Essentials of Cyber Security Intelligence for Protecting ICS
|
|
- Kellie Townsend
- 5 years ago
- Views:
Transcription
1 November 3, 2016 Essentials of Cyber Security Intelligence for Protecting ICS Jeffery S. Bridgland Advisory Board Member N-Dimension Solutions
2 Lots of Ground to Cover ICS in General General Security Risks to ICS Detailed Risks in ICS How to Secure an ICS Attack Primer Case Studies - 2 -
3 A Simple Control System Sensor(s) + Actuator(s) + Controller(s) - 3 -
4 Breadth of ICS Supervisory Control And Data Acquisition (SCADA) Process Control Systems (PCS) Distributed Control Systems (DCS) Manufacturing Execution Systems (MES) - 4 -
5 Control Systems in a Power Grid SCADA HAN - 5 -
6 Historical ICS Proprietary Complete vertical solutions Custom Specialized communications Wired, fiber, microwave, dialup, serial, licensed spectrum, etc. 100s of different protocols Slow; e.g baud Long service lifetimes: years Not designed with security in mind - 6 -
7 Modern ICS Internet Enterprise Network Services Firewall Workplaces IP Enterprise Optimization Suite Enterprise Network Third Party Application Server Mobile Operator Network Connectivity Server Historian Server Application Server Engineering Workplace Control Network Serial, OPC or Fieldbus Device Network Redundant Third Party Controllers, Servers, etc
8 Security Risks to Modern ICS COTS + IP + Connectivity = Many Security Risks Poor separation from enterprise No security monitoring Poorly secured 3 rd party access Dialup modems Unpatched systems Limited use of anti-virus Limited use of host-based firewalls Improper use of ICS workstations Unauthorized applications Unnecessary applications Open FTP, Telnet, SNMP, HTML ports Fragile control devices Network scans by IT staff Legacy OSes and applications Inability to limit access Inability to revoke access quickly Unexamined system logs Accidental misconfiguration Improperly secured devices Lack of security features Improperly secured wireless Unencrypted links to remote sites Passwords sent in clear text Password management problems Default OS security configurations Unpatched routers / switches - 8 -
9 Consequences Loss of production Penalties Lawsuits Loss of public trust Loss of market value Physical damage Environmental damage Injury Loss of life Bellingham pipeline rupture, 1999 Queensland sewage release, 2000 Davis Besse nuclear plant infection, 2003 Northeast USA blackout, 2003 Browns Ferry nuclear plant scram, 2006 Stuxnet, 2010 Saudi Aramco, 2012 Ukrainian Energy Co s, BE3,
10 A Few More
11 A Few More
12 A Few More
13 Security Issues in a Control System
14 Availability, Integrity & Confidentiality Enterprise networks require C-I-A Confidentiality of intellectual property matters most ICS requires A-I-C Availability and integrity of control matters most control data has low entropy little need for confidentiality Many ICS vendors provide six 9 s of availability typical networking gear is five 9 s Ensuring availability is hard Cryptography does not help DDOS protection, resource management, QoS, redundancy, robust hardware with high MTBF
15 Poor Separation from Enterprise and poorly secured 3 rd party connections
16 Attack Vectors into Control Systems
17 Brittle ICS Devices Many IP stack implementations are fragile Some devices lockup on ping sweep or NMAP scan Numerous incidents of ICS shut down by uninformed IT staff running a well-intentioned vulnerability scan Modern ICS devices are much more complex PLCs include web server for config and status More lines of code leads to more bugs PLCs require patching just like servers
18 Unpatched Systems Many ICS systems are not patched to current Particularly Windows servers No patches available for older versions of windows OS and application patches can break ICS Uncertified patches can invalidate warranty Patching often requires server reboot Before installation of a patch: Vendor certification - typically a week Lab testing by operator Staged deployment on less critical systems first Avoid interrupting any critical process phases
19 No Anti-Virus AV operations can cause significant system disruption at inopportune times 2am is no better than any other time for a full disk scan on a system that operates 24x7 ICS vendors only beginning to support AV AV is only as good as the signature set Signatures may require testing just like patches
20 Poor Authentication & Authorization Machine-to-machine comms involve no user Many ICS have poor authentication mechanisms and very limited authorization mechanisms Many protocols use cleartext passwords Many ICS devices lack encryption support Device passwords are hard to manage appropriately Often one password is shared amongst all devices and users Passwords seldom if ever changed
21 Poor Audit and Logging Many ICS have poor or non-existent support for logging security-related actions Attempted or successful intrusions may go unnoticed When IDS logs are kept, they are often not reviewed Various regulatory requirements are driving some change in this area NERC North American Electric Reliability Corporation FERC Federal Energy Regulatory Commission
22 Unmanned Field Sites Many unmanned field sites Some with high-speed connectivity to control center Most with poor authentication and authorization Many with dialup or other telephony access Can be an easy backdoor to the control center
23 Legacy Equipment Usually impossible to update to add security features Difficult to protect legacy communications
24 Unauthorized Applications Unauthorized apps installed on ICS systems can interfere with ICS operation Many types of unauthorized apps have been found during security audits Instant messaging P2P file sharing DVD and MPEG video players Games, including Internet-based Web browsers
25 Inappropriate Use of ICS Systems Web browsing from HMI can infect ICS Browser vulnerabilities Downloads Cross-site scripting Spyware to/from control servers can infect ICS Sendmail and outlook vulnerabilities Disk storage exhaustion can crash OS Storage of music, videos
26 Requirement for 3rd Party Access Firmware updates and system programming are frequently done by vendor Many ICS have open maintenance ports Infected vendor laptops can bring down ICS
27 People Risks ICS network often managed by Operations Department, distinct from IT Department running enterprise network ICS personnel are not IT or networking experts IT personnel are not ICS experts Significant fraction of control systems workforce is older and nearing retirement Few young people entering this field Few academic programs
28 Limited Cyber Incident Data BCIT reports ~30 incidents per year vs. hundreds of thousands per year in CERT database Few ICS cyber attack incident details are public National Electric Sector Cybersecurity Organization (NESCO) runs a controlled sharing portal Executive orders - increased info sharing; creation of ISACs Difficult to estimate risk and show ROI for security But lots of data about significant financial losses in enterprise and e-commerce why would ICS be immune?
29 Other Challenges Extreme environments Unusual physical and geographical topologies Many special purpose, limited function devices Static network configurations Multicast Long service lifetimes Difficulties in scheduling downtime for maintenance
30 Adversaries Script kiddies Hackers Organized crime Disgruntled insiders Competitors Terrorists Hactivists Eco-terrorists Nation states Nations
31 How to Secure Control Systems?
32 Defense in Depth Perimeter Protection Firewall, IPS, VPN, AV Host IDS, Host AV DMZ Interior Security Firewall, VPN, AV Host IDS, Host AV Application Whitelisting NAC Monitoring Host & Network IDS Port & Vulner. Scanning Management IDS IPS DMZ VPN AV NAC Intrusion Detection System Intrusion Prevention System DeMilitarized Zone Virtual Private Network Anti-Virus (anti-malware) Network Access Control
33 A More Complete List Firewalls SPAM filters Pop-up Blockers Protocol Filters Virus Scanning (Is it dead? No!) Server, Desktop, Laptop, Tablets, other Intrusion Detection Systems Intrusion Prevention Systems Network Monitoring Data Encryption Remote Connection Gateway/Monitoring Updates/Patching/Service Packs/IOS Upgrades Training Cyber Insurance?
34 50,000 Foot View Internet IT Stuff Enterprise Network IDS FW VPN FW Proxy AV IPS Host IPS Host AV Control Network Host IDS Host AV Scan FW IPS Partner Site VPN IDS FW Field Site AV Field Site Scan Field Site
35 Cyber Security Assessments on ICS Various groups perform security assessments and penetration tests on ICS (generally under NDA) They always get in Not a question of if, but how long Types include white-box, grey-box and black-box penetration tests
36 Defending Utility Networks Separate control network from enterprise network Harden perimeter connection to enterprise network Protect all points of entry with strong authentication Make reconnaissance difficult from outside Harden interior of control network Make reconnaissance difficult from inside Limit single points of vulnerability Frustrate opportunities to expand a compromise Harden field sites and partner connections Monitor security events from perimeters and inside Monitor server and network behavior Periodically scan for changes in security posture
37 Control DMZ Architecture Enterprise Network has typical business systems , web, office apps, etc. Control DMZ provides business connectivity Contains only non-critical systems that provide connectivity between Control and Enterprise Networks Enforces separation between Enterprise and Control Networks May consist of multiple functional zones Separated by Firewall, IPS, Anti-Virus, etc. Control Network demarcates critical control systems May consist of multiple functional zones Internally protected by Firewall, IDS, Anti-Virus, etc
38 Control DMZ Design Principles Multiple functional security zones Traffic between zones undergoes firewall & IPS Only path in/out of Control Network Default deny for all firewall interfaces No/Minimal direct traffic across DMZ No common ports between outside & inside No control traffic to outside Highly limited outbound traffic No connections initiated from DMZ into Control Emergency disconnect at inside or outside No network management from outside
39 Field Site Protection Site-to-site VPN or SCADA VPN to field sites Firewall at both control center and field sites For IP-enabled sites with LANS IDS at field sites network access control at field sites port scanning server monitoring network monitoring
40 Anatomy of an Attack on an ICS - Confidential -
41 Threat Model Targeted and untargeted threats Targeted: human, specifically crafted worm/virus, botnet Untargeted: generic worm/virus, script kiddy Assume adversary has: Complete knowledge of network Beachhead in enterprise network Limited access to control network Limited physical access to field equipment
42 Anatomy of an Attack 1st Phase PLC PLC Engineering Workstation Management Console HMI Initiated by Phishing, Spear-phishing or BF attack RTU SCADA Control System Network Data Historian Server Web Server Communication Pool Vendor Web Server Enterprise Firewall Web Server Firewall Enterprise Network Internet Business Workstation Database Server Domain Name Server (DNS) Attacker
43 Anatomy of an Attack 2nd Phase PLC PLC Engineering Workstation Management Console HMI RTU SCADA Control System Network Data Historian Server Web Server Communication Pool Vendor Web Server Enterprise Firewall Web Server Firewall Enterprise Network Internet Business Workstation Database Server Domain Name Server (DNS) Attacker
44 Anatomy of an Attack 2nd Phase (Alt.) PLC PLC Engineering Workstation Management Console HMI Initiated by Flash Drive, Infected laptop, Internet D/L RTU SCADA Control System Network Data Historian Server Web Server Communication Pool Vendor Web Server Enterprise Firewall Web Server Firewall Enterprise Network Internet Business Workstation Database Server Domain Name Server (DNS) Attacker
45 Anatomy of an Attack 3rd Phase PLC PLC Engineering Workstation Management Console HMI RTU SCADA Control System Network Data Historian Server Web Server Communication Pool Vendor Web Server enterprise Firewall Web Server Firewall Enterprise Network Internet Business Workstation Database Server Domain Name Server (DNS) Attacker
46 Anatomy of an Attack 4th Phase PLC PLC Engineering Workstation Management Console HMI RTU SCADA Control System Network Data Historian Server Web Server Communication Pool Vendor Web Server enterprise Firewall Web Server Firewall Enterprise Network Internet Business Workstation Database Server Domain Name Server (DNS) Attacker
47 Anatomy of an Attack 5th Phase PLC PLC Engineering Workstation Management Console HMI RTU FEP Control System Network Data Historian Server Web Server Communication Pool Vendor Web Server enterprise Firewall Web Server Firewall Enterprise Network Internet Business Workstation Database Server Domain Name Server (DNS) Attacker
48 Anatomy of an Attack 5th Phase (Alt.) PLC PLC Engineering Workstation Management Console HMI Initiated by Flash Drive, Infected laptop, Internet D/L on Control Network RTU SCADA Control System Network Data Historian Server Web Server Communication Pool Vendor Web Server enterprise Firewall Web Server Firewall Enterprise Network Internet Business Workstation Database Server Domain Name Server (DNS) Attacker
49 Anatomy of an Attack 6th Phase PLC PLC RTU SCADA Engineering Workstation Control System Network Management Console HMI Data Historian Server Web Server Communication Pool Vendor Web Server enterprise Firewall Web Server Firewall Enterprise Network Internet Business Workstation Database Server Domain Name Server (DNS) Attacker
50 Anatomy of an Attack 7th Phase PLC PLC Engineering Workstation Management Console HMI RTU SCADA Control System Network Data Historian Server Web Server Communication Pool Vendor Web Server enterprise Firewall Web Server Firewall Enterprise Network Internet Business Workstation Database Server Domain Name Server (DNS) Attacker
51 Anatomy of an Attack 8th Phase PLC PLC Engineering Workstation Management Console HMI RTU SCADA Control System Network Data Historian Server Web Server Communication Pool Vendor Web Server enterprise Firewall Web Server Firewall Enterprise Network Internet Business Workstation Database Server Domain Name Server (DNS) Command and Control
52 Case Study #1-52 -
53 Case Study #2-53 -
54 Case Study #3-54 -
55 - 55 -
Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationSecuring the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.
Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationRIPE RIPE-17. Table of Contents. The Langner Group. Washington Hamburg Munich
RIPE RIPE-17 Table of Contents The Langner Group Washington Hamburg Munich RIPE Operations Technology Management Plan (MP-17) 0.1 Purpose... 4 0.2 Process Overview... 4 0.3 Implementation Scope... 5 0.4
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationPractical SCADA Cyber Security Lifecycle Steps
Practical SCADA Cyber Security Lifecycle Steps Standards Certification Jim McGlone CMO, Kenexis Education & Training Publishing Conferences & Exhibits Bio Jim McGlone, CMO, Kenexis GICSP ISA Safety & Security
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationCyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security
Cyber Security Presented by Brian Bostwick OSIsoft Market Principal for Cyber Security Cyber Security Trauma in the News Saudi Aramco Restores Network After Shamoon Malware Attack Hacktivist-launched virus
More informationMethods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment
S&L Logo Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment Date: October 24, 2017 Authors/Presenters: J. Matt Cole, PE
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationCyber Security of Industrial Control Systems (ICSs)
Cyber Security of Industrial Control Systems (ICSs) February 23, 2016 Joe Weiss PE, CISM, CRISC, ISA Fellow Managing Partner Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Applied
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationSANS SCADA and Process Control Europe Rome 2011
SANS SCADA and Process Control Europe Rome 2011 Ian Buffey Director International Services Industrial Defender ibuffey@industrialdefender.com A Holistic Approach Planning, training and governance Cybersecurity
More informationDigital Wind Cyber Security from GE Renewable Energy
Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well
More informationChapter 4. Network Security. Part I
Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid
More informationCyber Resilience Solution for Smart Buildings
Cyber Resilience Solution for Smart Buildings Integrated IT/OT Security Oren Aspir, Cyberbit, CTO 2017 by CYBERBIT 2017 by CYBERBIT Proprietary CYBERBIT Proprietary Buildings getting smarter IT systems
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationPotential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group Submitted on behalf of the U.S. Department of Energy National
More informationSubmitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group (CSSWG) Submitted on behalf of the DOE National SCADA Test
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationCyber security for digital substations. IEC Europe Conference 2017
Cyber security for digital substations IEC 61850 Europe Conference 2017 Unrestricted Siemens 2017 siemens.com/gridsecurity Substation Digitalization process From security via simplicity 1st generation:
More informationHow Can I Reduce Vulnerability to Cyber Attacks? V2.2
How Can I Reduce Vulnerability to Cyber Attacks? V2.2 System Technical Note Cybersecurity Recommendations Design your architecture Important Information Notice People responsible for the application, implementation
More informationTop 10 ICS Cybersecurity Problems Observed in Critical Infrastructure
SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical
More informationConnectivity 101 for Remote Monitoring Systems
Connectivity 101 for Remote Monitoring Systems Paul Wacker Moxa, Inc. Manager - Edge Connectivity Ariana Drivdahl Moxa, Inc. Product Marketing Manager Pain Points of Remote Monitoring Pressure to enhance
More informationIE156: ICS410: ICS/SCADA Security Essentials
IE156: ICS410: ICS/SCADA Security Essentials IE156 Rev.001 CMCT COURSE OUTLINE Page 1 of 6 Training Description: In this five-day intensive training, participants will develop and reinforce a common language
More informationSecuring the North American Electric Grid
SESSION ID: TECH-R02 Securing the North American Electric Grid Marcus H. Sachs, P.E. SVP and CSO North American Electric Reliability Corporation @MarcusSachs Critical Infrastructure s Common Denominator
More informationSecure Access & SWIFT Customer Security Controls Framework
Secure Access & SWIFT Customer Security Controls Framework SWIFT Financial Messaging Services SWIFT is the world s leading provider of secure financial messaging services. Their services are used and trusted
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationProcess System Security. Process System Security
Roel C. Mulder Business Consultant Emerson Process Management Sophistication of hacker tools, May 2006, Slide 2 Risk Assessment A system risk assessment is required to determine security level Security
More informationN-Dimension n-platform 340S Unified Threat Management System
N-Dimension n-platform 340S Unified Threat Management System Firewall Router Site-to-Site VPN Remote-Access VPN Serial SCADA VPN Proxy Anti-virus SCADA IDS Port Scanner Vulnerability Scanner System & Service
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationAn Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)
An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationTestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified
TestOut Network Pro - English 4.1.x COURSE OUTLINE Modified 2017-07-06 TestOut Network Pro Outline - English 4.1.x Videos: 141 (18:42:14) Demonstrations: 81 (10:38:59) Simulations: 92 Fact Sheets: 145
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationCompTIA E2C Security+ (2008 Edition) Exam Exam.
CompTIA JK0-015 CompTIA E2C Security+ (2008 Edition) Exam Exam TYPE: DEMO http://www.examskey.com/jk0-015.html Examskey CompTIA JK0-015 exam demo product is here for you to test the quality of the product.
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationUsing ANSI/ISA-99 Standards to Improve Control System Security
Tofino Security White Paper Version 1.1 Published May 2012 Using ANSI/ISA-99 Standards to Improve Control System Security Contents 1. Executive Summary... 1 2. Why the Push for Productivity has degraded
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationFIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?
WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take
More informationSecuring Plant Operation The Important Steps
Stevens Point, WI Securing Plant Operation The Important Steps September 24, 2012 Slide 1 Purpose of this Presentation During this presentation, we will introduce the subject of securing your control system
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationCoreMax Consulting s Cyber Security Roadmap
CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows
More informationWhy Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG
Why Should You Care About Control System Cybersecurity Tim Conway ICS.SANS.ORG Events Example #1 Dec 23, 2015 Cyber attacks impacting Ukrainian Power Grid Targeted, synchronized, & multi faceted Three
More informationFirewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationCyber Security of Industrial Control Systems and Potential Impacts on Nuclear Power Plants
Cyber Security of Industrial Control Systems and Potential Impacts on Nuclear Power Plants IEEE NPEC April 18, 2006 Joe Weiss, PE, CISM KEMA, Inc. Joe.weiss@kema.com (408) 253-7934 2 Why are we here? Ostensibly:
More informationCybersecurity. Good Practices Guide. HA Issue 1 July 2017
Cybersecurity Good Practices Guide HA032968 Issue 1 July 2017 2017 All rights are strictly reserved. No part of this document may be reproduced, modified, or transmitted in any form by any means, nor may
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationThe Information Age has brought enormous
Cyber threat to ships real but manageable KAI hansen, akilur rahman If hackers can cause laptop problems and access online bank accounts or credit card information, imagine the havoc they can wreak on
More informationCompTIA Security+(2008 Edition) Exam
http://www.51- pass.com Exam : SY0-201 Title : CompTIA Security+(2008 Edition) Exam Version : Demo 1 / 7 1.An administrator is explaining the conditions under which penetration testing is preferred over
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationINDUSTRIAL NETWORK RESILIENCE. Davide Crispino Salvatore Brandonisio
INDUSTRIAL NETWORK RESILIENCE Davide Crispino Salvatore Brandonisio Cyber Attacks: A risk among the most feared At the World Economic Forum 2016: «Cyber Attacks are considered to be one of the highest
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE
ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our
More informationAddressing Cyber Threats in Power Generation and Distribution
Addressing Cyber Threats in Power Generation and Distribution VEO, Asko Tuomela o Bachelor of Science in Electrical Power Engineering o Over 6 years experience in power projects, PLCs and supervision systems
More informationCampus Network Design
Design Principles Campus Network Design 2003, Cisco Systems, Inc. All rights reserved. 2-1 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0 2-2 Design Principles Task in Network Design Plan phase
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More informationTestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified
TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:
More informationT22 - Industrial Control System Security
T22 - Industrial Control System Security PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 Holistic Approach A secure application depends on multiple layers of protection and industrial
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationWHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution
WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. We have been
More informationWho Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom
WEAT Webinar Who Goes There? Access Control in Water/Wastewater Siemens AG 2018. siemens.com/ruggedcom ACCESS CONTROL WEBINAR TABLE OF CONTENTS TOPIC Why Access Control? Risks If Not Used Factors of Authentication
More informationIntroducing the 9202-ETS MTL Tofino industrial Ethernet security appliance
Introducing the 9202-ETS MTL Tofino industrial Ethernet security appliance HAKIM- Sales Engineer 1 Cybersecurity of valuable assets and processes in a wide range of industry verticals, such as: Oil & Gas
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationCompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ]
s@lm@n CompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ] Topic break down Topic No. of Questions Topic 1: Volume A 117 Topic 2: Volume B 122 Topic
More informationHow CyberArk can help mitigate security vulnerabilities in Industrial Control Systems
How CyberArk can help mitigate security vulnerabilities in Industrial Control Systems Table of Contents Introduction 3 Industrial Control Systems Security Vulnerabilities 3 Prolific Use of Administrative
More informationFunctional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK
Functional Safety and Cyber Security Pete Brown Safety & Security Officer PI-UK Setting the Scene 2 Functional Safety requires Security Consider just Cyber Security for FS Therefore Industrial Control
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860/1660/2560/2560G) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content
More informationSecurity Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management
Seven Habits of Cyber Security for SMEs Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management Security Policy is an important
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 20: Intrusion Prevention Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Firewalls purpose types locations Network perimeter
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationFuture-ready security for small and mid-size enterprises
First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,
More informationWeb Security. Outline
Security CS 161/194-1 Anthony D. Joseph November 21, 2005 s Outline Static and Dynamic Content Firewall review Adding a DMZ Secure Topologies 2 1 Polls How many people have set up a personal web server?
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More informationSECURE DATA EXCHANGE
POLICY-DRIVEN SOLUTIONS FOR SECURE DATA EXCHANGE Sending and receiving data is a fundamental part of daily business for nearly every organization. Companies need to share financial transaction details,
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationA Strategic Approach to Industrial CyberSecurity. Kaspersky Industrial CyberSecurity
A Strategic Approach to Industrial Cyber Kaspersky Industrial Cyber 2015 Do industrial control networks need protection from cyberattacks? It s a question that, just a few years ago, was unlikely to feature
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationIndustrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets
Industrial Cyber Security ICS SHIELD Top-down security for multi-vendor OT assets OT SECURITY NEED Industrial organizations are increasingly integrating their OT and IT infrastructures. The huge benefits
More informationQuestion 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:
Cybercrime Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Organizations can prevent cybercrime from occurring through the proper use of personnel, resources,
More informationCyber Security for Process Control Systems ABB's view
Kaspersky ICS Cybersecurity 2017, 2017-09-28 Cyber Security for Process Control Systems ABB's view Tomas Lindström, Cyber Security Manager, ABB Control Technologies Agenda Cyber security for process control
More information