SlideShare uma empresa Scribd logo

Hacking ad impianti industriali: cronache recenti ed incidenti, noti e non noti

GoWireless
GoWireless

Hacking A Impianti Industriali: cronache recenti, incidenti noti e non

Tecnologia
1 de 39
Baixar para ler offline
Hacking ad impianti industriali: cronache recenti ed incidenti, noti e non noti noti. Raoul Chiesa, OPST, OPSA Board of Directors: CLUSIT, ISECOM, TSTF.net, OWASP Italy M2M Building Automation & Industrial Security 7 Aprile 2009
INTRODUZIONE 2
I relatori – Raoul Chiesa aka Nobody Director of Communications at ISECOM OSSTMM Key Contributor, Project Manager di HPP Contributor • Open Source Security Testing Methodology Manual • Rilasciato nel gennaio 2001 • Più di 3 milioni di d ili i downloads ld Direttore Tecnico presso @ Mediaservice.net Srl Docente di IT Security presso varie Università e Master di IS Speaker ad eventi di sicurezza nazionali ed internazionali Membro dei Comitati Direttivi CLUSIT, ISECOM, Telecom Security Task Force (TSTF.net), OWASP Italian Chapter Consulente per le Nazioni Unite sul cybercrime presso l’UNICRI. 3
Le problematiche di sicurezza in ambienti critici bi ti iti i Ho operato in questi ambienti nel corso degli ultimi due anni, in Italia ed all’estero. Mi sono principalmente occupato di: Sicurezza organizzativa (standard, policy, …) Verifiche di Sicurezza (Penetration Test, Security Audit) Hardening (questo sconosciuto) Quanto emerso è a dir poco sconvolgente. E lo dice anche il NIST, lo US Cyber Defense, lo US Homeland Security, la Commissione Europea… 4
Perché parlare di questi argomenti ? ti Nel corso del 2008 insieme ad Alessio Pennasilico ho 2008, compiuto azioni di “evangelism” in Italia ed all’estero. I contesti erano i più diversi: dalle conferenze hacker (IT Undeground, HITB, CONfidence, CCC, etc…) alle Università ed agli eventi “classici” (BBF, IWCE, etc..) classici In tutti i casi, enorme è stato l’interesse dimostrato dal pubblico. pubblico …ad onor del vero, il nostro talk era un mix di “sano terrorismo terrorismo” ed una “basic overview” di questi mondi basic overview mondi… Volevamo fare riflettere, ma senza entrare troppo nel dettaglio. dettaglio Nel mentre ci siamo formati Sul campo. mentre, formati. campo 5
Infrastrutture critiche nazionali Le NCIs hanno forti legami con i mondi SCADA e di Industrial Automation Nelle prossime tre slide ho cercato di p riassumere – secondo gli standard e le logiche ad oggi esistenti, p gg , primi tra tutti lo US Homeland Security Department – le principali infrastrutture critiche nazionali, organizzate per settori. ,g p Il brutto è che, per ognuno di questi settori, attacchi ed intrusioni sono già avvenuti con avvenuti, successo… 6
Infrastrutture critiche nazionali / 1 SECTOR Sample Target sub-sectors Energy and Utilities Electrical power (generation, transmission, transmission nuclear) Natural Gas Oil production and tranmission systems Communications and Information C i ti dI f ti Telecommunications ( h Tl i ti (phone, ffax, cable, bl Technology wireless & WiMax, satellite) Broadcasting systems Software Hardware Networks (Internet) Finance Banking Securities Investment Health Care Hospitals Health-care facilities Blood-supply facilities Pharmaceuticals 7
Infrastrutture critiche nazionali / 2 SECTOR Sample Target sub-sectors Food Food safety Agriculture and Food Industry Food distribution Water Drinking Water Wastewater management Wt t t Transportation Air Rail Marine Surface Safety y Chemical, biological, radiological, and , g , g , nuclear safety Hazardous materials Search and rescue Emergency services (police, fire, ambulance and others) Dams 8
Infrastrutture critiche nazionali / 3 SECTOR Sample Target sub-sectors Government Government facilities Government services (i.e., meteorological services) Government I f G t Information N t ti Networksk Government Assets Key national symbols (cultural institutions, instit tions national sites mon ments) sites, monuments) Manufacturing Chemical Industry Defence industrial base 9
