from SCADA to IoT Cyber Security Bogdan Matache - Romania 2015

Similar documents
EMBEDDED MAJOR PROJECTS LIST

POWER-ONE ITALY, 5 TH JUNE 2018 Cloud, Big Data & Cyber Security. Business, Opportunities and Risks

November 29, ECE 421 Session 28. Utility SCADA and Automation. Presented by: Chris Dyer

SCADA Protocols. Overview of DNP3. By Michael LeMay

Cyber Security of Industrial Control Systems (ICSs)

Madrid, 25 y 26 de mayo de 2015 ABB Automation Days Wireless Instrumentation

PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems

Internet Of Things (IoT) fattore abilitante nella città del futuro XII GIORNATA DELLA RICERCA ANIE

October 05, ECE 421 Session 12. Utility SCADA and Automation. Presented by: Chris Dyer

Mobility Solutions HMI SCADA THE RIGHT INFORMATION TO THE RIGHT PERSON AT THE RIGHT PLACE AT THE RIGHT TIME SECURELY PRESENTED.

BEYOND THE SMART METERS

See it. Control it. The TelPro Solution

MarketsandMarkets. Publisher Sample

THE RAINBOW SCADA D-500-LITE

ICS Humla CTF. Copyright 2017 Payatu 1

Intelligent Remote Terminal Unit (irtu) in the IoT Era

Trends for Smart Grid Automation and Industry 4.0 Integration. presented by Detlef Raddatz Managing Director SystemCORP Embedded Technology

Moxa Inc. Moxa Americas Moxa China Shanghai Office Beijing Office Moxa Europe Shenzhen Office Moxa Asia-Pacific

Engineering SCADA (Introduction) Dr. Sasidharan Sreedharan

WHAT are SCADA and I&C?

Introduction to Networked Embedded Systems and Course Description. Song Han Office: ITEB 355

Introduction to ICS Security

The Power of Testing Embedded IoT Devices. Jithu Abraham RSUK Product Manager

Delivering IoT Value Through onem2m Compliance

Mobility Solutions HMI SCADA THE RIGHT INFORMATION TO THE RIGHT PERSON AT THE RIGHT PLACE AT THE RIGHT TIME SECURELY PRESENTED.

Fax: +30 (210) Tel Fax

Ericsson networked society. 27 th of September 2017, Espoo

Agenda. What is SCADA? What's the history of SCADA? Exemplary SCADA systems

Functional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK

Wireless IoT Sensing Solutions

MTXM2M. Modems, Gateways & Routers for M2M-IoT

THE RAINBOW SCADA D-700

Johan Hoolsema Expert System Solutions

Innovative M-Tech projects list IEEE papers

SGS CYBER SECURITY GROWTH OPPORTUNITIES

Smart Cities Real Opportunity or Marketing Hype? Aaron Hesse, PE, RCDD Infrastructure Engineer Avista Utilities

PREEMPTIVE PREventivE Methodology and Tools to protect utilities

Availability Study of the Italian Electricity SCADA System in the Cloud

2009 E09PS E09PS E09PS E09PS E09PS E09PS38 IEEE 2009 E09PS39 E09PS40 E09PS41 E09PS42 E09PS43 IEEE 2008 E09PS44

ABB Process Automation, September 2014

An Optimum Solution for Telemetry of Distributed. Wells in South of Tehran

MAKING BUSINESSES SMARTER AND SIMPLER MONITORING MORE EFFECTIVELY REAPING THE BENEFITS OF IOT CONNECTIVITY

Agile IoT Solution Driving Digital Transformation of Transportation

Building a resilient ICS

Cybersecurity and Communications Based Train Control

The SCADA Connection: Moving Beyond Auto Dialers

Use Cases for Light Communications

High performance monitoring & Control ACE3600 Remote Terminal Unit

Ovation Ethernet Link Controller Module Data Sheet

MOSCAD WIRELESS MONITORING AND CONTROL SOLUTIONS FOR THE WATER/WASTEWATER INDUSTRY

Fig Data flow diagram and architecture when using the TCUP Cloud Server for PaaS for the Developers and large

Real-Time and Low-Power Wireless Communication with Sensors and Actuators

Smart City Solution & Case Study. LG Uplus

TOWARDS CYBER SECURED SCADA SYSTEMS

From Wikipedia, the free encyclopedia

DUKE ENERGY OHIO SMART GRID / GRID MODERNIZATION. Don Schneider GM, Smart Grid Field Deployment May 24, 2012

EMBEDDED MAJOR PROJECTS LIST

The SCADA That Didn t Cry Wolf- Who s Really Attacking Your ICS Devices- Part Deux!

CYBERSECURITY AND SERVICE STATIONS

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

ABB ABILITY NETWORK MANAGER X. SCADA for rail Operational confidence.

Innovative M-Tech projects list

SMART HOME AND SMART ENERGY

Whitepaper. IoT Protocols. PAASMER Support for Protocols. Website:

Control Systems Cyber Security Awareness

PROGRAMMABLE LOGIC CONTROLLER PLC

Maxwell Dondo PhD PEng SMIEEE

Backplane. Allen-Bradley. System integration. Backplane

Industrial 1-port RS422/485 Modbus Gateway IMG-110T

SCADA Security - how to safely audit and protect Industrial Control Systems?

MINER-S Station Controller

Smart Grid Communication Systems. 11- November-2016 Sanjeev Rana

The Future of Industrial Control Systems Security

IndusSec. Industrial Network Security System. 9three Solutions Inc.

Cambium Networks and IIoT Industrial IOT di Cambium Networks come soluzione Privete Network su Narrow-Band. Maximilian Moccia RTM Italy & Med.

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

Cybersecurity for IoT to Nuclear

Language for Control Systems

Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk

Industrial 2-port RS422/485 Modbus Gateway IMG-120T

Smart Cities and Security. Security - 1

Industrial Control Systems (In)Security & Suricata

Welink IoT, Welink Your Smart

Smart Grid Communications. WFCS 2016 May 3-6, 2016, Aveiro, Portugal

Toward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania

Smart Manufacturing Enterprise

The Internet of Things

IoT in the Valve and Actuator Industry

2014 TRANSIT CEOs SEMINAR. Cybersecurity What Every CEO Should Know to Help Secure the System

IEEE PROJECTS ON EMBEDDED SYSTEMS

expert Green Energy Solutions Product Overview, 2016

The SCADA Connection: Moving Beyond Auto Dialers

Using ANSI/ISA-99 Standards to Improve Control System Security

TECHNOLOGIES: APPLICATIONS: KEY MARKET FORECASTS: GEOGRAPHIES:

M2M spectrum management in China. LI Bo Senior Engineer

YOUR INDUSTRIAL IOT PARTNER Expertises and solutions

SenNet Registered trademark of Satel Spain Dataloggers series DL170 DL171 DL172.

IoT MTC, M2M or IoT- Communication between devices without human intervention. Connected things - smart phones, sensors, actuators, cameras,

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

Improving Remote Site Communications Using Wireless Technologies. Eric Swanson

Transcription:

from SCADA to IoT Cyber Security Bogdan Matache - Romania 2015

About ME, Bogdan Matache Cyber Security Specialist Military Technical Academy SCADA Security Specialist InfoSec Institute Auditor ISO 27001 Specializations: Cryptography, Social Engineering, SCADA Pen testing IT&C over 15 y Energy @ OIL Sectors 10 y SCADA for Renewable Power Plants 5 y Pen testing OIL Sectors systems 3 y Pen testing Electrical Systems 3 y

What I hacked? Fuel Pump ( I changed densitometers values )

What I hacked? Asphalt Station ( I Changed the percentage of bitumen)

What I Pen Tested? VoIP Networks WiMAX BTS Cars (doors open system, tachometer, gps) Intelligent House System, Smart Buildings 6 companies in 8 months ( Social Engineering ) PLC s (programmable logic Controller) Smart Electricity Meters Smart Gas Meters Magnetic & RFID Access Cards Drones Control System Etc.

What I do? I work as a security auditor at EnerSec, a company specialized in Cyber Security for Energy Sector

Definitions What is SCADA What is IoT What is Security

ICS and SCADA Industrial Control Systems (ICS) is an umbrella term covering many historically different types of control system such as SCADA (Supervisory Control and Data Acquisition) and DCS (Distributed Control Systems). Also known as IACS (Industrial Automation and Control Systems), they are a form of Operational Technology. In practice, media publications often use SCADA interchangeably with ICS.

SCADA system

Cars OBD 2 (On-Board Diagnostics)

Airplanes ADS-B ( Automatic Dependent Surveillance Broadcast )

Ships AIS ( Automatic Identification System )

Other hackable SCADA systems Power Plants (Nuclear Plants) Transportation System ( Train Switch Crossing and Beacons ) Robots in factories Etc.

ics-cert.us-cert.gov

What is IoT? The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data.

IoT Growth

SCADA vs IoT More devices More Systems More data More connectivity / access points More home users Equals - More opportunities

Attacks Types for SCADA Power System or Water System ( most likely terrorism ) Attacks upon the power system. target power system itself Attacks by the power system. target population ( make dark or rise lever of chlorine ) Attacks through the power system target - ex high voltage for a specific company

Attacks types for IoT Open doors ( Bluetooth Lockers, hotel rooms) Unwanted Surveillance (baby monitors or smart TV s) Damage things ( Sprinklers, cooling systems ) Pace Maker GPS ( fleet monitoring ) Burglars ( profile from smart meters, energy consumption)

CIA vs AIC IT Security confidentiality, integrity, availability SCADA and IoT availability, integrity, confidentiality

Protocols For SCADA ( PLC s) ModBus, DNP3, IEC 60870, IEC61850, Embedded Proprietary, ICCP, UCA 2.0 For IoT Bluetooth low-e, Wi-Fi low-e, NFC, RFID, ANT, Z-Wave, Neul, SigFox, Thread, 6LowPAN, ZigBee, Cellular, LoRA WAN

Software for Hacking SCADA / IoT Black Arch Linux Hack Ports Helix, Kali Linux Samurai STFU Security Onion OSINT Dedicated software exploits for PLC s for Siemens, Allen Bradley, Schneider, ABB, etc.

Hardware tools for Pentest WiFi Pineapple Rubber Ducky

Hardware tools for Pentesting Hack RF

Hardware tools for Pentest Prox Mark 3 clone RFID Mifare cards

Malware example for SCADA / IoT Stuxnet, Havex, Flame, DragonFly APT is most dangerous

Critical risk scenarios RS 01 - disrupting the operation of control systems by delaying or blocking the flow of information through control networks, thereby denying availability of the networks to control system operators; RS 02 - unauthorized changes to programmed instructions in PLCs, RTUs, or DCS controllers, change alarm thresholds, or issue unauthorized commands to control equipment, which could potentially result in damage to equipment (if tolerances are exceeded), premature shutdown of processes (such as prematurely shutting down transmission lines), or even disabling control equipment;

Critical risk scenarios RS 03 - send false information to control system operators either to disguise unauthorized changes or to initiate inappropriate actions by system operators; RS 04 - modify the control system software, producing unpredictable results; RS 05 - interfere with the operation of safety systems.

Defence / Alerts ics-cert.us-cert.gov CERT-ICS.eu

Defence / Intelligence

Security Operation Center

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback