Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies

Similar documents
SCALABLE. Network modeling software for: Development Analysis Testing Cyber Assessment DATASHEET NETWORK TECHNOLOGIES. Virtual Network Model

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Make Networks Work. Network simulation emulation software for: Development Analysis Testing Cyber Assessment DATASHEET

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Certified Ethical Hacker (CEH)

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

Wireless LAN Security (RM12/2002)

Campus Network Design

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Smart Attacks require Smart Defence Moving Target Defence

Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code

Ethical Hacking and Prevention

Curso: Ethical Hacking and Countermeasures

Cisco Cyber Threat Defense Solution 1.0

Chapter 4. Network Security. Part I

Building Resilience in a Digital Enterprise

Identity-Based Cyber Defense. March 2017

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Cybersecurity Test and Evaluation

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems

The Protocols that run the Internet

Finding and Supporting Collaboration Needs and Opportunities

align security instill confidence

Securing Industrial Control Systems

Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data

A Better Space Mission Systems threat assessment by leveraging the National Cyber Range

IC32E - Pre-Instructional Survey

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Network Security Issues and New Challenges

Security in Mobile Ad-hoc Networks. Wormhole Attacks

ANATOMY OF AN ATTACK!

CS 356 Operating System Security. Fall 2013

What is Eavedropping?

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

CEH: CERTIFIED ETHICAL HACKER v9

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

A Security Model for Space Based Communication. Thom Stone Computer Sciences Corporation

Gladiator Incident Alert

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

The GenCyber Program. By Chris Ralph

CCNA Cybersecurity Operations 1.1 Scope and Sequence

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

CCNA Cybersecurity Operations. Program Overview

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

Cyber Security Audit & Roadmap Business Process and

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Active defence through deceptive IPS

CND Exam Blueprint v2.0

Cybersecurity: Incident Response Short

External Supplier Control Obligations. Cyber Security

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Firewalls (IDS and IPS) MIS 5214 Week 6

Cybersmart Buildings: Securing Your Investments in Connectivity and Automation

Vulnerability Assessment in Smart Grids. Jinyuan Stella Sun UTK Fall 2016

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Why Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Design your network to aid forensics investigation

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

COMPUTER NETWORK SECURITY

Course 831 Certified Ethical Hacker v9

FinIntrusion Kit / Release Notes. FINFISHER: FinIntrusion Kit 4.0 Release Notes

Cyber Security. Our part of the journey

Security+ SY0-501 Study Guide Table of Contents

Define information security Define security as process, not point product.

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Cyber Security Guidelines for Securing Home and Small Office Routers

Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion

Improving SCADA System Security

Chapter 11: Networks

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Best Practices With IP Security.

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Protecting productivity with Industrial Security Services

PROTECTING INFORMATION ASSETS NETWORK SECURITY

ProCurve Network Immunity

Resilient Smart Grids

Attacks on WLAN Alessandro Redondi

Towards High-Interaction Virtual ICS Honeypots-in-a-Box DANIELE ANTONIOLI ANAND AGRAWAL N. O. TIPPENHAUER

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

How Breaches Really Happen

INFORMATION ASSURANCE DIRECTORATE

CompTIA Security+ (Exam SY0-401)

CSC 574 Computer and Network Security. TCP/IP Security

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

Transcription:

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies lwihl@scalable-networks.com

2 The Need OT security particularly in the Electricity Sector has relied on obscurity and specialization in keeping threat actors from disrupting operations. Cyber-connected OT devices have significantly improved automation and efficiency, but they also introduce vulnerabilities. Every communication line is an attack surface. Each attack vector s modus operandi and impact can best be assessed in a lab-based simulation environment without imposing risk to the actual systems. Unfortunately, the testbed development process is not well established due to the complexity of integrating cyber and physical resources while also incorporating realistic simulations of physical systems, control systems, cyber-attacks, protocol vulnerabilities, data communication timing and network dynamics.

Cyber-Physical Vulnerabilities That Can be Exploited 3

Typical Exploitation Path 4

Common Attack Vectors Backdoors and holes in network perimeter Exploitation of vulnerabilities in SCADA protocols Communications hijacking and man-in-the-middle attacks Database attacks Bogus input data to the controller introduced by compromised sensors and/or exploited network link between the controller and the sensors Manipulated and misleading output data to the actuators/reactors from the controller due to compromised network link between the controller and the actuators Attacks on timing and synchronization 5

Key Challenges and Opportunities Tight time constraints on addressing attacks largely rule out human-in-the-loop solutions. This drives the need for continuous, autonomous, real-time monitoring, detection and response. Though the nature of SCADA introduces many cybersecurity challenges, it also presents some opportunities that may enable use of novel approaches to securing these systems or make viable some approaches that are difficult to implement in the more open world of IT systems. The laws of physics often constrain the operations of SCADA. As a result, the normal behavior range of a given physical system is often well understood. These features may make anomaly detection and control easier. These parameters can be modeled, and the model of the dynamics of the system can be used to detect a compromised node or identify out-of-norm behavior. Because of these more limited dynamics, it is possible to consider use models that can adjust the connectivity of a system based on its criticality and known mission needs.

Cyber Threat Assessment System

SCALABLE s EXata: Network Emulation Command-Line Virtual Protocol Stacks GUI: Design, Visualize, Analyze Hardware In The Loop + External Interfaces Wireless Channel, Mobility & Terrain Models Kernel for Simulation & Emulation Packet Sniffer + SNMP Interfaces 8

EXata Overview Internet SNMP Connect Devices Wireless Network Emulated in 3 1 2 EXata Conn. Mgr Streaming Video Chat/IM Internet Browsers Connect Real Applications 1 3 2 VoIP Sensors Situational Awareness Tactical Communications Microsoft Network Monitor Wireshark Packet Sniffer Interface Parallel to the Core Interface to other simulations

EXata Connection Manager EXata Connection Manager Runs on 1/more computers ( operational hosts ) Dynamically map entire computer or specific applications to EXata nodes Applications undergo network effects of EXata nodes Connection Manager: Connect real applications to EXata nodes

EXata Demo 11

Integrated Demo Master Cyber Attack Slave 12

Cyber Attack Framework (examples) Attack models encompassing the protocol stack : Defensive Breach Framework Firewall models Interface with attack generators & IDS Routing Misconfig Framework Sniffing and Passive traffic analysis Eavesdropping Framework Signals Intelligence Framework Application Transport Network MAC Physical Physical Attacks Physical Attack Framework Denial of Service Framework OS resource modeling Resource depletion modeling Wired & Wireless Wireless Jamming Framework Barrage Noise Jamming Silent 802.11 MAC jammer Sweep jamming

Emulated Network Affects Live Traffic Cyber Attack Models Network security Firewalls Port and network scanning Eavesdropping Jammers Denial of Service Stimulate Intrusion Detection System Signals Intelligence Operating System resource models Vulnerability exploitation Virus attacks Worm and virus propagation Antivirus Backdoors, rootkits Host models Botnets Security logs and audit trails Coordinated attacks Adaptive attacks From Source: Synchrophasor Emulated Cyber Network Attack At Destination 14

EXata and OPAL-RT: Cyber Threat Assessment and Mitigation Test Team SCADA Defenses Attack surface reduction Anomaly based IDS Connectivity adjustment Multiple viewpoint comparison Adaptation algorithms Time-varying reactions Isolation / shutdown strategies Control channel defense Dynamics modeling Code verification Reprogramming control devices Physical Controller mapped (HWIL) SCADA Attacks Reconnaissance, fingerprinting Authentication bypass, replay Bogus sensor inputs Modified controller outputs Time synchronization At-Scale SCADA System Model Connectivity, protocols, device models, access control, perimeter controls, firewalls, control & sensor data, physical process state Physical RTU mapped (HWIL) Physical system dynamics Logging, attack progression, cyber and physical metrics 1

SCALABLE and OPAL-RT Integrated Value Engineering-level network emulation to predict network behavior under attack. Ability to scale to represent the entire network. Integration of emulated network with equipment and power grid dynamics simulation. Run what-if scenarios about critical infrastructure under cyber-attack without threatening operations. Assess effectiveness of tools, techniques and architectures to ensure system availability. Measure and improve system resiliency.

THANK YOU Demo in the lobby SCALABLE Network Technologies Los Angeles, CA Miami, FL Montreal, QC lwihl@scalable-networks.com scalable-networks.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback