PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems

Similar documents
Cyber security for digital substations. IEC Europe Conference 2017

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment

NAVIGATING THE WATERS OF THE NEW EU NIS 2016/1148 CYBERSECURITY DIRECTIVE FOR ESSENTIAL SERVICE OPERATORS WHITE PAPER

Cyber Resilience Solution for Smart Buildings

Protecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012

Why Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG

Measuring and Evaluating Cyber Risk in ICS Components, Products and Systems

WHITE PAPER. Vericlave The Kemuri Water Company Hack

Securing the Grid and Your Critical Utility Functions. April 24, 2017

Multistage Cyber-physical Attack and SCADA Intrusion Detection

SECURING THE SUPPLY CHAIN

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Securing Industrial Control Systems

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

Digital Wind Cyber Security from GE Renewable Energy

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Expanding Cyber Security Management for Critical Infrastructure

Industrial Defender ASM. for Automation Systems Management

Securing the North American Electric Grid

Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk

Industry Best Practices for Securing Critical Infrastructure

Industrial control system (ICS) security

PREEMPTIVE PREventivE Methodology and Tools to protect utilities

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Security in grid control centers: Spectrum Power TM Cyber Security

THE CYBERX PLATFORM: PROTECT YOUR PEOPLE, PRODUCTION, AND PROFITS HIGHLIGHTS SOLUTION BRIEF

playbook OpShield for NERC CIP 5 sales PlAy

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

IoT & SCADA Cyber Security Services

Functional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK

Cybersecurity Vulnerabilities and Process Frameworks for Oil and Gas

COLLABORATIVE SECURITY. Network Security Endpoint Security Data Security

Addressing Cyber Threats in Power Generation and Distribution

Cybersecurity for the Electric Grid

Indegy. Industrial Cyber Security. ISA New Orleans Section. Applying the NIST Framework February 6, 2018

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Introduction to ICS Security

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Industrial Control System Cyber Security

RUAG Cyber Security Training Range & Attack Simulation. Peter Hladký Senior Cyber Security Specialist RUAG Defence

Cybersecurity Today Avoid Becoming a News Headline

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

TOWARDS CYBER SECURED SCADA SYSTEMS

Securing IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems

Security Standardization and Regulation An Industry Perspective

Building a resilient ICS

ICS Security Monitoring

2011 North American SCADA & Process Control Summit March 1, 2011 Orlando, Fl

Introducing Cyber Observer

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

IEC A cybersecurity standard approaching the Rail IoT

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Firewalls (IDS and IPS) MIS 5214 Week 6

WEI Conference SDG&E TCRI Project April 25, 2018 Mark Fowler, CISSP

New Zealand National Cyber Security Centre Incident Summary

Cybersecurity and Communications Based Train Control

March 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices

Cyber Risk in the Marine Transportation System

Passive Real-time Asset Inventory Tracking and Security Monitoring of Grid-edge Devices

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Secure Development Lifecycle

hidden vulnerabilities

The Importance of Cybersecurity Threat Detection for Utilities

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Cyber security - why and how

Detection and Analysis of Threats to the Energy Sector (DATES)

Where to Start in Cyber Security

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

SCADA and Smart Grid Security Tests

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Manufacturing security: Bridging the gap between IT and OT

Kaspersky Industrial CyberSecurity. Cybersecurity for Electric Power Infrastructure. #truecybersecurity

Vulnerability Disclosure

Cyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security

Innovation policy for Industry 4.0

End-to-End Trust, Segmentation and Segregation in the IIoT

The SCADA That Didn t Cry Wolf- Who s Really Attacking Your ICS Devices- Part Deux!

Protecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities

Security in a Converging IT/OT World

Comprehensive Cyber Security Features in SIPROTEC & SICAM. SIPROTEC Dag 11. Mei 2017

Chapter X Security Performance Metrics

Who Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom

Verizon Software Defined Perimeter (SDP).

Practical SCADA Cyber Security Lifecycle Steps

Connect Securely in an Unsecure World. Jon Clay Director: Global Threat

The Claroty Difference

Industrial Control Systems Providing Advanced Threat Detection

Technical Reference [Draft] DRAFT CIP Cyber Security - Supply Chain Management November 2, 2016

Data Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users

Trend Micro Cybersecurity Reference Architecture for Operational Technology

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

Understanding Holistic Effects of Cyber Events on Critical Infrastructure

THE TRIPWIRE NERC SOLUTION SUITE

Cyber and Physical Security: Lessons Learned From the Electric Industry. Joel dejesus Dinsmore & Shohl LLP Washington, DC

Transcription:

PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems Mati Epstein Global Sales Lead, Critical Infrastructure and ICS [Internal Use] for Check Point employees 1

