SlideShare uma empresa Scribd logo

Hacking ad impianti industriali: cronache recenti ed incidenti, noti e non noti

GoWireless
GoWireless

Hacking A Impianti Industriali: cronache recenti, incidenti noti e non

Tecnologia
1 de 39
Baixar para ler offline
Hacking ad impianti industriali: cronache recenti ed incidenti, noti e non noti noti. Raoul Chiesa, OPST, OPSA Board of Directors: CLUSIT, ISECOM, TSTF.net, OWASP Italy M2M Building Automation & Industrial Security 7 Aprile 2009
INTRODUZIONE 2
I relatori – Raoul Chiesa aka Nobody Director of Communications at ISECOM OSSTMM Key Contributor, Project Manager di HPP Contributor • Open Source Security Testing Methodology Manual • Rilasciato nel gennaio 2001 • Più di 3 milioni di d ili i downloads ld Direttore Tecnico presso @ Mediaservice.net Srl Docente di IT Security presso varie Università e Master di IS Speaker ad eventi di sicurezza nazionali ed internazionali Membro dei Comitati Direttivi CLUSIT, ISECOM, Telecom Security Task Force (TSTF.net), OWASP Italian Chapter Consulente per le Nazioni Unite sul cybercrime presso l’UNICRI. 3
Le problematiche di sicurezza in ambienti critici bi ti iti i Ho operato in questi ambienti nel corso degli ultimi due anni, in Italia ed all’estero. Mi sono principalmente occupato di: Sicurezza organizzativa (standard, policy, …) Verifiche di Sicurezza (Penetration Test, Security Audit) Hardening (questo sconosciuto) Quanto emerso è a dir poco sconvolgente. E lo dice anche il NIST, lo US Cyber Defense, lo US Homeland Security, la Commissione Europea… 4
Perché parlare di questi argomenti ? ti Nel corso del 2008 insieme ad Alessio Pennasilico ho 2008, compiuto azioni di “evangelism” in Italia ed all’estero. I contesti erano i più diversi: dalle conferenze hacker (IT Undeground, HITB, CONfidence, CCC, etc…) alle Università ed agli eventi “classici” (BBF, IWCE, etc..) classici In tutti i casi, enorme è stato l’interesse dimostrato dal pubblico. pubblico …ad onor del vero, il nostro talk era un mix di “sano terrorismo terrorismo” ed una “basic overview” di questi mondi basic overview mondi… Volevamo fare riflettere, ma senza entrare troppo nel dettaglio. dettaglio Nel mentre ci siamo formati Sul campo. mentre, formati. campo 5
Infrastrutture critiche nazionali Le NCIs hanno forti legami con i mondi SCADA e di Industrial Automation Nelle prossime tre slide ho cercato di p riassumere – secondo gli standard e le logiche ad oggi esistenti, p gg , primi tra tutti lo US Homeland Security Department – le principali infrastrutture critiche nazionali, organizzate per settori. ,g p Il brutto è che, per ognuno di questi settori, attacchi ed intrusioni sono già avvenuti con avvenuti, successo… 6
Infrastrutture critiche nazionali / 1 SECTOR Sample Target sub-sectors Energy and Utilities Electrical power (generation, transmission, transmission nuclear) Natural Gas Oil production and tranmission systems Communications and Information C i ti dI f ti Telecommunications ( h Tl i ti (phone, ffax, cable, bl Technology wireless & WiMax, satellite) Broadcasting systems Software Hardware Networks (Internet) Finance Banking Securities Investment Health Care Hospitals Health-care facilities Blood-supply facilities Pharmaceuticals 7
Infrastrutture critiche nazionali / 2 SECTOR Sample Target sub-sectors Food Food safety Agriculture and Food Industry Food distribution Water Drinking Water Wastewater management Wt t t Transportation Air Rail Marine Surface Safety y Chemical, biological, radiological, and , g , g , nuclear safety Hazardous materials Search and rescue Emergency services (police, fire, ambulance and others) Dams 8
Infrastrutture critiche nazionali / 3 SECTOR Sample Target sub-sectors Government Government facilities Government services (i.e., meteorological services) Government I f G t Information N t ti Networksk Government Assets Key national symbols (cultural institutions, instit tions national sites mon ments) sites, monuments) Manufacturing Chemical Industry Defence industrial base 9
Esempi reali… Un paio di “real examples”, per toccare con real examples mano ciò di cui stiamo parlando. “Managing p mps” (USA MN) pumps” (USA, The Gulf (Mexico) 10
11
12
Le problematiche tecniche 13
Ergonomia / 1 Donald A. Norman, La caffettiera del masochista James Reason, L’errore umano 14
Ergonomia / 2 Evitare di Confondersi… 15
Ergonomia / 3 Eravamo abituati a… http://www.metroland.org.uk/signal/amer01.jpg 16
Ergonomia / 4 Ora lavoriamo In modo diverso. http://www.ihcsystems.com/section_n/images/efficientdredgingnewsapril2005_Page_09_Image_0002.jpg 17
Blockbuster “Il sistema di gestione della centrale elettrica non g rispondeva. L’operatore stava guardando un DVD sul computer di gestione” g CSO di una utility di distribuzione energia elettrica 18
Le tecniche di attacco Le tecniche di attacco verso queste realtà non differiscono di molto da quelle classiche del mondo IT: Old school hacking (password guessing, …) Port scanning Eavesdropping, ricostruzione dei flussi Exploiting E l iti DoS Web applications hacking 19
Esempio di intrusione – fonte INL (Idaho National Lab (Id h N ti l L b – DHS US 20
Incidenti del passato Al contrario di quanto si potrebbe normalmente pensare, diversi sono gli incidenti avvenuti in questo mondo, partendo dai lontani anni ‘80 sino a 80 casi decisamente recenti. 21
Whatcom Falls Park “About 3:28 p.m., Pacific daylight time, on June 10, 1999, a p, yg , , , 16-inch-diameter steel pipeline owned by Olympic Pipe Line Company ruptured and released about 237,000 gallons of gasoline i t a creek that flowed th li into k th t fl d through Wh t h Whatcom F ll Falls Park in Bellingham, Washington. About 1.5 hours after the rupture, the gasoline ignited and burned approximately 1.5 miles along the creek. Two 10-year-old boys and an 18- year-old young man died as a result of the accident. Eight additional injuries were d ddi i li j i documented. A single-family d i l f il residence and the city of Bellinghamís water treatment plant were severely damaged. As of January 2002 damaged 2002, Olympic estimated that total property damages were at least $45 million.” 22
23
Technical details “The Olympic Pipeline SCADA system consisted The of Teledyne Brown Engineering20 SCADA Vector software, version 3.6.1., running on two Digital , , g g Equipment Corporation (DEC) VAX Model 4000- 300 computers with VMS operating system p p gy Version 7.1. In addition to the two main SCADA computers (OLY01 and 02), a similarly configured DEC Alpha 300 computer running Alpha/VMS was used as a host for the separate Modisette Associates, Inc., pipeline leak detection system software package.” 24
SCADA can save lives “5. If the supervisory control and data acquisition (SCADA) system computers had remained responsive to the commands of the Olympic controllers, the controller operating the accident pipeline probably would have been able to initiate actions that would have prevented the pressure increase that ruptured the pipeline.” http://www.cob.org/press/pipeline/whatcomcreek.htm 25
Worms “In August 2003 Slammer infected a private computer network at the idled Davis-Besse nuclear power plant in Oak Harbor, Ohio, disabling a safety monitoring system for nearly five hours.” NIST, Guide to SCADA 26
nmap “While a ping sweep was being performed on an active SCADA network that controlled 9-foot robotic arms, it was noticed that one arm became active and swung around 180 degrees. The controller for the arm was in standby mode before the ping sweep was initiated.” NIST, Guide to SCADA 27
Disgruntled employee Vitek Boden, in 2000, was arrested, convicted and jailed because he released millions of liters of untreated sewage using his wireless laptop. It happened in Maroochy Shire, Queensland, may be as a revenge against his last former employer. 
 http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/ 28
Sabotaggio Thomas C Reed, Ronald Regan’s S C. Secretary, described in his book “At the abyss” how the U.S. arranged for the Soviets to receive intentionally flawed SCADA software to manage their natural gas pipelines.

quot;The pipeline software that was to run the pumps, turbines, and values was programmed to go haywire, after a d h i ft decent i t t interval, t reset pump speeds and l to t d d valve settings to produce pressures far beyond those acceptable to p p p pipeline jjoints and welds.quot; A 3 kiloton explosion was the result, in 1982 in Siberia.
 http://www.themoscowtimes.ru/stories/2004/03/18/014.html 29
Gazprom “Russian authorities revealed this week that Gazprom, a state-run gas utility, came under the control of malicious hackers last year. […]The report said hackers used a Trojan horse program, which stashes lines of harmful computer code in a benign-looking program.” http://findarticles.com/p/articles/mi_qa3739/is_200403/ai_n9360106 30
Incidenti recenti (2008/2009) Texas: warning, zombies ahead Transportation officials in Texas are scrambling to prevent hackers from bli t th k f changing messages on digital road signs after one sign in Austin was altered to read, quot;Zombies Ahead.quot; Chris Lippincott, director of media relations for the Texas Department of Transportation Transportation, confirmed that a portable traffic sign at Lamar Boulevard and West 15th Street, near the University of Texas at Austin, was hacked into Austin during the early hours of Jan. 19. quot;It was clever, kind of cute, but not what it was intended for,quot; said Lippincott, who saw the sign during his morning commute. quot;Those signs are deployed for a reason — to improve traffic py p conditions, let folks know there's a road closure.quot; 31
Incidenti recenti (2008/2009) Final Super Bowl Moments Interrupted By Porn Yesterday’s television broadcast of the Super Bowl in Tucson, Arizona, was interrupted for some viewers by about 10 seconds of pornographic material. According to a statement from KVOA TV in Tucson, the only viewers who saw the material were those who receive the channel through Comcast cable. Officials g UPDATED (2 at Comcast said they had “no idea” at the time it febbraio 2009): happened how the porn may have gotten into its feed. Comcast offers $10 $ credit to Tucson Apparently, the SD signal was hacked and a ten- second porn clip was inserted into the feed. The customers who saw station received hoards of complaints from families Super B l porn S Bowl who were watching the game and saw the clip, which showed a woman unzipping a man's pants, followed by a graphic act between the two. ygp 32
Previews… 1 ASCE – American Society of Civil Engineers e la loro Report Card: 2009 Report Card for America's Infrastructure Category 2009 2005 Changed? Better or worse? Aviation D D+ Yes; worse Bridges C C Dams D D Drinking Water D- D- Energy D+ D Yes; better Hazardous Waste D D Inland Waterways D D- D D- Levees D- NA Yes; worse Public Parks & Recreation C- C- Rail C- C- Roads D- D Yes; worse School D D Security NA I Removed Solid Waste C+ C+ A = Exceptional Transit D D+ Yes; worse B = Good Wastewater D- D- C = Mediocre Overall GPA grade D D D = Poor Cost $2.2T $1.6T $2 2 $1 6 F = Failing 33
Previews… 2 World's power grids infested with (more) SCADA bugs Areva Inc. - a Paris-based company that serves nuclear, wind, and fossil- fuel power companies - is warning customers to upgrade a key piece of energy management software following the discovery of security bugs that leaves it vulnerable to hijacking. The vulnerabilities affect multiple versions of Areva's e-terrahabitat package, which allows operators in power plants to monitor gas and electric levels, adjust transmission and distribution devices, and automate ,j , other core functions. Areva markets itself as one of the top three global players in the transmission and distribution of energy. http://www.theregister.co.uk/2009/02/05/areva_scada_security_bugs/ http://www.kb.cert.org/vuls/id/337569 p g 34
Conclusioni 35
Conclusioni La storia, le ottiche ed il background della sicurezza IT ed ICT sono assolutamente differenti nel mondo dell’automazione industriale e delle infrastrutture critiche. Gli standard ci sono: bisogna rispettarli Con cognizione di rispettarli. causa e buon senso. Manca una metodologia per l’esecuzione di Verifiche di l esecuzione Sicurezza, al fine di prevenire quanto già oggi potrebbe accadere. E’ necessario l’impegno ed il supporto di tutti, dai vendor agli utilizzatori finali, passando ovviamente per il mondo della sicurezza logica. 36
web-o-grafia http://csrc.nist.gov/publications/drafts/800-82/Draft-SP800-82.pdf h // i / bli i /d f /800 82/D f SP800 82 df https://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06- Maynor-Graham-up.pdf y pp http://cansecwest.com/slides06/csw06-byres.pdf http://www.mayhem.hk/docs/scada_univr.pdf http://darkwing.uoregon.edu/~joe/scada/ http://www.physorg.com/news94025004.html http://ethernet.industrial- http://ethernet industrial networking.com/articles/articledisplay.asp?id=206 http://www.apogeonline.com/libri/88-503-1042-0/ebook/libro http://www.sans.org/reading_room/whitepapers/warfare/1644.php http://www.digitalbond.com/SCADA_Blog/SCADA_blog.htm 37
web-o-grafia http://www.securityfocus.com/news/11402 http://www.ea.doe.gov/pdfs/21stepsbooklet.pdf http://www.visionautomation.it/modules/AMS/article.php? storyid=32 http://www.cob.org/press/pipeline/whatcomcreek.htm htt // b / / i li / h t k ht http://www.securityfocus.com/news/6767 http://www.iscom.istsupcti.it/index.php?option=com_cont h // i i i i /i d h? i ent&task=view&id=16&Itemid=1 http://books.google.it/books?id=xL3Ye3ZORbgC htt //b k l it/b k ?id L3Y 3ZORb C 38
Contatti Per ulteriori informazioni, per aderire al CLUSIT e partecipare alle sue attività: http://www.clusit.it http://www clusit it Raoul Chiesa rchiesa@clusit.it Grazie per l’attenzione! 39

Recomendados

Itc infrastructure
Itc infrastructureItc infrastructure
Itc infrastructureDevendra Pani
 
Giovanni Maria Varazi Fiat Automobiles The Wireless Car
Giovanni Maria Varazi Fiat Automobiles The Wireless CarGiovanni Maria Varazi Fiat Automobiles The Wireless Car
Giovanni Maria Varazi Fiat Automobiles The Wireless CarGoWireless
 
Chiesa_ Isecom
Chiesa_ IsecomChiesa_ Isecom
Chiesa_ IsecomGoWireless
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C KNarinrit Prem-apiwathanokul
 
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseMag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseNeelabh Rai
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCommunity Protection Forum
 
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...Criticality analysis of Critical Infrastructures (CI) – parameters and criter...
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...Global Risk Forum GRFDavos
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 

Recomendados

Itc infrastructure
Itc infrastructureItc infrastructure
Itc infrastructureDevendra Pani
 
Giovanni Maria Varazi Fiat Automobiles The Wireless Car
Giovanni Maria Varazi Fiat Automobiles The Wireless CarGiovanni Maria Varazi Fiat Automobiles The Wireless Car
Giovanni Maria Varazi Fiat Automobiles The Wireless CarGoWireless
 
Chiesa_ Isecom
Chiesa_ IsecomChiesa_ Isecom
Chiesa_ IsecomGoWireless
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C KNarinrit Prem-apiwathanokul
 
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseMag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseNeelabh Rai
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCommunity Protection Forum
 
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...Criticality analysis of Critical Infrastructures (CI) – parameters and criter...
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...Global Risk Forum GRFDavos
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
US Office of Personnel Management: Notes on "Big Data"
US Office of Personnel Management: Notes on "Big Data" US Office of Personnel Management: Notes on "Big Data"
US Office of Personnel Management: Notes on "Big Data" Tom Moritz
 
Trust and the web veria 11 12- 09
Trust and the web veria 11 12- 09Trust and the web veria 11 12- 09
Trust and the web veria 11 12- 09vafopoulos
 
CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1jgordes
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET Journal
 
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSSECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
 
top 10 Data Mining Algorithms
top 10 Data Mining Algorithmstop 10 Data Mining Algorithms
top 10 Data Mining AlgorithmsNagasuri Bala Venkateswarlu
 
Digital Networks
Digital NetworksDigital Networks
Digital NetworksKathy Gill
 
Port security
Port securityPort security
Port securityborepatch
 
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsSVCAVET
 
CS5032 Lecture 19: Dependable infrastructure
CS5032 Lecture 19: Dependable infrastructureCS5032 Lecture 19: Dependable infrastructure
CS5032 Lecture 19: Dependable infrastructureJohn Rooksby
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 African Cyber Security Summit
 
Infrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter ConsequencesInfrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter ConsequencesRhode Island Emergency Management Agency
 
Going global 2013
Going global 2013Going global 2013
Going global 2013joannefbeale
 
Modern technologies and cybersecurity
Modern technologies and cybersecurityModern technologies and cybersecurity
Modern technologies and cybersecurityVadimDavydov3
 
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxBulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxRAHUL126667
 
Innovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGREInnovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGREPower System Operation
 
Innovation in the Power Systems industry
Innovation in the Power Systems industryInnovation in the Power Systems industry
Innovation in the Power Systems industryPower System Operation
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos, Inc.
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012James Collinge, CISSP
 
Claroni _Club Italia
Claroni _Club ItaliaClaroni _Club Italia
Claroni _Club ItaliaGoWireless
 
Ermini _Powersoft
Ermini _PowersoftErmini _Powersoft
Ermini _PowersoftGoWireless
 

Mais conteúdo relacionado

Semelhante a Hacking ad impianti industriali: cronache recenti ed incidenti, noti e non noti

US Office of Personnel Management: Notes on "Big Data"
US Office of Personnel Management: Notes on "Big Data" US Office of Personnel Management: Notes on "Big Data"
US Office of Personnel Management: Notes on "Big Data" Tom Moritz
 
Trust and the web veria 11 12- 09
Trust and the web veria 11 12- 09Trust and the web veria 11 12- 09
Trust and the web veria 11 12- 09vafopoulos
 
CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1jgordes
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET Journal
 
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSSECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
 
Digital Networks
Digital NetworksDigital Networks
Digital NetworksKathy Gill
 
Port security
Port securityPort security
Port securityborepatch
 
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsSVCAVET
 
CS5032 Lecture 19: Dependable infrastructure
CS5032 Lecture 19: Dependable infrastructureCS5032 Lecture 19: Dependable infrastructure
CS5032 Lecture 19: Dependable infrastructureJohn Rooksby
 
Modern technologies and cybersecurity
Modern technologies and cybersecurityModern technologies and cybersecurity
Modern technologies and cybersecurityVadimDavydov3
 
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxBulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxRAHUL126667
 
Innovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGREInnovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGREPower System Operation
 
Innovation in the Power Systems industry
Innovation in the Power Systems industryInnovation in the Power Systems industry
Innovation in the Power Systems industryPower System Operation
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos, Inc.
 

Semelhante a Hacking ad impianti industriali: cronache recenti ed incidenti, noti e non noti (20)

US Office of Personnel Management: Notes on "Big Data"
US Office of Personnel Management: Notes on "Big Data" US Office of Personnel Management: Notes on "Big Data"
US Office of Personnel Management: Notes on "Big Data"
 
Trust and the web veria 11 12- 09
Trust and the web veria 11 12- 09Trust and the web veria 11 12- 09
Trust and the web veria 11 12- 09
 
CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
 
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSSECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
 
top 10 Data Mining Algorithms
top 10 Data Mining Algorithmstop 10 Data Mining Algorithms
top 10 Data Mining Algorithms
 
Digital Networks
Digital NetworksDigital Networks
Digital Networks
 
Port security
Port securityPort security
Port security
 
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
 
CS5032 Lecture 19: Dependable infrastructure
CS5032 Lecture 19: Dependable infrastructureCS5032 Lecture 19: Dependable infrastructure
CS5032 Lecture 19: Dependable infrastructure
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018
 
Infrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter ConsequencesInfrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter Consequences
 
Going global 2013
Going global 2013Going global 2013
Going global 2013
 
Modern technologies and cybersecurity
Modern technologies and cybersecurityModern technologies and cybersecurity
Modern technologies and cybersecurity
 
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxBulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
 
Innovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGREInnovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGRE
 
Innovation in the Power Systems industry
Innovation in the Power Systems industryInnovation in the Power Systems industry
Innovation in the Power Systems industry
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012
 

Mais de GoWireless

Claroni _Club Italia
Claroni _Club ItaliaClaroni _Club Italia
Claroni _Club ItaliaGoWireless
 
Ermini _Powersoft
Ermini _PowersoftErmini _Powersoft
Ermini _PowersoftGoWireless
 
Colognesi _Eguides
Colognesi _EguidesColognesi _Eguides
Colognesi _EguidesGoWireless
 
Giovinazzo_ In2
Giovinazzo_ In2Giovinazzo_ In2
Giovinazzo_ In2GoWireless
 
Rossotto R&P Legal
Rossotto R&P LegalRossotto R&P Legal
Rossotto R&P LegalGoWireless
 
Alberico Centro Ricerche Rai
Alberico Centro Ricerche RaiAlberico Centro Ricerche Rai
Alberico Centro Ricerche RaiGoWireless
 
Del Corso Rivista Firmware
Del Corso Rivista FirmwareDel Corso Rivista Firmware
Del Corso Rivista FirmwareGoWireless
 
Cantamessa_ Polito
Cantamessa_ PolitoCantamessa_ Polito
Cantamessa_ PolitoGoWireless
 
De Sanctis _Sisvel
De Sanctis _SisvelDe Sanctis _Sisvel
De Sanctis _SisvelGoWireless
 
Banzi_Interporto Bologna
Banzi_Interporto BolognaBanzi_Interporto Bologna
Banzi_Interporto BolognaGoWireless
 
Ballabene_ Tnt Global Express
Ballabene_ Tnt Global ExpressBallabene_ Tnt Global Express
Ballabene_ Tnt Global ExpressGoWireless
 
Pagano_ Mambrini _ I N T E C S
Pagano_ Mambrini _ I N T E C SPagano_ Mambrini _ I N T E C S
Pagano_ Mambrini _ I N T E C SGoWireless
 
Altigieri _Enel
Altigieri _EnelAltigieri _Enel
Altigieri _EnelGoWireless
 
Pirovano _ Critical City
Pirovano _ Critical CityPirovano _ Critical City
Pirovano _ Critical CityGoWireless
 
Verga_ Epson Meteo
Verga_ Epson MeteoVerga_ Epson Meteo
Verga_ Epson MeteoGoWireless
 
Frascari _ Expo 2015
Frascari _ Expo 2015Frascari _ Expo 2015
Frascari _ Expo 2015GoWireless
 
Musmeci _Telespazio
Musmeci _TelespazioMusmeci _Telespazio
Musmeci _TelespazioGoWireless
 
Vanderbeeken_EXPERIENTIA
Vanderbeeken_EXPERIENTIAVanderbeeken_EXPERIENTIA
Vanderbeeken_EXPERIENTIAGoWireless
 

Mais de GoWireless (20)

Claroni _Club Italia
Claroni _Club ItaliaClaroni _Club Italia
Claroni _Club Italia
 
Ermini _Powersoft
Ermini _PowersoftErmini _Powersoft
Ermini _Powersoft
 
Colognesi _Eguides
Colognesi _EguidesColognesi _Eguides
Colognesi _Eguides
 
Pierucci_Cuna
Pierucci_CunaPierucci_Cuna
Pierucci_Cuna
 
Giovinazzo_ In2
Giovinazzo_ In2Giovinazzo_ In2
Giovinazzo_ In2
 
Caporale_ASI
Caporale_ASICaporale_ASI
Caporale_ASI
 
Rossotto R&P Legal
Rossotto R&P LegalRossotto R&P Legal
Rossotto R&P Legal
 
Alberico Centro Ricerche Rai
Alberico Centro Ricerche RaiAlberico Centro Ricerche Rai
Alberico Centro Ricerche Rai
 
Del Corso Rivista Firmware
Del Corso Rivista FirmwareDel Corso Rivista Firmware
Del Corso Rivista Firmware
 
Cantamessa_ Polito
Cantamessa_ PolitoCantamessa_ Polito
Cantamessa_ Polito
 
De Sanctis _Sisvel
De Sanctis _SisvelDe Sanctis _Sisvel
De Sanctis _Sisvel
 
Banzi_Interporto Bologna
Banzi_Interporto BolognaBanzi_Interporto Bologna
Banzi_Interporto Bologna
 
Ballabene_ Tnt Global Express
Ballabene_ Tnt Global ExpressBallabene_ Tnt Global Express
Ballabene_ Tnt Global Express
 
Pagano_ Mambrini _ I N T E C S
Pagano_ Mambrini _ I N T E C SPagano_ Mambrini _ I N T E C S
Pagano_ Mambrini _ I N T E C S
 
