SlideShare uma empresa Scribd logo

ICS Cyber Security Presentation

London School of Cyber Security
London School of Cyber Security

Sign up for training discounts: http://bit.ly/1f97ztX Follow us on Twitter: http://bit.ly/1fki6EQ Register for LIVE Hangouts: http://bit.ly/1lJ2z1j Blog: http://bit.ly/1mSfHlp 1. What are Industrial Control Systems (ICS), where are they used, what were they originally designed to do 2. How are they being used now – connections to the Internet and remote connectivity 3. How is securing ICSs different than securing IT

TecnologiaNegócios
1 de 7
Baixar para ler offline
ICS Cyber Security February 6, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com Applied Control Solutions Proprietary Information
What are Industrial Control Systems (ICSs) • Industrial control systems (ICSs) operate power, water, chemicals, pipelines, military systems, medical systems, etc • ICSs include SCADA/EMS, DCS, PLCs, RTUs, IEDs, smart sensors and drives, emissions controls, equipment diagnostics, AMI (Smart Grid), programmable thermostats, building controls,… • Focus is reliability and safety Applied Control Solutions Proprietary Information
Control Systems Basics Internet ERP MES Data Ware house Support Systems Internet Applied Control Solutions Proprietary Information
ICSs are not Mainstream Information Systems • • • • • • • The Internet and Microsoft are not necessarily the biggest ICS cyber threats External malicious threats are not necessarily the biggest concerns Firewalls and VPNs may not be adequate IDS will probably not identify ICS attacks Field devices have been hacked Default passwords and backdoors are not uncommon Many ICSs have hardware configurations that are cyber vulnerable and cannot be patched or fixed • Patching is difficult and can have unintended consequences • Cyber forensics and logging may not exist Applied Control Solutions Proprietary Information
Selected Differences Between IT and ICS Attribute IT ICS Confidentiality (Privacy) High Low Message Integrity Low-Medium Very High Availability Medium Very High Authentication Medium-High High Lifetime 3-5 years 10-25 years Cyber Logging and Forensics Available SEIM only at the IP layer Operating Systems COTS (Windows, Linux,…) COTS at HMI, RTOS at field devices Patching Standard and expeditious Non-standard and potentially long time Applied Control Solutions Proprietary Information
ICS Security Expertise Lacking ICS Security Experts IT Security ICS Engineering Applied Control Solutions Proprietary Information
ICS Cyber Threats are Real • >325 actual ICS cyber incidents to date – Ranged from significant discharges to significant equipment damage to deaths • Very few ICS-specific cyber security technologies, training, and policies • >1,000,000 ICS devices directly connected to the Internet (and counting) Applied Control Solutions Proprietary Information

Recomendados

Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
Community Protection Forum
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
Jim Gilsinn
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
Itex Solutions
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14
James Nesbitt
 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of Things
Tripwire
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security Presentation
Filip Maertens
 

Recomendados

Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
Community Protection Forum
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
Jim Gilsinn
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
Itex Solutions
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14
James Nesbitt
 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of Things
Tripwire
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security Presentation
Filip Maertens
 
Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control Systems
David Spinks
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
Eran Goldstein
 
Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICS
johnsdeepsecure
 
BSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS securityBSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS security
Chris Sistrunk
 
УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"
УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"
УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"
Expolink
 
Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
EnterpriseGRC Solutions, Inc.
 
ICS Cyber Security Europe 2015
ICS Cyber Security Europe 2015ICS Cyber Security Europe 2015
ICS Cyber Security Europe 2015
G. Jane Louise Cook
 
Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security Experts
James Arlen
 
The value of our data
The value of our dataThe value of our data
The value of our data
EnterpriseGRC Solutions, Inc.
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)
Pöyry
 
CuSRF. OWASP AppSecUS 2014
CuSRF. OWASP AppSecUS 2014CuSRF. OWASP AppSecUS 2014
CuSRF. OWASP AppSecUS 2014
Barry Shteiman
 
Startupy w Pałacu - prezentacja Elmodis
Startupy w Pałacu - prezentacja ElmodisStartupy w Pałacu - prezentacja Elmodis
Startupy w Pałacu - prezentacja Elmodis
ELMODIS Inc.
 
The Panama Papers Hack
The Panama Papers HackThe Panama Papers Hack
The Panama Papers Hack
London School of Cyber Security
 
ISIS and Cyber Terrorism
ISIS and Cyber TerrorismISIS and Cyber Terrorism
ISIS and Cyber Terrorism
London School of Cyber Security
 
Silk Road & Online Narcotic Distribution
Silk Road & Online Narcotic DistributionSilk Road & Online Narcotic Distribution
Silk Road & Online Narcotic Distribution
London School of Cyber Security
 
Ashely Madison Hack
Ashely Madison HackAshely Madison Hack
Ashely Madison Hack
London School of Cyber Security
 
How To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksHow To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot Attacks
London School of Cyber Security
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and Forensics
London School of Cyber Security
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and Training
London School of Cyber Security
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA Environments
London School of Cyber Security
 
What Everybody Ought to Know About PCI DSS and PA-DSS
What Everybody Ought to Know About PCI DSS and PA-DSSWhat Everybody Ought to Know About PCI DSS and PA-DSS
What Everybody Ought to Know About PCI DSS and PA-DSS
London School of Cyber Security
 
Building an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramBuilding an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence Program
London School of Cyber Security
 

Mais conteúdo relacionado

Destaque

Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICS
johnsdeepsecure
 
ICS Cyber Security Europe 2015
ICS Cyber Security Europe 2015ICS Cyber Security Europe 2015
ICS Cyber Security Europe 2015
G. Jane Louise Cook
 
Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security Experts
James Arlen
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)
Pöyry
 

Destaque (12)

Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control Systems
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
 
Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICS
 
BSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS securityBSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS security
 
УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"
УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"
УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"
 
Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
 
ICS Cyber Security Europe 2015
ICS Cyber Security Europe 2015ICS Cyber Security Europe 2015
ICS Cyber Security Europe 2015
 
Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security Experts
 
The value of our data
The value of our dataThe value of our data
The value of our data
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)
 
CuSRF. OWASP AppSecUS 2014
CuSRF. OWASP AppSecUS 2014CuSRF. OWASP AppSecUS 2014
CuSRF. OWASP AppSecUS 2014
 
Startupy w Pałacu - prezentacja Elmodis
Startupy w Pałacu - prezentacja ElmodisStartupy w Pałacu - prezentacja Elmodis
Startupy w Pałacu - prezentacja Elmodis
 

Mais de London School of Cyber Security

Website Impersonation Attacks. Who is REALLY Behind That Mask?
Website Impersonation Attacks. Who is REALLY Behind That Mask?Website Impersonation Attacks. Who is REALLY Behind That Mask?
Website Impersonation Attacks. Who is REALLY Behind That Mask?
London School of Cyber Security
 
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker HotshotsChanging the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
London School of Cyber Security
 

Mais de London School of Cyber Security (20)

The Panama Papers Hack
The Panama Papers HackThe Panama Papers Hack
The Panama Papers Hack
 
ISIS and Cyber Terrorism
ISIS and Cyber TerrorismISIS and Cyber Terrorism
ISIS and Cyber Terrorism
 
Silk Road & Online Narcotic Distribution
Silk Road & Online Narcotic DistributionSilk Road & Online Narcotic Distribution
Silk Road & Online Narcotic Distribution
 
Ashely Madison Hack
Ashely Madison HackAshely Madison Hack
Ashely Madison Hack
 
How To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksHow To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot Attacks
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and Forensics
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and Training
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA Environments
 
What Everybody Ought to Know About PCI DSS and PA-DSS
What Everybody Ought to Know About PCI DSS and PA-DSSWhat Everybody Ought to Know About PCI DSS and PA-DSS
What Everybody Ought to Know About PCI DSS and PA-DSS
 
Building an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramBuilding an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence Program
 
Crowdsourced Vulnerability Testing
Crowdsourced Vulnerability TestingCrowdsourced Vulnerability Testing
Crowdsourced Vulnerability Testing
 
Memory forensics and incident response
Memory forensics and incident responseMemory forensics and incident response
Memory forensics and incident response
 
Gauntlt Rugged By Example
Gauntlt Rugged By ExampleGauntlt Rugged By Example
Gauntlt Rugged By Example
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
Website Impersonation Attacks. Who is REALLY Behind That Mask?
Website Impersonation Attacks. Who is REALLY Behind That Mask?Website Impersonation Attacks. Who is REALLY Behind That Mask?
Website Impersonation Attacks. Who is REALLY Behind That Mask?
 
Sploitego
SploitegoSploitego
Sploitego
 
Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Research
 
Blind XSS
Blind XSSBlind XSS
Blind XSS
 
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker HotshotsChanging the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
 
Sploitego
SploitegoSploitego
Sploitego
 

Último

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Último (20)

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

ICS Cyber Security Presentation

  • 1. ICS Cyber Security February 6, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com Applied Control Solutions Proprietary Information
  • 2. What are Industrial Control Systems (ICSs) • Industrial control systems (ICSs) operate power, water, chemicals, pipelines, military systems, medical systems, etc • ICSs include SCADA/EMS, DCS, PLCs, RTUs, IEDs, smart sensors and drives, emissions controls, equipment diagnostics, AMI (Smart Grid), programmable thermostats, building controls,… • Focus is reliability and safety Applied Control Solutions Proprietary Information
  • 3. Control Systems Basics Internet ERP MES Data Ware house Support Systems Internet Applied Control Solutions Proprietary Information
  • 4. ICSs are not Mainstream Information Systems • • • • • • • The Internet and Microsoft are not necessarily the biggest ICS cyber threats External malicious threats are not necessarily the biggest concerns Firewalls and VPNs may not be adequate IDS will probably not identify ICS attacks Field devices have been hacked Default passwords and backdoors are not uncommon Many ICSs have hardware configurations that are cyber vulnerable and cannot be patched or fixed • Patching is difficult and can have unintended consequences • Cyber forensics and logging may not exist Applied Control Solutions Proprietary Information
  • 5. Selected Differences Between IT and ICS Attribute IT ICS Confidentiality (Privacy) High Low Message Integrity Low-Medium Very High Availability Medium Very High Authentication Medium-High High Lifetime 3-5 years 10-25 years Cyber Logging and Forensics Available SEIM only at the IP layer Operating Systems COTS (Windows, Linux,…) COTS at HMI, RTOS at field devices Patching Standard and expeditious Non-standard and potentially long time Applied Control Solutions Proprietary Information
  • 6. ICS Security Expertise Lacking ICS Security Experts IT Security ICS Engineering Applied Control Solutions Proprietary Information
  • 7. ICS Cyber Threats are Real • >325 actual ICS cyber incidents to date – Ranged from significant discharges to significant equipment damage to deaths • Very few ICS-specific cyber security technologies, training, and policies • >1,000,000 ICS devices directly connected to the Internet (and counting) Applied Control Solutions Proprietary Information