The Future of Industrial Control Systems Security

Transcription

1 The Future of Industrial Control Systems Security Amir Samoiloff, CEO, Siga Security Ilan Gendelman, CTO, Siga Security

2 The Importance of Operating Technology Systems Modern life relies on utilities, infrastructure and manufacturing The complexity of the systems that make modern life possible requires control and management using computerized systems OT SCADA ICS RTUs You name it

3 There is still insufficient implementation of cyber security solutions in OT systems IT OT

4 We thought we were safe: There is no real risk OT is not a target for attacks Stuxnet German steel mill Ukraine electricity And more only a small number of cyberattacks is being fully identified and published

5 We thought we were safe: There is no real risk OT systems cannot be reached from the internet

6 More than 6 years after Stuxnet Not enough installation of cyber security solutions in SCADA systems Not enough SCADA systems have sufficient protection (if any) Slow adoption rate of cyber solutions for SCADA Why?

7 Because it is difficult Industry is trying to migrate IT solutions to OT, but IT OT The assets Fundamental differences in architecture Long lifecycle -> Legacy High mixture of non-standardized protocols Risk averse ecosystem Safety as a major concern

8 IT OT??

9 The Assets In the IT world, data is the main asset OT s real assets are The process The product Real-World Expression

10 The Adversary The cyber attacker s Real-World Expression main goal is to reach and impact the assets Highly sophisticated (often government level) attackers Huge potential damage + High profile = High motivation

11 OT s Unique Architecture The OT Network: HMIs, Engineering Stations Bits and bytes PLCs Currents and voltage Inputs Actuators The Asset: Real-World Processes

12 SCADA s OT setup IT level OT level Uni-directional gateway between OT & IT s HMI Server Digital (1 s & 0 s) PLC / RTU End-device Analog (+ s & - s)

13 Today s IT-based cyber solutions monitor & analyze digital data received BEFORE the PLC IT level OT level Uni-directional gateway between OT & IT s Many HMI Server PLC / RTU Available security solutions: End-device Few

14 PLCs will always eventually be compromised Determined and sophisticated potential adversaries On going technical support Manufacturing attacks Extreme example of highly isolated environment vs. determined adversaries:

15 And when the PLC is circumvented or breached IT level OT level Uni-directional gateway between OT & IT s HMI Server Digital (1 s & 0 s) PLC / RTU End-device Analog (+ s & - s)

16 The result The OT Network: HMIs, Engineering Stations Bits and bytes PLCs: External Expression Complete Separation = Full isolation PLCs: Real Expression Currents and voltage Inputs Actuators The Asset: Real-World Processes

17 Requirements of future OT cyber solutions Designed for OT: Focus on securing critical assets Practical to install in OT environment Compatible with new and legacy systems Won t be a challenge for safety requirements

18 Few words about SIGA Anomaly detection for OT systems based on electrical signal monitoring and analysis using machine learning-based predictive analytics Proprietary solution focusing on endpoint device Does not interfere with operations Works with any legacy or new SCADA system Can t be circumvented or breached Standalone or complements other security solutions

19 How our data looks like in the real world Analyzed Identified * Data from a major Israeli water corporation

20 From low level signals directly to the control room Constant & unhacked data flow Predictive machine learning analysis

21 SIGA s concept and technology have been validated and demonstrated Robert Plana Innovation Officer Ronan Stéphan Chief Innovation Officer

22 Thank you Amir Samoiloff, Ilan Gendelman,