A Rising Tide: Design Exploits in Industrial Control Systems
|
|
- Philip Hill
- 6 years ago
- Views:
Transcription
1 A Rising Tide: Design Exploits in Industrial Control Systems Usenix WOOT 16 August 9, 2016 Marina Krotofil Alexander Bolshev; Jason Larsen; Reid Wightman
2 Who we are (alphabetically) 1 Alex Bolshev Jason Larsen Marina Krotofil Reid Wightman
3 Industrial Control System (ICS) 2 Physical application
4 Industrial Control System (ICS) 3 Physical application
5 Cyber-physical exploitation 4 Cyber-physical systems are IT systems embedded in an application in the physical world Interest of the attacker is in the physical world
6 Cyber-Physical Systems Exploiting Analog-to-Digital Converters (joint work with Alexander Bolshev) Black Hat Asia 2016
7 Industrial Control System vulnerabilities ICSA A: Siemens SIMATIC HMI Devices Vulnerabilities (Update A) ICSA : ABB AC500 PLC ICS-ALERT Webserver CoDeSys 01: Advantech EKI- Vulnerability 6340 Command Injection ICSA : Schneider Electric Telvent SAGE RTU DNP3 Improper Input Validation Vulnerability ICSA : Emerson AMS Device Manager SQL Injection Vulnerability 6 ICSA : Schneider Electric Vijeo Historian Web Server Multiple Vulnerabilities ICSA : Siemens SCALANCE X-200 Authentication Bypass Vulnerability ICSA : Yokogawa HART Device DTM Vulnerability Physical application
8 Here is the plant. What is the plan? 7
9 Cyber-Physical hacking Manipulate the process Prevent response Direct Indirect Operators Control system (including safety) Direct manipulation of actuators Deceiving controller/operator about process state Blind Mislead Modify operational/safety limits Blind about process state
10 Alarm propagation 9 Catalyst poisoning attack Alarm Alarm Safety shutdow n
11 Motivation: Design vulnerabilities 10 Implementation bugs: SQL-injections, buffer overflows, etc. Discovery relies heavily on automated tools Fixable by patching Design bugs/flaws: Baked into the design or architecture of soft- and hardware Often unique to specific circumstances Requires re-design of the system Works across multiple environments/platforms/equipment
12 Logical layers of ICS 11
13 Physical Layer Exploiting Analog-to-Digital Converters (joint work with Alexander Bolshev) Black Hat Asia 2016
14 Analog to Digital Converters (ADC) 13 Converts a continuous analog signal (voltage or amperage) to a digital number that represents signal's amplitude
15 Threat scenario 14 It is expected that the ADCs on all devices which consume the same analog signal will convert it into the same digital number But what if not?? HMI Control PLC Safety PLC/Logger/DAQ Analog control loop Analog control loop 0V (actuator is OFF) 1.5V (actuator is ON) Actuator
16 Experimental setup 15 HMI Panel Actuator (motor) Safety PLC (S7 1200) Control PLC (arduino) Analog control loop
17 Demo: Two devices, two different conversions 16 Analog control loop
18 Vulnerabilities 17 Sampling frequency (aliasing) Nyquist theorem: f s >= 2*f Dynamic range Signal clipping Distortions in neighboring channels Damage to the ADC
19 Timing diagram 18 Different sampling frequencies of the ADCs result in different output signals
20 Impact 19 Never trust your inputs! IT and OT has common problems In ICS input validation refers to data conten(x)t rather than to its formatting
21 Exploit the device hosting ADC 20 V 10 5 Time From the real life code: uint8_t val = readadc(0); // reading 8-bit ADC value with ranges 0V -15 V val = val 85; // Normalization -> 85 == 5 Volts (255/3) Any signal of less them 5 V (val < 85) will cause integer overflow in val
22 Mitigations 21 Buffer ADC with Low-Pass Filter (LPF) Good design dictates ADC f s >= LPF f c
23 LPFs in the Reference Design 22 ADC with f s > 470Hz LPF with f c near 15 khz
24 Mitigations 23 Hardware mitigations Buffer ADC with Low-Pass Filter (LPF) Good design dictates ADC f s >= LPF f c All ADCs consuming the same signal should have the same f c Software mitigations Adding randomness to sampling frequency Makes it hard for the attacker to predict S/H timings V 0 f s = f + rand( ) Time
25 Control Layer Exploiting Variable Frequency Drives (Reid Wightman) S4x16
26 Variable Speed Drives (VFD) 25
27 Bad vibrations 26 All rotating shafts, from motorcycles to industrial pumps, have mechanical resonance points These are the frequency points (critical speeds) at which vibration can rapidly damage the equipment
28 Wait! I ve heard about it!(?) 27
29 Vulnerability 28 Configuration of Schneider ATV12: Skip frequency
30 Impact 29 Destroying equipment by operating it at its resonance (skip) frequency Masking actual rotating speed from the operator VFD calculates speed for HMI by computing RPM CaseSpeed(RPMS) CaseFreq(Hz) *OutputFreq(Hz) = CurrentSpeed(RPMS)
31 Mitigation 30 Monitoring output freq in addition to RPMs is a good idea But protocols are vulnerable and aren t likely to be changed Better: Vibration (and other parameters) monitoring Out of band, please
32 Cyber Layer Exploiting Protocol Stack Implementation (joint work with Jason Larsen) Several papers & presentations
33 Process control loop 32 Actuators Sensors Adjust themselves to influence process behavior Control system Computes control commands for actuators Measure process state
34 Tuning controller algorithm 33 Requires observations on the live process
35 Stale Data Danger PID response Without attack Under attack Reactor Pressure kpa gauge Hours
36 Vulnerability 35 Modbus IEC Ethernet Serial Logic Vendor Internal Vendor Backplane Vendor Protocol Handshake - Session 4000 Vendor Protocol Handshake - Session 5000 Vendor Protocol Handshake - Session 6000 IEC Protocol Handshake Vendor Protocol Handshake - Session 8000 Vendor Protocol Handshake - Session 9000
37 Vulnerability 36 Process data doesn t show up every time around the logic External racks may only report in every few cycles TCP/IP protocols are often report-by-exception The input memory contains the last known good value Freeze all points for a particular TCP/IP session with a UDP packet by advancing the sequence number Session is kept alive and by sending a UDP packet every 30 seconds to any interface Result: STALE DATA
38 Mitigations 37 State-aware implementation of the protocol stack Compare data with max allowed dead time of the process Reject data which are too stale and/or dangerous to process stability
39 Conclusions 38 ICS security community is researching and evolving Many attack scenarios do not necessary require access to expensive equipment Audits for industrial control systems need to evolve to emphasize the actual design of the environment and protocols Searching for design flaws in ICS requires different skills sets than researching software implementation vulnerabilities
40 Thank You! Alex Bolshev Jason Larsen Marina Krotofil Reid Wightman
Security Transparent 2018
Security Transparent 2018 Vulnerability management in ICS environments 7. Mai 2018 Agenda Overview ICS and SCADA, how do they integrate Why security in ICS environments IT vs OT: risks and dangers There
More informationVirtualizing Industrial Control Systems Testbeds for Cybersecurity Research
Virtualizing Industrial Control Systems Testbeds for Cybersecurity Research CAE Tech Talk 2016 Thiago Alves Faculty: Dr. Tommy Morris Overview Problems: Industrial Control Systems are too big to fit in
More informationAUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID
AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID Sherif Abdelwahed Department of Electrical and Computer Engineering Mississippi State University Autonomic Security Management Modern
More informationVulnerability analysis of 2013 SCADA issues. Amol Sarwate Director of Vulnerability Labs, Qualys Inc.
Vulnerability analysis of 2013 SCADA issues Amol Sarwate Director of Vulnerability Labs, Qualys Inc. Agenda SCADA components 2013 Vulnerability Analysis Recommendations and Proposals SCADA DCS ICS Accidents
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationMAN-IN-THE-SCADA : Anatomy of Data Integrity Attacks in Industrial Control Systems. Marina Krotofil & Chris Sistrunk
MAN-IN-THE-SCADA : Anatomy of Data Integrity Attacks in Industrial Control Systems Marina Krotofil & Chris Sistrunk About us MK CS Specialization: Process Control Specialization: Power Sector Mostly on
More informationCybersecurity for IoT to Nuclear
Seminar Series Cybersecurity for IoT to Nuclear Fred Cohn, Program Director Property of Schneider Electric Who Am I? Program Director, Schneider Electric Product Security Office Cybersecurity Strategy
More informationPractical SCADA Cyber Security Lifecycle Steps
Practical SCADA Cyber Security Lifecycle Steps Standards Certification Jim McGlone CMO, Kenexis Education & Training Publishing Conferences & Exhibits Bio Jim McGlone, CMO, Kenexis GICSP ISA Safety & Security
More informationCyberFence Protection for DNP3
CyberFence Protection for DNP3 August 2015 Ultra Electronics, 3eTI 2015 DNP3 Issues and Vulnerabilities DNP3 is one of the most widely used communications protocols within the utility space for the purpose
More informationCyber Security of Industrial Control Systems and Potential Impacts on Nuclear Power Plants
Cyber Security of Industrial Control Systems and Potential Impacts on Nuclear Power Plants IEEE NPEC April 18, 2006 Joe Weiss, PE, CISM KEMA, Inc. Joe.weiss@kema.com (408) 253-7934 2 Why are we here? Ostensibly:
More informationIndegy. Industrial Cyber Security. The Anatomy of an Industrial Cyber Attack
Indegy Industrial Cyber Security The Anatomy of an Industrial Cyber Attack Today s Presenter Eliminating Security Blindspots in SCADA and Control Networks Presented By: Dana Tamir, VP Marketing, Indegy
More informationICALEPCS 2013 San Francisco
UNIDIRECTIONAL SECURITY GATEWAYS Unidirectional Security Gateways Stronger Than Firewalls ICALEPCS 2013 San Francisco Andrew Ginter VP Industrial Security Waterfall Security Solutions Proprietary Information
More informationThe use of automatic equipment instead of manual labor. Any plant or machine operating by it self without human
PLC AUTOMATION AUTOMATION The use of automatic equipment instead of manual labor. Automatic control Any plant or machine operating by it self without human General PLC Architecture CPU Real-Time Clock
More informationABB Process Automation, September 2014
ABB Process Automation, September 2014 ABB Process Automation Services Services that add life to your products, systems and processes September 26, 2014 Slide 1 1 ABB Process Automation Services A proven
More informationBaltimore Aircoil Company
Baltimore Aircoil Company VFD Startup Guide TABLE OF CONTENTS: A. Verifying Power and Control Wiring...1 B. Setting the VFD Parameters...2 C. Reentering Startup Wizard After Initial Setup...5 D. Starting
More informationWhat s New in PI Security?
What s New in PI Security? Presented by Bryan Owen PE Felicia Mohan Agenda Overview What s new Demo What s coming next Call to Action 3 Cyber Security is more of a Marathon than a Sprint Release Cadence
More informationData Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users
Data Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users Standards Certification Education & Training Publishing Conferences &
More informationIntroduction to ICS Security
Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal 2018 Critical
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationPractical Programmable Logic Controllers (PLCs) for Automation and Process Control. Contents
Practical Programmable Logic Controllers (PLCs) for Automation and Process Control Contents 1 Introduction to the PLC 1 1.1 Introduction 1 1.2 Basic Block Diagram of the PLC 2 1.3 Size of the PLC System
More informationFeatures and Benefits of XeteX Controls. Other Unit Control Functions. Energy Recovery Functions
Controls Guide for XeteX Units Beyond meeting the typical specification and performance requirements, controlling the equipment is usually the most important success factor for HVAC projects. XeteX provides
More information13 Ways Through A Firewall What you don t know will hurt you
13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions CIPS ICE: The Tech Day 2013 (Calgary) Proprietary Information -- Copyright
More informationThe Claroty Difference
Solution Brief Bringing Clarity To OT Network Claroty enables customers to secure and optimize the industrial control networks that run the world s most critical infrastructure. The company s enterprise-class
More informationat Machine Level in Industrial Automation
ETSI #67 - The Wireless Factory 13 June 2008 Wireless at Machine Level in Industrial Automation Bruno FORGUE EMEA Marketing Manager The Wireless Factory Wireless at Machine Level Introduction Typical factory
More informationCyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies
Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies lwihl@scalable-networks.com 2 The Need OT security particularly in the
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationJust How Vulnerable is Your Safety System?
Theme 3: Cyber Security Just How Vulnerable is Your Safety System? Colin Easton MSc, CEng, FInstMC, MIET, ISA Senior Member TUV Rhienland FS Senior Expert PHRA & SIS 6 th July 2017 1 Safety System Security
More information310SV SINGLE VALVE GOVERNOR
310SV APPLICATION The 310SV is a fully integrated and configurable controller designed to startup, run, and protect single-valve steam turbines. The controller is designed to control steam turbines driving
More informationMultistage Cyber-physical Attack and SCADA Intrusion Detection
Multistage Cyber-physical Attack and SCADA Intrusion Detection Workshop on European Smart Grid Cybersecurity: Emerging Threats and Countermeasures Belfast, 26 th August, 2016 Kieran McLaughlin, BooJoong
More informationA Smart HMI with Advanced Controls Great for tight spaces when there is no more room for additional I/O on your PLC rack
EZAutomation - A Smart HMI with Advanced Controls Great for tight spaces when there is no more room for additional I/O on your PLC rack EZTouch HMI with On board I/O connects to major brand AC Drives or
More informationOvation Machinery Health Monitor for the Power Industry
Ovation Machinery Health Monitor for the Power Industry Features Improves asset performance by delivering distributed control, machinery protection and predictive machinery health monitoring from a single
More informationSTANDARD ELECTRIC UNIVERSITY
STANDARD ELECTRIC UNIVERSITY Technical Classes Catalog 2018 Bringing YOU the training you asked for! WHAT? Standard Electric Supply Co. offers numerous training opportunities to keep our customers as up-todate
More informationSCADA security why is it so hard? Amol Sarwate Director of Vulnerability Engineering, Qualys Inc.
SCADA security why is it so hard? Amol Sarwate Director of Vulnerability Engineering, Qualys Inc. SCADA DCS ICS accidents liquid pipeline failures http://www.ntsb.gov/doclib/safetystudies/ss0502.pdf power
More informationAMS 6500 ATG. Overview. API 670 compliant TSI protection system
Reliability Solutions Product Data Sheet AMS 6500 ATG API 670 compliant TSI protection system Embedded predictive diagnostics including PeakVue technology, order analysis, band analysis and energy in bands
More informationAMS 6500 and AMS 6500 ATG Balance of Plant Prediction Monitors
Reliability Solutions Product Data Sheet AMS 6500 and AMS 6500 ATG Flexible condition monitoring systems with PeakVue mechanical stress detection. Online Vibration and Process Monitoring Every facility
More informationExercise 5-1. Electrical Circuit and Panel EXERCISE OBJECTIVE DISCUSSION OUTLINE DISCUSSION. Detailed electrical schematic
Exercise 5-1 Electrical Circuit and Panel EXERCISE OBJECTIVE When you have completed this exercise, you will be familiar with the trainer electrical schematic and components. DISCUSSION OUTLINE The Discussion
More informationCyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016
Cyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016 Agenda Overview What s new in PI Security Demo What s coming next Call to Action 2 Cyber Security is more of a Marathon than
More informationMichael Gaudlitz, Field Application Engineer. Bringing Intelligence into the cloud
Michael Gaudlitz, Field Application Engineer Bringing Intelligence into the cloud Agenda IoT Drivers for IoT Cloud Security 2 2015 Wind River. All Rights Reserved. Agenda IoT Drivers for IoT Cloud Security
More informationPowerFlex 400 AC Drive Guide Specification
PowerFlex 400 AC Drive Guide Specification Adjustable Frequency Drives with Bypass 3.0 50HP @ 208V AC 3.0 350HP @ 480V AC PART 1 GENERAL 1.01 Quality Assurance A. The manufacturer shall have minimum 5
More informationADVANCED TRAINING INSTITUTE, HYDERABAD
Revision:01 LEARNING CONTENT Page 1 of 8 III COURSE CODE IA-01 COURSE TITLE PLC PROGRAMMING FOR INDUSTRIAL AUTOMATION OBJECTES On completion of the course, the learner will be able to explain the applications
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationfrom SCADA to IoT Cyber Security Bogdan Matache - Romania 2015
from SCADA to IoT Cyber Security Bogdan Matache - Romania 2015 About ME, Bogdan Matache Cyber Security Specialist Military Technical Academy SCADA Security Specialist InfoSec Institute Auditor ISO 27001
More informationIndustrial Network Trends & Technologies
Industrial Network Trends & Technologies EtherNet/IP on the Plant Floor PUBLIC INFORMATION 5058-CO900F IHS Technology Industrial Internet of Things 2014, April 2014 PUBLIC INFORMATION Forecasts tremendous
More informationHello? It s Me, Your Not So Smart Device. We Need to Talk.
SESSION ID: SBX1-R2 Hello? It s Me, Your Not So Smart Device. We Need to Talk. Alex Jay Balan Chief Security Researcher Bitdefender @jaymzu IoT is not optional 2 IoT is not optional IoT = hardware + OS
More informationThe five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers
The five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers The 7th Annual North American SCADA and Process Control Summit
More informationProduct Security Briefing
Product Security Briefing Performed on: Adobe ColdFusion 8 Information Risk Management Plc 8th Floor Kings Building Smith Square London SW1 P3JJ UK T +44 (0)20 7808 6420 F +44 (0)20 7808 6421 Info@irmplc.com
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationDo as I Say not as I Do Stealth Modification of Programmable Logic Controllers I/O by Pin Control Attack
Do as I Say not as I Do Stealth Modification of Programmable Logic Controllers I/O by Pin Control Attack ALI ABBASI SYSSEC GROUP, RUHR UNIVERSITY BOCHUM, GERMANY & SCS GROUP UNIVERSITY OF TWENTE, NETHERLANDS
More informationProtection Cards for AMS 6500 Classic Systems
Protection Cards for AMS 6500 Classic Systems A6740-10 16-Channel Output Relay Module A6740-12 16-Channel Output Relay Module A6125 Case Piezoelectric Vibration Monitor A6120 Case Seismic Vibration Monitor
More informationWhat s new in PI System Security?
What s new in PI System Security? Presented by Brian Bostwick Kevin Geneva The Seven Most Dangerous New Attack Techniques SANS: Alan Paller, Ed Skoudis, Michael Assante, Johannes Ullrich 1. Ransomware
More informationRBS Rockwell Automation FactoryTalk Services Platform RNADiagnostics Module Missing Size Field Validation Remote Denial of Service.
RBS 2013 002 Rockwell Automation FactoryTalk Services Platform RNADiagnostics Module Missing Size Field Validation Remote Denial of Service 1 of 7 Table of Contents Table of Contents 2 About Risk Based
More informationUnderstanding Device Level Connection Topologies
Sept. 2013 Understanding Device Level Connection Topologies Author: Advantech E-mail: eainfo@advantech.com Sept. 2013 Even ten years ago, most factory floor sensors were connected directly to a PLC or
More informationNERC-CIP CAN-0024: Securing Critical Cyber Assets with Data Diodes
NERC-CIP CAN-0024: Securing Critical Cyber Assets with Data Diodes Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright 2012 2011 by Waterfall
More informationSafety System Cyber Security A Practical Approach
Safety System Cyber Security A Practical Approach Kelly Mahoney Protection Systems Team Leader ORNL/SNS ORNL is managed by UT-Battelle for the US Department of Energy Acronyms I would rather not know Cyber-physical
More informationFor Classroom Use Only! Flying Start PowerFlex 755 AC Drives
For Classroom Use Only! Flying Start PowerFlex 755 AC Drives Important User Information This documentation, whether, illustrative, printed, online or electronic (hereinafter Documentation ) is intended
More informationExercise 5-1. Electrical Circuit and Panel EXERCISE OBJECTIVE DISCUSSION OUTLINE DISCUSSION. Detailed electrical schematic
Exercise 5-1 Electrical Circuit and Panel EXERCISE OBJECTIVE When you have completed this exercise, you will be familiar with the trainer electrical schematic and components. DISCUSSION OUTLINE The Discussion
More informationReal-time Vibration Analyzer Software
Real-time Vibration Analyzer Software POWERFUL AND VERSATILE ANALYSIS TOOL The AS-410 Vibration Analyzer software merges the best features of real-time machinery analyzer, dynamic signal analyzer, transient
More informationAPACS+ Lifecycle Management.
APACS+ Lifecycle Management www.apacs2020.com Continued support of your APACS+ while introducing personalized pathways to meet your future automation needs. Since 1991 the Spring House, Pennsylvania team
More informationCyber Resilience Solution for Smart Buildings
Cyber Resilience Solution for Smart Buildings Integrated IT/OT Security Oren Aspir, Cyberbit, CTO 2017 by CYBERBIT 2017 by CYBERBIT Proprietary CYBERBIT Proprietary Buildings getting smarter IT systems
More informationProduct Family: GS Drives Number: AN-GS-006
APPLICATION NOTE THIS INFORMATION PROVIDED BY AUTOMATIONDIRECT.COM TECHNICAL SUPPORT These documents are provided by our technical support department to assist others. We do not guarantee that the data
More informationSiemens: Running Smoothly Yokogawa: Beyond Process Control Emerson: Control Valves June 2014
MCI (P) 127/07/2013 PPS 1627/11/2012 (022884) ISSN 2010-4219 June 2014 Siemens: Running Smoothly Yokogawa: Beyond Process Control Emerson: Control Valves www.ceasiamag.com Cover COVER cover STORY story
More informationHacker Academy UK. Black Suits, White Hats!
Hacker Academy UK Black Suits, White Hats! Cyber Security Training and Services Do your devices Protect you against Cyber-attacks? Chinese hackers have allegedly stolen 50 terabytes of data on F-35 aircraft,
More information2. REAL-TIME CONTROL SYSTEM AND REAL-TIME NETWORKS
2. REAL-TIME CONTROL SYSTEM AND REAL-TIME NETWORKS 2.1 Real-Time and Control Computer based digital controllers typically have the ability to monitor a number of discrete and analog inputs, perform complex
More informationWednesday, May 16, 2018
Wednesday, May 16, 2018 8:00 AM - 5:00 PM Wi Fi/WLAN Fundamentals Training by Tessco; Day Two of a Two Day Training. (Attendees must bring laptop computers for this training. Attendees should bring available
More informationPLC Training - Intermediate
PLC Training - Intermediate Contact us Today for a FREE quotation to deliver this course at your company?s location. https://www.electricityforum.com/onsite-training-rfq This Intermediate PLC Training
More informationCERT VU# Multiple DNS implementations vulnerable to cache poisoning
Multiple DNS implementations vulnerable to cache poisoning Alan Clegg Support Engineer Keith Mitchell Director of Engineering Internet Systems Consortium alan_clegg@isc.org keith_mitchell@isc.org Version