Esempi reali… Un paio di “real examples”, per toccare con real examples mano ciò di cui stiamo parlando. “Managing p mps” (USA MN) pumps” (USA, The Gulf (Mexico) 10
11
12
Le problematiche tecniche 13
Ergonomia / 1 Donald A. Norman, La caffettiera del masochista James Reason, L’errore umano 14
Ergonomia / 2 Evitare di Confondersi… 15
Ergonomia / 3 Eravamo abituati a… http://www.metroland.org.uk/signal/amer01.jpg 16
Ergonomia / 4 Ora lavoriamo In modo diverso. http://www.ihcsystems.com/section_n/images/efficientdredgingnewsapril2005_Page_09_Image_0002.jpg 17
Blockbuster “Il sistema di gestione della centrale elettrica non g rispondeva. L’operatore stava guardando un DVD sul computer di gestione” g CSO di una utility di distribuzione energia elettrica 18
Le tecniche di attacco Le tecniche di attacco verso queste realtà non differiscono di molto da quelle classiche del mondo IT: Old school hacking (password guessing, …) Port scanning Eavesdropping, ricostruzione dei flussi Exploiting E l iti DoS Web applications hacking 19
Esempio di intrusione – fonte INL (Idaho National Lab (Id h N ti l L b – DHS US 20
Incidenti del passato Al contrario di quanto si potrebbe normalmente pensare, diversi sono gli incidenti avvenuti in questo mondo, partendo dai lontani anni ‘80 sino a 80 casi decisamente recenti. 21
Whatcom Falls Park “About 3:28 p.m., Pacific daylight time, on June 10, 1999, a p, yg , , , 16-inch-diameter steel pipeline owned by Olympic Pipe Line Company ruptured and released about 237,000 gallons of gasoline i t a creek that flowed th li into k th t fl d through Wh t h Whatcom F ll Falls Park in Bellingham, Washington. About 1.5 hours after the rupture, the gasoline ignited and burned approximately 1.5 miles along the creek. Two 10-year-old boys and an 18- year-old young man died as a result of the accident. Eight additional injuries were d ddi i li j i documented. A single-family d i l f il residence and the city of Bellinghamís water treatment plant were severely damaged. As of January 2002 damaged 2002, Olympic estimated that total property damages were at least $45 million.” 22
23
Technical details “The Olympic Pipeline SCADA system consisted The of Teledyne Brown Engineering20 SCADA Vector software, version 3.6.1., running on two Digital , , g g Equipment Corporation (DEC) VAX Model 4000- 300 computers with VMS operating system p p gy Version 7.1. In addition to the two main SCADA computers (OLY01 and 02), a similarly configured DEC Alpha 300 computer running Alpha/VMS was used as a host for the separate Modisette Associates, Inc., pipeline leak detection system software package.” 24
SCADA can save lives “5. If the supervisory control and data acquisition (SCADA) system computers had remained responsive to the commands of the Olympic controllers, the controller operating the accident pipeline probably would have been able to initiate actions that would have prevented the pressure increase that ruptured the pipeline.” http://www.cob.org/press/pipeline/whatcomcreek.htm 25
Worms “In August 2003 Slammer infected a private computer network at the idled Davis-Besse nuclear power plant in Oak Harbor, Ohio, disabling a safety monitoring system for nearly five hours.” NIST, Guide to SCADA 26
nmap “While a ping sweep was being performed on an active SCADA network that controlled 9-foot robotic arms, it was noticed that one arm became active and swung around 180 degrees. The controller for the arm was in standby mode before the ping sweep was initiated.” NIST, Guide to SCADA 27
Disgruntled employee Vitek Boden, in 2000, was arrested, convicted and jailed because he released millions of liters of untreated sewage using his wireless laptop. It happened in Maroochy Shire, Queensland, may be as a revenge against his last former employer. 
 http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/ 28
Sabotaggio Thomas C Reed, Ronald Regan’s S C. Secretary, described in his book “At the abyss” how the U.S. arranged for the Soviets to receive intentionally flawed SCADA software to manage their natural gas pipelines.

quot;The pipeline software that was to run the pumps, turbines, and values was programmed to go haywire, after a d h i ft decent i t t interval, t reset pump speeds and l to t d d valve settings to produce pressures far beyond those acceptable to p p p pipeline jjoints and welds.quot; A 3 kiloton explosion was the result, in 1982 in Siberia.
 http://www.themoscowtimes.ru/stories/2004/03/18/014.html 29
Gazprom “Russian authorities revealed this week that Gazprom, a state-run gas utility, came under the control of malicious hackers last year. […]The report said hackers used a Trojan horse program, which stashes lines of harmful computer code in a benign-looking program.” http://findarticles.com/p/articles/mi_qa3739/is_200403/ai_n9360106 30
Incidenti recenti (2008/2009) Texas: warning, zombies ahead Transportation officials in Texas are scrambling to prevent hackers from bli t th k f changing messages on digital road signs after one sign in Austin was altered to read, quot;Zombies Ahead.quot; Chris Lippincott, director of media relations for the Texas Department of Transportation Transportation, confirmed that a portable traffic sign at Lamar Boulevard and West 15th Street, near the University of Texas at Austin, was hacked into Austin during the early hours of Jan. 19. quot;It was clever, kind of cute, but not what it was intended for,quot; said Lippincott, who saw the sign during his morning commute. quot;Those signs are deployed for a reason — to improve traffic py p conditions, let folks know there's a road closure.quot; 31
Incidenti recenti (2008/2009) Final Super Bowl Moments Interrupted By Porn Yesterday’s television broadcast of the Super Bowl in Tucson, Arizona, was interrupted for some viewers by about 10 seconds of pornographic material. According to a statement from KVOA TV in Tucson, the only viewers who saw the material were those who receive the channel through Comcast cable. Officials g UPDATED (2 at Comcast said they had “no idea” at the time it febbraio 2009): happened how the porn may have gotten into its feed. Comcast offers $10 $ credit to Tucson Apparently, the SD signal was hacked and a ten- second porn clip was inserted into the feed. The customers who saw station received hoards of complaints from families Super B l porn S Bowl who were watching the game and saw the clip, which showed a woman unzipping a man's pants, followed by a graphic act between the two. ygp 32
Previews… 1 ASCE – American Society of Civil Engineers e la loro Report Card: 2009 Report Card for America's Infrastructure Category 2009 2005 Changed? Better or worse? Aviation D D+ Yes; worse Bridges C C Dams D D Drinking Water D- D- Energy D+ D Yes; better Hazardous Waste D D Inland Waterways D D- D D- Levees D- NA Yes; worse Public Parks & Recreation C- C- Rail C- C- Roads D- D Yes; worse School D D Security NA I Removed Solid Waste C+ C+ A = Exceptional Transit D D+ Yes; worse B = Good Wastewater D- D- C = Mediocre Overall GPA grade D D D = Poor Cost $2.2T $1.6T $2 2 $1 6 F = Failing 33
Previews… 2 World's power grids infested with (more) SCADA bugs Areva Inc. - a Paris-based company that serves nuclear, wind, and fossil- fuel power companies - is warning customers to upgrade a key piece of energy management software following the discovery of security bugs that leaves it vulnerable to hijacking. The vulnerabilities affect multiple versions of Areva's e-terrahabitat package, which allows operators in power plants to monitor gas and electric levels, adjust transmission and distribution devices, and automate ,j , other core functions. Areva markets itself as one of the top three global players in the transmission and distribution of energy. http://www.theregister.co.uk/2009/02/05/areva_scada_security_bugs/ http://www.kb.cert.org/vuls/id/337569 p g 34
Conclusioni 35
Conclusioni La storia, le ottiche ed il background della sicurezza IT ed ICT sono assolutamente differenti nel mondo dell’automazione industriale e delle infrastrutture critiche. Gli standard ci sono: bisogna rispettarli Con cognizione di rispettarli. causa e buon senso. Manca una metodologia per l’esecuzione di Verifiche di l esecuzione Sicurezza, al fine di prevenire quanto già oggi potrebbe accadere. E’ necessario l’impegno ed il supporto di tutti, dai vendor agli utilizzatori finali, passando ovviamente per il mondo della sicurezza logica. 36
web-o-grafia http://csrc.nist.gov/publications/drafts/800-82/Draft-SP800-82.pdf h // i / bli i /d f /800 82/D f SP800 82 df https://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06- Maynor-Graham-up.pdf y pp http://cansecwest.com/slides06/csw06-byres.pdf http://www.mayhem.hk/docs/scada_univr.pdf http://darkwing.uoregon.edu/~joe/scada/ http://www.physorg.com/news94025004.html http://ethernet.industrial- http://ethernet industrial networking.com/articles/articledisplay.asp?id=206 http://www.apogeonline.com/libri/88-503-1042-0/ebook/libro http://www.sans.org/reading_room/whitepapers/warfare/1644.php http://www.digitalbond.com/SCADA_Blog/SCADA_blog.htm 37
web-o-grafia http://www.securityfocus.com/news/11402 http://www.ea.doe.gov/pdfs/21stepsbooklet.pdf http://www.visionautomation.it/modules/AMS/article.php? storyid=32 http://www.cob.org/press/pipeline/whatcomcreek.htm htt // b / / i li / h t k ht http://www.securityfocus.com/news/6767 http://www.iscom.istsupcti.it/index.php?option=com_cont h // i i i i /i d h? i ent&task=view&id=16&Itemid=1 http://books.google.it/books?id=xL3Ye3ZORbgC htt //b k l it/b k ?id L3Y 3ZORb C 38
Contatti Per ulteriori informazioni, per aderire al CLUSIT e partecipare alle sue attività: http://www.clusit.it http://www clusit it Raoul Chiesa rchiesa@clusit.it Grazie per l’attenzione! 39

