AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

Size: px
Start display at page:

Download "AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID"

Transcription

1 AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID Sherif Abdelwahed Department of Electrical and Computer Engineering Mississippi State University

2 Autonomic Security Management Modern Power Grids are complex systems which aggregate vast quantities of information to manage extensive computation tasks in real-time. The variety of network protocols and network interfaces in such systems introduce the potential for illicit cyber penetration. Objectives Enable power systems to adapt efficiently to variations in their environment. Enhance the availability and reliability of the system and the underlying services. Facilitate automatic recovery from security attacks while minimizing the impact on performance. Autonomic security management is analogous to Human autonomic nervous system ASM continuously monitors, analyzes, and diagnoses the user-cyber behavior and then takes proactive actions

3 Model-based Security Management Cycle Identify system and network parameters impacting system performance Monitoring Predict future system security state based on monitored parameters and operating conditions Automated Actions Feature Selection Develop models to provide security assessment to measure system vulnerability continuously in real-time Build a protection plan to secure the system and its data and maintain its availability Risk and Impact Analysis Anomaly Behavior Analysis Aggregate and Correlate

4 Outline of a Self-Protecting System Autonomic computing aims at selfprotecting systems from cyber attacks with minimal human intervention. estimating upcoming attacks and sending early warnings detecting and classifying attacks Investigating causes and impacts of zero-day attacks autonomously or semiautonomously implementing responses to eliminate cyber attacks.

5 Monitor and Data Processing The monitor module collects real-time data of the system performance and security performance. For a power system, a set of selected feature will include: Voltage, current, and phase measurments For the security of a power system with wired and wirelessly connected units, selected features include: TCP/IP packet header Protocol data units TCP connection rates The data processing module processes measurements collected by the monitor module. The formatted and preprocessed datasets are then forwarded to the intrusion estimation and intrusion detection modules.

6 Intrusion Estimation The estimation module uses the historical observations of controlled variables of a physical model ( k 1, r) and selected security features of the system ( k 1, r) to determine future performance of the system. Predicted Value of Control Variable (e.g. Water Level), and Security Features (e.g. TCP/IP packet rates and TCP connection rates) ˆ ( k) k ( ( k 1, r)) ˆ ( k) k ( ( k 1, r)) Historical Datasets Predicted Security State of the SCADA System xˆ (k) f ( x( k), ˆ( k), ˆ( k))

7 Intrusion Detection and Live Forensics Analysis Intrusion detection is the second line of defense The intrusion detection system adopting anomaly and signature detection techniques can detect known and unknown attacks in real time Live forensics analysis learning unknown attack patterns without disrupting system operations is added to protect against zero-day and evolving attacks Monitoring and analyzing network traffic, system performance, and auditing files using forensics tools (e.g., Wireshark) and statistical theories (e.g., Naive Bayesian Network) Updating detection algorithms of the IDS and active response library so that the zero-day attacks can be prevented in the future

8 Intrusion Response The intrusion response system selects a proper response to recover the physical system behavior back to normal. The multi-criteria analysis controller (MAC) examines predefined responses. The assessment of each response takes into account four criteria: Criterion 1: Enhancement of Security Criterion 2: Operational Costs Criterion 3: Maintenance of Normal Operations Criterion 4: Impacts on Properties, Finance, and Human Safety

9 Fuzzy-logic Decision Making Method The total Score for a recommended Response R i S i 3 j1 W Weight of Criterion j for Response i i, j C i, j Value of Criterion j for Response i Criterion j {1,2,3} e.g. Response: Replacement of Compromised Devices. Weight values for each criterion is 1/3 Criterio n One Criterio n Two Criterion Three Criterion Four Total Score /3*0+1/3*0.5+1/3+0=0.17 (Auto or Semi-Auto)

10 Case Study: SCADA System Supervisory Control and Data Acquisition (SCADA) systems are a type of industrial control system (ICS) that adopts many aspects of Information and Communications Technology to monitor and control cyber-physical processes. A SCADA system includes: sensors, actuators, programmable logic controllers (PLCs), remote terminal units (RTUs), human machine interfaces (HMIs), and master terminal units (MTUs). Field devices such as PLCs and RTUs collect and convert sensor sourced analog measurements to digital data. The digital data are then sent back to MTUs via communication links (e.g., Internet, radio, microwave, and satellite). In near real-time this data is processed by MTUs and displayed on HMIs to enable operators to make intervening control decisions.

11 Cyber Threats Facing SCADA Systems Vulnerabilities residing in: Open and standardized protocols (e.g., Modbus, ICCP, and DNP) Internet-based cyber communications. Security issues inherited from ICT/IT systems: Operating System Commercial-off-the-shelf applications

12 A Self-Protecting SCADA System Architecture Front VM HMI Firewall Messages from Field Devices Control Network Switch Ranking Unit Criteria Response MAC/Intrusion Response Security State IDS/Forensics Analysis Monitor Estimation Intrusion Estimation Data Processing Legal Replies Legal Replies MTU Legal Replies Commands Commands Protocol Converter TCP2RTU/RT U2TCP Commands Communication Link Communication Link PLC Field Devices Protocol Converter Replies Legal Command Front VM Request Switch Firewall

13 Virtual Testbed A storage tank is modeled by a laboratoryscale control system in Mississippi State University SCADA Security Laboratory. The MTU is connected to a Human-Machine- Interface (HMI) server via a RS-232 serial port The MTU connects to the RTU wirelessly

14 SCADA System Exploits We injected a malicious command that modified the register values of the water storage tank alarm condition when the water storage tank was set to the Auto control mode Auto control mode: The pump was turned on when the water level reached the low alarm condition (represented by L); when the water level increased to the high alarm condition (denoted by H), the pump was turned off automatically The attack first evaded the authentication process Then sent an illicit command to change L set-point from 50.00% to 40.00% ; altered H set-point from 60.00% to 70.00%. HH (the high-high alarm) set-point was modified to % from 70:00%; LL (the low-low alarm) was changed to 10.00% from 20.00%.

15 Physical Model of the Water Storage Tank A linear physical system of the water storage tank was modeled relying on the observations of the physical system when it was automatically controlled Water Level Samples ( k) A* k B x(k) ˆ f(x(k),( ^ Ak B),λ(k)) ˆ Coefficients when 1 t 35: A = and B = when 36 t 39: A = and B = When 40 t 45: A = and B = When 46 t 80: A = and B = Observations and Estimations of the Water Level Without Self-Protection

16 Evaluation of Recommended Responses The optimal response evaluated by the MAC to defend against malicious command injection attack is Replacement of Compromised Devices.

17 Experimental Results It shows that at sample 94, the malicious command injection attack modified alarm conditions The water level was abnormally increased to 65.99%. At sample 104 when Replacement of Compromised Devices was implemented, a replica PLC containing original ladder-logic programs replied to the MTU and sent commands to control water level of the water storage tank. The water level was returned back to normal rapidly and efficiently with the application of autonomic computing technology

18 Current Related Research at MSU Test bed for vulnerabilities assessment and impact study Synchrophasor data generation Simulation of wide range of power system events and cyber-attacks Datasets Application of data in event and intrusion detection for offline and online applications

19 Wide Area Measurement Systems - A CPS Test Bed Architecture Physical, communication, monitoring, and control layers Power system scenarios Faults, load change, generator drop, line loss 5 power system models : 3- generator 4 bus, IEEE 9 Bus, Kundur 2 area system, IEEE 14 Bus, IEEE 39 Bus cyber-attack scenarios Command injection Man in the middle HMI/UI attacks Physical attacks Denial of service attacks

20 Heterogeneous Data sets CSV data format All data time tagged Data pertains to all scenarios 45 scenarios 120 samples per second 4 PMUs 38.8 GB - 11,715 instances of 45 scenarios randomly simulated for nearly 40 hours

21 Data Mining Applications for Event and Intrusion Detection Systems (EIDS) Datasets were used to develop Intrusion Detections Systems (IDS) using Common Path Mining (CPM) algorithm Datasets were used to develop Event and Intrusion Detections Systems (EIDS) for offline and real-time applications Non-nested Generalized Exemplars (NNGE) for offline EIDS Hoeffding Adaptive Tree (HAT) for real-time EIDS PERFORMANCE COMPARISON BETWEEN DIFFERENT DATA MINING ALGORITHM

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies lwihl@scalable-networks.com 2 The Need OT security particularly in the

More information

Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids

Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids Hui Lin, Adam Slagell, Zbigniew Kalbarczyk, Peter W. Sauer, and Ravishankar K. Iyer Department of Electrical

More information

Toward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania

Toward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania Outline What is SCADA? SCADA Vulnerabilities What is Intrusion Tolerance? Prime PvBrowser Our

More information

Virtualizing Industrial Control Systems Testbeds for Cybersecurity Research

Virtualizing Industrial Control Systems Testbeds for Cybersecurity Research Virtualizing Industrial Control Systems Testbeds for Cybersecurity Research CAE Tech Talk 2016 Thiago Alves Faculty: Dr. Tommy Morris Overview Problems: Industrial Control Systems are too big to fit in

More information

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the

More information

Tools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems

Tools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems Tools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems Presenters: Rima Asmar Awad, Saeed Beztchi Co-Authors: Jared M. Smith, Stacy Prowell, Bryan Lyles Overview Supervisory

More information

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices Against Cyber Attacks (CODEF) Cyber Security of the

More information

Communication Pattern Anomaly Detection in Process Control Systems

Communication Pattern Anomaly Detection in Process Control Systems Communication Pattern Anomaly Detection in Process Control Systems Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein

More information

Legacy-Compliant Data Authentication for Industrial Control System Traffic

Legacy-Compliant Data Authentication for Industrial Control System Traffic Legacy-Compliant Data Authentication for Industrial Control System Traffic John Henry Castellanos, Daniele Antonioli, Nils Ole Tippenhauer and Martín Ochoa Singapore University of Technology and Design

More information

PREEMPTIVE PREventivE Methodology and Tools to protect utilities

PREEMPTIVE PREventivE Methodology and Tools to protect utilities PREEMPTIVE PREventivE Methodology and Tools to protect utilities 2014 2017 1 With the financial support of FP7 Seventh Framework Programme Grant agreement no: 607093 Preemptive goal The main goal of PREEMPTIVE

More information

Automation Services and Solutions

Automation Services and Solutions Automation Services and Solutions Automate substation data acquisition and control to improve performance Maintain uninterrupted power services with proactive grid monitoring and controlling features.

More information

Cyber Security of Power Grids

Cyber Security of Power Grids Cyber Security of Power Grids Chen-Ching Liu Boeing Distinguished Professor Director, Energy Systems Innovation Center Washington State University In Collaboration with M. Govindarasu, Iowa State University

More information

A. Carcano, I. Nai Fovino, M. Masera, A. Trombetta European Commission Joint Research Centre Critis 2008, Rome, October 15, 2008

A. Carcano, I. Nai Fovino, M. Masera, A. Trombetta European Commission Joint Research Centre Critis 2008, Rome, October 15, 2008 Scada Malware, A Proof of Concept A. Carcano, I. Nai Fovino, M. Masera, A. Trombetta European Commission Joint Research Centre Critis 2008, Rome, October 15, 2008 Outline Motivations Testing Environment

More information

Firewalls (IDS and IPS) MIS 5214 Week 6

Firewalls (IDS and IPS) MIS 5214 Week 6 Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part

More information

SCADA Software. 3.1 SCADA communication architectures SCADA system

SCADA Software. 3.1 SCADA communication architectures SCADA system 3 SCADA Software 3.1 SCADA communication architectures 3.1.1 SCADA system A supervisory control and data acquisition (SCADA) system means a system consisting of a number of remote terminal units (RTUs)

More information

Cyber Security and Privacy Issues in Smart Grids

Cyber Security and Privacy Issues in Smart Grids Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from Univ. of Waterloo References Main Reference Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber

More information

Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data

Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data Anurag Srivastava, Bo Cui, P. Banerjee Washington State University NASPI March 2017 Outline

More information

Indegy. Industrial Cyber Security. The Anatomy of an Industrial Cyber Attack

Indegy. Industrial Cyber Security. The Anatomy of an Industrial Cyber Attack Indegy Industrial Cyber Security The Anatomy of an Industrial Cyber Attack Today s Presenter Eliminating Security Blindspots in SCADA and Control Networks Presented By: Dana Tamir, VP Marketing, Indegy

More information

How AlienVault ICS SIEM Supports Compliance with CFATS

How AlienVault ICS SIEM Supports Compliance with CFATS How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal

More information

9 th Electricity Conference at CMU

9 th Electricity Conference at CMU Power Systems/Communication System Co-Simulation and Experimental Evaluation of Cyber Security of Power Grid Yi Deng, Sandeep Shukla, Hua Lin, James Thorp February 5, 2014 9 th Electricity Conference at

More information

Symantec Security Monitoring Services

Symantec Security Monitoring Services 24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts

More information

Maxwell Dondo PhD PEng SMIEEE

Maxwell Dondo PhD PEng SMIEEE Maxwell Dondo PhD PEng SMIEEE 1 Evolution of grid automation SCADA introduction SCADA Components Smart Grid SCADA Security 2 Traditionally power delivery was unsophisticated Generation localised around

More information

A Rising Tide: Design Exploits in Industrial Control Systems

A Rising Tide: Design Exploits in Industrial Control Systems A Rising Tide: Design Exploits in Industrial Control Systems Usenix WOOT 16 August 9, 2016 Marina Krotofil Alexander Bolshev; Jason Larsen; Reid Wightman Who we are (alphabetically) 1 Alex Bolshev Jason

More information

Introduction to ICS Security

Introduction to ICS Security Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal 2018 Critical

More information

Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3

Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3 CPS-SPC 17 @ Dallas, US Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3 DANIELE ANTONIOLI, H. R. GHAEINI, S. ADEPU, M. OCHOA, N. O. TIPPENHAUER Singapore University

More information

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP

More information

Providing SCADA network data sets for intrusion detection research Antoine Lemay (ÉPM) José M. Fernandez (ÉPM) WORLD-CLASS ENGINEERING

Providing SCADA network data sets for intrusion detection research Antoine Lemay (ÉPM) José M. Fernandez (ÉPM) WORLD-CLASS ENGINEERING Providing SCADA network data sets for intrusion detection research Antoine Lemay (ÉPM) José M. Fernandez (ÉPM) WORLD-CLASS ENGINEERING 1 PLAN Introduction to SCADA networks (Mis?)use of SCADA data sets

More information

Detection and Analysis of Threats to the Energy Sector (DATES)

Detection and Analysis of Threats to the Energy Sector (DATES) Detection and Analysis of Threats to the Energy Sector (DATES) Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein

More information

Industrial Defender ASM. for Automation Systems Management

Industrial Defender ASM. for Automation Systems Management Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping

More information

Formal Security Assessment of Modbus Protocol

Formal Security Assessment of Modbus Protocol Formal Security Assessment of Modbus Protocol Roberto Nardone, Ricardo J. Rodríguez,, Stefano Marrone roberto.nardone@unina.it, rjrodriguez@ieee.org, stefano.marrone@unina2.it All wrongs reversed Univ.

More information

A Probabilistic Approach to Autonomic Security Management

A Probabilistic Approach to Autonomic Security Management 2016 IEEE International Conference on Autonomic Computing A Probabilistic Approach to Autonomic Security Management Stefano Iannucci Distributed Analytics and Security Institute Mississippi State University

More information

Substation. Communications. Power Utilities. Application Brochure. Typical users: Transmission & distribution power utilities

Substation. Communications. Power Utilities. Application Brochure. Typical users: Transmission & distribution power utilities Power Utilities Application Brochure Communications Typical users: Transmission & distribution power utilities For more than 30 years, RAD has worked closely with its worldwide energy utility customers

More information

Connectivity 101 for Remote Monitoring Systems

Connectivity 101 for Remote Monitoring Systems Connectivity 101 for Remote Monitoring Systems Paul Wacker Moxa, Inc. Manager - Edge Connectivity Ariana Drivdahl Moxa, Inc. Product Marketing Manager Pain Points of Remote Monitoring Pressure to enhance

More information

Cyber Physical System Security

Cyber Physical System Security S2ERC Industry Outreach Workshop Cyber Physical System Security Manimaran Govindarasu Dept. of Electrical and Computer Engineering Iowa State University gmani@iastate.edu Outline Background CPS Security

More information

Using Defense in Depth to Safely Present SCADA Data for Read-Only and Corporate Reporting. Rick Bryson

Using Defense in Depth to Safely Present SCADA Data for Read-Only and Corporate Reporting. Rick Bryson Using Defense in Depth to Safely Present SCADA Data for Read-Only and Corporate Reporting Rick Bryson 2017 by Schweitzer Engineering Laboratories, Inc. All rights reserved. All brand or product names appearing

More information

An Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree

An Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree An Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree P. Radoglou-Grammatikis and P. Sarigiannidis* University of Western Macedonia Department of Informatics & Telecommunications

More information

The Future of Industrial Control Systems Security

The Future of Industrial Control Systems Security The Future of Industrial Control Systems Security Amir Samoiloff, CEO, Siga Security Ilan Gendelman, CTO, Siga Security www.sigasec.com The Importance of Operating Technology Systems Modern life relies

More information

SCADA Protocols. Overview of DNP3. By Michael LeMay

SCADA Protocols. Overview of DNP3. By Michael LeMay SCADA Protocols Overview of DNP3 By Michael LeMay Introduction DNP3 used for communications between SCADA masters (control centres) and remote terminal units (RTUs) and/or intelligent electronic devices

More information

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS Digital Forensics Readiness: PREPARE BEFORE AN INCIDENT HAPPENS 2 Digital Forensics Readiness The idea that all networks can be compromised

More information

Cyber Moving Targets. Yashar Dehkan Asl

Cyber Moving Targets. Yashar Dehkan Asl Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system

More information

Activating Intrusion Prevention Service

Activating Intrusion Prevention Service Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers

More information

Training Fees 4,250 US$ per participant for Public Training includes Materials/Handouts, tea/coffee breaks, refreshments & Buffet Lunch

Training Fees 4,250 US$ per participant for Public Training includes Materials/Handouts, tea/coffee breaks, refreshments & Buffet Lunch Training Title PLC & SCADA SYSTEMS Training Duration 5 days Training Venue and Dates REF IC012 PLC & SCADA Systems 5 04-08 Feb $4,250 Abu Dhabi, UAE Training Fees 4,250 US$ per participant for Public Training

More information

CSE 565 Computer Security Fall 2018

CSE 565 Computer Security Fall 2018 CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based

More information

ICS Security Monitoring

ICS Security Monitoring ICS Security Monitoring INFRASTRUCTURE MINING & METALS NUCLEAR, SECURITY & ENVIRONMENTAL OIL, GAS & CHEMICALS Moses Schwartz Security Engineer Computer Incident Response Team Bechtel Corporation State

More information

Intrusion Detection Using Data Mining Technique (Classification)

Intrusion Detection Using Data Mining Technique (Classification) Intrusion Detection Using Data Mining Technique (Classification) Dr.D.Aruna Kumari Phd 1 N.Tejeswani 2 G.Sravani 3 R.Phani Krishna 4 1 Associative professor, K L University,Guntur(dt), 2 B.Tech(1V/1V),ECM,

More information

IDS: Signature Detection

IDS: Signature Detection IDS: Signature Detection Idea: What is bad, is known What is not bad, is good Determines whether a sequence of instructions being executed is known to violate the site security policy Signatures: Descriptions

More information

PREEMPTIVE Preventive methodology and tools to protect utilities

PREEMPTIVE Preventive methodology and tools to protect utilities PREEMPTIVE Preventive methodology and tools to protect utilities http://preemptive.eu/ Ignasi Cairó 15 October 2015 Brussels With the financial support of FP7 Seventh Framework Programme Grant agreement

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

Training for the cyber professionals of tomorrow

Training for the cyber professionals of tomorrow Hands-On Labs Training for the cyber professionals of tomorrow CYBRScore is a demonstrated leader in professional cyber security training. Our unique training approach utilizes immersive hands-on lab environments

More information

Building a resilient ICS

Building a resilient ICS Building a resilient ICS By Dr Jules Pagna Disso, @julesdisso Building a resilient Industrial Control System (ICS) 1: From ICS to Critical National Infrastructure 2: Thenatureof the problem 3: Building

More information

The SCADA Connection: Moving Beyond Auto Dialers

The SCADA Connection: Moving Beyond Auto Dialers C O N N E CT I N G T H E WORLD S ASSETS The SCADA Connection: Moving Beyond Auto Dialers Auto dialers have long been used to report alarms in SCADA installations. While they are useful for notifying users

More information

Distributed Agent-Based Intrusion Detection for the Smart Grid

Distributed Agent-Based Intrusion Detection for the Smart Grid Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen January 19, 2018 Introduction The smart-grid can be viewed as a Large-Scale Networked Control System (LSNCS).

More information

Job Sheet 1 The SCADA System Network

Job Sheet 1 The SCADA System Network Job Sheet 1 The Supervisory Control And Data Acquisition (SCADA) system communication network makes it possible for data to be transferred between the central host computer servers, remote terminal unit

More information

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,

More information

Resilient Smart Grids

Resilient Smart Grids Resilient Smart Grids André Teixeira Kaveh Paridari, Henrik Sandberg KTH Royal Institute of Technology, Sweden SPARKS 2nd Stakeholder Workshop Cork, Ireland March 25th, 2015 Legacy Distribution Grids Main

More information

The GenCyber Program. By Chris Ralph

The GenCyber Program. By Chris Ralph The GenCyber Program By Chris Ralph The Mission of GenCyber Provide a cybersecurity camp experience for students and teachers at the K-12 level. The primary goal of the program is to increase interest

More information

On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems

On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems Journal of Digital Forensics, Security and Law Volume 9 Number 1 Article 3 2014 On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems Wei Gao Mississippi

More information

Data Sources for Cyber Security Research

Data Sources for Cyber Security Research Data Sources for Cyber Security Research Melissa Turcotte mturcotte@lanl.gov Advanced Research in Cyber Systems, Los Alamos National Laboratory 14 June 2018 Background Advanced Research in Cyber Systems,

More information

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management Seven Habits of Cyber Security for SMEs Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management Security Policy is an important

More information

Towards High-Interaction Virtual ICS Honeypots-in-a-Box DANIELE ANTONIOLI ANAND AGRAWAL N. O. TIPPENHAUER

Towards High-Interaction Virtual ICS Honeypots-in-a-Box DANIELE ANTONIOLI ANAND AGRAWAL N. O. TIPPENHAUER CPS-SPC 16 @ Vienna AU Towards High-Interaction Virtual ICS Honeypots-in-a-Box DANIELE ANTONIOLI ANAND AGRAWAL N. O. TIPPENHAUER daniele_antonioli@sutd.edu.sg Towards High-Interaction Virtual ICS Honeypots-in-a-Box

More information

REF IC012 PLC & SCADA Systems Feb $4,250 Abu Dhabi, UAE

REF IC012 PLC & SCADA Systems Feb $4,250 Abu Dhabi, UAE Training Title PLC & SCADA SYSTEMS Training Duration 5 days Training Venue and Dates REF IC012 PLC & SCADA Systems 5 05 09 Feb $4,250 Abu Dhabi, UAE Training Fees 4,250 US$ per participant for Public Training

More information

Big Data Analytics for Host Misbehavior Detection

Big Data Analytics for Host Misbehavior Detection Big Data Analytics for Host Misbehavior Detection Miguel Pupo Correia joint work with Daniel Gonçalves, João Bota (Vodafone PT) 2016 European Security Conference June 2016 Motivation Networks are complex,

More information

Authentication Protocol for Industrial Control Systems without Encryption

Authentication Protocol for Industrial Control Systems without Encryption STUDENT SUMMER INTERNSHIP TECHNICAL REPORT Authentication Protocol for Industrial Control Systems without Encryption DOE-FIU SCIENCE & TECHNOLOGY WORKFORCE DEVELOPMENT PROGRAM Date submitted: September

More information

IE156: ICS410: ICS/SCADA Security Essentials

IE156: ICS410: ICS/SCADA Security Essentials IE156: ICS410: ICS/SCADA Security Essentials IE156 Rev.001 CMCT COURSE OUTLINE Page 1 of 6 Training Description: In this five-day intensive training, participants will develop and reinforce a common language

More information

Introduction and Statement of the Problem

Introduction and Statement of the Problem Chapter 1 Introduction and Statement of the Problem 1.1 Introduction Unlike conventional cellular wireless mobile networks that rely on centralized infrastructure to support mobility. An Adhoc network

More information

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.

More information

The Path to a Secure and Resilient Power Grid Infrastructure

The Path to a Secure and Resilient Power Grid Infrastructure The Path to a Secure and Resilient Power Grid Infrastructure Bill Sanders University of Illinois at Urbana-Champaign www.tcipg.org whs@illinois.edu 1 Power Grid Trust Dynamics Span Two Interdependent Infrastructures

More information

TABLE OF CONTENTS. Section Description Page

TABLE OF CONTENTS. Section Description Page GPA Cybersecurity TABLE OF CONTENTS Section Description Page 1. Cybersecurity... 1 2. Standards... 1 3. Guides... 2 4. Minimum Hardware/Software Requirements For Secure Network Services... 3 4.1. High-Level

More information

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store

More information

Security of cyber-physical systems: an old idea

Security of cyber-physical systems: an old idea Security of cyber-physical systems: an old idea Security Issues and Mitigation in Ethernet POWERLINK Jonathan Yung, Hervé Debar and Louis Granboulan AIRBUS Group Innovations & Télécom SudParis February

More information

An Intrusion Detection System for Critical Information Infrastructures Using Wireless Sensor Network Technologies

An Intrusion Detection System for Critical Information Infrastructures Using Wireless Sensor Network Technologies An Intrusion Detection System for Critical Information Infrastructures Using Wireless Sensor Network Technologies The Fifth international CRIS conference on Critical Infrastructures Beijing China, 20 September

More information

Chapter X Security Performance Metrics

Chapter X Security Performance Metrics Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance

More information

Protecting Critical Infrastructure. SCADA Network Security Monitoring

Protecting Critical Infrastructure. SCADA Network Security Monitoring Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents I. Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security

More information

Industrial Control Systems Providing Advanced Threat Detection

Industrial Control Systems Providing Advanced Threat Detection Industrial Control Systems Providing Advanced Threat Detection Gene Stevens, Co-Founder & CTO, ProtectWise Richard Welch, Senior Software Engineer, ProtectWise November 2016 2 AGENDA Introduction Intro

More information

This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict

This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict 1 This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict access between segments This creates a layered defense

More information

Are we breached? Deloitte's Cyber Threat Hunting

Are we breached? Deloitte's Cyber Threat Hunting Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Network Performance Analysis System. White Paper

Network Performance Analysis System. White Paper Network Performance Analysis System White Paper Copyright Copyright 2018 Colasoft. All rights reserved. Information in this document is subject to change without notice. No part of this document may be

More information

A Specification-based Intrusion Detection Framework for Cyber-physical Environment in Electric Power System

A Specification-based Intrusion Detection Framework for Cyber-physical Environment in Electric Power System International Journal of Network Security, Vol.17, No.2, PP.174-188, Mar. 2015 174 A Specification-based Intrusion Detection Framework for Cyber-physical Environment in Electric Power System Shengyi Pan,

More information

The SCADA Connection: Moving Beyond Auto Dialers

The SCADA Connection: Moving Beyond Auto Dialers WHITE PAPER The SCADA Connection: Moving Beyond Auto Dialers ABSTRACT: Auto dialers have long been used to report alarms in SCADA installations. While they are useful for notifying users of alarm states,

More information

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Host Intrusion The Host Intrusion employs a response to a perceived incident of interference on a host-based system

More information

Analysis of Malicious Traffic in Modbus/TCP Communication

Analysis of Malicious Traffic in Modbus/TCP Communication Analysis of Malicious Traffic in Modbus/TCP Communication Tiago H. Kobayashi, Aguinaldo B. Batista Jr, João Paulo S. Medeiros, José Macedo F. Filho, Agostinho M. Brito Jr, Paulo S. Motta Pires LabSIN -

More information

Network Security: Firewall, VPN, IDS/IPS, SIEM

Network Security: Firewall, VPN, IDS/IPS, SIEM Security: Firewall, VPN, IDS/IPS, SIEM Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized

More information

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8 Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and

More information

Training Venue and Dates September, 2019 $4,000 Dubai, UAE PLC & SCADA Systems Trainings will be conducted in any of the 5 star hotels.

Training Venue and Dates September, 2019 $4,000 Dubai, UAE PLC & SCADA Systems Trainings will be conducted in any of the 5 star hotels. Training Title PLC & SCADA SYSTEMS Training Duration 5 days Training Venue and Dates 5 15-19 September, 2019 $4,000 Dubai, UAE PLC & SCADA Systems Trainings will be conducted in any of the 5 star hotels.

More information

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.

More information

Iowa State University

Iowa State University Iowa State University Cyber Security Smart Grid Testbed Senior Design, Final Report Dec 13-11 Derek Reiser Jared Pixley Rick Sutton Faculty Advisor: Professor Manimaran Govindarasu 1 Table of Contents

More information

Network Intrusion Analysis (Hands on)

Network Intrusion Analysis (Hands on) Network Intrusion Analysis (Hands on) TCP/IP protocol suite is the core of the Internet and it is vital to understand how it works together, its strengths and weaknesses and how it can be used to detect

More information

Monitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks

Monitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks Monitoring and diagnostics of data infrastructure problems in power engineering Jaroslav Stusak, Sales Director CEE, Flowmon Networks 35,000 kilometers of electric power, which feeds around 740,000 clients...

More information

Wireless Data Communications for SCADA Systems

Wireless Data Communications for SCADA Systems Wireless Data Communications for SCADA Systems 1 Advanced SCADA Features Networking (Communication Anywhere to Anywhere) Communication Network Data Reliability (No Communication Errors) Data Security (Immune

More information

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS PROTECT YOUR DAILY OPERATIONS FROM BEING COMPROMISED In today s data-driven society, connectivity comes with a cost.

More information

INDUSTRIAL CONTROL SYSTEM TRAFFIC DATA SETS FOR INTRUSION DETECTION RESEARCH

INDUSTRIAL CONTROL SYSTEM TRAFFIC DATA SETS FOR INTRUSION DETECTION RESEARCH Chapter 5 INDUSTRIAL CONTROL SYSTEM TRAFFIC DATA SETS FOR INTRUSION DETECTION RESEARCH Thomas Morris and Wei Gao Abstract Supervisory control and data acquisition (SCADA) systems monitor and control physical

More information

Intrusion Detection by Combining and Clustering Diverse Monitor Data

Intrusion Detection by Combining and Clustering Diverse Monitor Data Intrusion Detection by Combining and Clustering Diverse Monitor Data TSS/ACC Seminar April 5, 26 Atul Bohara and Uttam Thakore PI: Bill Sanders Outline Motivation Overview of the approach Feature extraction

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

ICS Cybersecurity. SANS Top 20 Critical Controls for ICS. David Van Crout

ICS Cybersecurity. SANS Top 20 Critical Controls for ICS. David Van Crout ICS Cybersecurity SANS Top 20 Critical Controls for ICS David Van Crout «Competitività e Sostenibilità. Progetti e tecnologie al servizio delle reti di pubblica utilità» Bologna, 6-7 novembre 2013 Industrial

More information

Chapter X Security Performance Metrics

Chapter X Security Performance Metrics Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical

More information

Network-Attack-Resilient Intrusion- Tolerant SCADA for the Power Grid

Network-Attack-Resilient Intrusion- Tolerant SCADA for the Power Grid Network-Attack-Resilient Intrusion- Tolerant SCADA for the Power Grid Amy Babay, Thomas Tantillo, Trevor Aron, Marco Platania, and Yair Amir Johns Hopkins University, AT&T Labs, Spread Concepts LLC Distributed

More information

Application of Monitoring Standards for enhancing Energy System Security

Application of Monitoring Standards for enhancing Energy System Security Application of Monitoring Standards for enhancing Energy System Security G. DONDOSSOLA*, R. TERRUGGIA*, P. WYLACH*, G. PUGNI**, F. BELLIO*** RSE SpA*, Enel SpA**, Enel Produzione SpA*** Italy About RSE

More information

Pramod Bide 1, Rajashree Shedge 2 1,2 Department of Computer Engg, Ramrao Adik Institute of technology/mumbai University, India

Pramod Bide 1, Rajashree Shedge 2 1,2 Department of Computer Engg, Ramrao Adik Institute of technology/mumbai University, India Comparative Study and Analysis of Cloud Intrusion Detection System Pramod Bide 1, Rajashree Shedge 2 1,2 Department of Computer Engg, Ramrao Adik Institute of technology/mumbai University, India ABSTRACT

More information

What is SCADA? What is Telemetry? What is Data Acquisition? Differences between SCADA and DCS? Components of SCADA. Field Instrumentation

What is SCADA? What is Telemetry? What is Data Acquisition? Differences between SCADA and DCS? Components of SCADA. Field Instrumentation SCADA Primer This document discusses the basics of SCADA systems. It serves as introduction for those who are not familiar with it, and as a reviewer for those who are already knowledgeable about the SCADA

More information