Industrial Control Systems (ICS)/SCADA are All Around Us Water & Sewage Electricity Transportation Critical manufacturing Industrial Automation Oil & Gas and we rely on it every day for our basic functions and needs. [Restricted] ONLY for designated groups and individuals 2

Critical Infrastructure and ICS are under constant attack 2016 RANSOMWARE LOCKS TICKET MACHINES OF SAN FRANCISCO S MUNI TRANSIT [Internal Use] for Check Point employees 3

Most recent news July 18 th, 2017 The UK energy sector is likely to have been targeted and probably compromised by nation-state hackers, according to a memo from Britain s National Cybersecurity Centre (by NCSC, a subsidiary of GCHQ) July 15 th, 2017 Senior engineers at Ireland s Electricity Supply Board (ESB) were targeted last month by a group understood to have ties to the Kremlin s GRU intelligence agency (The Sunday Times) July 16 th, 2017 Energy sector hacking campaign targeted more than 15 U.S. firms (Cyberscoop) 2016 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 4

Market Trends US - NERC-CIP, NIST Cyber Security Framework Regulation European Union - Directive on security of network and information systems (NIS Directive July-2016), local initiatives, etc. Applicable Utilities (Electric, Water & Sewage) Critical Manufacturing Initial phase in APAC Smart Grid IoT and Smart Cities Growing Awareness Distribution Automation Smart Metering Globally Recent attacks [Internal Use] for Check Point employees 5

ICS-CERT Report: United States Critical Infrastructure Increasingly Targeted The Most Targeted Sectors Integrated Threat Prevention Manufacturing, then Energy Most Common Method of Attack Spear Phishing Boundary Protection Boundary Protection was the single most common ICS weakness discovered during assessments. Effective Boundary Protection is a pillar of the cybersecurity Defensein-Depth concept. ICS-CERT: These attacks were enabled by insufficiently architected ICS networks [Internal Use] for Check Point employees 6

Best Practices for Securing OT Secure Both OT and IT Environments Protect IT with Advanced Threat Prevention Technologies Clear Segmentation between OT and IT/Internet Deploy Specialized ICS/SCADA Security Technologies [Internal Use] for Check Point employees 7

Security Solutions for Industrial Control Systems/SCADA/IoT Visibility Granular Control of ICS/SCADA Traffic Virtual patching Stops exploits of known vulnerabilities Ruggedized Appliances for Harsh Environments Unified IT and OT Management Deep SCADA Protocol Inspection IPS/IDS 1200R Customized Visibility > 25 Protocols > 900 Commands > Values, Registers > 300 dedicated signatures Unified Policy Integration with SIEM systems [Internal Use] for Check Point employees 8

Multi-site customers: Electricity, Wind, O&G, Water 9

Manufacturing Factory Micro Segmentation in OT Management Facility Main Control Center SCADA Historian SmartEvent Control & monitor SCADA VPN Control Monitor PLC1 PLC2 PLC3 PLC4 Shop Floor / Substation Shop Floor / Substation 10

Manufacturing Factory Full IT/OT Convergence [Restricted] ONLY for designated groups and individuals 11

CrashOverride/Industroyer New ICS attack platform to Electric Grid Operations CrashOverride (called Industroyer as well) malware was the malware employed in the December 17th, 2016 cyberattack on the Kiev, Ukraine transmission substation which resulted in electric grid operations impact. (As reported by ESET and Dragos) ICS-CERT reported on June 14, 2017 https://www.us-cert.gov/ncas/alerts/ta17-163a The tactics, techniques, and procedures (TTPs) described as part of the CrashOverride malware could be modified to target U.S. critical information networks and systems. CrashOverride malware is an extensible platform that could be used to target critical infrastructure sectors, specifically using IEC104 and IEC61850 protocols. The malware issues valid commands directly to RTU s. Using Check Point protocols visibility and baselining would detect and alert on None-Baseline protocols and commands Could exploit Siemens SIPROTEC relay denial-of-service (DoS) vulnerability, leading to a shutdown of the relay. Using CVE-2015-5374 to Hamper Protective Relays Check Point published on June 20 th an IPS signature for virtual patching protection of the DoS vulnerability [Restricted] ONLY for designated groups and individuals 12

Industrial Security Process Independently log all SCADA activity: Protocols, Commands, Values Define Baseline Set Rules based on Known / Unknown / Not Allowed Identify Deviations and Attacks Based on the defined rules, time of day, attack patterns Alert / Prevent Based on topology In-line or Tap and configuration [Internal Use] for Check Point employees 13

Thank you.. Any Question? [Internal Use] for Check Point employees 14

THANK YOU [Internal Use] for Check Point employees 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback