SlideShare uma empresa Scribd logo

From Air Gap to Air Control

Transferir como PPTX, PDF
EnergySec
EnergySec

Industrial control networks have been thrust into a world of network interconnectivity the likes we haven’t seen before, and that is expanding at an astonishing rate. A cultural and technical recalibration is vital to defend ICS assets from cyber threats, and the risks and potential consequences of a successful attack against our critical infrastructure are well known, yet few would argue that these changes are slow in coming. Why is that? In part, the notion that control networks are adequately defensible against cyber attack by “air gapping” the control network from the Internet and corporate network is still believed to be the best defense. In this presentation, the value and vulnerabilities of the air gap will be discussed, as well as specific methods to mitigate cyber threats along the attack continuum.

Tecnologia
1 de 43
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 From Air Gap to Air Control Marc Blackmer and John Ode EnergySec: August 2014
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 //----- (10002271) -------------------------------------------------------- int __cdecl sub_10002271(int a1, int a2, int a3) { int result; // eax@1 *(_DWORD *)(a1 + 80) = *(_DWORD *)(a2 + 40) + *(_DWORD *)(a2 + 52); *(_DWORD *)(a1 + 84) = 0; *(_DWORD *)(a1 + 88) = *(_DWORD *)(a2 + 96); *(_DWORD *)(a1 + 92) = *(_DWORD *)(a2 + 100); *(_DWORD *)(a1 + 96) = *(_WORD *)(a2 + 92); *(_WORD *)(a1 + 100) = *(_WORD *)(a2 + 74); *(_WORD *)(a1 + 102) = *(_WORD *)(a2 + 72); *(_DWORD *)(a1 + 104) = 0; *(_WORD *)(a1 + 108) = *(_WORD *)(a2 + 22); *(_WORD *)(a1 + 110) = *(_WORD *)(a2 + 94); *(_WORD *)(a1 + 112) = *(_WORD *)(a2 + 4); *(_BYTE *)(a1 + 114) = 1; *(_BYTE *)(a1 + 115) = 4; *(_DWORD *)(a1 + 116) = *(_DWORD *)(a2 + 112); *(_DWORD *)(a1 + 120) = a3; result = a1 + 80; *(_DWORD *)(a1 + 124) = 0; return result; }
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Thoughts To Brighten your Day… …and what to do about them • Everyone gets breached • You have to be right 100% of the time; they only need to be successful once • Isolating IT, OT, and physical security into separate pillars introduces gaps that can be exploited • Identify and prioritize the crown jewels • Hedge your bets -> defense in depth • I didn’t actually say “convergence”
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14Cisco Confidential 14© 2013 Cisco and/or its affiliates. All rights reserved. The Near-Miss
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 • Planes/tower not following procedures? • Potential for runway collision • Aborted landing • No collision • No fatalities or injuries • On-time arrival Case Study: On a Recent Flight The Negatives The Positives Success or Failure?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 The Psychology of the Near-Miss1 Georgetown University McDonough School of Business research • Outcome = definition of success • Near-miss considered a success if outcome is positive • Near-miss = near-failure 1 Ben Paynter, “The Fire Next Time,” Wired, August 2012
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Case Study: Eliminating Near-Misses US Federal Aviation Administration • Reporting and analysis of all near-misses Tower reports Crew reports Flight and terrain data • Modification of: Flight patterns Airport approaches
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Case Study Result Massive reduction in airline-related deaths 83%
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19Cisco Confidential 19© 2013 Cisco and/or its affiliates. All rights reserved. Risk
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 • Exploration • Medical breakthroughs • Technology advances • Entrepreneurism • False sense of security • Complacency • Point-in-time view of security Risk in context The Positives The Negatives
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Case Study: Risk Lightning Storm vs. Data Center • No servers or critical systems were connected to uninterruptible power supplies (UPS) • Company hadn’t experienced an outage in over 13 years • Severe electrical storm
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Case Study Result All systems down 100%
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23Cisco Confidential 23© 2013 Cisco and/or its affiliates. All rights reserved. Datakinesis: “An action taken in cyber space that produces a result in the physical world”
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 • Los Angeles, USA Traffic operations center breached Light delays at 4 key intersections Snarled traffic for days No physical injuries • Natanz, Iran Undetected malware on control network Malware falsified centrifuge data readings Nuclear enrichment centrifuges suffered mass breakdowns No physical injuries Case Studies: Datakinesis
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 • Lodz, Poland Teenager with modified TV remote Changed tram track switches at will 4 commuter trams derailed 12 commuters injured Case Studies: Datakinesis
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 • Utah New government intelligence agency data center 10 unexplained, major electrical malfunctions in 13 months Construction set back by at least 1 year Cause undetermined Case Studies: Datakinesis
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 • Human error • Reduced budgets • Operational inefficiencies • Talent acquisition and retention Most Pervasive Threats
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28Cisco Confidential 28© 2013 Cisco and/or its affiliates. All rights reserved. Bunk/De-bunk
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 “I spent $[x]M on security last year, and you’re telling me I’m not secure?!”
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 “We’re all set; we just bought a [y] security widget.”
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 “We just passed [z] audit. We’re secure.”
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 “We’ve never been breached, so…”
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 “If we’re so insecure, why hasn’t anything happened yet?”
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 In Spite of Layers of Defense Malware is getting through control based defenses Malware Prevention is NOT 100% Breach Existing tools are labor intensive and require expertise Attack Continuum BEFORE Discover Enforce Harden AFTER Scope Contain Remediate Detect Block Defend DURING Point in Time Continuous
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 Point-in-Time Vs Continuous Temporal • Blind beyond point-in-time • Focused on detection and finding static artifacts • Misses malware ecosystem Lacks Visibility • Event enumeration without context • Misses scope and root causes • Blind to attack chain behavior Limited Control • Requires intelligence update • Not targeted • Limited integration Continuous Analysis Extended and continuous analysis and correlation of telemetry data Retrospective Security Real-time attack chain detection, analysis and visualization Real-time Containment Quickly target, contain, and remediate the specific malware and root causes Point-in-Time Continuous
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 Continuous changes the conversation  Continuous feed of event AND telemetry data  Data is always up to date when you need it  Analysis happens in cloud to reduce impacts  Analysis can happen indefinitely – Retrospection  More than event enumeration/correlation: telemetry data is continuously woven together over time  Collective Intelligence shared immediately  Can be deployed pervasively Collective Security Intelligence
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 Breadth and Control points: File Fingerprint and Metadata File and Network I/O Process Information Telemetry Stream Continuous feed Web WWW Endpoints NetworkEmail Continuous analysis DevicesIPS Analysis happens along the attack continuum Retrospection TrajectoryBehavioral Indications of Compromise Advanced levels of detection, tracking and response Threat Hunting Retrospective Detection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 Enables unique innovation 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 Breadth and Control points: File Fingerprint File and Network I/O Process Information Telemetry Stream Continuous feed Web WWW Endpoints NetworkEmail Retrospection TrajectoryBehavioral Indications of Compromise Threat hunting  File Retrospection  Process Retrospection  Connection Retrospection  Attack Chain Weaving Continuous  Blind Point-in-Time Retrospective Detection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 That continues to analyze what happens along the attack continuum 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 Breadth and Control points: File Fingerprint File and Network I/O Process Information Telemetry Stream Continuous feed Web WWW Endpoints NetworkEmail Retrospection TrajectoryBehavioral Indications of Compromise Threat hunting  Retrospective Detection  Prevalence  Static IoC’s  Behavioral IoC’s Continuous  Static IoC’s Point-in-Time Retrospective Detection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 That continues to analyze what happens along the attack continuum 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 Breadth and Control points: File Fingerprint File and Network I/O Process Information Telemetry Stream Continuous feed Web WWW Endpoints NetworkEmail Retrospection TrajectoryBehavioral Indications of Compromise Threat hunting  File Trajectory - Scope  Device Trajectory – Root Cause  File Analysis – Detail Analysis  Elastic Search Continuous  Event Enumeration  Static IoC’s Point-in-Time Retrospective Detection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 Know where to start Who What Where When How Focus on these users first These applications are affected The breach impacted these areas This is the scope of exposure over time Here is the origin and progression of the threat
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 Key Takeaways  The problem is likely worse than you think it is  Many threats getting through, creating beach heads  Think “infections”, not “detections”  Think continuous vs point-in-time
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43 Thank You Learn more at www.sourcefire.com

Recomendados

An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
 
PLC Virtualization Dragos S4 2019
PLC Virtualization Dragos S4 2019PLC Virtualization Dragos S4 2019
PLC Virtualization Dragos S4 2019Dragos, Inc.
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
 
Consequence Informed Cyber Security
Consequence Informed Cyber Security Consequence Informed Cyber Security
Consequence Informed Cyber Security Dragos, Inc.
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 

Recomendados

An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
 
PLC Virtualization Dragos S4 2019
PLC Virtualization Dragos S4 2019PLC Virtualization Dragos S4 2019
PLC Virtualization Dragos S4 2019Dragos, Inc.
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
 
Consequence Informed Cyber Security
Consequence Informed Cyber Security Consequence Informed Cyber Security
Consequence Informed Cyber Security Dragos, Inc.
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayEnergySec
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMRapid7
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Securing Electric Utility Infrastructure
Securing Electric Utility InfrastructureSecuring Electric Utility Infrastructure
Securing Electric Utility InfrastructureDragos, Inc.
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...Government Technology and Services Coalition
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationEnergySec
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos, Inc.
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Nathan Wallace, PhD, PE
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkNathan Wallace, PhD, PE
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE ExperienceDigital Bond
 
Creating the Workplace of Tomorrow
Creating the Workplace of TomorrowCreating the Workplace of Tomorrow
Creating the Workplace of TomorrowCisco Canada
 
Internet of everything
Internet of everything Internet of everything
Internet of everything Jayesh Pai
 

Mais conteúdo relacionado

Mais procurados

Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayEnergySec
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMRapid7
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Securing Electric Utility Infrastructure
Securing Electric Utility InfrastructureSecuring Electric Utility Infrastructure
Securing Electric Utility InfrastructureDragos, Inc.
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationEnergySec
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos, Inc.
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Nathan Wallace, PhD, PE
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkNathan Wallace, PhD, PE
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE ExperienceDigital Bond
 

Mais procurados (20)

Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles Away
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
 
Securing Electric Utility Infrastructure
Securing Electric Utility InfrastructureSecuring Electric Utility Infrastructure
Securing Electric Utility Infrastructure
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare Technology
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel Talk
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentation
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance Guide
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE Experience
 

Semelhante a From Air Gap to Air Control

Creating the Workplace of Tomorrow
Creating the Workplace of TomorrowCreating the Workplace of Tomorrow
Creating the Workplace of TomorrowCisco Canada
 
Internet of everything
Internet of everything Internet of everything
Internet of everything Jayesh Pai
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1SalmenHAJJI1
 
What is exactly anti fragile in dev ops - v3
What is exactly anti fragile in dev ops - v3What is exactly anti fragile in dev ops - v3
What is exactly anti fragile in dev ops - v3Asher Sterkin
 
DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...
DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...
DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...DevOpsDays Tel Aviv
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Decisions
 
Internet of everything - Деловой Интернет 2013
Internet of everything - Деловой Интернет 2013Internet of everything - Деловой Интернет 2013
Internet of everything - Деловой Интернет 2013Oleg Konovalov
 
BYOD Transforming the Enterprise
BYOD Transforming the EnterpriseBYOD Transforming the Enterprise
BYOD Transforming the EnterpriseCisco Canada
 
BYOD and Security Trends
BYOD and Security TrendsBYOD and Security Trends
BYOD and Security TrendsCisco Russia
 
Consumidores en contacto
Consumidores en contactoConsumidores en contacto
Consumidores en contactoschangan1
 
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud WorldCisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud WorldNetworkCollaborators
 
It nv51 instructor_ppt_ch1
It nv51 instructor_ppt_ch1It nv51 instructor_ppt_ch1
It nv51 instructor_ppt_ch1newbie2019
 
Business Cloud Adoption models in Canada
Business Cloud Adoption models in CanadaBusiness Cloud Adoption models in Canada
Business Cloud Adoption models in CanadaCisco Canada
 
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6SalmenHAJJI1
 
Guy Smith from Cisco Capital at The Leasing Foundation Third Annual Conference.
Guy Smith from Cisco Capital at The Leasing Foundation Third Annual Conference. Guy Smith from Cisco Capital at The Leasing Foundation Third Annual Conference.
Guy Smith from Cisco Capital at The Leasing Foundation Third Annual Conference. The Leasing Foundation
 
Mfg workshop security
Mfg workshop securityMfg workshop security
Mfg workshop securityRobert Albach
 
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziReporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziOscar Romano
 

Semelhante a From Air Gap to Air Control (20)

Creating the Workplace of Tomorrow
Creating the Workplace of TomorrowCreating the Workplace of Tomorrow
Creating the Workplace of Tomorrow
 
Internet of everything
Internet of everything Internet of everything
Internet of everything
 
Internet of everything
Internet of everything Internet of everything
Internet of everything
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5
 
Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1
 
What is exactly anti fragile in dev ops - v3
What is exactly anti fragile in dev ops - v3What is exactly anti fragile in dev ops - v3
What is exactly anti fragile in dev ops - v3
 
DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...
DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...
DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
Internet of everything - Деловой Интернет 2013
Internet of everything - Деловой Интернет 2013Internet of everything - Деловой Интернет 2013
Internet of everything - Деловой Интернет 2013
 
Perceptions of BYOD
Perceptions of BYODPerceptions of BYOD
Perceptions of BYOD
 
BYOD Transforming the Enterprise
BYOD Transforming the EnterpriseBYOD Transforming the Enterprise
BYOD Transforming the Enterprise
 
BYOD and Security Trends
BYOD and Security TrendsBYOD and Security Trends
BYOD and Security Trends
 
Consumidores en contacto
Consumidores en contactoConsumidores en contacto
Consumidores en contacto
 
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud WorldCisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World
Cisco Connect 2018 Singapore - Transforming Enterprises in a Multi-Cloud World
 
It nv51 instructor_ppt_ch1
It nv51 instructor_ppt_ch1It nv51 instructor_ppt_ch1
It nv51 instructor_ppt_ch1
 
Business Cloud Adoption models in Canada
Business Cloud Adoption models in CanadaBusiness Cloud Adoption models in Canada
Business Cloud Adoption models in Canada
 
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6
 
Guy Smith from Cisco Capital at The Leasing Foundation Third Annual Conference.
Guy Smith from Cisco Capital at The Leasing Foundation Third Annual Conference. Guy Smith from Cisco Capital at The Leasing Foundation Third Annual Conference.
Guy Smith from Cisco Capital at The Leasing Foundation Third Annual Conference.
 
Mfg workshop security
Mfg workshop securityMfg workshop security
Mfg workshop security
 
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziReporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
 

Mais de EnergySec

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsEnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherEnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherEnergySec
 

Mais de EnergySec (20)

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 

Último

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Último (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

