASE STUDY Jeff Johnson NDW CIO (N6) 1 Creating Cyber Secure Enterprise Control Systems Networks Agenda US Navy, NDW Industrial Controls overview The new cyber threat
More informationCyberFence Protection for DNP3
CyberFence Protection for DNP3 August 2015 Ultra Electronics, 3eTI 2015 DNP3 Issues and Vulnerabilities DNP3 is one of the most widely used communications protocols within the utility space for the purpose
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationCyber security - why and how
Cyber security - why and how Frankfurt, 14 June 2018 ACHEMA Cyber Attack Continuum Prevent, Detect and Respond Pierre Paterni Rockwell Automation, Connected Services EMEA Business Development Manager PUBLIC
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationIEC A cybersecurity standard approaching the Rail IoT
IEC 62443 A cybersecurity standard approaching the Rail IoT siemens.com/communications-for-transportation Today s Siemens company structure focusing on several businesses Siemens AG Power and Gas (PG)
More informationDefense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016
Defense in Depth Constructing Your Walls for Your Enterprise Mike D Arezzo Director of Security April 21, 2016 Defense in Depth Defense in Depth Coordinated use of multiple security countermeasures Protect
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationPROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY OUR MISSION Make the digital world a sustainable and trustworthy environment
More informationCYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationFunctional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK
Functional Safety and Cyber Security Pete Brown Safety & Security Officer PI-UK Setting the Scene 2 Functional Safety requires Security Consider just Cyber Security for FS Therefore Industrial Control
More informationABB Ability Cyber Security Services Protection against cyber threats takes ability
ABB Ability Cyber Security Services Protection against cyber threats takes ability In today s business environment, cyber security is critical for ensuring reliability of automation and control systems.
More informationIntegrated C4isr and Cyber Solutions
Integrated C4isr and Cyber Solutions When Performance Matters L3 Communication Systems-East provides solutions in the C4ISR and cyber markets that support mission-critical operations worldwide. With a
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More informationSecurity Issues and Best Practices for Water Facilities
Security Issues and Best Practices for Water Facilities Standards Certification Jeff Hayes Business Development Manager Beijer Electronics Education & Training Publishing Conferences & Exhibits 2013 ISA
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationCYBER SOLUTIONS & THREAT INTELLIGENCE
CYBER SOLUTIONS & THREAT INTELLIGENCE STRENGTHEN YOUR DEFENSE DarkTower is a global advisory firm focused on security for some of the world s leading organizations. Our security services, along with real-world
More informationGuide to cyber security/cip specifications and requirements for suppliers. September 2016
Guide to cyber security/cip specifications and requirements for suppliers September 2016 Introduction and context The AltaLink cyber security/cip specification and requirements for suppliers (the standard)
More informationData Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users
Data Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users Standards Certification Education & Training Publishing Conferences &
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Port Security Port Security helps to control access to logical and physical ports, protocols, and services. This
More informationCyber Security for Process Control Systems ABB's view
Kaspersky ICS Cybersecurity 2017, 2017-09-28 Cyber Security for Process Control Systems ABB's view Tomas Lindström, Cyber Security Manager, ABB Control Technologies Agenda Cyber security for process control
More informationCybersecurity, Trade, and Economic Development
Cybersecurity, Trade, and Economic Development G7 ICT Priorities: Technology, Innovation, and the Global Economy UNCTAD E-Commerce Week Danielle Kriz Senior Director, Global Policy Palo Alto Networks April
More informationICS Security. Trends, Issues, and New Standards. Speaker: David Mattes CTO, Asguard Networks
ICS Security Trends, Issues, and New Standards Standards Certification Education & Training Publishing Conferences & Exhibits Speaker: David Mattes CTO, Asguard Networks 2013 ISA Water / Wastewater and
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationCybersmart Buildings: Securing Your Investments in Connectivity and Automation
Cybersmart Buildings: Securing Your Investments in Connectivity and Automation Jason Rosselot, CISSP, Director Product Cyber Security, Johnson Controls AIA Quality Assurance The Building Commissioning
More informationThe Information Age has brought enormous
Cyber threat to ships real but manageable KAI hansen, akilur rahman If hackers can cause laptop problems and access online bank accounts or credit card information, imagine the havoc they can wreak on
More informationInformation Security for Mail Processing/Mail Handling Equipment
Information Security for Mail Processing/Mail Handling Equipment Handbook AS-805-G March 2004 Transmittal Letter Explanation Increasing security across all forms of technology is an integral part of the
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationThreat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017
Threat analysis Tuomas Aura CS-C3130 Information security Aalto University, autumn 2017 Outline What is security Threat analysis Threat modeling example Systematic threat modeling 2 WHAT IS SECURITY 3
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationDigital Wind Cyber Security from GE Renewable Energy
Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well
More informationENDPOINT SECURITY STORMSHIELD PROTECTION FOR WORKSTATIONS. Protection for workstations, servers, and terminal devices
ENDPOINT SECURITY STORMSHIELD PROTECTION FOR WORKSTATIONS Protection for workstations, servers, and terminal devices Our Mission Make the digital world a sustainable and trustworthy environment while ensuring
More informationTraining and Certifying Security Testers Beyond Penetration Testing
Training and Certifying Security Testers Beyond Penetration Testing Randall W. Rice, CTAL (Full), CTAL-SEC Director, ASTQB Board of Directors www.astqb.org Most organizations do not know the true status
More informationTrends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk
Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk Standards Certification Education & Training Publishing Conferences & Exhibits Steve Liebrecht W/WW Industry
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationCYBER SECURITY AIR TRANSPORT IT SUMMIT
CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER
More informationALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation
ALTITUDE DOESN T MAKE YOU SAFE Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation CYBER SECURITY IS THE GREATEST THREAT TO EVERY COMPANY IN THE WORLD. IBM CEO GINNI ROMETTY SD
More informationThe Value of Automated Penetration Testing White Paper
The Value of Automated Penetration Testing White Paper Overview As an information security expert and the security manager of the company, I am well aware of the difficulties of enterprises and organizations
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationCONE 2019 Project Proposal on Cybersecurity
CONE 2019 Project Proposal on Cybersecurity Project title: Comprehensive Cybersecurity Platform for Bangladesh and its Corporate Environments Sector or area: Cybersecurity for IT, Communications, Transportation,
More informationCritical Infrastructure Protection for the Energy Industries. Building Identity Into the Network
Critical Infrastructure Protection for the Energy Industries Building Identity Into the Network Executive Summary Organizations in the oil, gas, and power industries are under increasing pressure to implement
More informationNo compromises for secure SCADA Communications even over 3rd Party Networks
No compromises for secure SCADA Communications even over 3rd Party Networks The Gamble of Using ISP Private Networks How to Stack the Odds in Your Favor Standards Certification Education & Training Publishing
More informationSANS SCADA and Process Control Europe Rome 2011
SANS SCADA and Process Control Europe Rome 2011 Ian Buffey Director International Services Industrial Defender ibuffey@industrialdefender.com A Holistic Approach Planning, training and governance Cybersecurity
More information2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification
2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification Presenters Jared Hamilton CISSP CCSK, CCSFP, MCSE:S Healthcare Cybersecurity Leader, Crowe Horwath Erika Del Giudice CISA, CRISC,
More informationPractical SCADA Cyber Security Lifecycle Steps
Practical SCADA Cyber Security Lifecycle Steps Standards Certification Jim McGlone CMO, Kenexis Education & Training Publishing Conferences & Exhibits Bio Jim McGlone, CMO, Kenexis GICSP ISA Safety & Security
More informationVirtustream Cloud and Managed Services Solutions for US State & Local Governments and Education
Data Sheet Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Available through NASPO ValuePoint Cloud Services VIRTUSTREAM CLOUD AND MANAGED SERVICES SOLUTIONS
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationRetail Security in a World of Digital Touchpoint Complexity
Retail Security in a World of Digital Touchpoint Complexity Author Greg Buzek, President of IHL Services Sponsored by Cisco Systems Inc. Featuring industry research by Previously in part 1 and part 2 of
More informationSECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS
SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS PROTECT YOUR DAILY OPERATIONS FROM BEING COMPROMISED In today s data-driven society, connectivity comes with a cost.
More informationVANGUARD WHITE PAPER VANGUARD INSURANCE INDUSTRY WHITEPAPER
VANGUARD INSURANCE INDUSTRY WHITEPAPER Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to
More informationEnhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationUNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS NETWORK SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS NETWORK SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY OUR MISSION Provide cybersecurity and data protection for organizations,
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationWHITE PAPERS. INSURANCE INDUSTRY (White Paper)
(White Paper) Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to ensure enterprise compliance
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationOpenWay by Itron Security Overview
Itron White Paper OpenWay by Itron OpenWay by Itron Security Overview Kip Gering / R. Eric Robinson Itron Marketing / Itron Engineering 2009, Itron Inc. All rights reserved. 1 Executive Summary 3 Intent
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationMike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationManaging IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services
Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our
More informationTo Audit Your IAM Program
Top Five Reasons To Audit Your IAM Program Best-in-class organizations are auditing their IAM programs - are you? focal-point.com Introduction Stolen credentials are the bread and butter of today s hacker.
More informationT22 - Industrial Control System Security
T22 - Industrial Control System Security PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 Holistic Approach A secure application depends on multiple layers of protection and industrial
More informationHow Advanced Persistent Threats Successfully Breach Large Organizations AND, What To Do About It
How Advanced Persistent Threats Successfully Breach Large Organizations AND, What To Do About It Robert West Chief Information Security Officer Department of Homeland Security Top 10 misconceptions about
More informationMcAfee Embedded Control
McAfee Embedded Control System integrity, change control, and policy compliance in one solution for integrated control systems McAfee Embedded Control for integrated control systems (ICSs) maintains the
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationTop 10 ICS Cybersecurity Problems Observed in Critical Infrastructure
SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical
More informationCyber Defense Overview Defense in Depth
Cyber Defense Overview Defense in Depth John Franco Electrical Engineering and Computer Science Defending Against Attack Military defense in depth: The siting of mutually supporting defense positions designed
More informationCybersecurity Best Practices
Cybersecurity Best Practices Securing Your Organization, Systems and Platforms Health IT Summit The Cybersecurity Forum August 2017 Tony Sager Sr. Vice President and Chief Evangelist, CIS 1 Classic Risk
More informationPREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation
PREPARE & PREVENT The SD Comprehensive Cybersecurity Portfolio for Business Aviation SD CYBERSECURITY SERVICES At SD, security isn t a slogan, it is our culture. Just because you are in a business jet
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationCyber Security of Industrial Control Systems (ICSs)
Cyber Security of Industrial Control Systems (ICSs) February 23, 2016 Joe Weiss PE, CISM, CRISC, ISA Fellow Managing Partner Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Applied
More informationHOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS
HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS Danielle M. Zeedick, Ed.D., CISM, CBCP Juniper Networks August 2016 Today s Objectives Goal Objectives To understand how holistic network
More informationWho Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom
WEAT Webinar Who Goes There? Access Control in Water/Wastewater Siemens AG 2018. siemens.com/ruggedcom ACCESS CONTROL WEBINAR TABLE OF CONTENTS TOPIC Why Access Control? Risks If Not Used Factors of Authentication
More informationCybersecurity Training
Standards Certification Education & Training Publishing Conferences & Exhibits Cybersecurity Training Safeguarding industrial automation and control systems www.isa.org/cybetrn Expert-led training with
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationAT&T Endpoint Security
AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction
More informationSOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE
SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE SECURE AIRBORNE CONNECTIVITY: OVERVIEW Gogo Business Aviation realizes the ever-pressing need to be vigilant in staying ahead of potential
More informationProtecting productivity with Industrial Security Services
Protecting productivity with Industrial Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. usa.siemens.com/industrialsecurityservices
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More information