Cyber Security of Industrial Control Systems (ICSs)

Similar documents
Exercise of FERC Authority for Cybersecurity of the North American Electric Grid

Industry Best Practices for Securing Critical Infrastructure

Securing Industrial Control Systems

Cyber Security of Industrial Control Systems and Potential Impacts on Nuclear Power Plants

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Statement for the Record

Practical SCADA Cyber Security Lifecycle Steps

Cybersecurity for the Electric Grid

Cybersecurity Overview

BILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers

Industry role moving forward

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Nebraska CERT Conference

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

IEC in Digital Substation and Cyber security

IEC A cybersecurity standard approaching the Rail IoT

October 05, ECE 421 Session 12. Utility SCADA and Automation. Presented by: Chris Dyer

Chapter X Security Performance Metrics

Understanding Holistic Effects of Cyber Events on Critical Infrastructure

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Medical Device Vulnerability Management

Chapter X Security Performance Metrics

Securing the North American Electric Grid

Chapter X Security Performance Metrics

Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cyber security for digital substations. IEC Europe Conference 2017

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Addressing Cyber Threats in Power Generation and Distribution

Cyber and Physical Security: Lessons Learned From the Electric Industry. Joel dejesus Dinsmore & Shohl LLP Washington, DC

Cyber Security Update. Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

November 29, ECE 421 Session 28. Utility SCADA and Automation. Presented by: Chris Dyer

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Why Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG

Indegy. Industrial Cyber Security. ISA New Orleans Section. Applying the NIST Framework February 6, 2018

SECURING THE SUPPLY CHAIN

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

COMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013

VIKING. Vital Infrastructure, Networks, Information and Control Systems Management. A Research Project in the EU Seventh Framework Programme

Electric Sector Security & Privacy Plans for 2011

Securing the Grid and Your Critical Utility Functions. April 24, 2017

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Digital Wind Cyber Security from GE Renewable Energy

ENISA S WORK ON ICS AND SMART GRID SECURITY

Control Systems Cyber Security Awareness

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Toward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania

Industrial control system (ICS) security

McAfee Embedded Control

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

MANAGING CYBER RISKS ACROSS THE SOFTWARE SUPPLY CHAIN

Industrial Control System Cyber Security

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Cyber Threat Awareness CETAC 2018

Smart Grid Security: Current and Future Issues

Best Practices in ICS Security for System Operators

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Digital Substation Unrestricted Siemens AG 2017 siemens.com/digital-substation

Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas

An Update on Security and Emergency Preparedness Standards for Utilities

Lesson Learned CIP Version 5 Transition Program

The NIST Cybersecurity Framework

Framework for Improving Critical Infrastructure Cybersecurity

Data Centers & Technology:

Systemic Cyber Risk and Cyber Insurance. February 14, 2018

Cyber security - why and how

FERC Hydroproject Cyber Security [FERC 3A Section 9 versus CIP v5]

ISA99 - Industrial Automation and Controls Systems Security

Cyber Security and Substation Equipment Overview

Firewalls (IDS and IPS) MIS 5214 Week 6

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

Protecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012

Smart Grid Standards and Certification

Cybersecurity Dimension of Critical Infrastructure

Smart Grid vs. The NERC CIP

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Security in grid control centers: Spectrum Power TM Cyber Security

Peter Kreutzer, PSSAM/Automation Power World 2011 New Delhi, Secure and reliable Redundant communication network and cyber security

Functional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK

How can I use ISA/IEC (Formally ISA 99) to minimize risk? Standards Certification Education & Training Publishing Conferences & Exhibits

THE TRIPWIRE NERC SOLUTION SUITE

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

A Strategic Approach to Industrial CyberSecurity. Kaspersky Industrial CyberSecurity

No Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017

Industrial control systems

The Importance of Cybersecurity Threat Detection for Utilities

Towards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

Welcome to the webinar! We will start within a few minutes

The Future of Industrial Control Systems Security

Cyber Security for Process Control Systems ABB's view

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Ad Hoc Smart Grid Executive Committee. February 10, 2011 New Orleans, LA

