Continuous Monitoring

Transcription

1 Continuous Monitoring A New Approach To Secure Critical Infrastructure Jasvir Gill Founder & CEO, AlertEnterprise, Inc. October 20, 2011

2 Security Incidents Keep Growing Combination of Cyber And Physical North America Asia 5400 Terrorist Attacks 500 Terrorist Attacks Africa 1600 Terrorist Attacks Source: GlobalSecurityIncident.com 3900 Terrorist Attacks South America 2 RELIABILITY ACCOUNTABILITY

3 Why CI/KR are Attractive Targets Creating catastrophic incident is possible Impact Large Populations Gain Attention Loss Of Public Confidence In Government Instill Fear 3 RELIABILITY ACCOUNTABILITY

4 Challenges for Effective Critical Infrastructure Protection Common Characteristics of Critical Infrastructure makes them more vulnerable to attacks Large Complex Systems Control Systems Linkage To Corporate Networks Dispersed Assets Highly Visible Targets Not Designed with Security in mind Integration with business creates more vulnerability Assets spread over thousands of miles Gates, Guns And Guards Not Effective Over Thousands Of Miles 4 RELIABILITY ACCOUNTABILITY

5 Why Critical Infrastructure is so difficult to protect? IT from Mars and OT from Venus. Attacks are more complex Cyber and Physical (attackers exploit the weakness of silos) Impossible to address these Blended Threats with current approach (elephant and 3 blind men..) Many critical sectors still far behind the curve More focused on doing just the minimum to meet compliance requirements. Attitude - We would like to eliminate silos but we are not there yet (self defeating proposition) 5 RELIABILITY ACCOUNTABILITY

6 Critical Infrastructure Segments Share Similar Complex Challenges Threats Sensitive Asset Diversion (Dangerous Chemicals, Pathogens, Nuclear material) Cyber Attacks - Utilities (Water, Power, Gas), Smart Grid, Transportation Terrorism (Chemicals stolen to make explosives) Bio Terrorism (Food & Beverage, Consumer Products) Disgruntled employees/contractors Monitoring both Access and Behavior Who has access to assets (physical, cyber..) Any suspicious behavior or activities Monitoring Privileged Users (guarding the guards) Effective Response, Command and Control Situational Awareness, Incident/Emergency Management 6 RELIABILITY ACCOUNTABILITY

7 Similar Incident Management Command and Control Challenges Geographically Dispersed assets/locations Guards with guns expensive and not cost-effective Impossible to cover all locations Putting guards/employees at unnecessary risk 3 ring binders approach not suitable for modern times We are up against Organized and State Sponsored Crime Response has to be instant and appropriate Audit trail of incident management very important How incident was handled to learn from mistakes for future Making sure no one took advantage of an emergency Monitoring First Responders (with privilege comes accountability) Leveraging investments in technology Non-lethal weapon systems (rubber bullets, sticky foam, non-lethal gas) Cameras, sensors, alarms, physical access control systems etc. 7 RELIABILITY ACCOUNTABILITY

8 Addressing these complex challenges calls for a new approach IT / Cyber Physical Access Control Industrial Control / Process Control 8 RELIABILITY ACCOUNTABILITY

9 Security Convergence The Solution Requires Integrating Risks Across IT Systems, Physical Security and Control Systems Risk analysis across all three domains Detect Identify and eliminate risks before they manifest, from threats, sabotage and terrorism Prevent Incident management with built-in programmed remediation Policy Based (Compliance to various regulations / policies) Respond Comply 9 RELIABILITY ACCOUNTABILITY

10 TSA Pilot Project Complex Threat Monitoring TSA s Transportation Security Innovative Concepts program: Targeting Insider Threat Leverage airport's existing systems Improve current security operations and capabilities utilizing Security Convergence Alternate measure to 100% employee physical screening Pilot Project: Comprehensive and dynamic system proven in other industries Enable airports to detect, prevent and manage threats TSA funded $1M pilot project for 6 months. Feb Sept RELIABILITY ACCOUNTABILITY

11 Unauthorized Access Attempt by Airport Insider into Restricted Area 11 RELIABILITY ACCOUNTABILITY

12 Consolidated Incident Management Capabilities Insider Threat, Duress Signals AlertEnterprise RELIABILITY ACCOUNTABILITY

13 Addressing Copper Theft at Remote Sites and Substations Intelligence Report UNCLASSIFIED US electrical utilities spend almost $1 billion per year on repairs and to fix disruptions caused by copper wire theft. [DOE Report] The cost to replace stolen components can be considerably greater than the value of the stolen copper parts The theft of copper can disrupt electricity, communications and impede the response time of emergency services. Copper theft also can cause significant damage to surrounding property 13 RELIABILITY ACCOUNTABILITY

