SCADA and Smart Grid Security Tests
|
|
- Dylan Dwayne Parrish
- 6 years ago
- Views:
Transcription
1 SCADA and Smart Grid Security Tests Document number
2
3 EPCIP: EU Program for Protecting Critical Infrastructures The EU Context Summarized 3 Strategy The general objective of EPCIP (European Programme for Critical Infrastructure Protection) is to improve the protection of critical infrastructure in the European Union (EU). The legislative framework for the EPCIP consists of the following: a procedure for identifying and designating European critical infrastructure and a common approach to assessing the need to improve the protection of such infrastructure. This will be implemented by means of a directive; measures designed to facilitate the implementation of EPCIP, including an EPCIP action plan, the Critical Infrastructure Warning Information Network (CIWIN), CIP information sharing processes, and the identification and analysis of interdependencies; support for EU countries regarding National Critical Infrastructures (NCIs) that may optionally be used by a particular EU country, and contingency planning EU Funding available
4 In particular : EU program for protecting Critical Infrastructures ( Driven by DG Home ) The DIRECTIVE 2008/114/EC establishes a common procedure for the identification and designation of European Critical Infrastructure (ECI), defined as critical infrastructure located in the EU Member States, the disruption or destruction of which would have a significant impact on at least two EU M.S. Obligations of the Member States by Jan 2011: Transpose the EU directive into national law Identification and designation of EU critical infrastructures in their country, in the area of Transport (air, water, road) and Energy (oil, gas, electricity) Assure for each ECI have an Operator Security Plan (a risk assessment and identification, selection and prioritization of counter measures and procedures) and designate a Security Liaison Officer; Appoint a European Critical Infrastructure Protection Contact Point; Objective of the commission is improve the protection for the critical infrastructures in Europe The implementation of CIP is not attending expected results: A review of the Directive is being negotiated, with additional topics: EU facilitating implementation: CIPS fund program Call for grant for 2013 expected in May 2013 Critical Infrastructure Warning Information Network (CIWIN) Information sharing on Critical Infrastructure Protection (CIP) and expert groups Stakeholders: Government drives the implementation of the directive: Ministries of home affairs, Agencies on critical infrastructures, National crisis center Operators: Owners and operators of Critical infrastructures OSP 4 Focus on all hazards Move away from protection of physical assets to resilience of service From crisis management to prevention, preparedness and response More attention to interdependencies and multilevel approach De facto EU critical infrastructures: Galileo, air traffic control, grid, gas and oil pipe
5 Skilled and motivated hactivists..not only Anonymous 5
6 What are we seeing? Key Findings from the 2012 X-Force Report 2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses Source: IBM X-Force Research 2012 Trend and Risk Report
7 ICS-ALERT Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) ha emesso un alert riguardo al motore di ricerca SHODAN, che può essere utilizzato per identificare I sistemi SCADA che sono connessi a Internet. Questo può essere sfruttato da parte di attacker per compromettere questi sistemi. ICS-ALERT descrive una serie di raccomandazioni per ridurre questo rischio.
8 Substation technologyes evolution
9 SCADA Security Comparisons A comparison of Security used in U.S. companies vs. Security used in process systems: Topic Corporate IT Process Systems Anti Virus Widely used Used with care Lifetime 3-5 years 5-20 years Outsourcing Widely used Rarely used for operations Patching Frequent Slow (requires vendor approval or extensive testing) Change Frequent Rare Security Skills & Awareness Medium to High Poor IT security, no awareness training Security Testing Widely used Must be used with care Physical Security Usually secure & manned Good controls but often remote & unmanned 99
10 Impact of a breach to power control systems could be severe Serious disruption to national critical infrastructure Loss of system availability Process interruption Equipment damage Asset mis-configuration Loss of data and confidentiality Personal injury Penalties resulting from regulatory violations Loss of customer and public trust 10
11 Smart Grid macro components Cyber security of the Smart Grids European Commission (work package 1.1) 11
12 Where are the specific areas concerns? Investors: downtime, fines, cost, investment and related impact on revenue Operators: optimization of asset management and, specifically: Emerging Smart Grid Issues Millions of new end points Massive amounts of data System security Vulnerable software Lack of access control Mis-configuration of options Data Vulnerability Weak/No encryption Inappropriate storage Installation of malcode Cyber security of the Smart Grids European Commission (work package 1.1) Potential Fraud Invalid credentials Weak authorization Insufficient tamper protection Smart Meters fraud Downtime Denial of service risk System corruption 12
13 SCADA: technolgies and protocols Field Devices RTU Remote Terminal Unit PLC Programmable Logic Controller IED Integrated Electronic Device PAC Programmable Automation Controller Protocols Modbus DNP3 DeviceNet IEC proprietary protocols SCADA Control Center HMI Human Machine Interface SCADA Controller Real time processing Historian database of events Control Center Protocols (es. OPC, ICCP, IEC 101/103 etc..) Communication Technologies Serial connections (hardwire & dial-up) Ethernet & TCP/IP / Wireless RF & Microwave Cell: CDMA ZigBee HAN Middleware MS IIS,.Net Trends ->mixed criticality systems 13
14 Smart Meter security test (case) Customers Can Access Acme Backend Servers and Networks Critical Risk Finding Users who have working PLIDs in their homes can use the network access that this device provides to access back end servers in excess of what should be allowed. Services like database servers and unused web servers should not be accessible to customers. In addition, services were accessed that were behind the most current stable patch level. Customers who connect PLIDs to their own network equipment could, even unintentionally, introduce network worms into the Acme environment. Systems affected: Several backend Acme networks, but not the SCADA or Corporate networks. Impact This increased access will open up avenues of attack into the Acme environment that do not contribute to functionality or availability. Recommendation Apply network filtering at the gateway routers. A least privilege model should be employed. Every packet coming out of a Smarthouse should be filtered except those that are absolutely necessary for a documented purpose. For example, if the smart home only needs to contact one single backend web server on TCP port 80, this is the only connection that should be allowed.
15 Security tests challenges - Systems fragility - Non standard/unknown protocols - Non IP based protocols - Embedded devices - Unusual «IT» wireless spectrum - SCADA Applications knowledge - Critical Infrastructure threats - Specialized tools (even opensource but often need to be customized) - Specialized skills 15
16 This is a possible approach Operations requirements analysis Threat modeling/threats threes Testing scope definition Attack surface Fragility/criticality analysis Test strategy/framework Attack scenarious 16
17 Target definition The goal of this activity is to identify which are the critical systems that, if compromised, can lead to major power outage: As an example: SCADA core systems DMS/OMS/EMS systems Real-time systems Batch systems Process critical applications Non real-time critical systems and applications (but critical for process!) Phone lines, LAN/WAN/HAN Networks Sensors/embedded systems And many others Must be evaluated all systems considered dangerous for critical systems security. Not only SCADA or real-time components, but also interface applications, supply chain systems, back up etc..
18 Threat modeling The goal of threat modeling is to identify potential risks or attacks against your software and to make decisions about how to address these risks. I. Identify the attack surface II. Identify the potential threats III. Assign an impact for each threat IV. Determine the probability of compromise It is paramount to have a deep knowledge of the attack vectors and.. think as an attacker
19 Domande? 19
Critical Infrastructure Protection in the European Union
20 January, 2015 The European GNSS Programmes 1 ICG9, Prague 9-14 November 2014 Critical Infrastructure Protection in the European Union 20 January, 2015 The European GNSS Programmes 2 Each EU Member State
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationEnhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationGENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION
GENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION Hrvoje Sagrak 1 Introduction In an interconnected world that we live in, protection of our societies and values relies highly
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationNovember 29, ECE 421 Session 28. Utility SCADA and Automation. Presented by: Chris Dyer
ECE 421 Session 28 November 29, 2018 Utility SCADA and Automation Presented by: Chris Dyer Utility SCADA & Automation Chris Dyer, P.E. BSEE University of Idaho, 1997 SCADA & Automation Engineer POWER Engineers,
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationLegislative Framework
Legislative Framework forcip in Austria Sylvia Mayer Federal Agency for State Protection and Counter Terrorism Damage of 21 transmission masts Development in Europe andaustria EU, 2005: EPCIP(European
More informationAMI: Communications and Integration Options
AMI: Communications and Integration Options Vinod Namboodiri Wichita State University Additional Team Members: Ward Jewell, Visvakumar Aravinthan Wichita State University PSERC Future Grid Initiative Webinar
More informationDirective on security of network and information systems (NIS): State of Play
Directive on security of network and information systems (NIS): State of Play Svetlana Schuster Unit H1 Cybersecurity and Digital Privacy DG Communications Networks, Content and Technology, European Commission
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationCyber Security of Industrial Control Systems (ICSs)