More information4/8/ nd Annual OTCO WW Workshop W/WW Product Overview ACQ550. ABB Slide 1
4/8/2015 52 nd Annual OTCO WW Workshop W/WW Product Overview ACQ550 Slide 1 Drive Basics Why Use Adjustable Speed Drives? Reduced Energy Consumption Improved Process Control / Efficiency Increased Product
More informationImproving monitoring and control hardware cost at Totten Mine
Improving monitoring and control hardware cost at Totten Mine Ozzy Flores, Enrique Acuña Totten Mine, Vale Canada Limited, Sudbury, Ontario, Canada Totten Mine recently completed the project development,
More informationLanguage Security. Lecture 40
Language Security Lecture 40 (from notes by G. Necula) Prof. Hilfinger CS 164 Lecture 40 1 Lecture Outline Beyond compilers Looking at other issues in programming language design and tools C Arrays Exploiting
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationDNS Cache Poisoning Looking at CERT VU#800113
DNS Cache Poisoning Looking at CERT VU#800113 Nadhem J. AlFardan Consulting Systems Engineer Cisco Systems ANOTHER BORING DNS ISSUE Agenda DNS Poisoning - Introduction Looking at DNS Insufficient Socket
More informationCyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security
Cyber Security Presented by Brian Bostwick OSIsoft Market Principal for Cyber Security Cyber Security Trauma in the News Saudi Aramco Restores Network After Shamoon Malware Attack Hacktivist-launched virus
More informationApplication Note 4: X-Series Recorder OPC Access
Application Note 4: X-Series Recorder OPC Access Using the Integral OPC Server of the QX and SX Recorders The QX and SX recorders provide the user with the ability to directly connect to the recorder using
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationSECURITY BULLETIN - HART Vulnerability in ABB Third Party Device Type Library
SECURITY BULLETIN - HART Vulnerability in ABB Third Party Device Type Library Notice The information in this document is subject to change without notice, and should not be construed as a commitment by
More informationIndustrial Automation Automation Industrielle Industrielle Automation. 4 Access to devices. 4.3 OPC (Open Process Control ) 4.3.
Automation Industrielle Industrielle Automation 4 Access to devices 4.3 OPC (Open Process Control ) 4.3.1 Common elements Executive Summary OPC is a standard, manufacturer-independent programming interface
More informationRBS of 6
RBS 2014 001 Schneider Electric CitectSCADA Citect.Platform.Transport.dll IdentifyMessageAdapter::ExtractIdentifyMessage Function Invalid IdentifyMessage Handling DoS 2015 04 29 1 of 6 Table of Contents
More informationModicon M580 PAC. CSPN Security Target. Version
Modicon M580 PAC CSPN Security Target Version 1.5-1 - Introduction A CSPN security target is a document specifying the scope of a CSPN evaluation [CSPN]. The Security Target serves as a basis for agreement
More informationMaxwell Dondo PhD PEng SMIEEE
Maxwell Dondo PhD PEng SMIEEE 1 Evolution of grid automation SCADA introduction SCADA Components Smart Grid SCADA Security 2 Traditionally power delivery was unsophisticated Generation localised around
More informationOptidrive Applications Support Library
Optidrive Applications Support Library Application Note Title AN-ODV-3-038 Related Products Optidrive Eco Overview Level 3 Modbus RTU Control and Register Mapping 1 Fundamental - No previous experience
More informationDaniel Severino, Sam Wilson October 2 nd, Achieving Cyber Security Across Your Enterprise with ICS Shield and Risk Manager
Daniel Severino, Sam Wilson October 2 nd, 2018 Achieving Cyber Security Across Your Enterprise with ICS Shield and Risk Manager Security Maturity Part of Honeywell Industrial Cyber Security Portfolio 2
More informationKarthik Bharathy Program Manager, SQL Server Microsoft
Karthik Bharathy Program Manager, SQL Server Microsoft Key Session takeaways Understand the many views of SQL Server Look at hardening SQL Server At the network level At the access level At the data level
More informationSymantec Network Security 7100 Series
Symantec Network Security 7100 Series Proactive intrusion prevention device protects against known and unknown attacks to secure critical networks transition can be accomplished transparent to any network
More informationCase Studies, Lessons Learned. Ing. Tijl Deneut Lecturer Applied Computer Sciences Howest Researcher XiaK, Ghent University
Case Studies, Lessons Learned Ing. Tijl Deneut Lecturer Applied Computer Sciences Howest Researcher XiaK, Ghent University Case Study Overview 3 different types of cases Troubleshooting We have systems
More informationG.M.International Termination Boards
G.M.International Termination Boards Customized and universal Termination Boards for 8/16 Units, 32/64 Channels Series D5000TB and TB-D5001-HRT G.M. International All rights reserved, also regarding any
More informationCSE237B Project Final Report Mobile Console to Industrial Control System Feng Zhang Dustin Medeiros
CSE237B Project Final Report Mobile Console to Industrial Control System Feng Zhang Dustin Medeiros Motivation As wireless technology improves, devices with wireless capability have become a regular part
More informationHow CyberArk can help mitigate security vulnerabilities in Industrial Control Systems
How CyberArk can help mitigate security vulnerabilities in Industrial Control Systems Table of Contents Introduction 3 Industrial Control Systems Security Vulnerabilities 3 Prolific Use of Administrative
More informationCyber Security for Renewable Energy Systems
Cyber Security for Renewable Energy Systems Asia Pacific Clean Energy Summit August 31, 2010 Juan J. Torres Manager, Energy Systems Analysis Sandia National Laboratories jjtorre@sandia.gov Sandia is a
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationSiemens tiastar TM Motor Control Center (MCC)
Siemens tiastar TM Motor Control Center (MCC) Page 1 Siemens 2011. All rights reserved. tiastar Motor Control Centers Smart tiastar Motor Control Centers Smart June 2013 Page 2 tiastar Motor Control Centers
More informationThe Concept of Sample Rate. Digitized amplitude and time
Data Acquisition Basics Data acquisition is the sampling of continuous real world information to generate data that can be manipulated by a computer. Acquired data can be displayed, analyzed, and stored
More information4 Access to devices. Prof. Dr. H. Kirrmann. ABB Research Centre, Baden, Switzerland
Automation Industrielle Industrielle Automation 4 Access to devices 4.3 OPC (Open Process Control formerly OLE for Process Control) 4.3.1 Common elements Prof. Dr. H. Kirrmann 2007 May, HK ABB Research
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationPART 1: GENERAL PART 2: PRODUCT. Effective: 12/29/10 Page 1 of 6 FECA-TE-104D
Specification Number: 23 09 33 Product Name: FRENIC-Eco AC Drives for Variable Torque Fan & Pump Applications (1-125Hp at 208/230V and 1-900Hp at 460V) PART 1: GENERAL 1.01 SUMMARY A. This specification
More informationThe Future of Industrial Control Systems Security
The Future of Industrial Control Systems Security Amir Samoiloff, CEO, Siga Security Ilan Gendelman, CTO, Siga Security www.sigasec.com The Importance of Operating Technology Systems Modern life relies
More informationModicon M580 MUCH MORE than a PLC. the first epac!
Modicon M580 MUCH MORE than a PLC the first epac! The new Modicon M580 is MUCH MORE than a simple PAC it is the epac with Ethernet built right into its core. Developed on the back of our latest innovations
More informationFirewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationHow to choose an Industrial Automation Controller: White Paper, Title Page WHITE PAPER. How to choose an Industrial Automation Controller
How to choose an Industrial Automation Controller: White Paper, Title Page How to choose an Industrial Automation Controller Choosing the most effective controller requires careful evaluation of multiple
More informationIndustrial Security Getting Started
Industrial Security Getting Started Unrestricted Siemens A/S siemens.com/industrial-security Agenda 09:00 - Getting started. The Framework 10:00 - Coffee break 10:15 - Patch Management, Asset and Network
More informationIE156: ICS410: ICS/SCADA Security Essentials
IE156: ICS410: ICS/SCADA Security Essentials IE156 Rev.001 CMCT COURSE OUTLINE Page 1 of 6 Training Description: In this five-day intensive training, participants will develop and reinforce a common language
More information