Altigieri _Enel
Altigieri _EnelAltigieri _Enel
Altigieri _Enel
 
Pirovano _ Critical City
Pirovano _ Critical CityPirovano _ Critical City
Pirovano _ Critical City
 
Verga_ Epson Meteo
Verga_ Epson MeteoVerga_ Epson Meteo
Verga_ Epson Meteo
 
Frascari _ Expo 2015
Frascari _ Expo 2015Frascari _ Expo 2015
Frascari _ Expo 2015
 
Musmeci _Telespazio
Musmeci _TelespazioMusmeci _Telespazio
Musmeci _Telespazio
 
Vanderbeeken_EXPERIENTIA
Vanderbeeken_EXPERIENTIAVanderbeeken_EXPERIENTIA
Vanderbeeken_EXPERIENTIA
 

Último

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Último (20)

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

Hacking ad impianti industriali: cronache recenti ed incidenti, noti e non noti

  • 1. Hacking ad impianti industriali: cronache recenti ed incidenti, noti e non noti noti. Raoul Chiesa, OPST, OPSA Board of Directors: CLUSIT, ISECOM, TSTF.net, OWASP Italy M2M Building Automation & Industrial Security 7 Aprile 2009
  • 3. I relatori – Raoul Chiesa aka Nobody Director of Communications at ISECOM OSSTMM Key Contributor, Project Manager di HPP Contributor • Open Source Security Testing Methodology Manual • Rilasciato nel gennaio 2001 • Più di 3 milioni di d ili i downloads ld Direttore Tecnico presso @ Mediaservice.net Srl Docente di IT Security presso varie Università e Master di IS Speaker ad eventi di sicurezza nazionali ed internazionali Membro dei Comitati Direttivi CLUSIT, ISECOM, Telecom Security Task Force (TSTF.net), OWASP Italian Chapter Consulente per le Nazioni Unite sul cybercrime presso l’UNICRI. 3
  • 4. Le problematiche di sicurezza in ambienti critici bi ti iti i Ho operato in questi ambienti nel corso degli ultimi due anni, in Italia ed all’estero. Mi sono principalmente occupato di: Sicurezza organizzativa (standard, policy, …) Verifiche di Sicurezza (Penetration Test, Security Audit) Hardening (questo sconosciuto) Quanto emerso è a dir poco sconvolgente. E lo dice anche il NIST, lo US Cyber Defense, lo US Homeland Security, la Commissione Europea… 4
  • 5. Perché parlare di questi argomenti ? ti Nel corso del 2008 insieme ad Alessio Pennasilico ho 2008, compiuto azioni di “evangelism” in Italia ed all’estero. I contesti erano i più diversi: dalle conferenze hacker (IT Undeground, HITB, CONfidence, CCC, etc…) alle Università ed agli eventi “classici” (BBF, IWCE, etc..) classici In tutti i casi, enorme è stato l’interesse dimostrato dal pubblico. pubblico …ad onor del vero, il nostro talk era un mix di “sano terrorismo terrorismo” ed una “basic overview” di questi mondi basic overview mondi… Volevamo fare riflettere, ma senza entrare troppo nel dettaglio. dettaglio Nel mentre ci siamo formati Sul campo. mentre, formati. campo 5
  • 6. Infrastrutture critiche nazionali Le NCIs hanno forti legami con i mondi SCADA e di Industrial Automation Nelle prossime tre slide ho cercato di p riassumere – secondo gli standard e le logiche ad oggi esistenti, p gg , primi tra tutti lo US Homeland Security Department – le principali infrastrutture critiche nazionali, organizzate per settori. ,g p Il brutto è che, per ognuno di questi settori, attacchi ed intrusioni sono già avvenuti con avvenuti, successo… 6
  • 7. Infrastrutture critiche nazionali / 1 SECTOR Sample Target sub-sectors Energy and Utilities Electrical power (generation, transmission, transmission nuclear) Natural Gas Oil production and tranmission systems Communications and Information C i ti dI f ti Telecommunications ( h Tl i ti (phone, ffax, cable, bl Technology wireless & WiMax, satellite) Broadcasting systems Software Hardware Networks (Internet) Finance Banking Securities Investment Health Care Hospitals Health-care facilities Blood-supply facilities Pharmaceuticals 7
  • 8. Infrastrutture critiche nazionali / 2 SECTOR Sample Target sub-sectors Food Food safety Agriculture and Food Industry Food distribution Water Drinking Water Wastewater management Wt t t Transportation Air Rail Marine Surface Safety y Chemical, biological, radiological, and , g , g , nuclear safety Hazardous materials Search and rescue Emergency services (police, fire, ambulance and others) Dams 8
  • 9. Infrastrutture critiche nazionali / 3 SECTOR Sample Target sub-sectors Government Government facilities Government services (i.e., meteorological services) Government I f G t Information N t ti Networksk Government Assets Key national symbols (cultural institutions, instit tions national sites mon ments) sites, monuments) Manufacturing Chemical Industry Defence industrial base 9
  • 10. Esempi reali… Un paio di “real examples”, per toccare con real examples mano ciò di cui stiamo parlando. “Managing p mps” (USA MN) pumps” (USA, The Gulf (Mexico) 10
  • 11. 11
  • 12. 12
  • 14. Ergonomia / 1 Donald A. Norman, La caffettiera del masochista James Reason, L’errore umano 14
  • 15. Ergonomia / 2 Evitare di Confondersi… 15
  • 16. Ergonomia / 3 Eravamo abituati a… http://www.metroland.org.uk/signal/amer01.jpg 16
  • 17. Ergonomia / 4 Ora lavoriamo In modo diverso. http://www.ihcsystems.com/section_n/images/efficientdredgingnewsapril2005_Page_09_Image_0002.jpg 17
  • 18. Blockbuster “Il sistema di gestione della centrale elettrica non g rispondeva. L’operatore stava guardando un DVD sul computer di gestione” g CSO di una utility di distribuzione energia elettrica 18
  • 19. Le tecniche di attacco Le tecniche di attacco verso queste realtà non differiscono di molto da quelle classiche del mondo IT: Old school hacking (password guessing, …) Port scanning Eavesdropping, ricostruzione dei flussi Exploiting E l iti DoS Web applications hacking 19
  • 20. Esempio di intrusione – fonte INL (Idaho National Lab (Id h N ti l L b – DHS US 20
  • 21. Incidenti del passato Al contrario di quanto si potrebbe normalmente pensare, diversi sono gli incidenti avvenuti in questo mondo, partendo dai lontani anni ‘80 sino a 80 casi decisamente recenti. 21
  • 22. Whatcom Falls Park “About 3:28 p.m., Pacific daylight time, on June 10, 1999, a p, yg , , , 16-inch-diameter steel pipeline owned by Olympic Pipe Line Company ruptured and released about 237,000 gallons of gasoline i t a creek that flowed th li into k th t fl d through Wh t h Whatcom F ll Falls Park in Bellingham, Washington. About 1.5 hours after the rupture, the gasoline ignited and burned approximately 1.5 miles along the creek. Two 10-year-old boys and an 18- year-old young man died as a result of the accident. Eight additional injuries were d ddi i li j i documented. A single-family d i l f il residence and the city of Bellinghamís water treatment plant were severely damaged. As of January 2002 damaged 2002, Olympic estimated that total property damages were at least $45 million.” 22
  • 23. 23
  • 24. Technical details “The Olympic Pipeline SCADA system consisted The of Teledyne Brown Engineering20 SCADA Vector software, version 3.6.1., running on two Digital , , g g Equipment Corporation (DEC) VAX Model 4000- 300 computers with VMS operating system p p gy Version 7.1. In addition to the two main SCADA computers (OLY01 and 02), a similarly configured DEC Alpha 300 computer running Alpha/VMS was used as a host for the separate Modisette Associates, Inc., pipeline leak detection system software package.” 24
  • 25. SCADA can save lives “5. If the supervisory control and data acquisition (SCADA) system computers had remained responsive to the commands of the Olympic controllers, the controller operating the accident pipeline probably would have been able to initiate actions that would have prevented the pressure increase that ruptured the pipeline.” http://www.cob.org/press/pipeline/whatcomcreek.htm 25
  • 26. Worms “In August 2003 Slammer infected a private computer network at the idled Davis-Besse nuclear power plant in Oak Harbor, Ohio, disabling a safety monitoring system for nearly five hours.” NIST, Guide to SCADA 26
  • 27. nmap “While a ping sweep was being performed on an active SCADA network that controlled 9-foot robotic arms, it was noticed that one arm became active and swung around 180 degrees. The controller for the arm was in standby mode before the ping sweep was initiated.” NIST, Guide to SCADA 27
  • 28. Disgruntled employee Vitek Boden, in 2000, was arrested, convicted and jailed because he released millions of liters of untreated sewage using his wireless laptop. It happened in Maroochy Shire, Queensland, may be as a revenge against his last former employer. 
 http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/ 28
  • 29. Sabotaggio Thomas C Reed, Ronald Regan’s S C. Secretary, described in his book “At the abyss” how the U.S. arranged for the Soviets to receive intentionally flawed SCADA software to manage their natural gas pipelines.

