Cyber Resilience Solution for Smart Buildings Integrated IT/OT Security Oren Aspir, Cyberbit, CTO 2017 by CYBERBIT 2017 by CYBERBIT Proprietary CYBERBIT Proprietary
Buildings getting smarter IT systems HVAC Surveillance systems/cameras Gate control Elevators Electric circuit controllers Fire alarm 2
Connectivity is On the Rise Physical Space Sampling Physical Processes Action Actuator Sensors Actuators Wireless Module Communication Protocol Wireless Module Sensor Configurations Measurements Commands Acknowledgments User Preference and Network Configuration Status and Performance Visualization Control Algorithm Wireless Module Controller User Interface Cyber Space Controller Wireless Sensor Network 3 Wireless Communication
And therefore, more vulnerable to high-profile IT/OT/IoT cyber attacks Dyn attack turning webcams and other IoT devices into a botnet for DDoS attacks BART attack on the San Francisco Metro Ransomware holding the building hostage Austria Hotel Locks Attack (2016) USA Presbyterian Medical Centre (2016) Germany Steel Mill Attack (2015) 4
Smart Building Protection Challenges 1 Operational continuity 2 Safety of on site personnel 3 Safety of critical physical operational systems 4 Safety of IP connected devices 5 Prevention of Information theft
Smart Building Physical Illustration
Smart Building Network Illustration IT Network Internet Web Servers Email Servers Authentication Servers Internal DB and file Servers IT components In the IT network Domain Controller SCADA Server OT Network IT components in the OT network DCS System #1 Local HMI OT components in the OT network Controller Controller 7
So Much Protection for Your IT Assets IT network Corporate IT AV FW DLP NAC EDR HIPS AV FW DLP NAC EDR HIPS DPI 8
Why Settle for Less in Your Critical Network? OT network Operational IT (Historian, HMI, SCADA servers) Not updated AV Unpatched Windows 2008/XP/NT PLC OT Text not encrypted DPI 9
A Complex, Multi-Layered Threat Stack, Combining IT and OT Attack Vectors IT Malware Spear phishing, External devices, Macros Internet Web Servers Email Servers Authentication Servers ERP Internal DB and file Servers Corporate IT IT Network Legacy SCADA OT Network OT Malware Lateral movement, Remote access, Historian Domain Controller SCADA Server Operational IT DCS System #1 Local HMI Operational Components (OT) M2M MITM, Unauthorized devices IED 10
A Complex, Multi-Layered Threat Stack, Combining IT and OT Attack Vectors IT Malware Spear phishing, External devices, Macros Insecure Remote Support Internet Web Servers Email Servers Authentication Servers ERP Internal DB and file Servers Corporate IT IT Network Legacy SCADA OT Network OT Malware Lateral movement, Remote access, Historian Domain Controller Infected Laptop SCADA Server Insecure Wireless Insecure Modems Operational IT DCS System #1 Local HMI Operational Components (OT) Infected USB Keys M2M MITM, Unauthorized devices Infected PLC Logic IED Insecure Serial Links 11
Keeping Smart Building Protected Key Principles Continuous monitoring and detection Across the entire attack surface IT and OT components Smart analytics integrating all layers Orchestration and visibility from a single application 12
A Layered Approach to Smart Building Security Sensors for continuous monitoring Big data security analytics Unified Security Console IT Endpoints Operational IT OT 13
Smart Building - Case Study
Israel s first secure-by-design government facility Cyberbit partnered with Deloitte and with the building contractor company to provide the entire cybersecurity suite for Israel s first cyber protected smart building facility 15
Project Goals Integrated security across the entire infrastructure The solution must secure the entire IT, OT and IoT infrastructure and related devices. Centralized visibility SOC managers and analysts must have 24/7 situational awareness across IT, OT and IoT including: dashboards Reports, security visualization, all in a central location, and provide cross-segment information Centralized incident response SOC teams will manage the incident centrally, at the SOC. This requires access to all security tools from a single location, and access to data from all systems 16
Why was Cyberbit selected? The only vendor providing a complete IT/OT/IoT solution Proprietary products (not 3 rd party) Expertise in complex Integrations Integrated technology Experience with public sector and government projects 17
Design considerations Security vs. Operation Physical segregation vs. central control One way vs. two-way connections Passive vs. active Security vs. simplicity 18
IT security SIEM EPP EDR NAC PIM PKI Sanitization workstations One way link (data diode) 19
OT security: Cyberbit SCADAShield Passive systems Ring TAP IP Tapping (span port) DPI for Bacnet, Ethercat & Modbus Anomaly detection Business deviation alerting Network mapping and change detection Vulnerability detection 20
Security Operation: SOC 3D Single pane of glass Automation Best practices Incident response orchestration Control 21
Thank You! 2017 by CYBERBIT 2017 by CYBERBIT Proprietary CYBERBIT Proprietary