Cyber Security in the Water Sector

Slides:

Advertisements

Similar presentations

h Protection from cyber attacks is achieved by acting on several levels: first, at the physical and material, placing the server in a place as safe as.

Advertisements

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

02/12/00 E-Business Architecture

Lecture 11 Reliability and Security in IT infrastructure.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Cyber Threats/Security and System Security of Power Sector Workshop on Crisis & Disaster Management of Power Sector P.K.Agarwal, AGM Power System Operation.

A Critical Infrastructure Testbed for Cybersecurity Research and Education Ai Onda, Kalana Pothuvila, Joseph Urban, and Jordan Berg Abstract Awareness.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

GridWise ® Architecture Council Cyber-Physical System Requirements for Transactive Energy Systems Shawn A. Chandler Maseeh College of Electrical and Computer.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

Lessons Learned in Smart Grid Cyber Security

“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

הקריה למחקר גרעיני - נגב Nuclear Research Center – Negev (NRCN) Society of Electrical and Electronics Engineers in Israel (SEEEI) 2012 Eran Salfati, Amir.

NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.

 AUTOMATION  PLC  SCADA  INSTRUMENTATION  DRIVES & MOTORS.

Sandra C Security Advisor Energy Dan B Security Advisor Water

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.

Randy Beavers CS 585 – Computer Security February 19, 2009.

CIP 2015 Smart Grid Vulnerability Assessment Using National Testbed Networks IHAB DARWISHOBINNA IGBETAREQ SAADAWI.

CISC 849 : Applications in Fintech Jin Gu Dept of Computer & Information Sciences University of Delaware Cyber-security & Finance.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

SCADA NETWORK SECURITY BY LICET 4-AUG-12.

SCADA Supervisory Control And Data Acquisition Pantech Solutions Here is the key to learn more.

Cyber Security of SCADA Systems Testbed Development May1013 Group Members: Ben Kregel Justin Fitzpatrick Michael Higdon Rafi Adnan Adviser: Dr. Manimaran.

Artificial Intelligence In Power System Author Doshi Pratik H.Darakh Bharat P.

Securing Information Systems

OPERATES SCADA OPERATION SYSTEM Explain the operational SCADA

Combining safety and conventional interfaces for interlock PLCs

CS457 Introduction to Information Security Systems

Jordan Population and Housing Census 2015

Automation Technologies SCADA SENSORS HMI

INFORMATION SYSTEMS SECURITY AND CONTROL.

Network Security Research Presentation

Cybersecurity - What’s Next? June 2017

Security+ All-In-One Edition Chapter 1 – General Security Concepts

Global SCADA Market is Expected to Reach $48 Billion by 2024, Says Variant Market Research Bhavana Patel SEO Analyst Variant.

Operational Technology Information Technology

Agenda Control systems defined

Information Technology Sector

SHORT CIRCUIT MONITORING BY USING PLC & SCADA

OCNI Workshop Kathryn A. McCarthy, VP R&D 2017 September 6

How SCADA Systems Work?.

Chapter 17 Risks, Security and Disaster Recovery

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

CHAPTER 4 Information Security.

NERC CIP Implementation – Lessons Learned and Path Forward

Security in Networking

I have many checklists: how do I get started with cyber security?

High Secured Inter-Cloud Connectivity via Public Networks

Advanced Services Cyber Security 101 © ABB February, | Slide 1.

Network Intrusion Responder Program

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Substation Automation System

Security for Safety: Enabling Digitalization of Railway Systems

Coordinated Security Response

Comparison to existing state of security experimentation

M.Eng. Alessandro Mancuso Supervisor: Dr. Piotr Żebrowski

Cyber Security of SCADA Systems Remote Terminal Units (RTU)

Cyber Security in a Risk Management Framework

Industrial Control Cross 11, Tapovan Enclave Nala pani Road, Dehradun : ,

Anatomy of Industrial Cyber Attacks

Presentation transcript:

Cyber Security in the Water Sector Author: Brandon Khoury Faculty Advisor: Dr. Lingfeng Wang Electrical Engineering and Computer Science

Research Objectives Highlight importance of cyber security in water sector Review historical progression Intrusion path analysis Means of risk mitigation and assessment

Background Vital to the daily function of the general population Small amount of water plants provide service to over three quarters of U.S. population [1] Industry mission sight includes reliable and affordable water services

Background cont. Industrial automation technology Components Supervisory Control and Data Acquisition (SCADA) networks Industrial Control Systems (ICS) Components Programmable Logic Controller (PLC) Human Machine Interface (HMI) Server/Client communication protocol Network connectivity

Sensor/Telemetry Site Growth vs. Time Background cont. Sensor/Telemetry Site Growth vs. Time Source: See references [5]

Methodology Open ended methodology Deductive Inductive General sources/inquires lead to more specifically focused research Inductive Specific technological factor leads to hypothesis on general vulnerability Confirm with research Synthesis of data – intrusion path analysis

Theoretical Intrusion Path

Intrusion Path cont. Denial of Service (DoS) scenario Affects integrity (ability to function correctly and detect error/malicious activity) of system components [4] Capitalizes on water sector and SCADA weaknesses Lack of resources for incident detection Intrinsically archaic network architectures Complex hacking code and lack of anti-virus software Un-encrypted communication protocol, MODBUS for example

Risk Mitigation Technical: Process/Organizational: Multi-Factor Authentication Virus protection software/intrusion detection Transaction logging (MODBUS) [2] Network segmentation Process/Organizational: Maintain IT staff Risk mitigation goals Performance metrics [5] Response/disaster recovery plan [3]

Example of simple network segmentation architecture Risk Mitigation cont. Example of simple network segmentation architecture

Conclusion Why is this important? Water industry designed without security as a primary concern Technological advances put sector even more at risk An attack could endanger public health Inhibit primary industrial functions that required water Upgrading to adequate security is a large task Time, Money, Manpower Constant quality control

Questions Questions? Thank you!

References [1] C. Copeland and B. Cody, “Terrorism and Security Issues Facing the Water Infrastructure Sector,” Congr. Res. Serv. Rep., pp. 1–6, 2010. [2] E. J. Byres, M. Franz, and D. Miller, “The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems.” [3] S. Panguluri, W. Phillips, and P. Ellis, “Cyber Security: Protecting Water and Wastewater Infrastructure,” Handb. Water Wastewater Syst. Prot., pp. 285–318, 2011. [4] S. Amin, X. Litrico, S. Sastry, and A. M. Bayen, “Cyber Security of Water SCADA Systems—Part I: Analysis and Experimentation of Stealthy Deception Attacks,” pp. 1–8, 2012. [5] Water Sector Coordinating Council Cyber Security Working Group, “Roadmap to Secure Control Systems in the Water Sector,” pp.5–37, 2008.