3 rd Control System Cyber-Security Workshop A Summary of this year’s meeting Dr. Stefan Lüders (CERN Computer Security Officer) with contributions from.

Slides:



Advertisements
Similar presentations
Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Advertisements

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
1 The AU-ECA-AfDB Land Policy Initiative Progress Made & Way Forward Joan Kagwanja UNECA Land Governance in Support of the MDGs: Responding to New Challenges.
UNCTAD Technical Assistance and Capacity Building in Trade Facilitation WTO, NGTF, 1 July 2009.
Operational Programme I – Cohesion Policy Event part-financed by the European Union European Regional Development Fund Evaluation Plan for Maltas.
ENEF WG Risks / Bernard Fourest 12 September 2012 PRAGUEBRATISLAVA ENEF WG RISKS Current activities of the SWG Nuclear Installation Safety Bernard Fourest.
4 th Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) 4 th (CS) 2 /HEP Workshop,
How things go wrong. The lucky one and the unlucky one Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop, Grenoble (France)
Business Planning & Strategy. What is going on? What are we good at? What is happening around us? How will we get there? Build networks Fundraise from.
Khammar Mrabit Director Office of Nuclear Security
User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa.
Disaster Recovery and Business Continuity Plan Testing: Practice Makes Perfect B.J. Block, Information Security AnalystMarch 22, 2007.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lebanon Introduction Based on studies of its past disasters, Lebanon can be considered as a country vulnerable to earthquakes because of some.
Norman Endpoint Protection Advanced security made easy.
Computer Account Hijacking Detection Using a Neural Network Nick Pongratz Math 340.
HEPiX Orsay 27 th April 2001 Alan Silverman HEPiX Large Cluster SIG Report Alan Silverman 27 th April 2001 HEPiX 2001, Orsay.
CERN’s Computer Security Challenge
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
NSF and IT Security George O. Strawn NSF CIO. Outline Confessions of a CIO Otoh NSF matters IT security progress at NSF IT security progress in the Community.
Control System Cyber-Security Workshop A Summary of Yesterday’s Meeting Dr. Stefan Lüders (CERN IT/CO) with slides from P. Chochula (ALICE), S. Gysin (FNAL),
Control Systems Under Attack !? …about the Cyber-Security of modern Control Systems Dr. Stefan Lüders (CERN IT/CO) (CS) 2 /HEP Workshop, Knoxville (U.S.)
Work Package 5 Data Acquisition and High Level Triggering System Jean-Christophe Garnier 3/08/2010.
Cluster Management Scorecard FITT (Fostering Interregional Exchange in ICT Technology Transfer)
Technology & Special Education Rachel Murray
Use of CERN’s Computing Facilities Why is security important? What are the rules? HR Induction Programme.
14-Nov-2000EPICS Workshop - Oak Ridge1 PCaPAC Review Matthias Clausen DESY/ MKS-2.
Cyber Security Awareness Why people are of N o 1 importance… CERN Computer Security Team (2009) L. Cons, S. Lopienski, S. Lüders, D. Myers “Protecting.
Problems to Overcome Implementation Issues at CERN Dr. Stefan Lüders (CERN Computer Security Officer) (CS) 2 /HEP Workshop, Kobe (Japan) October 11th 2009.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Trusted Operating Systems
Cyber Security Awareness Academic Freedom vs. Operations vs. Security CERN Computer Security Team (2010) S. Lopienski, S. Lüders, R. Mollon, R. Wartel.
Control System Cyber-Security Workshop A Summary of Yesterday’s Meeting Dr. Stefan Lüders (CERN Computer Security Officer) with slides from B. Copy (CERN),
3 rd Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop,
Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) (CS) 2 /HEP Workshop, Kobe (Japan)
CERN Computing and Network Infrastructure for Controls (CNIC) Status Report on the Implementation Dr. Stefan Lüders (CERN IT/CO) (CS) 2 /HEP Workshop,
Middle Managers Workshop 2: Measuring Progress. An opportunity for middle managers… Two linked workshops exploring what it means to implement the Act.
Financial Sector Cybersecurity R&D Priorities The Members of the FSSCC R&D Committee November 2014.
Cyber Security Awareness Academic Freedom vs. Operations vs. Security CERN Computer Security Team (2010) S. Lopienski, S. Lüders, R. Mollon, R. Wartel.
Windows 10 Tech Support Call On Windows 10 the latest product updates from Microsoft providing a lots of easy facilities to the It professionals.
Performing Risk Analysis and Testing: Outsource or In-house
Security Operations Update
Mirjana Boshnjak Skopje, 20 to 22 September 2017
Sean Moriarty, Oswego State CTS 2016 Cyber Security Update
Common Methods Used to Commit Computer Crimes
The Integrated Food Security Phase Classification in Sudan –Next Steps
Control system network security issues and recommendations
PMU E-Alumnus Project Final Presentation
Suggestion for next steps for PGA for REDD+ in Vietnam
Cyber Security Awareness
Office 365 Security Assessment Workshop
NRC Cyber Security Regulatory Overview
WEBINAR on partner search 2nd call for proposals
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
12 STEPS TO A GDPR AWARE NETWORK
Control Systems Security Working Group Report
Windows 10 Enterprise subscriptions in CSP – Messaging Summary
UNM Information Assurance Scholarship for Service (SFS) Program
Archive Management System Project Update
Cyber Security in a Risk Management Framework
DSC Contract Management Committee Meeting
UNM Information Assurance Scholarship for Service (SFS) Program
Item 11. Overview of EG activities
Gio.net First Proposal to discuss during Barcelona Meeting
7.e) Expert Group on agriculture
LO1 - Know about aspects of cyber security
IoT: Privacy and Security
Presentation transcript:

3 rd Control System Cyber-Security Workshop A Summary of this year’s meeting Dr. Stefan Lüders (CERN Computer Security Officer) with contributions from E. Bonaccorsi (LHCb), P. Charrue (CERN), P. Chochula (ALICE), S. Hartman (ORNL), T. Hakulinen (CERN), T. McGuckin (JLab), T. Sugimoto (Spring8), F. Tilaro (CERN), V. Vuppala (NSCL/MSU) ICALEPCS, Grenoble (France), October 11 th 2011

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 “3 rd CS2/HEP Workshop Summary” — Dr. Stefan Lüders — ICALEPCS2011 ― October 11 th 2011 Security in a Nutshell Security is as good as the weakest link: ► Attacker chooses the time, place, method ► Defender needs to protect against all possible attacks (currently known, and those yet to be discovered) Security is a system property (not a feature) Security is a permanent process (not a product) Security cannot be proven (phase-space-problem) Security is difficult to achieve, and only to 100%-ε. ► YOU define ε as user, developer, system expert, admin, project manager BTW: Security is not a synonym for safety.

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 “3 rd CS2/HEP Workshop Summary” — Dr. Stefan Lüders — ICALEPCS2011 ― October 11 th 2011 (R)Evolution, w/o security

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 “3 rd CS2/HEP Workshop Summary” — Dr. Stefan Lüders — ICALEPCS2011 ― October 11 th 2011 (CS) 2 in HEP ― The Objectives Attendance: ~40 people Scope: ► All security aspects related with HEP control systems ► Control PCs, control software, controls devices, accounts, … Objectives: ► Raise awareness ► Exchange of good practices, ideas, and implementations ► Discuss what works & what not, pros & cons ► Report on security events, lessons learned & successes ► Update on progresses

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 “3 rd CS2/HEP Workshop Summary” — Dr. Stefan Lüders — ICALEPCS2011 ― October 11 th 2011 September 2009 Attacks are FACT! April 2011 Mai 2011 Summer 2011

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 “3 rd CS2/HEP Workshop Summary” — Dr. Stefan Lüders — ICALEPCS2011 ― October 11 th 2011 Security is a CHALLENGE… Off-the-shelf IT security not that easy: Patching, AV, shared passwords, network scans, … Priorities are different: Technical requirements + operational needs often collide with security.

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 “3 rd CS2/HEP Workshop Summary” — Dr. Stefan Lüders — ICALEPCS2011 ― October 11 th 2011 Defense-in-Depth: Network security gives an excellent basis. …which can be OVERCOME! Compartmentalization of networks reduces cross-infections. Controls devices are insecure. Test them, make them fail and send them back to the vendor Defense-in-Depth: Network security gives an excellent basis.

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 “3 rd CS2/HEP Workshop Summary” — Dr. Stefan Lüders — ICALEPCS2011 ― October 11 th 2011 Get Started: Two Approaches Top-Down: Going for full-blown ISO27000 certification. Kudos!! Bottom-Up: A thorough assessment involving all stakeholders

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 “3 rd CS2/HEP Workshop Summary” — Dr. Stefan Lüders — ICALEPCS2011 ― October 11 th 2011 ONE Take-away This is a people’s problem. (Still) need for a “Change-of-Mind”. Establish a Security Culture!

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 “3 rd CS2/HEP Workshop Summary” — Dr. Stefan Lüders — ICALEPCS2011 ― October 11 th 2011 Merci beaucoup!!! Thanks to all participants & esp. to the presenters. Well done, guys!!! Un merci spécial au comité local d’organisation!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.