quot;The pipeline software that was to run the pumps, turbines, and values was programmed to go haywire, after a d h i ft decent i t t interval, t reset pump speeds and l to t d d valve settings to produce pressures far beyond those acceptable to p p p pipeline jjoints and welds.quot; A 3 kiloton explosion was the result, in 1982 in Siberia.
 http://www.themoscowtimes.ru/stories/2004/03/18/014.html 29
  • 30. Gazprom “Russian authorities revealed this week that Gazprom, a state-run gas utility, came under the control of malicious hackers last year. […]The report said hackers used a Trojan horse program, which stashes lines of harmful computer code in a benign-looking program.” http://findarticles.com/p/articles/mi_qa3739/is_200403/ai_n9360106 30
  • 31. Incidenti recenti (2008/2009) Texas: warning, zombies ahead Transportation officials in Texas are scrambling to prevent hackers from bli t th k f changing messages on digital road signs after one sign in Austin was altered to read, quot;Zombies Ahead.quot; Chris Lippincott, director of media relations for the Texas Department of Transportation Transportation, confirmed that a portable traffic sign at Lamar Boulevard and West 15th Street, near the University of Texas at Austin, was hacked into Austin during the early hours of Jan. 19. quot;It was clever, kind of cute, but not what it was intended for,quot; said Lippincott, who saw the sign during his morning commute. quot;Those signs are deployed for a reason — to improve traffic py p conditions, let folks know there's a road closure.quot; 31
  • 32. Incidenti recenti (2008/2009) Final Super Bowl Moments Interrupted By Porn Yesterday’s television broadcast of the Super Bowl in Tucson, Arizona, was interrupted for some viewers by about 10 seconds of pornographic material. According to a statement from KVOA TV in Tucson, the only viewers who saw the material were those who receive the channel through Comcast cable. Officials g UPDATED (2 at Comcast said they had “no idea” at the time it febbraio 2009): happened how the porn may have gotten into its feed. Comcast offers $10 $ credit to Tucson Apparently, the SD signal was hacked and a ten- second porn clip was inserted into the feed. The customers who saw station received hoards of complaints from families Super B l porn S Bowl who were watching the game and saw the clip, which showed a woman unzipping a man's pants, followed by a graphic act between the two. ygp 32
  • 33. Previews… 1 ASCE – American Society of Civil Engineers e la loro Report Card: 2009 Report Card for America's Infrastructure Category 2009 2005 Changed? Better or worse? Aviation D D+ Yes; worse Bridges C C Dams D D Drinking Water D- D- Energy D+ D Yes; better Hazardous Waste D D Inland Waterways D D- D D- Levees D- NA Yes; worse Public Parks & Recreation C- C- Rail C- C- Roads D- D Yes; worse School D D Security NA I Removed Solid Waste C+ C+ A = Exceptional Transit D D+ Yes; worse B = Good Wastewater D- D- C = Mediocre Overall GPA grade D D D = Poor Cost $2.2T $1.6T $2 2 $1 6 F = Failing 33
  • 34. Previews… 2 World's power grids infested with (more) SCADA bugs Areva Inc. - a Paris-based company that serves nuclear, wind, and fossil- fuel power companies - is warning customers to upgrade a key piece of energy management software following the discovery of security bugs that leaves it vulnerable to hijacking. The vulnerabilities affect multiple versions of Areva's e-terrahabitat package, which allows operators in power plants to monitor gas and electric levels, adjust transmission and distribution devices, and automate ,j , other core functions. Areva markets itself as one of the top three global players in the transmission and distribution of energy. http://www.theregister.co.uk/2009/02/05/areva_scada_security_bugs/ http://www.kb.cert.org/vuls/id/337569 p g 34
  • 36. Conclusioni La storia, le ottiche ed il background della sicurezza IT ed ICT sono assolutamente differenti nel mondo dell’automazione industriale e delle infrastrutture critiche. Gli standard ci sono: bisogna rispettarli Con cognizione di rispettarli. causa e buon senso. Manca una metodologia per l’esecuzione di Verifiche di l esecuzione Sicurezza, al fine di prevenire quanto già oggi potrebbe accadere. E’ necessario l’impegno ed il supporto di tutti, dai vendor agli utilizzatori finali, passando ovviamente per il mondo della sicurezza logica. 36
  • 37. web-o-grafia http://csrc.nist.gov/publications/drafts/800-82/Draft-SP800-82.pdf h // i / bli i /d f /800 82/D f SP800 82 df https://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06- Maynor-Graham-up.pdf y pp http://cansecwest.com/slides06/csw06-byres.pdf http://www.mayhem.hk/docs/scada_univr.pdf http://darkwing.uoregon.edu/~joe/scada/ http://www.physorg.com/news94025004.html http://ethernet.industrial- http://ethernet industrial networking.com/articles/articledisplay.asp?id=206 http://www.apogeonline.com/libri/88-503-1042-0/ebook/libro http://www.sans.org/reading_room/whitepapers/warfare/1644.php http://www.digitalbond.com/SCADA_Blog/SCADA_blog.htm 37
  • 38. web-o-grafia http://www.securityfocus.com/news/11402 http://www.ea.doe.gov/pdfs/21stepsbooklet.pdf http://www.visionautomation.it/modules/AMS/article.php? storyid=32 http://www.cob.org/press/pipeline/whatcomcreek.htm htt // b / / i li / h t k ht http://www.securityfocus.com/news/6767 http://www.iscom.istsupcti.it/index.php?option=com_cont h // i i i i /i d h? i ent&task=view&id=16&Itemid=1 http://books.google.it/books?id=xL3Ye3ZORbgC htt //b k l it/b k ?id L3Y 3ZORb C 38
  • 39. Contatti Per ulteriori informazioni, per aderire al CLUSIT e partecipare alle sue attività: http://www.clusit.it http://www clusit it Raoul Chiesa rchiesa@clusit.it Grazie per l’attenzione! 39