SANS SCADA and Process Control Europe Rome 2011

Similar documents
IC32E - Pre-Instructional Survey

Securing Industrial Control Systems

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Industrial Defender ASM. for Automation Systems Management

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

Continuous protection to reduce risk and maintain production availability

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Cyber Security for Process Control Systems ABB's view

ICS Security Monitoring

Changing face of endpoint security

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

CND Exam Blueprint v2.0

Manufacturing security: Bridging the gap between IT and OT

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

Gerhard Brndt, ABB AG, BU Power Generation Cyber Security and Compliance in Increasingly Distributed and Aging Power Generation Infrastructures

Innovation policy for Industry 4.0

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Practical SCADA Cyber Security Lifecycle Steps

IE156: ICS410: ICS/SCADA Security Essentials

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

Digital Wind Cyber Security from GE Renewable Energy

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

How AlienVault ICS SIEM Supports Compliance with CFATS

INDUSTRIAL CYBER SECURITY

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant

RKNEAL Verve Security Center Supports Effective, Efficient Cybersecurity Management

Introducing the 9202-ETS MTL Tofino industrial Ethernet security appliance

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

The Evolution of : Continuous Advanced Threat Protection

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Reinvent Your 2013 Security Management Strategy

Tripwire State of Cyber Hygiene Report

Firewalls (IDS and IPS) MIS 5214 Week 6

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

BeOn Security Cybersecurity for Critical Communications Systems

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

IEC A cybersecurity standard approaching the Rail IoT

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

ABB Inc. April 20, 2011 Slide 1

Why you should adopt the NIST Cybersecurity Framework

Building a resilient ICS

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

AUTHORITY FOR ELECTRICITY REGULATION

Industrial Control Systems November 18, 2015

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

playbook OpShield for NERC CIP 5 sales PlAy

Addressing Cyber Threats in Power Generation and Distribution

Maturity assessment on Cybersecurity for critical infrastructures

Internet of Things. The Digital Oilfield: Security in SCADA and Process Control. Mahyar Khosravi

Security by Default: Enabling Transformation Through Cyber Resilience

Indegy. Industrial Cyber Security. The Anatomy of an Industrial Cyber Attack

The Evolution of Data Center Security, Risk and Compliance

Understanding Holistic Effects of Cyber Events on Critical Infrastructure

Network Security: Firewall, VPN, IDS/IPS, SIEM

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

SIEM (Security Information Event Management)

Cisco Self Defending Network

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Cybersecurity Overview

Endpoint Security for DeltaV Systems

Functional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK

Risk Assessments, Continuous Monitoring & Intrusion Detection, Incident Response

Providing Cybersecurity Inventory, Compliance Tracking, and C2 in a Heterogeneous Tool Environment

Introduction to ICS Security

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Cyber Resilience Solution for Smart Buildings

Click to edit Master title style. DIY vs. Managed SIEM

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Security

CyberP3i Course Module Series

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Data Retrieval Firm Boosts Productivity while Protecting Customer Data

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Industrial Defender Global Leader in Automation Systems Management:

COMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Cybersecurity Capabilities Overview

Unit code: D/601/1956 QCF Level 5: BTEC Higher National Credit value: 15

Securing strategic advantage

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Cisco Tetration Analytics

Rethinking Security: The Need For A Security Delivery Platform

Cyber security for digital substations. IEC Europe Conference 2017

The Connected Water Plant. Immediate Value. Long-Term Flexibility.

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

DHS Cybersecurity: Services for State and Local Officials. February 2017

Presented by Joe Burns Kentucky Rural Water Association July 19, 2005

You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Transcription:

SANS SCADA and Process Control Europe Rome 2011 Ian Buffey Director International Services Industrial Defender ibuffey@industrialdefender.com

A Holistic Approach Planning, training and governance Cybersecurity procedures and equipment should be looked on in the same way as other safety technology think fire extinguishers, pressure release valves This needs to be a cross department/cross disciplinary effort involving operators, ICS owners, corporate IT, CIOs/CISOs and others Plan for when you have an incident, not if Systematic design and deployment of technology Defence in depth Incorrectly configured technology can be useless e.g. a firewall converted to a router by an ANY<->ANY rule Sustaining Effort Think from the start who is going to monitor and maintain the technology and sustain the process Rome wasn t built in a day!

Fleet wide rollouts Determine criticality of assets E.g. Critical, Important, Supportive Determine appropriate level of monitoring/protection for each site Define an architecture which is applicable to each/most sites Most companies (and even sites) have a wide range of control systems Define a business process to get repeatability and efficiency

Fleet Wide Rollout Process Initial Site Contact Site Audit/ Assessment/ Discovery Create Installation Plan Installation Post Installation Wrap Up Handover of responsibility for maintenance

Go with Experience! When dealing with Mission Critical Systems, partner with someone whose done it before successfully!

Technology Sophistication Security Maturity Evolution in Industrial Control Firewalls Business connectivity Locks on the Door Intrusion Detection Network Based Host Based Known Bad Industrial Protocols Alarm Sensors Event Monitor Central Logging Monitor and respond Alert on Events of interest Log everything and apply forensics Incident Management Flight recorder Intrusion Prevention Network Based Host Based Deep packet inspection Known Bad signatures Known Good Signatures Whitelisting System hardening System locked down Security Management Automates manual process Enforces policy, process & procedures Leverages baselines Manages changes Audit reporting Continuous assessments Attestation data Doing it and Proving you are doing it 2003 2005 2007 2009 2011 Cyber Threats, Mitigation and Compliance for the Evolving Electric Power System

What Will the Future Bring? More Technologies on the Plant Floor Wireless Mobile Devices Virtualization Other things we haven t even thought of yet New threats and Security Technology E.g. mobile devices! Security Thinking and Technology will need to be updated during the lifetime of any ICS (often over 10 years) Management of Technology will be key

Actually it s Happening now http://www.controlengeurope.com/article/46335/scada-virtualisation-delivering-real-benefits-.aspx http://www.controlengeurope.com/article/46490/mobile-scada-increases-staff-efficiency-in-logisticsoperation-by-15--and-cuts-support-call-costs-by-60-.aspx http://www.processonline.com.au/case_studies/45802-wireless-lan-system-at-petrochemical-plant

Mobile Apps for PLC monitoring?

You don t want to end up here! Compliance Mngr Industrial Defender Compliance Manager Office PC Office PC Internet Site Office Network Enterprise Network SEM HIPS Mngr Web Server, Remote Access etc Industrial Defender SEM Industrial Defender HIPS Manager Industrial Defender UTM DMZ Operator Workstations Engineering Workstation Industrial Defender NIDS Smart phone/ tablet Traffic and Device monitoring Redundant Client Server Network DCS Server Historian Domain Controller Other App Server Redundant Control Network Controller Controller Wireless Access Point

ICS Security Standards in Europe Single Standard in Europe across multiple verticals? Mandatory? European Standards per vertical? Like NERC CIP/CFATS Voluntary adoption of standards Company wide standards based on existing standards like ISA99 (and lots more) Creates basis for auditability Allows ROI calculation to a degree

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback