Advanced Services Cyber Security 101 © ABB February, 18 2013 | Slide 1.

Slides:

Advertisements

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

Advertisements

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Lecture 11 Reliability and Security in IT infrastructure.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

SEC835 Database and Web application security Information Security Architecture.

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.

PREPARED BY: SHOUA VANG ABHINAV JUWA CHASE PAUL EASy Security Project Anonymous vs HBGary Inc.

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Scott Charney Cybercrime and Risk Management PwC.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Computer Security By Duncan Hall.

Safe’n’Sec IT security solutions for enterprises of any size.

Security Mindset Lesson Introduction Why is cyber security important?

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

Creating Realistic Cybersecurity Policies

Securing Information Systems

Security Issues in Information Technology

Add video notes to lecture

CYBER SECURITY PANDEMIC

Team 1 – Incident Response

Critical Security Controls

Security Standard: “reasonable security”

Agenda Control systems defined

Configuring Windows Firewall with Advanced Security

Secure Software Confidentiality Integrity Data Security Authentication

Compliance with hardening standards

Putting It All Together

Putting It All Together

Network security threats

Security in the Workplace: Information Assurance

Lecture 14: Business Information Systems - ICT Security

Business Risks of Insecure Networks

Network and Telecommunications Audit

Securing Information Systems

Forensics Week 11.

Cyber Security Fingerprint Secure systems, protect production

Security in Networking

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

CIS 502 Education for Service-- tutorialrank.com

I have many checklists: how do I get started with cyber security?

Cyber Security Why You Should Care.

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Brandon Traffanstedt Systems Engineer - Southeast

Cybersecurity Am I concerned?

How to Mitigate the Consequences What are the Countermeasures?

Chapter # 3 COMPUTER AND INTERNET CRIME

Information Protection

Anuj Dube Jimmy Lambert Michael McClendon

Mohammad Alauthman Computer Security Mohammad Alauthman

In the attack index…what number is your Company?

Cyber Security For Civil Engineering

Information Protection

Presentation transcript:

Advanced Services Cyber Security 101 © ABB February, 18 2013 | Slide 1

Cyber Security What is Cyber Security? “Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack” Merriam-Webster’s dictionary © ABB Group | Slide ‹#›

Cyber Security Security breaches Control System Personal computer Hacking Malicious software Unauthorized use © ABB Group | Slide ‹#›

Cyber Security Stuxnet: The first malware targeting industrial control systems © ABB Group | Slide ‹#›

Cyber Security Bill Would Have Businesses Foot Cost Of Cyber war © ABB Group | Slide ‹#›

Cyber Security Vulnerability disclosure growth by year 1 new vulnerability every hour, every day. © ABB Group | Slide ‹#› Source: IBM X-Force®

Cyber Security Security Cost The cost of security measures should be balanced against the achieved risk reduction Risk = (probability of successful attack) x (potential consequences) Optimal security for minimum cost Cost of security According to a study by the Ponemon Institute, the cross-industry average cost of a cyber security breach in 2011 was $5.9 MUSD Cost Probable cost of a security breach Security Level © ABB Group | Slide ‹#›

Cyber Security Enterprise IT vs. Industrial Control Systems Primary risk impact Information disclosure, financial Safety, health, environment, financial Availability 95 – 99% (accept. downtime/year: 18.25 - 3.65 days) 99.9 – 99.999% (accept. downtime/year: 8.76 hrs – 5.25 minutes) Typical System Lifetime 3-5 years 15-30 years Problem response Reboot, patching/upgrade Fault tolerance, online repair Confidentiality Availability Integrity Availability Integrity Confidentiality © ABB Group | Slide ‹#›

Cyber Security Why traditional approaches don’t work Action Consequence Lock out accounts after three bad password tries Operator has no control over process for 10 minutes Install patches as soon as they are released and reboot A control system reboot means shutting down the whole plant, and it might take days to get everything running again Frequently update antivirus scan engine and virus definitions False positives might have fatal consequences Use of crypto functions to protect data in transit Real time constraints cannot be met due to limited resources on embedded devices Use of firewalls and intrusion detection systems Do you speak IEC 60870-5-104, IEC 61850, OPC, HART, ProfiNet, Modbus... Use of intrusion prevention systems One false positive might have fatal consequences Information Systems Security is a good starting point, but approaches and technologies need to be applied with care © ABB Group | Slide ‹#›

Cyber Security If it’s worth having it’s worth stealing Source Code Diagrams, Plans and Blueprints Design documents and Metrics data Mechanisms for infrastructure improvements Certificates and Credentials Source: MSI Microsolved Inc. © ABB Group | Slide ‹#›

Cyber Security Aurora Project The generator room at the Idaho National Laboratory was remotely accessed by a hacker and a $1 Million diesel-electric generator was destroyed. ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ © ABB Group | Slide ‹#›

Cyber Security Iranshahr ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ © ABB Group | Slide ‹#›

Cyber Security Damage from within Companies are really just people—and most people fear being labeled “the bad guy.” That fear puts the company at risk. No one person should have enough power to completely destroy company assets or infrastructure. Regular security audits are a key to protecting the company. Security audits should include simulations that cover dealing with disgruntled or terminated employees. ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ © ABB Group | Slide ‹#›

Procedures and Protocols Shamoon Destroyed 30.000+ computers. Insider "Not a single drop of oil was lost.“ CEO Khalid Al-Falih "In our experience in conducting hundreds of vulnerability assessments in the private sector, in no case have we ever found the operations network, the SCADA system or energy management system separated from the enterprise network. On average, we see 11 direct connections between those networks.” Source: Sean McGurk, The Subcommittee on National Security, Homeland Defense, and Foreign Operations May 25, 2011 hearing. ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ © ABB Group | Slide ‹#›

Cyber Security Airgaps Source: Tofino Sercurity. © ABB Group | Slide ‹#›

Cyber Security Protection Basic Advanced Procedures and Policies Whitelisting Update management Intrusion detection Antivirus Intrusion prevention Account management Firewalls Services and ports … Software management © ABB Group

Cyber Security Share information © ABB Group | Slide ‹#›

Cyber Security Remote access Support Center Service Center Internet Virtual Support Engineer © ABB Group November 12, 2018 | Slide 18

Cyber Security www.abb.com/cybersecurity 9AKK105713A6280 A © ABB Group

© ABB Group November 12, 2018 | Slide 20