Recomendados

Itc infrastructure
Itc infrastructureItc infrastructure
Itc infrastructureDevendra Pani
 
Giovanni Maria Varazi Fiat Automobiles The Wireless Car
Giovanni Maria Varazi Fiat Automobiles The Wireless CarGiovanni Maria Varazi Fiat Automobiles The Wireless Car
Giovanni Maria Varazi Fiat Automobiles The Wireless CarGoWireless
 
Chiesa_ Isecom
Chiesa_ IsecomChiesa_ Isecom
Chiesa_ IsecomGoWireless
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C KNarinrit Prem-apiwathanokul
 
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseMag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseNeelabh Rai
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCommunity Protection Forum
 
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...Criticality analysis of Critical Infrastructures (CI) – parameters and criter...
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...Global Risk Forum GRFDavos
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 

Recomendados

Itc infrastructure
Itc infrastructureItc infrastructure
Itc infrastructureDevendra Pani
 
Giovanni Maria Varazi Fiat Automobiles The Wireless Car
Giovanni Maria Varazi Fiat Automobiles The Wireless CarGiovanni Maria Varazi Fiat Automobiles The Wireless Car
Giovanni Maria Varazi Fiat Automobiles The Wireless CarGoWireless
 
Chiesa_ Isecom
Chiesa_ IsecomChiesa_ Isecom
Chiesa_ IsecomGoWireless
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C KNarinrit Prem-apiwathanokul
 
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseMag-Securs No.29, 2011 - Validy: Learning from the Stuxnet Case
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseNeelabh Rai
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCommunity Protection Forum
 
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...Criticality analysis of Critical Infrastructures (CI) – parameters and criter...
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...Global Risk Forum GRFDavos
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
US Office of Personnel Management: Notes on "Big Data"
US Office of Personnel Management: Notes on "Big Data" US Office of Personnel Management: Notes on "Big Data"
US Office of Personnel Management: Notes on "Big Data" Tom Moritz
 
Trust and the web veria 11 12- 09
Trust and the web veria 11 12- 09Trust and the web veria 11 12- 09
Trust and the web veria 11 12- 09vafopoulos
 
CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1jgordes
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET Journal
 
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSSECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
 
top 10 Data Mining Algorithms
top 10 Data Mining Algorithmstop 10 Data Mining Algorithms
top 10 Data Mining AlgorithmsNagasuri Bala Venkateswarlu
 
Digital Networks
Digital NetworksDigital Networks
Digital NetworksKathy Gill
 
Port security
Port securityPort security
Port securityborepatch
 
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsSVCAVET
 
CS5032 Lecture 19: Dependable infrastructure
CS5032 Lecture 19: Dependable infrastructureCS5032 Lecture 19: Dependable infrastructure
CS5032 Lecture 19: Dependable infrastructureJohn Rooksby
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 African Cyber Security Summit
 
Infrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter ConsequencesInfrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter ConsequencesRhode Island Emergency Management Agency
 
Going global 2013
Going global 2013Going global 2013
Going global 2013joannefbeale
 
Modern technologies and cybersecurity
Modern technologies and cybersecurityModern technologies and cybersecurity
Modern technologies and cybersecurityVadimDavydov3
 
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxBulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxRAHUL126667
 
Innovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGREInnovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGREPower System Operation
 
Innovation in the Power Systems industry
Innovation in the Power Systems industryInnovation in the Power Systems industry
Innovation in the Power Systems industryPower System Operation
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos, Inc.
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012James Collinge, CISSP
 
Claroni _Club Italia
Claroni _Club ItaliaClaroni _Club Italia
Claroni _Club ItaliaGoWireless
 
Ermini _Powersoft
Ermini _PowersoftErmini _Powersoft
Ermini _PowersoftGoWireless
 

Mais conteúdo relacionado

Semelhante a Hacking ad impianti industriali: cronache recenti ed incidenti, noti e non noti

US Office of Personnel Management: Notes on "Big Data"
US Office of Personnel Management: Notes on "Big Data" US Office of Personnel Management: Notes on "Big Data"
US Office of Personnel Management: Notes on "Big Data" Tom Moritz
 
Trust and the web veria 11 12- 09
Trust and the web veria 11 12- 09Trust and the web veria 11 12- 09
Trust and the web veria 11 12- 09vafopoulos
 
CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1jgordes
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET Journal
 
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSSECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
 
Digital Networks
Digital NetworksDigital Networks
Digital NetworksKathy Gill
 
Port security
Port securityPort security
Port securityborepatch
 
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsSVCAVET
 
CS5032 Lecture 19: Dependable infrastructure
CS5032 Lecture 19: Dependable infrastructureCS5032 Lecture 19: Dependable infrastructure
CS5032 Lecture 19: Dependable infrastructureJohn Rooksby
 
Modern technologies and cybersecurity
Modern technologies and cybersecurityModern technologies and cybersecurity
Modern technologies and cybersecurityVadimDavydov3
 
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxBulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxRAHUL126667
 
Innovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGREInnovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGREPower System Operation
 
Innovation in the Power Systems industry
Innovation in the Power Systems industryInnovation in the Power Systems industry
Innovation in the Power Systems industryPower System Operation
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos, Inc.
 

Semelhante a Hacking ad impianti industriali: cronache recenti ed incidenti, noti e non noti (20)

US Office of Personnel Management: Notes on "Big Data"
US Office of Personnel Management: Notes on "Big Data" US Office of Personnel Management: Notes on "Big Data"
US Office of Personnel Management: Notes on "Big Data"
 
Trust and the web veria 11 12- 09
Trust and the web veria 11 12- 09Trust and the web veria 11 12- 09
Trust and the web veria 11 12- 09
 
CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
 
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSSECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
 
top 10 Data Mining Algorithms
top 10 Data Mining Algorithmstop 10 Data Mining Algorithms
top 10 Data Mining Algorithms
 
Digital Networks
Digital NetworksDigital Networks
Digital Networks
 
Port security
Port securityPort security
Port security
 
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense Electronics
 
CS5032 Lecture 19: Dependable infrastructure
CS5032 Lecture 19: Dependable infrastructureCS5032 Lecture 19: Dependable infrastructure
CS5032 Lecture 19: Dependable infrastructure
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018
 
Infrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter ConsequencesInfrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter Consequences
 
Going global 2013
Going global 2013Going global 2013
Going global 2013
 
Modern technologies and cybersecurity
Modern technologies and cybersecurityModern technologies and cybersecurity
Modern technologies and cybersecurity
 
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxBulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
 
Innovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGREInnovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGRE
 
Innovation in the Power Systems industry
Innovation in the Power Systems industryInnovation in the Power Systems industry
Innovation in the Power Systems industry
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012
 

Mais de GoWireless

Claroni _Club Italia
Claroni _Club ItaliaClaroni _Club Italia
Claroni _Club ItaliaGoWireless
 
Ermini _Powersoft
Ermini _PowersoftErmini _Powersoft
Ermini _PowersoftGoWireless
 
Colognesi _Eguides
Colognesi _EguidesColognesi _Eguides
Colognesi _EguidesGoWireless
 
Giovinazzo_ In2
Giovinazzo_ In2Giovinazzo_ In2
Giovinazzo_ In2GoWireless
 
Rossotto R&P Legal
Rossotto R&P LegalRossotto R&P Legal
Rossotto R&P LegalGoWireless
 
Alberico Centro Ricerche Rai
Alberico Centro Ricerche RaiAlberico Centro Ricerche Rai
Alberico Centro Ricerche RaiGoWireless
 
Del Corso Rivista Firmware
Del Corso Rivista FirmwareDel Corso Rivista Firmware
Del Corso Rivista FirmwareGoWireless
 
Cantamessa_ Polito
Cantamessa_ PolitoCantamessa_ Polito
Cantamessa_ PolitoGoWireless
 
De Sanctis _Sisvel
De Sanctis _SisvelDe Sanctis _Sisvel
De Sanctis _SisvelGoWireless
 
Banzi_Interporto Bologna
Banzi_Interporto BolognaBanzi_Interporto Bologna
Banzi_Interporto BolognaGoWireless
 
Ballabene_ Tnt Global Express
Ballabene_ Tnt Global ExpressBallabene_ Tnt Global Express
Ballabene_ Tnt Global ExpressGoWireless
 
Pagano_ Mambrini _ I N T E C S
Pagano_ Mambrini _ I N T E C SPagano_ Mambrini _ I N T E C S
Pagano_ Mambrini _ I N T E C SGoWireless
 
Altigieri _Enel
Altigieri _EnelAltigieri _Enel
Altigieri _EnelGoWireless
 
Pirovano _ Critical City
Pirovano _ Critical CityPirovano _ Critical City
Pirovano _ Critical CityGoWireless
 
Verga_ Epson Meteo
Verga_ Epson MeteoVerga_ Epson Meteo
Verga_ Epson MeteoGoWireless
 
Frascari _ Expo 2015
Frascari _ Expo 2015Frascari _ Expo 2015
Frascari _ Expo 2015GoWireless
 
Musmeci _Telespazio
Musmeci _TelespazioMusmeci _Telespazio
Musmeci _TelespazioGoWireless
 
Vanderbeeken_EXPERIENTIA
Vanderbeeken_EXPERIENTIAVanderbeeken_EXPERIENTIA
Vanderbeeken_EXPERIENTIAGoWireless
 

Mais de GoWireless (20)

Claroni _Club Italia
Claroni _Club ItaliaClaroni _Club Italia
Claroni _Club Italia
 
Ermini _Powersoft
Ermini _PowersoftErmini _Powersoft
Ermini _Powersoft
 
Colognesi _Eguides
Colognesi _EguidesColognesi _Eguides
Colognesi _Eguides
 
Pierucci_Cuna
Pierucci_CunaPierucci_Cuna
Pierucci_Cuna
 
Giovinazzo_ In2
Giovinazzo_ In2Giovinazzo_ In2
Giovinazzo_ In2
 
Caporale_ASI
Caporale_ASICaporale_ASI
Caporale_ASI
 
Rossotto R&P Legal
Rossotto R&P LegalRossotto R&P Legal
Rossotto R&P Legal
 
Alberico Centro Ricerche Rai
Alberico Centro Ricerche RaiAlberico Centro Ricerche Rai
Alberico Centro Ricerche Rai
 
Del Corso Rivista Firmware
Del Corso Rivista FirmwareDel Corso Rivista Firmware
Del Corso Rivista Firmware
 
Cantamessa_ Polito
Cantamessa_ PolitoCantamessa_ Polito
Cantamessa_ Polito
 
De Sanctis _Sisvel
De Sanctis _SisvelDe Sanctis _Sisvel
De Sanctis _Sisvel
 
Banzi_Interporto Bologna
Banzi_Interporto BolognaBanzi_Interporto Bologna
Banzi_Interporto Bologna
 
Ballabene_ Tnt Global Express
Ballabene_ Tnt Global ExpressBallabene_ Tnt Global Express
Ballabene_ Tnt Global Express
 
Pagano_ Mambrini _ I N T E C S
Pagano_ Mambrini _ I N T E C SPagano_ Mambrini _ I N T E C S
Pagano_ Mambrini _ I N T E C S
 
Altigieri _Enel
Altigieri _EnelAltigieri _Enel
Altigieri _Enel
 
Pirovano _ Critical City
Pirovano _ Critical CityPirovano _ Critical City
Pirovano _ Critical City
 
Verga_ Epson Meteo
Verga_ Epson MeteoVerga_ Epson Meteo
Verga_ Epson Meteo
 
Frascari _ Expo 2015
Frascari _ Expo 2015Frascari _ Expo 2015
Frascari _ Expo 2015
 
Musmeci _Telespazio
Musmeci _TelespazioMusmeci _Telespazio
Musmeci _Telespazio
 
Vanderbeeken_EXPERIENTIA
Vanderbeeken_EXPERIENTIAVanderbeeken_EXPERIENTIA
Vanderbeeken_EXPERIENTIA
 

Último

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Último (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Hacking ad impianti industriali: cronache recenti ed incidenti, noti e non noti

  • 1. Hacking ad impianti industriali: cronache recenti ed incidenti, noti e non noti noti. Raoul Chiesa, OPST, OPSA Board of Directors: CLUSIT, ISECOM, TSTF.net, OWASP Italy M2M Building Automation & Industrial Security 7 Aprile 2009
  • 3. I relatori – Raoul Chiesa aka Nobody Director of Communications at ISECOM OSSTMM Key Contributor, Project Manager di HPP Contributor • Open Source Security Testing Methodology Manual • Rilasciato nel gennaio 2001 • Più di 3 milioni di d ili i downloads ld Direttore Tecnico presso @ Mediaservice.net Srl Docente di IT Security presso varie Università e Master di IS Speaker ad eventi di sicurezza nazionali ed internazionali Membro dei Comitati Direttivi CLUSIT, ISECOM, Telecom Security Task Force (TSTF.net), OWASP Italian Chapter Consulente per le Nazioni Unite sul cybercrime presso l’UNICRI. 3
  • 4. Le problematiche di sicurezza in ambienti critici bi ti iti i Ho operato in questi ambienti nel corso degli ultimi due anni, in Italia ed all’estero. Mi sono principalmente occupato di: Sicurezza organizzativa (standard, policy, …) Verifiche di Sicurezza (Penetration Test, Security Audit) Hardening (questo sconosciuto) Quanto emerso è a dir poco sconvolgente. E lo dice anche il NIST, lo US Cyber Defense, lo US Homeland Security, la Commissione Europea… 4
  • 5. Perché parlare di questi argomenti ? ti Nel corso del 2008 insieme ad Alessio Pennasilico ho 2008, compiuto azioni di “evangelism” in Italia ed all’estero. I contesti erano i più diversi: dalle conferenze hacker (IT Undeground, HITB, CONfidence, CCC, etc…) alle Università ed agli eventi “classici” (BBF, IWCE, etc..) classici In tutti i casi, enorme è stato l’interesse dimostrato dal pubblico. pubblico …ad onor del vero, il nostro talk era un mix di “sano terrorismo terrorismo” ed una “basic overview” di questi mondi basic overview mondi… Volevamo fare riflettere, ma senza entrare troppo nel dettaglio. dettaglio Nel mentre ci siamo formati Sul campo. mentre, formati. campo 5
  • 6. Infrastrutture critiche nazionali Le NCIs hanno forti legami con i mondi SCADA e di Industrial Automation Nelle prossime tre slide ho cercato di p riassumere – secondo gli standard e le logiche ad oggi esistenti, p gg , primi tra tutti lo US Homeland Security Department – le principali infrastrutture critiche nazionali, organizzate per settori. ,g p Il brutto è che, per ognuno di questi settori, attacchi ed intrusioni sono già avvenuti con avvenuti, successo… 6
  • 7. Infrastrutture critiche nazionali / 1 SECTOR Sample Target sub-sectors Energy and Utilities Electrical power (generation, transmission, transmission nuclear) Natural Gas Oil production and tranmission systems Communications and Information C i ti dI f ti Telecommunications ( h Tl i ti (phone, ffax, cable, bl Technology wireless & WiMax, satellite) Broadcasting systems Software Hardware Networks (Internet) Finance Banking Securities Investment Health Care Hospitals Health-care facilities Blood-supply facilities Pharmaceuticals 7
  • 8. Infrastrutture critiche nazionali / 2 SECTOR Sample Target sub-sectors Food Food safety Agriculture and Food Industry Food distribution Water Drinking Water Wastewater management Wt t t Transportation Air Rail Marine Surface Safety y Chemical, biological, radiological, and , g , g , nuclear safety Hazardous materials Search and rescue Emergency services (police, fire, ambulance and others) Dams 8
  • 9. Infrastrutture critiche nazionali / 3 SECTOR Sample Target sub-sectors Government Government facilities Government services (i.e., meteorological services) Government I f G t Information N t ti Networksk Government Assets Key national symbols (cultural institutions, instit tions national sites mon ments) sites, monuments) Manufacturing Chemical Industry Defence industrial base 9
  • 10. Esempi reali… Un paio di “real examples”, per toccare con real examples mano ciò di cui stiamo parlando. “Managing p mps” (USA MN) pumps” (USA, The Gulf (Mexico) 10
  • 11. 11
  • 12. 12
  • 14. Ergonomia / 1 Donald A. Norman, La caffettiera del masochista James Reason, L’errore umano 14
  • 15. Ergonomia / 2 Evitare di Confondersi… 15
  • 16. Ergonomia / 3 Eravamo abituati a… http://www.metroland.org.uk/signal/amer01.jpg 16
  • 17. Ergonomia / 4 Ora lavoriamo In modo diverso. http://www.ihcsystems.com/section_n/images/efficientdredgingnewsapril2005_Page_09_Image_0002.jpg 17
  • 18. Blockbuster “Il sistema di gestione della centrale elettrica non g rispondeva. L’operatore stava guardando un DVD sul computer di gestione” g CSO di una utility di distribuzione energia elettrica 18
  • 19. Le tecniche di attacco Le tecniche di attacco verso queste realtà non differiscono di molto da quelle classiche del mondo IT: Old school hacking (password guessing, …) Port scanning Eavesdropping, ricostruzione dei flussi Exploiting E l iti DoS Web applications hacking 19
  • 20. Esempio di intrusione – fonte INL (Idaho National Lab (Id h N ti l L b – DHS US 20
  • 21. Incidenti del passato Al contrario di quanto si potrebbe normalmente pensare, diversi sono gli incidenti avvenuti in questo mondo, partendo dai lontani anni ‘80 sino a 80 casi decisamente recenti. 21
  • 22. Whatcom Falls Park “About 3:28 p.m., Pacific daylight time, on June 10, 1999, a p, yg , , , 16-inch-diameter steel pipeline owned by Olympic Pipe Line Company ruptured and released about 237,000 gallons of gasoline i t a creek that flowed th li into k th t fl d through Wh t h Whatcom F ll Falls Park in Bellingham, Washington. About 1.5 hours after the rupture, the gasoline ignited and burned approximately 1.5 miles along the creek. Two 10-year-old boys and an 18- year-old young man died as a result of the accident. Eight additional injuries were d ddi i li j i documented. A single-family d i l f il residence and the city of Bellinghamís water treatment plant were severely damaged. As of January 2002 damaged 2002, Olympic estimated that total property damages were at least $45 million.” 22
  • 23. 23
  • 24. Technical details “The Olympic Pipeline SCADA system consisted The of Teledyne Brown Engineering20 SCADA Vector software, version 3.6.1., running on two Digital , , g g Equipment Corporation (DEC) VAX Model 4000- 300 computers with VMS operating system p p gy Version 7.1. In addition to the two main SCADA computers (OLY01 and 02), a similarly configured DEC Alpha 300 computer running Alpha/VMS was used as a host for the separate Modisette Associates, Inc., pipeline leak detection system software package.” 24
  • 25. SCADA can save lives “5. If the supervisory control and data acquisition (SCADA) system computers had remained responsive to the commands of the Olympic controllers, the controller operating the accident pipeline probably would have been able to initiate actions that would have prevented the pressure increase that ruptured the pipeline.” http://www.cob.org/press/pipeline/whatcomcreek.htm 25
  • 26. Worms “In August 2003 Slammer infected a private computer network at the idled Davis-Besse nuclear power plant in Oak Harbor, Ohio, disabling a safety monitoring system for nearly five hours.” NIST, Guide to SCADA 26
  • 27. nmap “While a ping sweep was being performed on an active SCADA network that controlled 9-foot robotic arms, it was noticed that one arm became active and swung around 180 degrees. The controller for the arm was in standby mode before the ping sweep was initiated.” NIST, Guide to SCADA 27
  • 28. Disgruntled employee Vitek Boden, in 2000, was arrested, convicted and jailed because he released millions of liters of untreated sewage using his wireless laptop. It happened in Maroochy Shire, Queensland, may be as a revenge against his last former employer. 
 http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/ 28
  • 29. Sabotaggio Thomas C Reed, Ronald Regan’s S C. Secretary, described in his book “At the abyss” how the U.S. arranged for the Soviets to receive intentionally flawed SCADA software to manage their natural gas pipelines.

