CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.

Slides:



Advertisements
Similar presentations
Michael Thow Cyber Security Engineering Supervisor
Advertisements

SCADA Security, DNS Phishing
HYDRAULICS & PNEUMATICS
Stuxnet Richard Renner. James Bond virus Facts Earliest copy recovered from June KB in size First public knowledge July % of infected.
Dr. HABEEB HATTAB HABEEB Dr. HABEEB HATTAB HABEEB Office: BN-Block, Level-3, Room Ext. No.: 7292 UNITEN.
LET’S TALK BACNET SCADASIDES LAST MINUTE CHANGE MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.
HALDEBIQUE Geoffroy ROYER Johan  Crime motivated attacks  Hacktivism  Cyber Warfare.
Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”
DuWayne Aikins Information Security Forum May 21, 2015 Cyber, A Militarized Domain: What is Means to Texas.
Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.
SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.
Distributed Control Systems Emad Ali Chemical Engineering Department King SAUD University.
CHE 185 – PROCESS CONTROL AND DYNAMICS DCS AND PLC FUNDAMENTALS.
PLC: Programmable Logical Controller
Autonomic Security Management of Industrial Systems Sherif Abdelwahed Electrical and Computer Engineering Mississippi State University.
STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.
SCADA and Telemetry Presented By:.
How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.
Instilling rigor and imagination in analysis Countering the Iranian Nuclear Threat Stuxnet and its Broader Implications Randolph H. Pherson Mary C. Boardman.
A sophisticated Malware Arpit Singh CPSC 420
By: Sharad Sharma, Somya Verma, and Taranjit Pabla.
Chapter 3 Controlling Files. Chapter 3 Overview The file system and file access rights Executable files Computer viruses and malware Policies for file.
PLC introduction1 Discrete Event Control Concept Representation DEC controller design DEC controller implementation.
PLC: Programmable Logical Controller
Cyber crime & Security Prepared by : Rughani Zarana.
Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
Module 1: Introduction to PLC
Welcome to the World of Programmable Logic Controllers
Copyright © 2002 Delmar Thomson Learning Chapter 1 Welcome to the World of Programmable Logic Controllers.
MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.
Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.
VirusesViruses HackingHacking Back upsBack ups Stuxnet Stuxnet.
Unit 5 CONTROL CENTERS AND POWER SYSTEM SECURITY.
Topics of presentation
Overview What is Arduino? What is it used for? How to get started Demonstration Questions are welcome at any time.
Viruses Hackers Backups Stuxnet Portfolio Computer viruses are small programs or scripts that can negatively affect the health of your computer. A.
SUPER TOASTER Wes Brown Eastern Kentucky University Computer Electronic Networking.
Information on computers By kerili kerr. Introduction The purpose of our presentation is to tell people about computer equipment. I will inform people.
Chapter2 Networking Fundamentals
3 February - 21 February 2003 School on Radio Use for Information and Communication Technology POSSIBLE WIRELESS COMMUNICATIONS USE IN AUTOMATION Eng.
Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.
Stuxnet.
Student Name USN NO Guide Name H.O.D Name Name Of The College & Dept.
Battles in Cyber Space Dr Richard E Overill Department of Informatics.
PROGRAMMABLE LOGIC CONTROLLER
Employment of scada system in water purification and transmission system.
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
Programmable Logic Controller & Distributed Control System Yoon-Je Choi 17 th June 2006.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
An Overview When Connecting to Yaskawa Drives Date: 8/14/06, Rev: PP.AFD.26.
Travis Deyarmin. In This Presentation  What is Stuxnet  What is Flame  Compare/Contrast  Who is Responsible  Possible Repercussions.
How a presumably military grade malware sabotaged the Iranian nuclear program W32.Stuxnet Presenter: Dolev Farhi |
SCADA NETWORK SECURITY BY LICET 4-AUG-12.
SCADA Supervisory Control And Data Acquisition Pantech Solutions Here is the key to learn more.
Artificial Intelligence In Power System Author Doshi Pratik H.Darakh Bharat P.
W32.Stuxnet How a presumably military grade malware sabotaged the Iranian nuclear program Presenter: Dolev Farhi |
Stuxnet By Shane Serafin.
How SCADA Systems Work?.
Cybersecurity Case Study STUXNET worm
PLC’s programmable logic Control
Propagation, behavior, and countermeasures
The Internet of Unsecure Things
Object Oriented Programming and Software Engineering CIS016-2
Cyber Security For Civil Engineering
IP Addresses & Ports IP Addresses – identify a device on a network
Anatomy of Industrial Cyber Attacks
Presentation transcript:

CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie

CYBER SECURITY OVERVIEW MODULE 1 Ooooh… Cybah Cybah Cybah Overfuncher!

BASICS Control Systems are computing systems that monitor and control physical processes We’re talking powerplants, locomotives, water treatment, building operations, and stuff like that Uses things called Programmable Logic Controllers, Remote Terminal Units take in signals from things like pumps, valves, motors, etc Basi….. Sknnnnzzzz….

Electro-Mechanical Logic Pneumatic Logic Programmable Logic Distributed Control System Evolution of Control Systems Dis presentation needs more goats

HUMAN INTERACTION THEN AND NOW Buttons, Levers, Paper Trend Plotters, Annunciators, all linked to Relays and Actuators through Electronic or Pneumatic Communications utilizing Relay/Ladder Logic Computer Systems and Displays, linked to Digital Process Controllers through High Speed Ethernet Based networks utilizing Field Programmable Gate Array and Function Block Logic I tells him to Pressy the butensies!! Press them!!! He does not.

CYBER SECURITY The problem is, use of normal IT stuff has caused Control Systems to inherit the same vulnerabilities of those IT systems… Ever been hacked? How did that affect your computer? Other computers you own? Imagine being the computer that runs the Chemical Plant down the road. I be doin the hackring.. Hackring and slashring in Skyrim… MY KNEE!!

BUT…. Computation evolved into Networked systems  Prioritized the fast, efficient, and easy sharing of data  Control Systems and Information Systems were easily connected together, up to and including the Internet Vulnerabilities in these Systems allows Malicious Individuals to Access and Disrupt operations  Coding Practices assumed good behavior, but did not enforce it.  Networked Systems allowed access from remote locations, or over the Internet The Introduction of Computers also Brought the Vulnerability of the Information Age Heh. Goatsies.

WE APOLOGIZE FOR THE FAULT IN THE SUBTITLES.. THOSE RESPONSIBLE HAVE BEEN SACKED

NOTABLE CYBER EVENTS Government Developed Computer Virus  Designed to disrupt the Iranian nuclear enrichment process at Natanz Three Modes of Operation  Windows Based, designed to infect Windows systems  Siemens Simatic, designed to subvert communications between the PLC and Simatic Applications  Siemens S7 PLC Based, designed to run equipment outside of operating envelope, and conceal operating parameters from operators. Stuxnet is the Prime Example of a Cyber Security issue affecting Control Systems

TARGETED IRAN’S NATANZ ENRICHMENT FACILITY Control Systems Mahmoud Ahmadinejad

INFECTED PLCS BROKE CENTRIFUGES This Runs These Also Mahmoud Ahmadinejad

STUXNET’S GOAL Reduce the capability of the Iranian Government to produce Nuclear materials  It Damaged Systems  It reduced quality of the product  Destroyed Centrifuges Hid itself from the operators Personally, I have great sympathy for the Iranian Engineers….  I’d hate to have to go to my boss, repeatedly, and tell him my system was f*cked up, not matter what I was doing to fix it. This is Enriched Uranium

DANCING MONKEYS…. Super Secret Easter Egg in Siemens PLCs, Used at Natanz found by Dillon Beresford

IT DOESN’T HAVE TO BE STATE SPONSORED THOUGH

DIGITAL BOND’S PROJECT BASECAMP Intended to focus attention on vulnerabilities in control system devices, to get vendors to change how insecure their devices actually were. Full Disclosure: I work for Digital Bond

THREATPOST, 2011 Hacker pr0f gained access to, and posted pictures of the South Houston water Treatment plant.

CONCLUSIONS Control Systems run Industrial Stuff They use normal IT components They don’t spend much time on security, if any Governments have used control systems to do bad things to other governments You can find these things on the Internet …. Bad guys can exploit this stuff over the internet.

QUESTIONS? Thanks, Mike

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.