14 Utilities Continue to Live with the Risk Unclassified Incidents: October 2008, thieves in Florida posed as utility workers using vehicles painted with utility-service logos and wearing utility company uniforms stole copper cables worth over $1 million November 2010, a series of copper thefts from radio transmission towers near Houston prevented emergency-service dispatchers from communicating with firefighters and paramedics for nearly an hour. December ,000 Louisiana homes and businesses lost power - copper theft at an substation created a system overload forcing the system to shut down. February 2011, five separate thefts of copper from telephone cables in southwest Virginia disrupted phone service to over 1,000 residents From January 2011 to June 2011, thieves in Northern California knocked down 300 power poles to steal copper wiring from within and on the poles. 14 RELIABILITY ACCOUNTABILITY

15 Proposed AlertEnterprise / NERC Remote Substation Monitoring Project Enable the Security and Operations teams to detect, deter and respond to threats and other incidents Sustain and enhance investments in existing infrastructure and security technologies like CCTV, Access Control, Badging Software, Security keys, SCADA Systems, Safety systems and IT Applications Provide situational awareness for responders and analysts to enable more efficient deterrent of threats and incidents; Enhance effectiveness of counter measures and standard operating procedures by automating them through remedial action schemes 15 RELIABILITY ACCOUNTABILITY

16 Sample Pilot Use Cases 1. Perimeter and facility motion sensors to detect the presence of intruders and determining if a work order is open for any planned maintenance. 2. Unscheduled or forced physical entry into substation and change in key substation operating parameters detected within a certain time period (1-30 minutes) of the entry. 3. Access to sub-station(s) by personnel with an invalid or expired Personnel risk assessment (PRA), trainings and certifications. 4. Employee / contractor access a remote, unmanned facility and stay much longer than prescribed work duration 16 RELIABILITY ACCOUNTABILITY

17 Terminated Employee has Physical Access to Substation Terminated user has Physical access to Critical Cyber Assets 17 RELIABILITY ACCOUNTABILITY

18 Automated Remediated and Prevention 18 RELIABILITY ACCOUNTABILITY

19 Remote Monitoring Solutions Links to Existing Access Control, CCTV and SCADA Systems 19 RELIABILITY ACCOUNTABILITY

20 Solution detects suspicious activity at Un-manned Substation 20 RELIABILITY ACCOUNTABILITY

21 Operator is Notified Video Verification of Alert 21 RELIABILITY ACCOUNTABILITY

22 GIS Technology Automatically Displays Incident Location 22 RELIABILITY ACCOUNTABILITY

23 Risks are Identified 23 RELIABILITY ACCOUNTABILITY

24 Single Click Control for Camera and Door Lock Options 24 RELIABILITY ACCOUNTABILITY

25 Situational Awareness: Converged Dashboard for the Utilities Industry Incident User Risk Analysis Live Video Feed Incident Confirmation Incident Report Grid View Affected Consumer Area Incident Location! High Alert- PI Notification High Alert PI Notification Manager Protective Relay Set Point Change Last Physical Access: JonesMa TIME: 15:26 25 RELIABILITY ACCOUNTABILITY

26 Executive / Compliance Dashboard Utilizes Real-Time Monitoring and Active Policy Enforcement 26 RELIABILITY ACCOUNTABILITY

27 Enhancing Security With Continuous Monitoring Monitor remote and on-site access to facilities, critical systems, assets and information is possible and cost effective Centralize Onboarding / Offboarding across enterprise (IT, Physical ) Actively enforce risk analysis across IT, Physical and SCADA Access (eliminate silos) Solutions must have rule based (easily configurable) intelligence We are not there yet is not an option Leverage technology for Sustainable Security and Compliance 27 RELIABILITY ACCOUNTABILITY

28 28 RELIABILITY ACCOUNTABILITY AlertEnterprise Confidential Information About AlertEnterprise Experienced Team Founded Virsa Systems Application Security Focus Acquired By SAP In Customers Innovation Awards RSA Security Conference Security Summit SAP TechEd ASIS GSN Magazine HSPD-12 Flagship Customers TSA, PDX FPL, KCPL, OG&E, Toronto Hydro, NIPSCO, Consumers Energy Nike, Honda, Cisco Key Partners Services: Deloitte, HP, SAIC, PwC Technology: Lenel, Tyco, GE, JCI, Cisco Oracle, SAP, Microsoft Special Projects NERC Smart Grid Security Nuclear Cyber Security Airport Security Our Unique Advantages Situational Intelligence Active Policy Enforcement Innovation In Convergence Of Logical & Physical Security

29 Jasvir Gill Founder & CEO AlertEnterprise, Inc. 29 RELIABILITY ACCOUNTABILITY