Industrial Control System Cyber Security

Similar documents
Defensible Security DefSec 101

Emerging Issues: Cybersecurity. Directors College 2015

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Best Practices in ICS Security for System Operators

SECURING THE SUPPLY CHAIN

Continuous protection to reduce risk and maintain production availability

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

Cybersecurity, safety and resilience - Airline perspective

Cybersecurity for the Electric Grid

Disaster Recovery and Business Continuity Planning (Mile2)

External Supplier Control Obligations. Cyber Security

TAN Jenny Partner PwC Singapore

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cyber Resilience. Think18. Felicity March IBM Corporation

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Cybersecurity Overview

Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.

Keys to a more secure data environment

Cybersecurity for Health Care Providers

CYBER RESILIENCE & INCIDENT RESPONSE

Statement for the Record

Table of Contents. Sample

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cyber Security Technologies

Business continuity management and cyber resiliency

CYBER SECURITY TRAINING

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Global Security Consulting Services, compliancy and risk asessment services

HOSTED SECURITY SERVICES

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

Continuity of Business

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Standard CIP Cyber Security Critical Cyber Asset Identification

Summary of Cyber Security Issues in the Electric Power Sector

Standard CIP Cyber Security Critical Cyber Asset Identification

Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m.

SPECIALIST CYBER SECURITY SERVICES & CYBER VULNERABILITY HEALTH CHECK FOR SMALLER COMPANIES

DDoS MITIGATION BEST PRACTICES

locuz.com SOC Services

Cyber Security Incident Response Fighting Fire with Fire

Ingram Micro Cyber Security Portfolio

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

NCSF Foundation Certification

IT SECURITY FOR NONPROFITS

DeMystifying Data Breaches and Information Security Compliance

Houston Urban Area Security Initiative (UASI) Cybersecurity Mini-Assessment Workshop

NY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO

Why you should adopt the NIST Cybersecurity Framework

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

Chapter X Security Performance Metrics

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

RUAG Cyber Security Understand Cyber. Protect Values.

Digital Wind Cyber Security from GE Renewable Energy

Designing and Building a Cybersecurity Program

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cloud-Based Data Security

Heavy Vehicle Cyber Security Bulletin

Business Continuity: How to Keep City Departments in Business after a Disaster

Cyber Security of Industrial Control Systems (ICSs)

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED

Cyber Risks in the Boardroom Conference

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

TACOMA PUBLIC UTILITIES CYBERSECURITY PROGRAM NIAC WORKSHOP JUNE 2017

Cyber risk management into the ISM Code

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

Cloud Security Myths Paul Mazzucco, Chief Security Officer

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Incident Response Plans: The Emergency Shutoff Control for Cyber Risk. Tabitha Greiner, Acumera Chris Lietz, Coalfire

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Chapter X Security Performance Metrics

BHConsulting. Your trusted cybersecurity partner

Indegy. Industrial Cyber Security. ISA New Orleans Section. Applying the NIST Framework February 6, 2018

BHConsulting. Your trusted cybersecurity partner

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Gujarat Forensic Sciences University

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

Risk Advisory Academy Training Brochure

NUIT Tech Talk. Emergency Preparedness. March 1, Sharlene Mielke. Jay Bagley. Disaster Recovery / Business Continuity Coordinator

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Cyber Attacks & Breaches It s not if, it s When

Reasons to Become CISSP Certified. Keith A. Watson, CISSP CERIAS

Introduction. Overview. Every Crisis Management Team Needs a Critical Decision Checklist. Presented by Roseanne Rostron, CBCP President Raido Response

Transcription:

Industrial Control System Cyber Security Disaster Recovery Information Exchange Bruce Tyson June 28, 2017 Lunch and Learn

Introduction Bruce Tyson is a certified engineering technologist (CET Telecommunications ) and a professional project manager (PMP) with over 30 years experience in the energy sector. Bruce is the President and CEO of KZenEdge Strategic Program Execution. He and his partner Tim Ewasiuk (VP and COO) operate a management consulting firm delivering solutions that span operations, engineering, maintenance and IT processes. Disaster Recovery, Cyber Security, and Industrial Controls have all been components of successful program and project delivery. For more information, visit: www.kzenedge.com 2

Agenda Cybersecurity Risk For Industrial Control Systems Impacting Disaster Recovery Review the baseline ICS environment and key business drivers Review the cybersecurity threat landscape and a few real world case studies Review some frameworks and key resource/stakeholders for addressing ICS Cybersecurity RISK Evaluate the question, Does your current DRP incorporate the threats, priorities, standards and regulations for ICS Cyber scenarios? Logistics 40-45 minutes of presentation 10 minutes of Q&A 3

Safety Moment In the event of an evacuation exits Washroom facilities Lunch allergy; choking 4

Safety Moment In the event of an evacuation exits Washroom facilities Lunch allergy; choking 5

Definitions Cybersecurity The body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. (WhatIs) Encompasses a broad range of practices, tools and concepts related closely to those of information and operational technology security. (Gartner) Industrial Control System (ICS) Term encompassing several types of control systems technology and associated instrumentation including SCADA, DCS, and PLC s often found in the industrial sector and critical infrastructures. (Wikipedia) 6

