O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Evolving Security in Process Control

Lockheed Martin presentation from 4th Annual Cyber Security Summit, 30th March 2015.

  • Entre para ver os comentários

  • Seja a primeira pessoa a gostar disto

Evolving Security in Process Control

  1. 1. © Lockheed Martin Evolving Security in Process Control 4th Annual Cyber Security Summit – Energy & Utilities Abu Dhabi March 30, 2015
  2. 2. © Lockheed Martin Not ‘If’ but ‘When’
  3. 3. © Lockheed Martin Cyber Attack Impacts Whole Value Chain Business Production Control Systems Customers Security Incident Impact
  4. 4. © Lockheed Martin Growth in Targeted Attacks Night Dragon - 2011 Shamoon - 2012 Energetic Bear - 2012 Norwegian Oil & Gas - 2014 German steel works - 2014
  5. 5. © Lockheed Martin Just the Tip of the Iceberg For every major incident that makes the news, many more smaller incidents go unreported
  6. 6. © Lockheed Martin Rapidly Changing Threat Landscape • New vulnerabilities • Readily available exploit kits • Hacktivists • State sponsored activities • BYOD • Mobile devices • Cloud access from anywhere • Growth in social media • Internet of Things • Advanced Persistent Threats (APT’s)
  7. 7. © Lockheed Martin A173984 • Malicious Insider 37% • Criminal Syndicates 26% • Nation State Sponsored 19% Top Threats Intelligence Driven Cyber Defence, Ponemon Institute LLC, February 2015
  8. 8. © Lockheed Martin • Lost Intellectual Property – Geoscience data • Reputation Damage – Joint Ventures – Customers – Government • Business Disruption – Lost production – Incident investigation • Damage to Critical Infrastructure – HSE – Cost of repair Top Impacts Intelligence Driven Cyber Defence, Ponemon Institute LLC, February 2015
  9. 9. © Lockheed Martin Internet Accessible Control Systems 241 locations >52,000 IP addresses
  10. 10. © Lockheed Martin Prevention is ideal but detection is a must However, detection without response has minimal value
  11. 11. © Lockheed Martin Would you know if your system was compromised? Average time from compromise to detection 14 months
  12. 12. © Lockheed Martin The Need to Evolve Engineering workstation HMI Manual shutdown F&GESD Shutdown signal PI server Remote monitoring PI server File server Antivirus server Patch server Remote access server Offline Malware Analysis Privilege Access Management & Session Recording SIEM/ID server “We have a firewall and anti-virus software. We’re safe.”
  13. 13. © Lockheed Martin The Need to Evolve Engineering workstation HMI Manual shutdown F&GESD Shutdown signal PI server Remote monitoring PI server File server Antivirus server Patch server Remote access server Offline Malware Analysis Privilege Access Management & Session Recording SIEM/ID server “We have a firewall and anti-virus software. We’re safe.” NO! YOU ARE NOT SAFE The insider is already the wrong side of your firewall – with your approval
  14. 14. © Lockheed Martin Foundational Security Technologies Basic Security Compliant Security (Reactive) Sustainable Security (Proactive) Intelligence Driven Defense® (Predictive) Procedures and Documentation Automation and Efficient IT/OT Process Integration Cyber Intelligence integrated in Operations Compliance driven (ISO27001), COTS products, “set it and forget it” Add good security practices, use SIEM to monitor & respond to alerts Integrate IT & OT security, use available intelligence See what’s coming at you, anticipate, generate & share intelligence 80%20%Security Evolution
  15. 15. © Lockheed Martin End Point Security Network Security Reactive Looking inwards at vulnerability and managing impact to confidentiality, integrity and availability. This typically results in reactive actions after an intrusion has taken place. Address 80% Threat Foundational Security
  16. 16. © Lockheed Martin Intelligence Driven Defense® Threat Focused This builds on foundational security. It looks outwards at the specific adversaries attacking your enterprise and intimately understanding/analysing their tactics, techniques and procedures. This allows you to proactively take a defensive course of action. Proactively address 20% and 80% Threat
  17. 17. © Lockheed Martin Campaign analysis is used to determine the patterns and behaviours of the intruders LM Cyber Kill Chain® Campaign Heat Map • Group intrusions together into “Campaigns” • Prioritize and measure against each campaign Understand the Threat Landscape
  18. 18. © Lockheed Martin • Basic security measures essential – Reduce attack surface – Maintain signatures, patches, firewalls, etc. • People – End users are part of your defences – train & test them – Your adversaries are people. You need people who understand their tactics, techniques & procedures (TTP) – train & test them • Governance – Management focus on security – Ensure response capability is in place (you will need it) – train & test them – Measure success Critical Success Factors
  19. 19. © Lockheed Martin Remember… Security is a journey, not a destination
  20. 20. © Lockheed Martin
  21. 21. © Lockheed Martin Thank you Andrew Wadsworth, GICSP Head of Process Control Security Lockheed Martin andrew.wadsworth@civil.lmco.com Johnstone House 52-54 Rose Street Aberdeen AB10 1UD United Kingdom Office +44 1224 611040 Mobile +44 7914 356962 Scott Keenon Business Development Manager Lockheed Martin scott.keenon@civil.lmco.com Johnstone House 52-54 Rose Street Aberdeen AB10 1UD United Kingdom Office +44 1224 611052 Mobile +44 7968 793353

×