quot;The pipeline software that was to run the pumps, turbines, and values was programmed to go haywire, after a d h i ft decent i t t interval, t reset pump speeds and l to t d d valve settings to produce pressures far beyond those acceptable to p p p pipeline jjoints and welds.quot; A 3 kiloton explosion was the result, in 1982 in Siberia.
 http://www.themoscowtimes.ru/stories/2004/03/18/014.html 29
  • 30. Gazprom “Russian authorities revealed this week that Gazprom, a state-run gas utility, came under the control of malicious hackers last year. […]The report said hackers used a Trojan horse program, which stashes lines of harmful computer code in a benign-looking program.” http://findarticles.com/p/articles/mi_qa3739/is_200403/ai_n9360106 30
  • 31. Incidenti recenti (2008/2009) Texas: warning, zombies ahead Transportation officials in Texas are scrambling to prevent hackers from bli t th k f changing messages on digital road signs after one sign in Austin was altered to read, quot;Zombies Ahead.quot; Chris Lippincott, director of media relations for the Texas Department of Transportation Transportation, confirmed that a portable traffic sign at Lamar Boulevard and West 15th Street, near the University of Texas at Austin, was hacked into Austin during the early hours of Jan. 19. quot;It was clever, kind of cute, but not what it was intended for,quot; said Lippincott, who saw the sign during his morning commute. quot;Those signs are deployed for a reason — to improve traffic py p conditions, let folks know there's a road closure.quot; 31
  • 32. Incidenti recenti (2008/2009) Final Super Bowl Moments Interrupted By Porn Yesterday’s television broadcast of the Super Bowl in Tucson, Arizona, was interrupted for some viewers by about 10 seconds of pornographic material. According to a statement from KVOA TV in Tucson, the only viewers who saw the material were those who receive the channel through Comcast cable. Officials g UPDATED (2 at Comcast said they had “no idea” at the time it febbraio 2009): happened how the porn may have gotten into its feed. Comcast offers $10 $ credit to Tucson Apparently, the SD signal was hacked and a ten- second porn clip was inserted into the feed. The customers who saw station received hoards of complaints from families Super B l porn S Bowl who were watching the game and saw the clip, which showed a woman unzipping a man's pants, followed by a graphic act between the two. ygp 32
  • 33. Previews… 1 ASCE – American Society of Civil Engineers e la loro Report Card: 2009 Report Card for America's Infrastructure Category 2009 2005 Changed? Better or worse? Aviation D D+ Yes; worse Bridges C C Dams D D Drinking Water D- D- Energy D+ D Yes; better Hazardous Waste D D Inland Waterways D D- D D- Levees D- NA Yes; worse Public Parks & Recreation C- C- Rail C- C- Roads D- D Yes; worse School D D Security NA I Removed Solid Waste C+ C+ A = Exceptional Transit D D+ Yes; worse B = Good Wastewater D- D- C = Mediocre Overall GPA grade D D D = Poor Cost $2.2T $1.6T $2 2 $1 6 F = Failing 33
  • 34. Previews… 2 World's power grids infested with (more) SCADA bugs Areva Inc. - a Paris-based company that serves nuclear, wind, and fossil- fuel power companies - is warning customers to upgrade a key piece of energy management software following the discovery of security bugs that leaves it vulnerable to hijacking. The vulnerabilities affect multiple versions of Areva's e-terrahabitat package, which allows operators in power plants to monitor gas and electric levels, adjust transmission and distribution devices, and automate ,j , other core functions. Areva markets itself as one of the top three global players in the transmission and distribution of energy. http://www.theregister.co.uk/2009/02/05/areva_scada_security_bugs/ http://www.kb.cert.org/vuls/id/337569 p g 34
  • 36. Conclusioni La storia, le ottiche ed il background della sicurezza IT ed ICT sono assolutamente differenti nel mondo dell’automazione industriale e delle infrastrutture critiche. Gli standard ci sono: bisogna rispettarli Con cognizione di rispettarli. causa e buon senso. Manca una metodologia per l’esecuzione di Verifiche di l esecuzione Sicurezza, al fine di prevenire quanto già oggi potrebbe accadere. E’ necessario l’impegno ed il supporto di tutti, dai vendor agli utilizzatori finali, passando ovviamente per il mondo della sicurezza logica. 36
  • 37. web-o-grafia http://csrc.nist.gov/publications/drafts/800-82/Draft-SP800-82.pdf h // i / bli i /d f /800 82/D f SP800 82 df https://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06- Maynor-Graham-up.pdf y pp http://cansecwest.com/slides06/csw06-byres.pdf http://www.mayhem.hk/docs/scada_univr.pdf http://darkwing.uoregon.edu/~joe/scada/ http://www.physorg.com/news94025004.html http://ethernet.industrial- http://ethernet industrial networking.com/articles/articledisplay.asp?id=206 http://www.apogeonline.com/libri/88-503-1042-0/ebook/libro http://www.sans.org/reading_room/whitepapers/warfare/1644.php http://www.digitalbond.com/SCADA_Blog/SCADA_blog.htm 37
  • 38. web-o-grafia http://www.securityfocus.com/news/11402 http://www.ea.doe.gov/pdfs/21stepsbooklet.pdf http://www.visionautomation.it/modules/AMS/article.php? storyid=32 http://www.cob.org/press/pipeline/whatcomcreek.htm htt // b / / i li / h t k ht http://www.securityfocus.com/news/6767 http://www.iscom.istsupcti.it/index.php?option=com_cont h // i i i i /i d h? i ent&task=view&id=16&Itemid=1 http://books.google.it/books?id=xL3Ye3ZORbgC htt //b k l it/b k ?id L3Y 3ZORb C 38
  • 39. Contatti Per ulteriori informazioni, per aderire al CLUSIT e partecipare alle sue attività: http://www.clusit.it http://www clusit it Raoul Chiesa rchiesa@clusit.it Grazie per l’attenzione! 39