The Issue Business Driver - Safe and Secure Operations Cybersecurity is a component of Safe and Secure Operations needs fit for purpose solutions that match their expectations for ICS integrity Clarity on organizational responsibilities Visibility to board level What is the cybersecurity posture? Plan? 7

Cybersecurity Priorities Information Technology (IT/IS) Confidential personal information Business Continuity Operational Technology (OT/Ops) Safety & Environment Production (Continuity) Data Integrity Confidential company info Reputation Regulatory Compliance Data Integrity Confidential company data Reputation Regulatory Compliance IT Note - Very dependent on the type of business OT Note Typical for many types of ICS environments 8

Cybersecurity Priorities Information Technology (IT/IS) IT Confidential personal information Personal information Business Continuity Business Continuity Data Integrity Confidential company info Reputation Regulatory Compliance Operational Technology (OT/Ops) OT Safety & Environment Safety Production (Continuity) Production Data Integrity Confidential company data Reputation Regulatory Compliance IT Note - Very dependent on the type of business OT Note Typical for many types of ICS environments 9

ICS Cybersecurity Context 10

Examples of Access Points and the Resultant Security Challenges 11

Real World Threat Examples June 24, 2017 UK Parliament E-Mails November 2016 PoisonTap physical access compromise October 2016 +400 million user accounts (confidentiality/blackmail) October 21, 2016 - Distributed Denial of Service (Access/performance) October 11, 2016 Multiple Pipeline Valve Closures (safety, production, reputation) March 2016 - Georgia Pacific Disgruntled Employee Cyber Attack (production, reputation) January 2016 - Critical Infrastructure Incidents Increased in 2015: ICS- CERT December 23, 2015 - Ukraine Power Grid ICS CERT Alerts (safety, production, reputation) Top 10 Security Breaches of 2015 (all) 2014 - Dragonfly Attacks on Energy Companies (all) 12

Real World Threat Case Study October 21, 2016 - Distributed Denial of Service (Access/performance) Scientific American Publication (abridged) Last week s distributed denial of service (DDoS) attacks in which tens of millions of hacked devices were exploited to jam and take down internet computer servers is an ominous sign for the Internet of Things. Dyn Statement (abridged) Dyn s operations and security teams initiated our mitigation and customer communications process through our incident management system. We practice and prepare for scenarios like this on a regular basis, and we run constantly evolving playbooks and work with mitigation partners to address scenarios like these. 13

Real World Threat Case Study December 23, 2015 - Ukraine Power Grid Impact (excerpt) Power substations taken offline leaving more than 230,000 residents in the dark. Backup power at two of the three distribution centers were also taken offline leaving operators in the dark. The power wasn t out long in Ukraine: just one to six hours for all the areas hit. But more than two months after the attack, the control centers are still not fully operational. Details from extensive investigation (excerpt) they were skilled and stealthy strategists who carefully planned their assault over many months, first doing reconnaissance to study the networks and siphon operator credentials, then launching a synchronized assault 14

Threat Tree Identification External Internal Malicious Accidental Accidental Malicious Targeted Individual or small org Criminal For Gain Automatic Opportunistic Random High Volume Vendor Service Provider Operations Staff IT Staff Individual or small org Vandalism/ Headlines Government or sophisticated org Terrorism Ongoing Operational or Project Normal Activities Single Event Activity (example termination/ exit) 15

Risk Management 16

Risk Management Mitigation DR/ER does not influence probability it reduces impact 17

Incident Response Plan Have cybersecurity event scenarios been evaluated (Risked?) When does it become an explicit part of DRP? ------ An incident is an event that could lead to loss of, or disruption to, an organization's operations, services or functions. If not managed an incident can escalate into an emergency, crisis or a disaster. Incident management is therefore the process of limiting the potential disruption caused by such an event, followed by a return to business as usual. Without effective incident management an incident can rapidly disrupt business operations, information security, IT systems, employees or customers and other vital business functions. 18

ICS Cybersecurity Framework DRP Source National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity V1.0 February 12, 2014

ICS Cybersecurity Framework Cyber Security Frameworks DRP Source Department of Energy Sector Specific Plan - May 2007 SSP Sector Specific Plan NIPP National Infrastructure Protection Plan CI/KR Critical Infrastructure/Key Resources 20

21

Incident Management Establish an incident response and disaster recover capability. Produce and test incident management plans. Provide specialist training to the incident management team. 22

ISC Cyber Training/Certification SANS/GIAC Training and Certifications ISO 27001 Information Security Management Systems ICS-CERT Multiple courses ISA/IEC 62443 - Cybersecurity Certificate Programs NIST Standards training support Product Vendors ICS, Network, Applications Training Vendors Institutions Diploma, Certificate, Courses Note SAIT is developing a new program for ICS Security 23

24

DRP, ERP, BCP 25

Is your current DRP structured to address the threats, priorities, standards and regulations associated with ICS Cybersecurity? 26

A Proven Delivery Methodology to Execute Your Vision www.kzenedge.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback