Firewalls (IDS and IPS) MIS 5214 Week 6
|
|
- Edmund Jared Johns
- 5 years ago
- Views:
Transcription
1 Firewalls (IDS and IPS) MIS 5214 Week 6
2 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part 1 Build an IT Architecture In-class exercise Part 2 Add security Architecture Next-week Midterm Exam
3 What is implied by this model of security?
4 What is implied with this architectural model?
5 Early computer architecture of automated control systems separated Corporate and Control Domains Critical infrastructure systems supporting major industries are dependent on information systems for command and control Manufacturing, Transportation, Energy, Water/Wastewater Highly dependent on disparate legacy proprietary control systems which were up until recently isolated from corporate information systems Control system security used to mean locating and identifying problems in a closed-loop system
6 LAN 1 connected via layer 2 switch PBX LAN 2 connected via layer 2 switch PBX HMI = Human Machine Interface CS = Control System PBX = Private Branch Exchange telephone system switches between users on local lines while allowing users to use a fixed # of external phone lines RTU = Remote Terminal Unit is a computer controlled device that connects physical machines to distributed control systems PLC = Programmable Logic Controller IED = Intelligent End device
7 Security based on Isolation from the Internet Air Gap between control system LAN and corporate LAN Security by Obscurity Few, if any, understood the architecture or operation of the resources on the controls systems Local Area Network (LAN) Works well for environments that have no external connections Allows organization to focus on physical security
8 Total isolation from the untrusted external network resulted in reduced need for communications security Only threats to operations were physical access to a facility or plant floor Most data communication in isolated information infrastructure required limited authorization and security oversight Operational commands, instructions and data acquisition occurred in a closed environment where all communications were trusted If a command or instruction was sent via the network it was expected to arrive and perform the authorized function as only authorized operators had access to the system Control Systems Cyber Security: Defense in Depth Strategies, Prepared by Idaho National Laboratory s Control Systems Security Center, for U.S. Department of Homeland Security, External Report# INL/EXT , May 2006
9 Year ~2000 isolated control system networks began being interconnected to corporate networks with simple routers and switches Router is a networking device that forwards data packets between computer networks Routers perform the traffic directing functions on the Internet A data packet is typically forwarded from one router to another router through the networks that constitute the internetwork until it reaches its destination node
10 Many previously isolated control system networks have been interconnected as part of an IT modernization process of web-ification Introducing IT components into the control system domain continues to result in security problems: No business case for cyber security in control system environments Increased dependency on automation of control systems Use of technologies with known vulnerabilities Considerable amount of open source information available on control system configurations and operations Control system communication protocols are absent of security functionality Control system technologies have limited security, and if they do vendor supplied security capabilities often enabled if the administrator is aware of the capability
11 Over the past 2 decades IT architectures that separated corporate and control domains began evolving Legacy control systems being replaced with modern open architecture standards and common communication protocols Positive impacts Efficient communications, robust data storage and exchange, increased interoperability and control of infrastructure systems, quicker time to market, predictive analytics Negative impacts Same technologies exploited and compromised in the Internet and IT networks
12 Example threat surface for vulnerability to database compromise from SQL Injection
13 Risk of Multilayer protocols Distributed Network Protocol 3 (DNP3) communications protocol for SCADA systems used by water and power utilities Not all protocols fit nicely within OSI model layers. Especially in case of devices on networks that were never intended to interoperate with the Internet Likely lack robust security features for protecting CIA of data they communicate Previously isolated devices and networks increasingly connected to unanticipated threats December 2015 attackers cut power to utilities supervisory control and data acquisition (SCADA) systems creating first known cyberattack created blackout impacting 80,000 homes in Ukraine DNP3 created before networking was a consideration, instead of OSI s 7 layer model developers used Enhanced Performance Architecture (EPA) that approximated OSI layers: 7 (app), 4 (transport) & 2 (data link) with no encryption or authentication. No Intrusion Protection Systems, no Intrusion Detection Systems able to understand connections between DNP3 and IP networks and identify DNP3 attacks!
14 Defense in Depth through Network Segmentation to create Security Domains IT network infrastructure domains are sets of logical (and physical) resources available to a subject A subject can be a user, a process, an application Security domains build on this concept and add the following requirement: Resources within each domain are working under the same security policy and managed by the same group Different domains are separated by logical boundaries created by components that enforce security policy for each domain Such as firewalls with ACLs, directory services making access decisions, and objects have their own ACLs indicating which individuals and groups can access and run operations/processes on them
15 Zone 1: External connectivity to the Internet, peer locations, and backup facilities Zone 2: External connectivity for corporate communications Zone 3: Control systems communications from external services Zone 4: Control systems operations process based or SCADA
16 Attack scenarios are studied and suggest Intrusion begins at some point outside the control zone, and attacker pries deeper and deeper into the architecture Securing each core zone creates a defensive strategy with depth Offering administrators more opportunities for information and control of resources Introduces cascading countermeasures that will not necessarily impede business functionality Control Systems Cyber Security: Defense in Depth Strategies, Prepared by Idaho National Laboratory s Control Systems Security Center, for U.S. Department of Homeland Security, External Report# INL/EXT , May 2006
17 Firewalls DMZ deployments Control Systems Cyber Security: Defense in Depth Strategies, Prepared by Idaho National Laboratory s Control Systems Security Center, for U.S. Department of Homeland Security, External Report# INL/EXT , May 2006
18
19 Where to put firewalls in N-Tier systems
20 In-class exercise part 2 Break your Team into smaller groups of 2 or 3: Using CSET s Diagram Tool draw a logical network diagram that Identifies technical infrastructure needed by a 30 person consulting firm to provide services developing and maintaining mission-based and service delivery information systems for a government agency See NIST Special Publication Volume 1 Guide for Mapping Types of Information Systems to Security Categories Using appropriate network symbols and annotation in your architectural diagram, include: Information System Servers: e.g. Web, Application, Database, File, Groups of desktop/laptop computers illustrating organized within LANS of organizational units Security domain areas (based in-part on security categorizations) NIST Special Publication Volume 2 Guide for Mapping Types of Information Systems to Security Categories: Appendices Appropriately placed switches, routers, firewalls, Intrusion Detection System(s) and/or Intrusion Protection Systems: Label the firewalls and IDSs to indicate the type of firewall technology and the type of IDS technology you placed in each location of your diagram Where the interconnection(s) to the Internet is and to your: clients, sub-contractors and remote staff accessing your organization s various IT system resources via the Internet The level of detail is your diagram should be one at which you would feel comfortable explaining to a group of high level executives There is no single right answer: The purpose of this exercise is to get you thinking about security architecture and to get you comfortable with documenting your ideas with diagrams
21 Preparation for Mid Term Emphasis on terminology and concepts Study lecture slides and notes Readings Textbook assigned chapters (look at practice questions in textbook) Other readings (e.g. NIST and FIPS documents) as covered/discussed in class lectures Practice quizzes See additional material: MIS5214_StudyMaterials_Firewalls-IDS-IPS.pdf in Wrap Up of this lecture Subjects covered: 1. Threat environment 2. Planning and policy 3. Cryptography 4. Secure Networks (and Module A: Networking Concepts) 5. Firewalls
WHITE PAPER. Vericlave The Kemuri Water Company Hack
WHITE PAPER Vericlave The Kemuri Water Company Hack INTRODUCTION This case study analyzes the findings of Verizon Security Solutions security assessment of the Kemuri Water Company security breach. The
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationTop 10 ICS Cybersecurity Problems Observed in Critical Infrastructure
SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical
More informationIntroduction to ICS Security
Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal 2018 Critical
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationSecuring the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.
Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationNSTB Assessments Summary Report: Common Industrial Control System Cyber Security Weaknesses
INL/EXT-10-18381 NSTB Assessments Summary Report: Common Industrial Control System Cyber Security Weaknesses May 2010 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy
More informationJeff Dagle. P.O. Box 999, M/S K5-20; Richland WA ; Fax: ;
SCADA: A Deeper Look Jeff Dagle Pacific Northwest t National Laboratory P.O. Box 999, M/S K5-20; Richland WA 99352 509-375-3629; Fax: 509-375-3614; jeff.dagle@pnl.gov gov Outline Vendors Protocols DNP3.0ProtocolExample
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationDetection and Analysis of Threats to the Energy Sector (DATES)
Detection and Analysis of Threats to the Energy Sector (DATES) Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein
More informationWho Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom
WEAT Webinar Who Goes There? Access Control in Water/Wastewater Siemens AG 2018. siemens.com/ruggedcom ACCESS CONTROL WEBINAR TABLE OF CONTENTS TOPIC Why Access Control? Risks If Not Used Factors of Authentication
More informationIndustrial Network Trends & Technologies
Industrial Network Trends & Technologies EtherNet/IP on the Plant Floor PUBLIC INFORMATION 5058-CO900F IHS Technology Industrial Internet of Things 2014, April 2014 PUBLIC INFORMATION Forecasts tremendous
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationAddressing Cyber Threats in Power Generation and Distribution
Addressing Cyber Threats in Power Generation and Distribution VEO, Asko Tuomela o Bachelor of Science in Electrical Power Engineering o Over 6 years experience in power projects, PLCs and supervision systems
More informationHow CyberArk can help mitigate security vulnerabilities in Industrial Control Systems
How CyberArk can help mitigate security vulnerabilities in Industrial Control Systems Table of Contents Introduction 3 Industrial Control Systems Security Vulnerabilities 3 Prolific Use of Administrative
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationMission Critical MPLS in Utilities
Mission Critical MPLS in Utilities The Technology to Support Evolving Networks Application Note February 2017 Mission Critical MPLS in Utilities The Technology to Support Evolving Networks Abstract This
More informationMethods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment
S&L Logo Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment Date: October 24, 2017 Authors/Presenters: J. Matt Cole, PE
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationNo compromises for secure SCADA Communications even over 3rd Party Networks
No compromises for secure SCADA Communications even over 3rd Party Networks The Gamble of Using ISP Private Networks How to Stack the Odds in Your Favor Standards Certification Education & Training Publishing
More informationToward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania
Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania Outline What is SCADA? SCADA Vulnerabilities What is Intrusion Tolerance? Prime PvBrowser Our
More informationAn Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)
An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University
More informationSecuring the Network: Understanding CIA, Segmentation, and Zero Trust. Jacek Szamrej VP of Cybersecurity SEDC
Securing the Network: Understanding CIA, Segmentation, and Zero Trust Jacek Szamrej VP of Cybersecurity SEDC Jacek Szamrej VP of Cybersecurity SEDC C? A I What are we protecting? Confidentiality DATA Availability
More informationBeOn Security Cybersecurity for Critical Communications Systems
WHITEPAPER BeOn Security Cybersecurity for Critical Communications Systems Peter Monnes System Design Engineer Harris Corporation harris.com #harriscorp TABLE OF CONTENTS BeOn Security... 3 Summary...
More informationSystem Wide Awareness Training. your cyber vulnerabilities. your critical control systems
Standards Certification Education & Training Publishing Conferences & Exhibits your cyber vulnerabilities your critical control systems Early- Bird Discount Save $250 when you register by 15 December!
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationBridging The Gap Between Industry And Academia
Bridging The Gap Between Industry And Academia 14 th Annual Security & Compliance Summit Anaheim, CA Dilhan N Rodrigo Managing Director-Smart Grid Information Trust Institute/CREDC University of Illinois
More informationPT Unified Application Security Enforcement. ptsecurity.com
PT Unified Application Security Enforcement ptsecurity.com Positive Technologies: Ongoing research for the best solutions Penetration Testing ICS/SCADA Security Assessment Over 700 employees globally Over
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationProtecting productivity with Industrial Security Services
Protecting productivity with Industrial Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. usa.siemens.com/industrialsecurityservices
More informationSubmitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group (CSSWG) Submitted on behalf of the DOE National SCADA Test
More informationRisk-Based Cyber Security for the 21 st Century
Risk-Based Cyber Security for the 21 st Century 7 th Securing the E-Campus Dartmouth College July 16, 2013 Dr. Ron Ross Computer Security Division Information Technology Laboratory NATIONAL INSTITUTE OF
More informationIE156: ICS410: ICS/SCADA Security Essentials
IE156: ICS410: ICS/SCADA Security Essentials IE156 Rev.001 CMCT COURSE OUTLINE Page 1 of 6 Training Description: In this five-day intensive training, participants will develop and reinforce a common language
More informationSANS SCADA and Process Control Europe Rome 2011
SANS SCADA and Process Control Europe Rome 2011 Ian Buffey Director International Services Industrial Defender ibuffey@industrialdefender.com A Holistic Approach Planning, training and governance Cybersecurity
More informationWhy Security Fails in Federated Systems
Why Security Fails in Federated Systems Dr. Clifford Neuman, Director USC Center for Computer Systems Security Information Sciences Institute University of Southern California CSSE Research Review University
More informationProcess System Security. Process System Security
Roel C. Mulder Business Consultant Emerson Process Management Sophistication of hacker tools, May 2006, Slide 2 Risk Assessment A system risk assessment is required to determine security level Security
More informationIdentity-Based Cyber Defense. March 2017
Identity-Based Cyber Defense March 2017 Attackers Continue to Have Success Current security products are necessary but not sufficient Assumption is you are or will be breached Focus on monitoring, detecting
More informationBest Practices in ICS Security for System Operators
Best Practices in ICS Security for System Operators Introduction Industrial automation and control systems have become increasingly connected to internal and external networks. This exposure has resulted
More informationGuide to Network Defense and Countermeasures Second Edition. Chapter 2 Security Policy Design: Risk Analysis
Guide to Network Defense and Countermeasures Second Edition Chapter 2 Security Policy Design: Risk Analysis Objectives Explain the fundamental concepts of risk analysis Describe different approaches to
More informationInstructor: Eric Rettke Phone: (every few days)
Instructor: Eric Rettke Phone: 818 364-7775 email: rettkeeg@lamission.edu (every few days) Fall 2016 Computer Science 411 - Principles of Cyber Security 1 Please keep a copy of the syllabus handy for the
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationAchieving a Secure and Resilient Cyber Ecosystem: A Way Ahead
Achieving a Secure and Resilient Cyber Ecosystem: A Way Ahead January 2016 Continuing to strengthen the security and resilience of our nation s critical infrastructure in partnership with you Our Responsibilities
More informationProtecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012
Protecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012 Paul Kalv Electric Director, Chief Smart Grid Systems Architect, City of Leesburg Doug Westlund CEO,
More informationConnectivity 101 for Remote Monitoring Systems
Connectivity 101 for Remote Monitoring Systems Paul Wacker Moxa, Inc. Manager - Edge Connectivity Ariana Drivdahl Moxa, Inc. Product Marketing Manager Pain Points of Remote Monitoring Pressure to enhance
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationNewer Developments in Firewall Technology. The International Organization for Standardization s Open Systems Interconnect
January 2002 GUIDELINES ON FIREWALLS AND FIREWALL POLICY By John Wack, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology This ITL Bulletin discusses
More informationImproving SCADA System Security
Improving SCADA System Security NPCC 2004 General Meeting Robert W. Hoffman Manager, Cyber Security Research Department Infrastructure Assurance and Defense Systems National Security Division, INEEL September
More informationPotential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group Submitted on behalf of the U.S. Department of Energy National
More informationCybersecurity Training
Standards Certification Education & Training Publishing Conferences & Exhibits Cybersecurity Training Safeguarding industrial automation and control systems www.isa.org/cybetrn Expert-led training with
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Boundary Network Boundary Protection is the Capability to protect and control access to Enterprise resources
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationCCNA Cybersecurity Operations 1.1 Scope and Sequence
CCNA Cybersecurity Operations 1.1 Scope and Sequence Last updated June 18, 2018 Introduction Today's organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationCCNA Cybersecurity Operations. Program Overview
Table of Contents 1. Introduction 2. Target Audience 3. Prerequisites 4. Target Certification 5. Curriculum Description 6. Curriculum Objectives 7. Virtual Machine Requirements 8. Course Outline 9. System
More informationCASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)
CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001) Gregg, Michael ISBN-13: 9781118083192 Table of Contents Foreword xxi Introduction xxvii Assessment Test xliv Chapter 1 Cryptographic
More informationRequired Textbook and Materials. Course Objectives. Course Outline
Information Technology Security (ITSY 1342) Credit: 3 semester credit hours (2 hours lecture, 4 hours lab) Prerequisite/Co-requisite: None Course Description Instruction in security for network hardware,
More informationDigital Wind Cyber Security from GE Renewable Energy
Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationCOMPUTER SECURITY DESIGN METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS
NUCLEAR REGULATORY AUTHORITY, GHANA COMPUTER SECURITY DESIGN METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS Nelson K. Agbemava ICT and Computer Security Section Head Instrumentation & ICT
More informationAUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID
AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID Sherif Abdelwahed Department of Electrical and Computer Engineering Mississippi State University Autonomic Security Management Modern
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationEnterasys 2B Enterasys Certified Internetworking Engineer(ECIE)
Enterasys 2B0-104 Enterasys Certified Internetworking Engineer(ECIE) http://killexams.com/exam-detail/2b0-104 QUESTION: 62 As defined in NetSight Policy Managers demo.pmd file, the Application Provisioning
More informationCyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security
Cyber Security Presented by Brian Bostwick OSIsoft Market Principal for Cyber Security Cyber Security Trauma in the News Saudi Aramco Restores Network After Shamoon Malware Attack Hacktivist-launched virus
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationThe Importance of Cybersecurity Threat Detection for Utilities
The Importance of Cybersecurity Threat Detection for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationThe Future of Industrial Control Systems Security
The Future of Industrial Control Systems Security Amir Samoiloff, CEO, Siga Security Ilan Gendelman, CTO, Siga Security www.sigasec.com The Importance of Operating Technology Systems Modern life relies
More informationUniversity of San Francisco Course Syllabus and Outline
College of Professional Studies BSIS 340 Business Data Networks and Telecommunications University of San Francisco Fall Semester 2008 Robert C. Hughes, M.S. Email: rchughes3@usfca.edu Enrolled Student
More informationCyber security for digital substations. IEC Europe Conference 2017
Cyber security for digital substations IEC 61850 Europe Conference 2017 Unrestricted Siemens 2017 siemens.com/gridsecurity Substation Digitalization process From security via simplicity 1st generation:
More informationCyber Security of Industrial Control Systems (ICSs)
Cyber Security of Industrial Control Systems (ICSs) February 23, 2016 Joe Weiss PE, CISM, CRISC, ISA Fellow Managing Partner Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Applied
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationIntroduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras
Introduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture - 17 Now, let us talk about the spheres of security
More informationData Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users
Data Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users Standards Certification Education & Training Publishing Conferences &
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationTARGET, PROTECT. your cyber vulnerabilities
Standards Certification Education & Training Publishing Conferences & Exhibits TARGET, PROTECT New from ISA! your cyber vulnerabilities your critical control systems System Wide Awareness Training Industrial
More informationCritical Infrastructure
Critical Infrastructure 1 Critical Infrastructure Can be defined as any facility, system, or function which provides the foundation for national security, governance, economic vitality, reputation, and
More information*NSTAC Report to the President on the Internet of Things.
North Carolina Highway Signs Compromised By a Foreign Hacker* Penetration of a Water Treatment Facility by a Foreign Hacker* *NSTAC Report to the President on the Internet of Things. www.dhs.gov/sites/default/files/publications/
More informationThe New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments
The New Normal Unique Challenges When Monitoring Hybrid Cloud Environments The Evolving Cybersecurity Landscape Every day, the cybersecurity landscape is expanding around us. Each new device connected
More informationCritical Infrastructure Protection for the Energy Industries. Building Identity Into the Network
Critical Infrastructure Protection for the Energy Industries Building Identity Into the Network Executive Summary Organizations in the oil, gas, and power industries are under increasing pressure to implement
More informationForecast to Industry Program Executive Office Mission Assurance/NetOps
Defense Information Systems Agency A Combat Support Agency Forecast to Industry Program Executive Office Mission Assurance/NetOps Mark Orndorff Director, PEO MA/NetOps 29 July 2010 What We Do We develop,
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationTrends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk
Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk Standards Certification Education & Training Publishing Conferences & Exhibits Steve Liebrecht W/WW Industry
More informationCyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies
Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies lwihl@scalable-networks.com 2 The Need OT security particularly in the
More informationSecurity protection to industrial control system based on Defense-in-Depth strategy
Security protection to industrial control system based on Defense-in-Depth strategy X. Luo The College of Mechatronics and Information Engineering, Shanghai Lida Polytechnic Institute, China Abstract In
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationPROTECTING MANUFACTURING and UTILITIES Industrial Control Systems
PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems Mati Epstein Global Sales Lead, Critical Infrastructure and ICS [Internal Use] for Check Point employees 1 Industrial Control Systems (ICS)/SCADA
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationSecurity Considerations for Cloud Readiness
Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution
More informationSummary of Cyber Security Issues in the Electric Power Sector
Summary of Cyber Security Issues in the Electric Power Sector Jeff Dagle, PE Chief Electrical Engineer Energy Technology Development Group Pacific Northwest National Laboratory (509) 375-3629 jeff.dagle@pnl.gov
More informationCyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016
Cyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016 Agenda Overview What s new in PI Security Demo What s coming next Call to Action 2 Cyber Security is more of a Marathon than
More informationAwareness Technologies Systems Security. PHONE: (888)
Awareness Technologies Systems Security Physical Facility Specifications At Awareness Technologies, the security of our customers data is paramount. The following information from our provider Amazon Web
More informationVIKING. Vital Infrastructure, Networks, Information and Control Systems Management. A Research Project in the EU Seventh Framework Programme
VIKING Vital Infrastructure, Networks, Information and Control Systems Management A Research Project in the EU Seventh Framework Programme Mathias Ekstedt, PhD Industrial Information and Control Systems
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationExam: : VPN/Security. Ver :
Exam: Title : VPN/Security Ver : 03.20.04 QUESTION 1 A customer needs to connect smaller branch office locations to its central site and desires a more which solution should you recommend? A. V3PN solution
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More information