From Air Gap to Air Control

  • 1. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 From Air Gap to Air Control Marc Blackmer and John Ode EnergySec: August 2014
  • 2. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  • 3. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  • 4. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
  • 5. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  • 6. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  • 7. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  • 8. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
  • 9. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
  • 10. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
  • 11. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 //----- (10002271) -------------------------------------------------------- int __cdecl sub_10002271(int a1, int a2, int a3) { int result; // eax@1 *(_DWORD *)(a1 + 80) = *(_DWORD *)(a2 + 40) + *(_DWORD *)(a2 + 52); *(_DWORD *)(a1 + 84) = 0; *(_DWORD *)(a1 + 88) = *(_DWORD *)(a2 + 96); *(_DWORD *)(a1 + 92) = *(_DWORD *)(a2 + 100); *(_DWORD *)(a1 + 96) = *(_WORD *)(a2 + 92); *(_WORD *)(a1 + 100) = *(_WORD *)(a2 + 74); *(_WORD *)(a1 + 102) = *(_WORD *)(a2 + 72); *(_DWORD *)(a1 + 104) = 0; *(_WORD *)(a1 + 108) = *(_WORD *)(a2 + 22); *(_WORD *)(a1 + 110) = *(_WORD *)(a2 + 94); *(_WORD *)(a1 + 112) = *(_WORD *)(a2 + 4); *(_BYTE *)(a1 + 114) = 1; *(_BYTE *)(a1 + 115) = 4; *(_DWORD *)(a1 + 116) = *(_DWORD *)(a2 + 112); *(_DWORD *)(a1 + 120) = a3; result = a1 + 80; *(_DWORD *)(a1 + 124) = 0; return result; }
  • 12. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
  • 13. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Thoughts To Brighten your Day… …and what to do about them • Everyone gets breached • You have to be right 100% of the time; they only need to be successful once • Isolating IT, OT, and physical security into separate pillars introduces gaps that can be exploited • Identify and prioritize the crown jewels • Hedge your bets -> defense in depth • I didn’t actually say “convergence”
  • 14. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14Cisco Confidential 14© 2013 Cisco and/or its affiliates. All rights reserved. The Near-Miss
  • 15. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 • Planes/tower not following procedures? • Potential for runway collision • Aborted landing • No collision • No fatalities or injuries • On-time arrival Case Study: On a Recent Flight The Negatives The Positives Success or Failure?
  • 16. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 The Psychology of the Near-Miss1 Georgetown University McDonough School of Business research • Outcome = definition of success • Near-miss considered a success if outcome is positive • Near-miss = near-failure 1 Ben Paynter, “The Fire Next Time,” Wired, August 2012
  • 17. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Case Study: Eliminating Near-Misses US Federal Aviation Administration • Reporting and analysis of all near-misses Tower reports Crew reports Flight and terrain data • Modification of: Flight patterns Airport approaches
  • 18. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Case Study Result Massive reduction in airline-related deaths 83%
  • 19. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19Cisco Confidential 19© 2013 Cisco and/or its affiliates. All rights reserved. Risk
  • 20. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 • Exploration • Medical breakthroughs • Technology advances • Entrepreneurism • False sense of security • Complacency • Point-in-time view of security Risk in context The Positives The Negatives
  • 21. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Case Study: Risk Lightning Storm vs. Data Center • No servers or critical systems were connected to uninterruptible power supplies (UPS) • Company hadn’t experienced an outage in over 13 years • Severe electrical storm
  • 22. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Case Study Result All systems down 100%
  • 23. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23Cisco Confidential 23© 2013 Cisco and/or its affiliates. All rights reserved. Datakinesis: “An action taken in cyber space that produces a result in the physical world”
  • 24. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 • Los Angeles, USA Traffic operations center breached Light delays at 4 key intersections Snarled traffic for days No physical injuries • Natanz, Iran Undetected malware on control network Malware falsified centrifuge data readings Nuclear enrichment centrifuges suffered mass breakdowns No physical injuries Case Studies: Datakinesis
  • 25. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 • Lodz, Poland Teenager with modified TV remote Changed tram track switches at will 4 commuter trams derailed 12 commuters injured Case Studies: Datakinesis
  • 26. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 • Utah New government intelligence agency data center 10 unexplained, major electrical malfunctions in 13 months Construction set back by at least 1 year Cause undetermined Case Studies: Datakinesis
  • 27. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 • Human error • Reduced budgets • Operational inefficiencies • Talent acquisition and retention Most Pervasive Threats
  • 28. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28Cisco Confidential 28© 2013 Cisco and/or its affiliates. All rights reserved. Bunk/De-bunk
  • 29. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 “I spent $[x]M on security last year, and you’re telling me I’m not secure?!”
  • 30. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 “We’re all set; we just bought a [y] security widget.”
  • 31. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 “We just passed [z] audit. We’re secure.”
  • 32. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 “We’ve never been breached, so…”
  • 33. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 “If we’re so insecure, why hasn’t anything happened yet?”
  • 34. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 In Spite of Layers of Defense Malware is getting through control based defenses Malware Prevention is NOT 100% Breach Existing tools are labor intensive and require expertise Attack Continuum BEFORE Discover Enforce Harden AFTER Scope Contain Remediate Detect Block Defend DURING Point in Time Continuous
  • 35. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 Point-in-Time Vs Continuous Temporal • Blind beyond point-in-time • Focused on detection and finding static artifacts • Misses malware ecosystem Lacks Visibility • Event enumeration without context • Misses scope and root causes • Blind to attack chain behavior Limited Control • Requires intelligence update • Not targeted • Limited integration Continuous Analysis Extended and continuous analysis and correlation of telemetry data Retrospective Security Real-time attack chain detection, analysis and visualization Real-time Containment Quickly target, contain, and remediate the specific malware and root causes Point-in-Time Continuous
  • 36. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 Continuous changes the conversation  Continuous feed of event AND telemetry data  Data is always up to date when you need it  Analysis happens in cloud to reduce impacts  Analysis can happen indefinitely – Retrospection  More than event enumeration/correlation: telemetry data is continuously woven together over time  Collective Intelligence shared immediately  Can be deployed pervasively Collective Security Intelligence
  • 37. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 Breadth and Control points: File Fingerprint and Metadata File and Network I/O Process Information Telemetry Stream Continuous feed Web WWW Endpoints NetworkEmail Continuous analysis DevicesIPS Analysis happens along the attack continuum Retrospection TrajectoryBehavioral Indications of Compromise Advanced levels of detection, tracking and response Threat Hunting Retrospective Detection
  • 38. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 Enables unique innovation 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 Breadth and Control points: File Fingerprint File and Network I/O Process Information Telemetry Stream Continuous feed Web WWW Endpoints NetworkEmail Retrospection TrajectoryBehavioral Indications of Compromise Threat hunting  File Retrospection  Process Retrospection  Connection Retrospection  Attack Chain Weaving Continuous  Blind Point-in-Time Retrospective Detection
  • 39. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 That continues to analyze what happens along the attack continuum 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 Breadth and Control points: File Fingerprint File and Network I/O Process Information Telemetry Stream Continuous feed Web WWW Endpoints NetworkEmail Retrospection TrajectoryBehavioral Indications of Compromise Threat hunting  Retrospective Detection  Prevalence  Static IoC’s  Behavioral IoC’s Continuous  Static IoC’s Point-in-Time Retrospective Detection
  • 40. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 That continues to analyze what happens along the attack continuum 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 Breadth and Control points: File Fingerprint File and Network I/O Process Information Telemetry Stream Continuous feed Web WWW Endpoints NetworkEmail Retrospection TrajectoryBehavioral Indications of Compromise Threat hunting  File Trajectory - Scope  Device Trajectory – Root Cause  File Analysis – Detail Analysis  Elastic Search Continuous  Event Enumeration  Static IoC’s Point-in-Time Retrospective Detection
  • 41. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 Know where to start Who What Where When How Focus on these users first These applications are affected The breach impacted these areas This is the scope of exposure over time Here is the origin and progression of the threat
  • 42. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 Key Takeaways  The problem is likely worse than you think it is  Many threats getting through, creating beach heads  Think “infections”, not “detections”  Think continuous vs point-in-time
  • 43. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43 Thank You Learn more at www.sourcefire.com