Anatomy of Industrial Cyber Attacks

Slides:

Advertisements

Similar presentations

© Alan Burns and Andy Wellings, 2001 Real-Time Systems and Programming Languages n Buy Real-Time Systems: Ada 95, Real-Time Java and Real-Time POSIX by.

Advertisements

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.

SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.

Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.

Personnel hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.

Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.

An Introduction to SCADA Fundamentals and Implementation

SCADA and Telemetry Presented By:.

Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran.

SCADA FOR WATER DISTRIBUTION IC DEPT. GECGn SEC28.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

NetVuze Precision Network Meter standalone, easy to use, networked with data logging.

1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.

הקריה למחקר גרעיני - נגב Nuclear Research Center – Negev (NRCN) Society of Electrical and Electronics Engineers in Israel (SEEEI) 2012 Eran Salfati, Amir.

 AUTOMATION  PLC  SCADA  INSTRUMENTATION  DRIVES & MOTORS.

Unit 5 CONTROL CENTERS AND POWER SYSTEM SECURITY.

Cyber Terrorism Shawn Carpenter Computer Security Analyst

FAIR Accelerator Controls Strategy

WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.

1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.

Enterprise Systems Business Planning & Logistics Site Manufacturing Operations and Control Area Supervisory Control Basic Control Safety- Instrumented.

1 © A. Kwasinski, 2015 Cyber Physical Power Systems Fall 2015 Security.

CONTENTS: 1.Abstract. 2.Objective. 3.Block diagram. 4.Methodology. 5.Advantages and Disadvantages. 6.Applications. 7.Conclusion.

CV Industrial Control SystemsJCOV Meeting October 23, 2003 ST/CV ACTIVITY Industrial Automation ST/CV is responsible for the design and implementation.

By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.

SCADA NETWORK SECURITY BY LICET 4-AUG-12.

FUNDAMENTALS OF COMPUTER SYSTEMS Lesson 1. Starter What is the difference between hardware and software?

SCADA Supervisory Control And Data Acquisition Pantech Solutions Here is the key to learn more.

Cyber Security of SCADA Systems Testbed Development May1013 Group Members: Ben Kregel Justin Fitzpatrick Michael Higdon Rafi Adnan Adviser: Dr. Manimaran.

Lesson 1 PLC BASICS. PLC Definition  Programmable Logic Controllers are industrial computers that control machine and other applications.  PLC have.

Artificial Intelligence In Power System Author Doshi Pratik H.Darakh Bharat P.

Modular Flexible Manufacturing System for Industrial Engineering teaching and research ps-training-series/

OPERATES SCADA OPERATION SYSTEM Explain the operational SCADA

Fundamentals and Implementation

Cyber Security in the Water Sector

Automation Technologies SCADA SENSORS HMI

Complete Plant Solution from Mitsubishi

3 Do you monitor for unauthorized intrusion activity?

Object Oriented Programming and Software Engineering CIS016-2

Cybersecurity Case Study Maroochy water breach

Manufacturing Productivity Solutions

Lesson 3 SCADA.

Operational Technology Information Technology

Products/Solutions/Expertise of C-DAC Mumbai in Smart City Domain

SHORT CIRCUIT MONITORING BY USING PLC & SCADA

EAS Lessons Learned Summary

PRESENTATION ON AUTOMATION,PLC AND SCADA

DT80 range Modbus capability

Fundamentals and Implementation

How SCADA Systems Work?.

POPULAR TYPES OF AUTOMATION SYSTEMS

An Introduction to SCADA Fundamentals and Implementation

Cyber Security of SCADA Systems

CIO Council briefing 01/23/2017

Validating and Protecting Pharmaceutical Manufacturing Processes

Programmable Logic Controllers (PLCs) An Overview.

SCADA Communication and Architecture Principles

PLC / SCADA / HMI Controllers: Name : Muhammad Zunair Comsats University Date: 28-October-2018.

Process Monitoring and Control Systems

Modern PLC based generation controls

NERC Cyber Security Standard

PLCs integration into the ICS

Switching & Controlling LoB

Cyber Security of SCADA Systems Remote Terminal Units (RTU)

Process Dynamics and Control:

Shenandoah Valley Wastewater Treatment Plant Network Selecting and Implementing a Successful SCADA System SVWWPTN – Verona, Va TJ Johnson – Delta.

Presentation transcript:

Anatomy of Industrial Cyber Attacks SBX3-W4 Anatomy of Industrial Cyber Attacks Mille Gandlesman Barak Perelman CTO Indegy @mgandelsman CEO Indegy @BarakPerelman

Top Concerns as ICS Manager How do I ensure my revenue generating process keeps running? How quickly will I discover a failure? How quickly can I pinpoint the source of the incident? How quickly can I recover?

How Would You Attack this System? Controller A/C Thermometer System Input System Output Reference Measured Output Keypad

Vocabulary & Definitions SCADA / DCS –Supervisory, Control And Data Acquisition system (or a distributed one): HMI, Engineering station – Windows machines for operators to interact with system PLC/RTU/Controller – Dedicated 24/7 real time Industrial computers Sensors/Actuators/IO – Industrial Equipment (Turbines, Pumps, Valves, etc.) HMI PLC RTU DCS Controller Circuit Breaker Pressure meter Valve

How Would You Attack this System? Controller Turbine Pressure Meter System Input System Output Reference Measured Output HMI

Vocabulary & Definitions Process Parameters Logic Configuration Firmware

Security Gaps in an ICS Network Understanding what you have in your network No visibility into critical control-layer activity Blindspots of physical access to devices

#1: Understanding What You Have in Your Network System implemented a very long time ago Changes made over years Without documentation Or: It was recently inherited: Nobody knows anything

#2: No Visibility into Critical Control Plane Activity

#2: No Visibility into Critical Control Plane Activity

#2: No Visibility into Critical Control Plane Activity No Authentication Required: Anyone with network access can change controller logic! Difficult to monitor: The meaningful changes are the hardest to identify Note that there is no need to exploit vulnerabilities

#2: No Visibility into Critical Control Plane Activity Controller logic is the most critical part of an ICS network Unfortunately it’s also the weakest link there Sensor reading is not reliable for finding malicious activity And also, might be too late Standard network monitoring is not enough Control-layer aware deep packet inspection needed Physical cyber attacks can occur

#3: Blindspots of Physical Access to Devices On-The-Fly-Changes: What changed? What was the previous configuration? System integrator access: Who to blame on failure?

Apply What You Have Learned Today Next month you should: Identify and create a backup of all your controllers Next quarter you should: Keep track of control-layer actions in your ICS network Within six months you should: Apply a security system that is aware to changes in controller logic, both those emerging from the network as well as locally