Cyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security

Similar documents
Cyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016

What s New in PI Security?

What s new in PI System Security?

What s new in PI System Security?

Are Mobile Technologies Safe Enough for Industrie 4.0?

Hardcore PI System Hardening

ANATOMY OF AN ATTACK!

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Addressing Cyber Threats in Power Generation and Distribution

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare

Connectivity from A to Z Roadmap for PI Connectors and PI Interfaces

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Cyber security - why and how

New Technologies for Cyber Security

Cybersecurity for IoT to Nuclear

Sharing What Matters. Accelerating Incident Response and Threat Hunting by Sharing Behavioral Data

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

the SWIFT Customer Security

Understanding the Changing Cybersecurity Problem

Protecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities

Why Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG

Industry Best Practices for Securing Critical Infrastructure

IoT & SCADA Cyber Security Services

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

How NOT To Get Hacked

Securing Industrial Control Systems

Firewalls (IDS and IPS) MIS 5214 Week 6

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Data Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users

Securing the North American Electric Grid

MODERN MALWARE, MODERN DEFENSES AND PROTECTION

The Road to Industry 4.0

Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.

Securing Your Terminal

Security analysis and assessment of threats in European signalling systems?

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment

Take Risks in Life, Not with Your Security

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)

How Breaches Really Happen

TRAINING CURRICULUM 2017 Q2

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

Federal Mobility: A Year in Review

IC32E - Pre-Instructional Survey

Security+ SY0-501 Study Guide Table of Contents

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Welcome to the Second Annual Intelligence & National Security Forum

Achieving End-to-End Security in the Internet of Things (IoT)

Protect Your Organization from Cyber Attacks

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

ABB Ability Cyber Security Services Protection against cyber threats takes ability

Maximum Security with Minimum Impact : Going Beyond Next Gen

2017 Annual Meeting of Members and Board of Directors Meeting

Cyber Security of Industrial Control Systems (ICSs)

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

CompTIA Cybersecurity Analyst+

PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems

Critical Hygiene for Preventing Major Breaches

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Designing and Building a Cybersecurity Program

Cybersecurity in Government

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

What We Can Learn from Other s Cybersecurity Failures. Keith Price BBus, MSc, CGEIT, CISM, CISSP

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

National Instruments & OSIsoft Academic Program Partnership

USERS CONFERENCE Copyright 2016 OSIsoft, LLC

Sage Data Security Services Directory

SEGRID storyline. Workshop SEGRID November 14 th, 2016, Barcelona, Spain

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

align security instill confidence

Changing face of endpoint security

Cyber security for digital substations. IEC Europe Conference 2017

You knew the job was dangerous when you took it! Defending against CS malware

OSIsoft Technologies for the Industrial IoT and Industry 4.0

RasGas Use Case: Owl DualDiode Solution

IE156: ICS410: ICS/SCADA Security Essentials

Agenda: Insurance Academy Event

Practical SCADA Cyber Security Lifecycle Steps

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cybersecurity Metrics: A Red Team Perspective

Expanding Cyber Security Management for Critical Infrastructure

CYBERSECURITY IN THE INDUSTRIAL INTERNET OF THINGS

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies

2009 OSIsoft, LLC. OSIsoft vcampus Live! where PI geeks meet OSIsoft, LLC. OSIsoft vcampus Live! 2009 where PI geeks meet

Essentials of Cyber Security Intelligence for Protecting ICS

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Who Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

ICS Security Monitoring

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE

Cyber Security 2010 THE THREATS! THE FUTURE!

CYBERSECURITY RISK LOWERING CHECKLIST

Cyber Risk in the Marine Transportation System

K12 Cybersecurity Roadmap

CompTIA A+ Certification ( ) Study Guide Table of Contents

Transcription:

Cyber Security Presented by Brian Bostwick OSIsoft Market Principal for Cyber Security

Cyber Security Trauma in the News Saudi Aramco Restores Network After Shamoon Malware Attack Hacktivist-launched virus takes out 75% of stateowned oil company s workstations, signals the growing power of attackers with social or political agendas. Matthew J. Schwartz Updated: 12:22 p.m. August 27, 2012 Confirmation of a Coordinated Attack on the Ukrainian Power Grid After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that cyber attacks were directly responsible for power outages in Ukraine. Michael J. Assante, January 9, 2016

BSI Top Threats Threats against humans Social Engineering, USB devices, accidents Boundary exploits Exploits of internet facing systems, remote access, critical systems, cloud apps Internal threats Old systems and software, DDoS attacks, Smartphones Federal Office for Information Security 3

Bow Tie Diagrams: Introduced by Shell Engineering Bow-Tie Model ICS Security Bow-Tie Evaluating Cyber Risk in Engineering Environments: A Proposed Framework and Methodology https://www.sans.org/reading-room/whitepapers/ics/evaluating-cyber-risk-engineering-environments-proposedframework-methodology-37017