Transcription:

Cyber Security of Industrial Control Systems (ICSs) February 23, 2016 Joe Weiss PE, CISM, CRISC, ISA Fellow Managing Partner Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Applied Control Solutions, LLC 1

ICSs What Are They And Where Are They Used? ICSs are critical to operating industrial assets including power, refineries, pipelines, chemicals, manufacturing, water, military systems, medical systems, etc ICSs include Distributed Control Systems (DCS), Supervisory Control and Data Acquisition (SCADA), Programmable Logic Controllers (PLC), Remote Terminal Units (RTU), Intelligent Electronic Devices (IEDs) ICSs monitor and control physical processes in real time Focus is reliability and safety Applied Control Solutions, LLC 2

Definitions That Can Be Confusing Cyber Security Hack Cyber Incident Risk SCADA IT Insider Malicious Applied Control Solutions, LLC 3

What Has Happened Recently ICS honeypot projects Documenting nation-state attempted attacks against ICS Continuing ICS cyber vulnerabilities and incidents BlackEnergy, Havex (in US critical infrastructures) Cyber attacks against Ukrainian power, rail, mining German train crash Navy ship failure VW emissions test cheating device Hackers paying attention to ICS Hacker conferences with ICS hacking Building out home ICS lab Video game training hackers on critical infrastructures WatchDog Movie on US readiness to target multiple Iranian infrastructures Insurance and Wall Street have mounting awareness of ICS risks Applied Control Solutions, LLC 4

Russian Cyber-Attack on The Ukrainian Grid (per George Cotter, Formerly Chief Scientist NSA, Member NAE) December 23 rd -Sophisticated Attack in 2 Regions, Probably 6 Others Intruded into SCADA Systems, Damaged SCADA System Hosts and Workstations Seized Control at Human Machine Interface (HMI) Level, Blindsided System Dispatchers Opened Circuit Breakers, Cut Power to 225,000 customers, HMI was Undoubtedly Compromised (Precursor to Aurora?) Initiated DDOS Attack on Call Centers to Prevent Users from Reporting Outages Activated KillDisk, Erasing Presence, Denying Forensics Multiple Attack Vectors But Much More to be Learned Earlier Intrusions March-July 2015 Evidence of Planning, Penetration Sandworm Team, BlackEnergy 2, 3 Techniques Are of Russian Origin Directly Related to 2014 BlackEnergy Supply Chain Intrusions in U.S. And Yet ES-ISAC Stated: There is no credible evidence that the incident could affect North American grid operations and no plans to modify existing regulations or guidance based on this incident. Applied Control Solutions, LLC 5

ICS Security Expertise Lacking ICS Security Experts IT Security ICS Engineering Applied Control Solutions, LLC 6

Control Systems Basics Internet ERP MES Data Ware house Support Systems Internet Applied Control Solutions, LLC 7

IT vs ICS Cyber Security Attribute IT ICS Confidentiality (Privacy) High Low Message Integrity Low-Medium Very High System Availability Low-Medium Very High Authentication Medium-High High Non-Repudiation High Low-Medium Safety Low Very High Time Criticality Delays Tolerated Critical System Downtime Tolerated Not Acceptable Security Skills/Awareness Usually Good Usually Poor System Lifecycle 3-5 Years 15-25 Years Interoperability Not Critical Critical Computing Resources Unlimited Very Limited Standards ISO27000 ISA/IEC 62443 Applied Control Solutions, LLC 8

What Are ICS-Unique Cyber Threats? Cyber-physical, Not just the network Persistent Design Vulnerabilities, Not just Advanced Persistent Threats Want undetected control of the process, not denial-of-service Gap in protection of the process (Level 0) eg, Aurora Compromise of the measurement (Level 1) eg, HART vulnerability Compromise design features of the controller (Level 2) eg, Stuxnet Applied Control Solutions, LLC 9

DHS Guidance on ICS Internet Access ICS-CERT Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure Original release date: February 25, 2016 Organizations should isolate ICS networks from any untrusted networks, especially the Internet Currently, >2,000,000 ICS systems and devices are directly connected to the Internet What does the DHS guidance mean to the Internet of Things, Smart Grid, and other similar approaches? What will the DHS guidance mean to insurance companies? Applied Control Solutions 10

What Is an ICS Cyber Incident? Electronic communications between systems and/or people that impacts Confidentiality, Integrity, and/or Availability (CIA) Missing safety Incidents that are apparently non-malicious can actually be malicious Applied Control Solutions, LLC 11

ICS Cyber Incidents Are Real Impacts ranged from significant discharges to significant equipment damage to deaths Affects all industries Very few ICS-specific cyber security technologies, training, and policies >2 million ICS devices directly connected to the Internet (and counting) Resilience and recovery need to be addressed Proprietary Information Applied Control Solutions, LLC 12

BlackEnergy Hack Is Widespread (per Kyle Wilhoit, TrendMicro) Based on telemetry data from open-source intelligence (OSINT) and Trend Micro Smart Protection Network, we saw that there were samples of BlackEnergy and KillDisk that may have been used against a large Ukrainian mining company and a large Ukrainian rail company (same samples as against the utilities) Cyber threats cross industry verticals Applied Control Solutions, LLC 13

Cyber Security Issues With The US Grid More than 250 ICS cyber incidents in North America 5 major outages (more than 90,000 customers each) Industry is focused on compliance, not security NERC cyber standards (CIP) are inadequate Wouldn t have addressed the 5 major outages Excludes most of the electric industry assets Ukrainian substations would have been out-of-scope Most power plants and many substations out-of-scope Routable connections being replaced to avoid compliance requirements Doesn t address communication between control centers and substations Doesn t address ICS issues like Stuxnet and Aurora Doesn t address ICS supply chain issues Doesn t require malware to be removed! DOD issued $70M RFP on cyber security of the electric grid Applied Control Solutions, LLC 14

Applied Control Solutions, LLC 15

Applied Control Solutions, LLC 16

Applied Control Solutions, LLC 17

Applied Control Solutions, LLC 18

Summary of ICS Cyber Incidents to Date Estimated Count Total 750 Malicious 250 Targeted 100 (of the 250+) Loss of View/Loss of Control 300 Injury/Deaths 60 (>1,000 deaths) Equipment Damage 100 Environmental Damage 70 Operational Impact 500 Financial Impact $30B Applied Control Solutions, LLC 19

Societal Needs and Concerns Government has cyber security expertise Industry often doesn t trust the government Need to have get out-of-jail free card and anonymize end-users Academia needs solutions that are practical Industry has domain expertise Industry & Insurance Partners could accelerate best practices Lloyd s Study projects losses from US cyber-caused 15 state blackout of $243B to $1 Trillion (July 2015 Report) Academia researches 1st-principles Work with coalition of the willing Develop appropriate ICS cyber technologies Share information Applied Control Solutions, LLC 20

What Can Be Done Today Understand ICS cyber security Establish a cross-discipline team reporting to the C-Level Operations/ICS should lead Operations, Maintenance, Engineering, IT, Telecom, Forensics, Risk, PR Develop a living ICS cyber security program Develop ICS cyber security policies and metrics Understand what is actually installed and connected Perform risk assessment based on mission criticality Implement security technologies to meet functional needs Incorporate security into ICS procurement specifications Applied Control Solutions, LLC 21

How Can You Help? Support cyber security in your own organization Make ICS cyber security as important as IT cyber security Participate in industry/government efforts Standards development, government advisory panels Share information with others Incidents, solutions, threats, needs Applied Control Solutions, LLC 22

Thank you Joe Weiss Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Applied Control Solutions, LLC 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback