AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID
|
|
- Osborn Blake
- 5 years ago
- Views:
Transcription
1 AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID Sherif Abdelwahed Department of Electrical and Computer Engineering Mississippi State University
2 Autonomic Security Management Modern Power Grids are complex systems which aggregate vast quantities of information to manage extensive computation tasks in real-time. The variety of network protocols and network interfaces in such systems introduce the potential for illicit cyber penetration. Objectives Enable power systems to adapt efficiently to variations in their environment. Enhance the availability and reliability of the system and the underlying services. Facilitate automatic recovery from security attacks while minimizing the impact on performance. Autonomic security management is analogous to Human autonomic nervous system ASM continuously monitors, analyzes, and diagnoses the user-cyber behavior and then takes proactive actions
3 Model-based Security Management Cycle Identify system and network parameters impacting system performance Monitoring Predict future system security state based on monitored parameters and operating conditions Automated Actions Feature Selection Develop models to provide security assessment to measure system vulnerability continuously in real-time Build a protection plan to secure the system and its data and maintain its availability Risk and Impact Analysis Anomaly Behavior Analysis Aggregate and Correlate
4 Outline of a Self-Protecting System Autonomic computing aims at selfprotecting systems from cyber attacks with minimal human intervention. estimating upcoming attacks and sending early warnings detecting and classifying attacks Investigating causes and impacts of zero-day attacks autonomously or semiautonomously implementing responses to eliminate cyber attacks.
5 Monitor and Data Processing The monitor module collects real-time data of the system performance and security performance. For a power system, a set of selected feature will include: Voltage, current, and phase measurments For the security of a power system with wired and wirelessly connected units, selected features include: TCP/IP packet header Protocol data units TCP connection rates The data processing module processes measurements collected by the monitor module. The formatted and preprocessed datasets are then forwarded to the intrusion estimation and intrusion detection modules.
6 Intrusion Estimation The estimation module uses the historical observations of controlled variables of a physical model ( k 1, r) and selected security features of the system ( k 1, r) to determine future performance of the system. Predicted Value of Control Variable (e.g. Water Level), and Security Features (e.g. TCP/IP packet rates and TCP connection rates) ˆ ( k) k ( ( k 1, r)) ˆ ( k) k ( ( k 1, r)) Historical Datasets Predicted Security State of the SCADA System xˆ (k) f ( x( k), ˆ( k), ˆ( k))
7 Intrusion Detection and Live Forensics Analysis Intrusion detection is the second line of defense The intrusion detection system adopting anomaly and signature detection techniques can detect known and unknown attacks in real time Live forensics analysis learning unknown attack patterns without disrupting system operations is added to protect against zero-day and evolving attacks Monitoring and analyzing network traffic, system performance, and auditing files using forensics tools (e.g., Wireshark) and statistical theories (e.g., Naive Bayesian Network) Updating detection algorithms of the IDS and active response library so that the zero-day attacks can be prevented in the future
8 Intrusion Response The intrusion response system selects a proper response to recover the physical system behavior back to normal. The multi-criteria analysis controller (MAC) examines predefined responses. The assessment of each response takes into account four criteria: Criterion 1: Enhancement of Security Criterion 2: Operational Costs Criterion 3: Maintenance of Normal Operations Criterion 4: Impacts on Properties, Finance, and Human Safety
9 Fuzzy-logic Decision Making Method The total Score for a recommended Response R i S i 3 j1 W Weight of Criterion j for Response i i, j C i, j Value of Criterion j for Response i Criterion j {1,2,3} e.g. Response: Replacement of Compromised Devices. Weight values for each criterion is 1/3 Criterio n One Criterio n Two Criterion Three Criterion Four Total Score /3*0+1/3*0.5+1/3+0=0.17 (Auto or Semi-Auto)
10 Case Study: SCADA System Supervisory Control and Data Acquisition (SCADA) systems are a type of industrial control system (ICS) that adopts many aspects of Information and Communications Technology to monitor and control cyber-physical processes. A SCADA system includes: sensors, actuators, programmable logic controllers (PLCs), remote terminal units (RTUs), human machine interfaces (HMIs), and master terminal units (MTUs). Field devices such as PLCs and RTUs collect and convert sensor sourced analog measurements to digital data. The digital data are then sent back to MTUs via communication links (e.g., Internet, radio, microwave, and satellite). In near real-time this data is processed by MTUs and displayed on HMIs to enable operators to make intervening control decisions.
11 Cyber Threats Facing SCADA Systems Vulnerabilities residing in: Open and standardized protocols (e.g., Modbus, ICCP, and DNP) Internet-based cyber communications. Security issues inherited from ICT/IT systems: Operating System Commercial-off-the-shelf applications
12 A Self-Protecting SCADA System Architecture Front VM HMI Firewall Messages from Field Devices Control Network Switch Ranking Unit Criteria Response MAC/Intrusion Response Security State IDS/Forensics Analysis Monitor Estimation Intrusion Estimation Data Processing Legal Replies Legal Replies MTU Legal Replies Commands Commands Protocol Converter TCP2RTU/RT U2TCP Commands Communication Link Communication Link PLC Field Devices Protocol Converter Replies Legal Command Front VM Request Switch Firewall
13 Virtual Testbed A storage tank is modeled by a laboratoryscale control system in Mississippi State University SCADA Security Laboratory. The MTU is connected to a Human-Machine- Interface (HMI) server via a RS-232 serial port The MTU connects to the RTU wirelessly
14 SCADA System Exploits We injected a malicious command that modified the register values of the water storage tank alarm condition when the water storage tank was set to the Auto control mode Auto control mode: The pump was turned on when the water level reached the low alarm condition (represented by L); when the water level increased to the high alarm condition (denoted by H), the pump was turned off automatically The attack first evaded the authentication process Then sent an illicit command to change L set-point from 50.00% to 40.00% ; altered H set-point from 60.00% to 70.00%. HH (the high-high alarm) set-point was modified to % from 70:00%; LL (the low-low alarm) was changed to 10.00% from 20.00%.
15 Physical Model of the Water Storage Tank A linear physical system of the water storage tank was modeled relying on the observations of the physical system when it was automatically controlled Water Level Samples ( k) A* k B x(k) ˆ f(x(k),( ^ Ak B),λ(k)) ˆ Coefficients when 1 t 35: A = and B = when 36 t 39: A = and B = When 40 t 45: A = and B = When 46 t 80: A = and B = Observations and Estimations of the Water Level Without Self-Protection
16 Evaluation of Recommended Responses The optimal response evaluated by the MAC to defend against malicious command injection attack is Replacement of Compromised Devices.
17 Experimental Results It shows that at sample 94, the malicious command injection attack modified alarm conditions The water level was abnormally increased to 65.99%. At sample 104 when Replacement of Compromised Devices was implemented, a replica PLC containing original ladder-logic programs replied to the MTU and sent commands to control water level of the water storage tank. The water level was returned back to normal rapidly and efficiently with the application of autonomic computing technology
18 Current Related Research at MSU Test bed for vulnerabilities assessment and impact study Synchrophasor data generation Simulation of wide range of power system events and cyber-attacks Datasets Application of data in event and intrusion detection for offline and online applications
19 Wide Area Measurement Systems - A CPS Test Bed Architecture Physical, communication, monitoring, and control layers Power system scenarios Faults, load change, generator drop, line loss 5 power system models : 3- generator 4 bus, IEEE 9 Bus, Kundur 2 area system, IEEE 14 Bus, IEEE 39 Bus cyber-attack scenarios Command injection Man in the middle HMI/UI attacks Physical attacks Denial of service attacks
20 Heterogeneous Data sets CSV data format All data time tagged Data pertains to all scenarios 45 scenarios 120 samples per second 4 PMUs 38.8 GB - 11,715 instances of 45 scenarios randomly simulated for nearly 40 hours
21 Data Mining Applications for Event and Intrusion Detection Systems (EIDS) Datasets were used to develop Intrusion Detections Systems (IDS) using Common Path Mining (CPM) algorithm Datasets were used to develop Event and Intrusion Detections Systems (EIDS) for offline and real-time applications Non-nested Generalized Exemplars (NNGE) for offline EIDS Hoeffding Adaptive Tree (HAT) for real-time EIDS PERFORMANCE COMPARISON BETWEEN DIFFERENT DATA MINING ALGORITHM
Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies
Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies lwihl@scalable-networks.com 2 The Need OT security particularly in the
More informationSemantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids
Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids Hui Lin, Adam Slagell, Zbigniew Kalbarczyk, Peter W. Sauer, and Ravishankar K. Iyer Department of Electrical
More informationToward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania
Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania Outline What is SCADA? SCADA Vulnerabilities What is Intrusion Tolerance? Prime PvBrowser Our
More informationVirtualizing Industrial Control Systems Testbeds for Cybersecurity Research
Virtualizing Industrial Control Systems Testbeds for Cybersecurity Research CAE Tech Talk 2016 Thiago Alves Faculty: Dr. Tommy Morris Overview Problems: Industrial Control Systems are too big to fit in
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationTools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems
Tools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems Presenters: Rima Asmar Awad, Saeed Beztchi Co-Authors: Jared M. Smith, Stacy Prowell, Bryan Lyles Overview Supervisory
More informationDmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices
Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices Against Cyber Attacks (CODEF) Cyber Security of the
More informationCommunication Pattern Anomaly Detection in Process Control Systems
Communication Pattern Anomaly Detection in Process Control Systems Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein
More informationLegacy-Compliant Data Authentication for Industrial Control System Traffic
Legacy-Compliant Data Authentication for Industrial Control System Traffic John Henry Castellanos, Daniele Antonioli, Nils Ole Tippenhauer and Martín Ochoa Singapore University of Technology and Design
More informationPREEMPTIVE PREventivE Methodology and Tools to protect utilities
PREEMPTIVE PREventivE Methodology and Tools to protect utilities 2014 2017 1 With the financial support of FP7 Seventh Framework Programme Grant agreement no: 607093 Preemptive goal The main goal of PREEMPTIVE
More informationAutomation Services and Solutions
Automation Services and Solutions Automate substation data acquisition and control to improve performance Maintain uninterrupted power services with proactive grid monitoring and controlling features.
More informationCyber Security of Power Grids
Cyber Security of Power Grids Chen-Ching Liu Boeing Distinguished Professor Director, Energy Systems Innovation Center Washington State University In Collaboration with M. Govindarasu, Iowa State University
More informationA. Carcano, I. Nai Fovino, M. Masera, A. Trombetta European Commission Joint Research Centre Critis 2008, Rome, October 15, 2008
Scada Malware, A Proof of Concept A. Carcano, I. Nai Fovino, M. Masera, A. Trombetta European Commission Joint Research Centre Critis 2008, Rome, October 15, 2008 Outline Motivations Testing Environment
More informationFirewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationSCADA Software. 3.1 SCADA communication architectures SCADA system
3 SCADA Software 3.1 SCADA communication architectures 3.1.1 SCADA system A supervisory control and data acquisition (SCADA) system means a system consisting of a number of remote terminal units (RTUs)
More informationCyber Security and Privacy Issues in Smart Grids
Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from Univ. of Waterloo References Main Reference Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber
More informationFailure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data
Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data Anurag Srivastava, Bo Cui, P. Banerjee Washington State University NASPI March 2017 Outline
More informationIndegy. Industrial Cyber Security. The Anatomy of an Industrial Cyber Attack
Indegy Industrial Cyber Security The Anatomy of an Industrial Cyber Attack Today s Presenter Eliminating Security Blindspots in SCADA and Control Networks Presented By: Dana Tamir, VP Marketing, Indegy
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More information9 th Electricity Conference at CMU
Power Systems/Communication System Co-Simulation and Experimental Evaluation of Cyber Security of Power Grid Yi Deng, Sandeep Shukla, Hua Lin, James Thorp February 5, 2014 9 th Electricity Conference at
More informationSymantec Security Monitoring Services
24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts
More informationMaxwell Dondo PhD PEng SMIEEE
Maxwell Dondo PhD PEng SMIEEE 1 Evolution of grid automation SCADA introduction SCADA Components Smart Grid SCADA Security 2 Traditionally power delivery was unsophisticated Generation localised around
More informationA Rising Tide: Design Exploits in Industrial Control Systems
A Rising Tide: Design Exploits in Industrial Control Systems Usenix WOOT 16 August 9, 2016 Marina Krotofil Alexander Bolshev; Jason Larsen; Reid Wightman Who we are (alphabetically) 1 Alex Bolshev Jason
More informationIntroduction to ICS Security
Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal 2018 Critical
More informationGamifying ICS Security Training and Research: Design, Implementation, and Results of S3
CPS-SPC 17 @ Dallas, US Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3 DANIELE ANTONIOLI, H. R. GHAEINI, S. ADEPU, M. OCHOA, N. O. TIPPENHAUER Singapore University
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationProviding SCADA network data sets for intrusion detection research Antoine Lemay (ÉPM) José M. Fernandez (ÉPM) WORLD-CLASS ENGINEERING
Providing SCADA network data sets for intrusion detection research Antoine Lemay (ÉPM) José M. Fernandez (ÉPM) WORLD-CLASS ENGINEERING 1 PLAN Introduction to SCADA networks (Mis?)use of SCADA data sets
More informationDetection and Analysis of Threats to the Energy Sector (DATES)
Detection and Analysis of Threats to the Energy Sector (DATES) Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationFormal Security Assessment of Modbus Protocol
Formal Security Assessment of Modbus Protocol Roberto Nardone, Ricardo J. Rodríguez,, Stefano Marrone roberto.nardone@unina.it, rjrodriguez@ieee.org, stefano.marrone@unina2.it All wrongs reversed Univ.
More informationA Probabilistic Approach to Autonomic Security Management
2016 IEEE International Conference on Autonomic Computing A Probabilistic Approach to Autonomic Security Management Stefano Iannucci Distributed Analytics and Security Institute Mississippi State University
More informationSubstation. Communications. Power Utilities. Application Brochure. Typical users: Transmission & distribution power utilities
Power Utilities Application Brochure Communications Typical users: Transmission & distribution power utilities For more than 30 years, RAD has worked closely with its worldwide energy utility customers
More informationConnectivity 101 for Remote Monitoring Systems
Connectivity 101 for Remote Monitoring Systems Paul Wacker Moxa, Inc. Manager - Edge Connectivity Ariana Drivdahl Moxa, Inc. Product Marketing Manager Pain Points of Remote Monitoring Pressure to enhance
More informationCyber Physical System Security
S2ERC Industry Outreach Workshop Cyber Physical System Security Manimaran Govindarasu Dept. of Electrical and Computer Engineering Iowa State University gmani@iastate.edu Outline Background CPS Security
More informationUsing Defense in Depth to Safely Present SCADA Data for Read-Only and Corporate Reporting. Rick Bryson
Using Defense in Depth to Safely Present SCADA Data for Read-Only and Corporate Reporting Rick Bryson 2017 by Schweitzer Engineering Laboratories, Inc. All rights reserved. All brand or product names appearing
More informationAn Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree
An Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree P. Radoglou-Grammatikis and P. Sarigiannidis* University of Western Macedonia Department of Informatics & Telecommunications
More informationThe Future of Industrial Control Systems Security
The Future of Industrial Control Systems Security Amir Samoiloff, CEO, Siga Security Ilan Gendelman, CTO, Siga Security www.sigasec.com The Importance of Operating Technology Systems Modern life relies
More informationSCADA Protocols. Overview of DNP3. By Michael LeMay
SCADA Protocols Overview of DNP3 By Michael LeMay Introduction DNP3 used for communications between SCADA masters (control centres) and remote terminal units (RTUs) and/or intelligent electronic devices
More informationDigital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS
Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS Digital Forensics Readiness: PREPARE BEFORE AN INCIDENT HAPPENS 2 Digital Forensics Readiness The idea that all networks can be compromised
More informationCyber Moving Targets. Yashar Dehkan Asl
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationTraining Fees 4,250 US$ per participant for Public Training includes Materials/Handouts, tea/coffee breaks, refreshments & Buffet Lunch
Training Title PLC & SCADA SYSTEMS Training Duration 5 days Training Venue and Dates REF IC012 PLC & SCADA Systems 5 04-08 Feb $4,250 Abu Dhabi, UAE Training Fees 4,250 US$ per participant for Public Training
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationICS Security Monitoring
ICS Security Monitoring INFRASTRUCTURE MINING & METALS NUCLEAR, SECURITY & ENVIRONMENTAL OIL, GAS & CHEMICALS Moses Schwartz Security Engineer Computer Incident Response Team Bechtel Corporation State
More informationIntrusion Detection Using Data Mining Technique (Classification)
Intrusion Detection Using Data Mining Technique (Classification) Dr.D.Aruna Kumari Phd 1 N.Tejeswani 2 G.Sravani 3 R.Phani Krishna 4 1 Associative professor, K L University,Guntur(dt), 2 B.Tech(1V/1V),ECM,
More informationIDS: Signature Detection
IDS: Signature Detection Idea: What is bad, is known What is not bad, is good Determines whether a sequence of instructions being executed is known to violate the site security policy Signatures: Descriptions
More informationPREEMPTIVE Preventive methodology and tools to protect utilities
PREEMPTIVE Preventive methodology and tools to protect utilities http://preemptive.eu/ Ignasi Cairó 15 October 2015 Brussels With the financial support of FP7 Seventh Framework Programme Grant agreement
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationTraining for the cyber professionals of tomorrow
Hands-On Labs Training for the cyber professionals of tomorrow CYBRScore is a demonstrated leader in professional cyber security training. Our unique training approach utilizes immersive hands-on lab environments
More informationBuilding a resilient ICS
Building a resilient ICS By Dr Jules Pagna Disso, @julesdisso Building a resilient Industrial Control System (ICS) 1: From ICS to Critical National Infrastructure 2: Thenatureof the problem 3: Building
More informationThe SCADA Connection: Moving Beyond Auto Dialers
C O N N E CT I N G T H E WORLD S ASSETS The SCADA Connection: Moving Beyond Auto Dialers Auto dialers have long been used to report alarms in SCADA installations. While they are useful for notifying users
More informationDistributed Agent-Based Intrusion Detection for the Smart Grid
Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen January 19, 2018 Introduction The smart-grid can be viewed as a Large-Scale Networked Control System (LSNCS).
More informationJob Sheet 1 The SCADA System Network
Job Sheet 1 The Supervisory Control And Data Acquisition (SCADA) system communication network makes it possible for data to be transferred between the central host computer servers, remote terminal unit
More informationHillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis
Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,
More informationResilient Smart Grids
Resilient Smart Grids André Teixeira Kaveh Paridari, Henrik Sandberg KTH Royal Institute of Technology, Sweden SPARKS 2nd Stakeholder Workshop Cork, Ireland March 25th, 2015 Legacy Distribution Grids Main
More informationThe GenCyber Program. By Chris Ralph
The GenCyber Program By Chris Ralph The Mission of GenCyber Provide a cybersecurity camp experience for students and teachers at the K-12 level. The primary goal of the program is to increase interest
More informationOn Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems
Journal of Digital Forensics, Security and Law Volume 9 Number 1 Article 3 2014 On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems Wei Gao Mississippi
More informationData Sources for Cyber Security Research
Data Sources for Cyber Security Research Melissa Turcotte mturcotte@lanl.gov Advanced Research in Cyber Systems, Los Alamos National Laboratory 14 June 2018 Background Advanced Research in Cyber Systems,
More informationSecurity Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management
Seven Habits of Cyber Security for SMEs Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management Security Policy is an important
More informationTowards High-Interaction Virtual ICS Honeypots-in-a-Box DANIELE ANTONIOLI ANAND AGRAWAL N. O. TIPPENHAUER
CPS-SPC 16 @ Vienna AU Towards High-Interaction Virtual ICS Honeypots-in-a-Box DANIELE ANTONIOLI ANAND AGRAWAL N. O. TIPPENHAUER daniele_antonioli@sutd.edu.sg Towards High-Interaction Virtual ICS Honeypots-in-a-Box
More informationREF IC012 PLC & SCADA Systems Feb $4,250 Abu Dhabi, UAE
Training Title PLC & SCADA SYSTEMS Training Duration 5 days Training Venue and Dates REF IC012 PLC & SCADA Systems 5 05 09 Feb $4,250 Abu Dhabi, UAE Training Fees 4,250 US$ per participant for Public Training
More informationBig Data Analytics for Host Misbehavior Detection
Big Data Analytics for Host Misbehavior Detection Miguel Pupo Correia joint work with Daniel Gonçalves, João Bota (Vodafone PT) 2016 European Security Conference June 2016 Motivation Networks are complex,
More informationAuthentication Protocol for Industrial Control Systems without Encryption
STUDENT SUMMER INTERNSHIP TECHNICAL REPORT Authentication Protocol for Industrial Control Systems without Encryption DOE-FIU SCIENCE & TECHNOLOGY WORKFORCE DEVELOPMENT PROGRAM Date submitted: September
More informationIE156: ICS410: ICS/SCADA Security Essentials
IE156: ICS410: ICS/SCADA Security Essentials IE156 Rev.001 CMCT COURSE OUTLINE Page 1 of 6 Training Description: In this five-day intensive training, participants will develop and reinforce a common language
More informationIntroduction and Statement of the Problem
Chapter 1 Introduction and Statement of the Problem 1.1 Introduction Unlike conventional cellular wireless mobile networks that rely on centralized infrastructure to support mobility. An Adhoc network
More informationFundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring
Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.
More informationThe Path to a Secure and Resilient Power Grid Infrastructure
The Path to a Secure and Resilient Power Grid Infrastructure Bill Sanders University of Illinois at Urbana-Champaign www.tcipg.org whs@illinois.edu 1 Power Grid Trust Dynamics Span Two Interdependent Infrastructures
More informationTABLE OF CONTENTS. Section Description Page
GPA Cybersecurity TABLE OF CONTENTS Section Description Page 1. Cybersecurity... 1 2. Standards... 1 3. Guides... 2 4. Minimum Hardware/Software Requirements For Secure Network Services... 3 4.1. High-Level
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationSecurity of cyber-physical systems: an old idea
Security of cyber-physical systems: an old idea Security Issues and Mitigation in Ethernet POWERLINK Jonathan Yung, Hervé Debar and Louis Granboulan AIRBUS Group Innovations & Télécom SudParis February
More informationAn Intrusion Detection System for Critical Information Infrastructures Using Wireless Sensor Network Technologies
An Intrusion Detection System for Critical Information Infrastructures Using Wireless Sensor Network Technologies The Fifth international CRIS conference on Critical Infrastructures Beijing China, 20 September
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance
More informationProtecting Critical Infrastructure. SCADA Network Security Monitoring
Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents I. Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security
More informationIndustrial Control Systems Providing Advanced Threat Detection
Industrial Control Systems Providing Advanced Threat Detection Gene Stevens, Co-Founder & CTO, ProtectWise Richard Welch, Senior Software Engineer, ProtectWise November 2016 2 AGENDA Introduction Intro
More informationThis shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict
1 This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict access between segments This creates a layered defense
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationNetwork Performance Analysis System. White Paper
Network Performance Analysis System White Paper Copyright Copyright 2018 Colasoft. All rights reserved. Information in this document is subject to change without notice. No part of this document may be
More informationA Specification-based Intrusion Detection Framework for Cyber-physical Environment in Electric Power System
International Journal of Network Security, Vol.17, No.2, PP.174-188, Mar. 2015 174 A Specification-based Intrusion Detection Framework for Cyber-physical Environment in Electric Power System Shengyi Pan,
More informationThe SCADA Connection: Moving Beyond Auto Dialers
WHITE PAPER The SCADA Connection: Moving Beyond Auto Dialers ABSTRACT: Auto dialers have long been used to report alarms in SCADA installations. While they are useful for notifying users of alarm states,
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Host Intrusion The Host Intrusion employs a response to a perceived incident of interference on a host-based system
More informationAnalysis of Malicious Traffic in Modbus/TCP Communication
Analysis of Malicious Traffic in Modbus/TCP Communication Tiago H. Kobayashi, Aguinaldo B. Batista Jr, João Paulo S. Medeiros, José Macedo F. Filho, Agostinho M. Brito Jr, Paulo S. Motta Pires LabSIN -
More informationNetwork Security: Firewall, VPN, IDS/IPS, SIEM
Security: Firewall, VPN, IDS/IPS, SIEM Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationTraining Venue and Dates September, 2019 $4,000 Dubai, UAE PLC & SCADA Systems Trainings will be conducted in any of the 5 star hotels.
Training Title PLC & SCADA SYSTEMS Training Duration 5 days Training Venue and Dates 5 15-19 September, 2019 $4,000 Dubai, UAE PLC & SCADA Systems Trainings will be conducted in any of the 5 star hotels.
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationIowa State University
Iowa State University Cyber Security Smart Grid Testbed Senior Design, Final Report Dec 13-11 Derek Reiser Jared Pixley Rick Sutton Faculty Advisor: Professor Manimaran Govindarasu 1 Table of Contents
More informationNetwork Intrusion Analysis (Hands on)
Network Intrusion Analysis (Hands on) TCP/IP protocol suite is the core of the Internet and it is vital to understand how it works together, its strengths and weaknesses and how it can be used to detect
More informationMonitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks
Monitoring and diagnostics of data infrastructure problems in power engineering Jaroslav Stusak, Sales Director CEE, Flowmon Networks 35,000 kilometers of electric power, which feeds around 740,000 clients...
More informationWireless Data Communications for SCADA Systems
Wireless Data Communications for SCADA Systems 1 Advanced SCADA Features Networking (Communication Anywhere to Anywhere) Communication Network Data Reliability (No Communication Errors) Data Security (Immune
More informationSECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS
SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS PROTECT YOUR DAILY OPERATIONS FROM BEING COMPROMISED In today s data-driven society, connectivity comes with a cost.
More informationINDUSTRIAL CONTROL SYSTEM TRAFFIC DATA SETS FOR INTRUSION DETECTION RESEARCH
Chapter 5 INDUSTRIAL CONTROL SYSTEM TRAFFIC DATA SETS FOR INTRUSION DETECTION RESEARCH Thomas Morris and Wei Gao Abstract Supervisory control and data acquisition (SCADA) systems monitor and control physical
More informationIntrusion Detection by Combining and Clustering Diverse Monitor Data
Intrusion Detection by Combining and Clustering Diverse Monitor Data TSS/ACC Seminar April 5, 26 Atul Bohara and Uttam Thakore PI: Bill Sanders Outline Motivation Overview of the approach Feature extraction
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationICS Cybersecurity. SANS Top 20 Critical Controls for ICS. David Van Crout
ICS Cybersecurity SANS Top 20 Critical Controls for ICS David Van Crout «Competitività e Sostenibilità. Progetti e tecnologie al servizio delle reti di pubblica utilità» Bologna, 6-7 novembre 2013 Industrial
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical
More informationNetwork-Attack-Resilient Intrusion- Tolerant SCADA for the Power Grid
Network-Attack-Resilient Intrusion- Tolerant SCADA for the Power Grid Amy Babay, Thomas Tantillo, Trevor Aron, Marco Platania, and Yair Amir Johns Hopkins University, AT&T Labs, Spread Concepts LLC Distributed
More informationApplication of Monitoring Standards for enhancing Energy System Security
Application of Monitoring Standards for enhancing Energy System Security G. DONDOSSOLA*, R. TERRUGGIA*, P. WYLACH*, G. PUGNI**, F. BELLIO*** RSE SpA*, Enel SpA**, Enel Produzione SpA*** Italy About RSE
More informationPramod Bide 1, Rajashree Shedge 2 1,2 Department of Computer Engg, Ramrao Adik Institute of technology/mumbai University, India
Comparative Study and Analysis of Cloud Intrusion Detection System Pramod Bide 1, Rajashree Shedge 2 1,2 Department of Computer Engg, Ramrao Adik Institute of technology/mumbai University, India ABSTRACT
More informationWhat is SCADA? What is Telemetry? What is Data Acquisition? Differences between SCADA and DCS? Components of SCADA. Field Instrumentation
SCADA Primer This document discusses the basics of SCADA systems. It serves as introduction for those who are not familiar with it, and as a reviewer for those who are already knowledgeable about the SCADA
More information