Cyber Security of Industrial Control Systems (ICSs) February 23, 2016 Joe Weiss PE, CISM, CRISC, ISA Fellow Managing Partner Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Applied
More informationOctober 05, ECE 421 Session 12. Utility SCADA and Automation. Presented by: Chris Dyer
ECE 421 Session 12 October 05, 2017 Utility SCADA and Automation Presented by: Chris Dyer Utility SCADA & Automation Chris Dyer, P.E. BSEE University of Idaho, 1997 SCADA & Automation Engineer POWER Engineers,
More informationPROTECTING MANUFACTURING and UTILITIES Industrial Control Systems
PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems Mati Epstein Global Sales Lead, Critical Infrastructure and ICS [Internal Use] for Check Point employees 1 Industrial Control Systems (ICS)/SCADA
More informationThe Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017
The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017 European Union Agency for Network and Information Security Positioning ENISA
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationEnhancing the cyber security &
Enhancing the cyber security & resilience of transport infrastructure in Europe European Union Agency for Network and Information Security Securing Europe s Information society 2 Positioning ENISA activities
More informationThe SPARKS Project Motivation, Objectives and Results
The SPARKS Project Motivation, Objectives and Results Paul Smith paul.smith@ait.ac.at AIT Austrian Institute of Technology SEGRID Project Workshop 14 th November, 2016, Barcelona, Spain The SPARKS Project
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationNIS-Directive and Smart Grids
NIS-Directive and Smart Grids Workshop on European Smart Grid Cybersecurity: Emerging Threats and Countermeasures Marie Holzleitner Table of Content Aims & Objectives Affected Parties Selected Requirements
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationNAVIGATING THE WATERS OF THE NEW EU NIS 2016/1148 CYBERSECURITY DIRECTIVE FOR ESSENTIAL SERVICE OPERATORS WHITE PAPER
NAVIGATING THE WATERS OF THE NEW EU NIS 2016/1148 CYBERSECURITY DIRECTIVE FOR ESSENTIAL SERVICE OPERATORS WHITE PAPER MAY 2018 2018 Radiflow, Ltd. All Rights reserved. The information in this document
More informationCyber Security for Renewable Energy Systems
Cyber Security for Renewable Energy Systems Asia Pacific Clean Energy Summit August 31, 2010 Juan J. Torres Manager, Energy Systems Analysis Sandia National Laboratories jjtorre@sandia.gov Sandia is a
More informationBusiness Continuity Planning
Business Continuity Planning The Unexpected Happens Be Ready Copyright -Business Survival Partners, llc. 2011 - All Rights Reserved www.survivalpartners.biz RISK 2 Risks to National Security A secure and
More informationEnhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert
Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert European Union Agency For Network And Information Security Securing Europe s Information
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationCybersecurity Strategy of the Republic of Cyprus
Cybersecurity Strategy of the Republic of Cyprus George Michaelides Commissioner of Electronic Communications and Postal Regulation http://www.ocecpr.org.cy 12 th February 2016 Cybersecurity Strategy of
More informationCritical Infrastructure Protection & Resilience Europe / Asia. Conference Discussion Reviews
Critical Infrastructure Protection & Resilience Europe / Asia Conference Discussion Reviews Torch Marketing / KNM Media Delivering strategic routes to critical markets Why Critical Infrastructure Protection
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationSecurity in grid control centers: Spectrum Power TM Cyber Security
Security in grid control centers: Spectrum Power TM Cyber Security Thomas Schmidt, Information Security Manager siemens.at/future-of-energy Spectrum Power TM 7 Historical Information System Table of content
More informationCyber Security in Europe
Cyber Security in Europe ENISA supporting the National Cyber Security Strategies An evaluation framework Liveri Dimitra Security and Resilience of Communication Networks Officer www.enisa.europa.eu Securing
More informationInformation sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3
Information sharing in the EU policy on NIS & CIIP Andrea Servida European Commission DG INFSO-A3 Andrea.Servida@ec.europa.eu COM(2006) 251 - Towards a secure Information Society DIALOGUE structured and
More informationDiscussion on MS contribution to the WP2018
Discussion on MS contribution to the WP2018, 30 January 2018 European Union Agency for Network and Information Security Possibilities for MS contribution to the WP2018 Expert Groups ENISA coordinates several
More informationDirective on Security of Network and Information Systems
European Commission - Fact Sheet Directive on Security of Network and Information Systems Brussels, 6 July 2016 Questions and Answers The European Parliament's plenary adopted today the Directive on Security
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationCYBER SECURITY AIR TRANSPORT IT SUMMIT
CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER
More informationCIRT: Requirements and implementation
CIRT: Requirements and implementation By : Muataz Elsadig Sudan CERT Joint ITU-ATU Workshop on Cyber-security Strategy in African Countries Khartoum, Republic of Sudan, 24 26 July 2016 There is no globally
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationSecurity and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy
Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy Andrea Glorioso European Commission DG INFSO-A3 Andrea.Glorioso@ec.europa.eu Network and
More informationEnergy Assurance Plans
Energy Assurance Plans funded through the American Reinvestment and Recovery Act (ARRA) - Stimulus $$ to help create jobs to enhance energy reliability and facilitate recovery from disruptions to the energy
More informationPROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK
PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK 23.11.2015 DEFINITION OF CRITICAL INFRASTRUCTURE US EU The nation's
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationAddressing Cyber Threats in Power Generation and Distribution
Addressing Cyber Threats in Power Generation and Distribution VEO, Asko Tuomela o Bachelor of Science in Electrical Power Engineering o Over 6 years experience in power projects, PLCs and supervision systems
More informationThink Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe
Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity
More informationCybersecurity & Digital Privacy in the Energy sector
ENERGY INFO DAYS Brussels, 25 October 2017 Cybersecurity & Digital Privacy in the Energy sector CNECT.H1 Cybersecurity & Digital Privacy, DG CNECT ENER.B3 - Retail markets; coal & oil, DG ENER European
More informationH2020 Opportunities in the Area of Security and Critical Infrastructure Protection
H2020 Opportunities in the Area of Security and Critical Infrastructure Protection Angelo MARINO Head of Unit Security Research AIIC General Assembly Rome, 26/10/2013 NOT LEGALLY BINDING Outline The context:
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationGuidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17
GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationExploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know
Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know Aristotelis Tzafalias Programme Officer, Trust and Security DG Communications Networks,
More informationMarch 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices
March 6, 2019 Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices On July 21, 2016, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability
More informationSECURING THE SUPPLY CHAIN
SECURING THE SUPPLY CHAIN BY Jerome Farquharson, CISSP, Donald Dustin Williams, PE, AND Courtney Buser The advance of smart grids, smart devices and increasingly interconnected systems provides exceptional
More informationValérie Andrianavaly European Commission DG INFSO-A3
Security and resilience in the Information Society: towards a CIIP policy in the EU Valérie Andrianavaly European Commission DG INFSO-A3 valerie.andrianavaly@ec.europa.eu Network and information security:
More informationEU policy on Network and Information Security & Critical Information Infrastructures Protection
EU policy on Network and Information Security & Critical Information Infrastructures Protection Köln, 10 March 2011 Valérie ANDRIANAVALY European Commission Directorate General Information Society and
More informationENISA EU Threat Landscape
ENISA EU Threat Landscape 24 th February 2015 Dr Steve Purser ENISA Head of Department European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA Areas of Activity Key
More informationCritical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016
Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange Dennis Denham Ssempereza - CISA, CISM, CRISC August 16, 2016 About me! Involved in Risk Management and Security
More informationJust How Vulnerable is Your Safety System?
Theme 3: Cyber Security Just How Vulnerable is Your Safety System? Colin Easton MSc, CEng, FInstMC, MIET, ISA Senior Member TUV Rhienland FS Senior Expert PHRA & SIS 6 th July 2017 1 Safety System Security
More information112 th Annual Conference May 6-9, 2018 St. Louis, Missouri
8:30 10:30 May 6, 2018 Room 240 Complex 112 th Annual Conference May 6-9, 2018 St. Louis, Missouri Moderator/Speakers: Kevin Wachtel Finance Director/Treasurer, Villa Park, IL Alex Brown Senior Manager,
More informationSecuring the Grid and Your Critical Utility Functions. April 24, 2017
Securing the Grid and Your Critical Utility Functions April 24, 2017 1 Securing the Grid Effectively and Efficiently Recent threats to the Electric Grid and the importance of security Standards and Requirements
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationCyber Security in Smart Commercial Buildings 2017 to 2021
Smart Buildings Cyber Security in Smart Commercial Buildings 2017 to 2021 Published: Q2 2017 Cyber Security in Smart Buildings Synopsis 2017 This report will help all stakeholders and investors in the
More informationAIIC Associazione Italiana esperti Infrastrutture Critiche AIIC (1)
AIIC Associazione Italiana esperti Infrastrutture Critiche AIIC (1) AIIC Associazione Italiana esperti Infrastrutture Critiche Non-governmental and non-profit scientific association legally registered
More informationBusiness Continuity Management
Business Continuity Management Cyber Security importance by Ashraf Hasanov Business Continuity Expert BCMS BS25999 Lead Auditor Regional Disaster Response Team Member of IFRC What could stop your business?
More informationMozilla position paper on the legislative proposal for an EU Cybersecurity Act
Mozilla position paper on the legislative proposal for an EU Cybersecurity Act Enhancing cybersecurity through government vulnerability disclosure I. INTRODUCTION This paper provides an overview of Mozilla
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationICS Security. Trends, Issues, and New Standards. Speaker: David Mattes CTO, Asguard Networks
ICS Security Trends, Issues, and New Standards Standards Certification Education & Training Publishing Conferences & Exhibits Speaker: David Mattes CTO, Asguard Networks 2013 ISA Water / Wastewater and
More informationENISA S WORK ON ICS AND SMART GRID SECURITY
AMSTERDAM, OCTOBER 15, 2012 ENISA S WORK ON ICS AND SMART GRID SECURITY Dr. Evangelos OUZOUNIS Head of CIIP & Resilience Unit ENISA 1 Why is it important? Industrial networks is the CI for the SCADA and
More informationEU Security research in support to Critical Infrastructure Protection
EU Security research in support to Critical Infrastructure Protection Christoph Castex European Commission DG Migration and Home Affairs Directorate B: Migration and Mobility unit B4: Innovation and industry
More informationUnderstanding Cyber Insurance & Regulatory Drivers for Business Continuity
Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Lily Yeoh, CISSP, CBCP lily@cb1security.com https://www.cb1security.com Agenda BC/DR Business Drivers Recent Regulatory & Cyber
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationEVALUATING HOW AN OPERATOR HAS EFFECTIVELY IMPLEMENTED CYBER- SECURITY POLICIES TO MANAGE AND ADMINISTER THE SYSTEM. Wurldtech Security Technologies
EVALUATING HOW AN OPERATOR HAS EFFECTIVELY IMPLEMENTED CYBER- SECURITY POLICIES TO MANAGE AND ADMINISTER THE SYSTEM Wurldtech Security Technologies Objectives Discuss how to: Evaluation of effectiveness
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationThe Center for Internet Security
The Center for Internet Security The CIS Security Metrics Service July 1 2008 Organizations struggle to make cost-effective security investment decisions; information security professionals lack widely
More informationSDR Guide to Complete the SDR
I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock
More informationTHE CYBER SECURITY ENVIRONMENT IN LITHUANIA
Executive summary of the public audit report THE CYBER SECURITY ENVIRONMENT IN LITHUANIA 9 December 2015, No. VA-P-90-4-16 Full audit report in Lithuanian is available on the website of the National Audit
More informationOrange Smart Cities. Smart Metering and Smart Grid : how can a telecom operator contribute? November
Orange Smart Cities Smart Metering and Smart Grid : how can a telecom operator contribute? November 5 2012 Nathalie Leboucher Vice President Smart Cities Program Orange 1 the Orange Group in a nutshell
More informationTHE TRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED BUSINESS INTELLIGENCE SOLUTION BRIEF THE TRIPWIRE NERC SOLUTION SUITE A TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationFunctional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK
Functional Safety and Cyber Security Pete Brown Safety & Security Officer PI-UK Setting the Scene 2 Functional Safety requires Security Consider just Cyber Security for FS Therefore Industrial Control
More informationWorld Energy Perspectives 2016
World Energy Perspectives 2016 EXECUTIVE SUMMARY IN PARTNERSHIP WITH MARSH & MCLENNAN COMPANIES AND SWISS RE CORPORATE SOLUTIONS THE ROAD TO RESILIENCE MANAGING CYBER RISKS Greater resilience to cyber
More informationCyber security for digital substations. IEC Europe Conference 2017
Cyber security for digital substations IEC 61850 Europe Conference 2017 Unrestricted Siemens 2017 siemens.com/gridsecurity Substation Digitalization process From security via simplicity 1st generation:
More informationSEGRID storyline. Workshop SEGRID November 14 th, 2016, Barcelona, Spain
Workshop SEGRID November 14 th, 2016, Barcelona, Spain SEGRID storyline This project has received funding from the European Union s Seventh Framework Programme for research, technological development and
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationIntroduction to ICS Security
Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal 2018 Critical
More informationWelcome to the webinar! We will start within a few minutes
Welcome to the webinar! We will start within a few minutes Agenda Introduction Solarplaza Presentations Threat assessment - Tom Tansy SunSpec Alliance Cyber Security & Solar A consultant s view - John
More informationSmart Grid vs. The NERC CIP
Smart Grid vs. The NERC CIP Tobias Whitney, MBA GE Smart Grid Center of Excellence 1 First The Bottom Line Security & Privacy are paramount Smart Grid concerns of regulators and the public Currently every
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationPutting security first for critical online brand assets. cscdigitalbrand.services
Putting security first for critical online brand assets cscdigitalbrand.services 2 As the most security conscious digital brand service provider, our clients trust us to take care of their businesses and
More information