Bow Tie Attacks diagram & Defenses from PI Coresight Point of Analysis Impacts & Reductions Keep the bad guys out But if they get in, limit the damage

Ukraine Power: ICS Cyber Kill Chain Mapping Business Network DMZ Plant Information Restricted Network Analysis of the cyber attack on the Ukraine Power Grid, SANS.org

Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact 1 Modern PI System Kill Chain The Internet WEB Page Drive By Coresight Client in Web Browser Admin OS Access Unauthenticated access Coresight Server Unauthorized access to data Unauthenticated access Many opportunities to defend Attacks are complex Successful attacks require high skill levels 2 3 4 5 PI Server Unauthorized access to data Administrative access to operating system Connector Control system pwned 6 Control System Social Engineering Web Browser Compromise User OS Access Authenticated Access Coresight Server Compromise Manipulation of configuration Administrative access to operating system PI Server Compromise Missing or tainted data sent to users or downstream services Exploit vulnerable product or service to inject malware on interface node Connector Compromise Control system slow or unresponsive Phishing Email Network Node Access Exploit vulnerable product or service Missing or tainted data sent to users or downstream services Authenticated PI data access Service delays or unresponsive Use interface output points for sending data to control systems Loss of control including anomalous actuator operation Admin Access to OS/ SQL Server Service delays or unresponsive Exploit vulnerable service on PI Server Manipulation of configuration Use interfaces to overload control system Loss of view including fake sensor data Overload Server (DoS) Spread malware to client connections Overload PI Server Pivot to other servers (PI Server as client to another server or unauthorized call home) Use PI data as part of a covert command and control channel Coresight acts as client to another resource Spread malware to client connections Business Network DMZ Restricted Network

Top Three DHS ICS-CERT Weaknesses 1. Boundary Protection: Poor architecture including ICS discoverable on the internet 2. Least Functionality: Unnecessary open ports 3. Authenticator Management: Simple passwords and lack of encryption Industrial Control Systems Assessment Summary Report FY 2015

1. Boundary Protection Transmission & Distribution SCADA Critical Systems Limits direct access to critical systems while expanding the value use of information. Plant DCS Infrastructure PLCs Environmental Systems Other critical operations systems Security Perimeter Reduce the risks on critical systems

1. Boundary Protection: PI to PI PI Coresight Server Cloud Gateway PI Cloud Services SCADA/EMS PI Server PI Server PItoPI Clients PI Coresight Substation / RTU Control Center DMZ Corporate Access External Access

1. Boundary Protection: Data Diode Partners Separation of access for operation and business user Absolute enforcement with one-way data flow......... Deliver Deliver PI3, WCF PI3, WCF Collect PI, PI3, WCF PI Server PI Server Restricted Network Plant Information DMZ Business Network

2. Least Functionality PI Server Certified for Windows Server Core Less installed, less running, No GUI applications Fewer open ports Less patching Less Maintenance Lower TCO. More Secure Microsoft Mechanics. "Exploring Nano Server for Windows Server 2016 with Jeffrey Snover." Online video clip. YouTube, 10 Feb. 2016

3. Authentication Management Use Windows Integrated Security (WIS)

3. Authentication Management: The Modern PI System......... Using Windows Integrated Security - PI System communication is encrypted by default PI Interfaces are configurable with transport security Deliver Deliver PI3, WCF PI3, WCF PI Interface PI, PI3 PI Server PI, PI3 PI to PI PI, PI3 PI Server Restricted Network Plant Information DMZ Business Network

Work in Security is Ongoing Security Advisors Engineering Champions CSS Champions IT Champions SMIP secure@osisoft.com

OSIsoft Security Development Lifecycle Microsoft SDL model

Note Video replay has been removed to keep download size down. See the video on the replay for this conference session at osisoft.com > About OSIsoft > Presentations. 17

Microsoft Project Springfield Early Adopter Resists pathological PI SQL data queries 1 2 4 3 Cortana Ready Data Safe import and export of AF asset structures Robust support for intensive bulk data calls Reliable access to archive data

Key PI System Security Resources https://techsupport.osisoft.com/troubleshooting/pi-system-cyber-security https://www.youtube.com/user/osisoftlearning/ https://pisquare.osisoft.com/groups/security

Actions Defend boundaries to critical systems by providing operational data through the PI System to business applications Achieve least functionality by removing unnecessary services or running on Microsoft Windows Server Core Manage authentication using Windows Integrated Security and encrypt all PI System messages and communication 20

Contact Information Brian Bostwick Brian@OSIsoft.com Market Principal, Cybersecurity OSIsoft, LLC Please keep the conversation going. Other OSIsoft Security talks: State of PI System Security and the EU NIS Directive, Wed. 11:45-12:15 What's New in PI Security? Thursday, 15:45-16:15 Security Booth in the Product Expo 21

Questions Please wait for the microphone before asking your questions Please remember to Complete the Online Survey for this session State your name & company http://ddut.ch/osisoft 22

Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback