1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.

Slides:

Advertisements

Similar presentations

GCSE ICT Networks & Security..

Advertisements

Technology: Unethical Behavior and Its Consequences Prepared by Tami Genry March 2004.

Mark Heggli Consultant to the World Bank Expert Real-time Hydrology Information Systems Workshop Module 4: Data Management Solutions for a Modernized HIS.

Joint Program Office for Special Technology Countermeasures Joint Program Office for Special Technology Countermeasures JPOSTCJPOSTC JPOSTCJPOSTC Briefing.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

SCADA SYSTEM CLASSIFICATION

Lecture 11 Reliability and Security in IT infrastructure.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.

Cyber Threats/Security and System Security of Power Sector Workshop on Crisis & Disaster Management of Power Sector P.K.Agarwal, AGM Power System Operation.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

SCADA and Telemetry Presented By:.

EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.

Stuart Cunningham - Computer Platforms COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

SCADA FOR WATER DISTRIBUTION IC DEPT. GECGn SEC28.

Lessons Learned in Smart Grid Cyber Security

Chapter 1- “Diversity” “In higher education they value diversity of everything except thought.” George Will.

Presented by Amira Ahmed El-Sharkawy Ibrahim.  There are six of eight turtle species in Ontario are listed as endangered, threatened or of special concern.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.

Event Management & ITIL V3

System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.

Topics of presentation

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.

Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.

Security CS Introduction to Operating Systems.

Cctv Management Solution - CMS From – Intelitech Solutions Pvt. Limited. [ ITSPL Group ]

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Isolation Lock-Out Room Johns River Quarry Site Contact: Blake Ardrey, Quarry Manager, BCM, Johns River Quarry Phone:

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Role Of Network IDS in Network Perimeter Defense.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Regional Telecommunications Workshop on FMRANS 2015 Presentation.

Employment of scada system in water purification and transmission system.

MANAGING INCIDENT RESPONSE By: Ben Holmquist. 2 Outline Key Terms and Understanding Personnel and Plan Preparation Incident Detection Incident Response.

SCADA City of Phoenix Water Services Department Presented by Rico Diaz July 15, 2004.

Enterprise Security Management Franklin Tinsley COSC 481.

SCADA Supervisory Control And Data Acquisition Pantech Solutions Here is the key to learn more.

Cyber Security of SCADA Systems Testbed Development May1013 Group Members: Ben Kregel Justin Fitzpatrick Michael Higdon Rafi Adnan Adviser: Dr. Manimaran.

Artificial Intelligence In Power System Author Doshi Pratik H.Darakh Bharat P.

Koji Nakao, Dai Arisue NICT, Japan

Object Oriented Programming and Software Engineering CIS016-2

Cybersecurity Case Study Maroochy water breach

Security of In-Vehicle Software

Agenda Control systems defined

Products/Solutions/Expertise of C-DAC Mumbai in Smart City Domain

How SCADA Systems Work?.

Industrial Instrumentation: Transmitters

COMPUTER CRIME.

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

Extended Authentication Protocol (EAP) Vulnerabilities exploited through Rogue Access Points Stephen Cumella.

Internet of Things Vulnerabilities

Intrusion detection Lewis Knight.

Substation Automation System

REMOTE POWER MONITORING OF MARINE SITES

Cyber Security of SCADA Systems Remote Terminal Units (RTU)

Network Security Mark Creighton GBA 576 6/4/2019.

Cyber Security For Civil Engineering

Presentation transcript:

1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry Solutions ● Schneider Electric

2 What is a SCADA / Telemetry System IT and Business Systems ERP Asset Management Application Control Room SCADA Software Wide Area Network Wireless Communication Long Reach Radio Networks Remote Assets Field Devices Controllers Instrumentation Collect measurement and operational data from devices spread across geographically-dispersed assets, deliver the data over a wide area communication infrastructure to a central control room for supervision, monitoring, analysis and business decision-making. Analog or Digital Temperature Pressure Flow Level Humidity Moisture... RTU Remote RadioBase Radio SCADA Software Sensors network Enterprise IT

3 The Maroochy Incident

4 The Facts ●There were sustained attacks on the system over several months ●Severity of the attacks escalated over time ●Mainly Spurious alarms, intermittent faults, increased network congestion (denial of service), changing setpoints ●Issues often coincided with bad weather ●Were able to prove third party intrusion mid March, over a month and a half after attacks most likely started ●Attacker was not caught until 23 rd April, another month on

5 Cyber Battle ●Initially assumed breaking into pump stations, didn’t consider stolen equipment ●On 16 th March, were able to disable attackers device temporarily by using the same tactics ●Attempting to disable attackers device escalated the situation ●Was it the right thing to do?

6 Discussion Topics ●Security through obscurity – does the Maroochy incident suggest it does or doesn’t work? ●Nothing could be proved until everything was logged, but this alone was still not enough ●Malicious human interference was the last thing considered – at what point should it have been? ●Know your system, and know what is normal. This is the only way to detect the abnormal. ●Most people working on SCADA/Control Systems would be aware of ways to disrupt normal operation – how do you combat this? ●Utilities may conduct background checks, but do they force their contractors to do the same?

7 Court Proceedings ●Heard over 9 days ●Sacked his lawyer after first day ●Convicted on 26 charges including: ●Using a restricted computer without the consent of its controller thereby intending to cause detriment or damage ●Wilfully and unlawfully causing serious environmental harm ●Stealing

8 What is the correct Reaction? ●Even after we’d proven intrusion was occurring – how do you stop it? ●Modified protocol in use at each site Effectively rolled out new encrypted ‘key’ to each site, only known to a few people. ●This is a time consuming process, each site had to be physically visited. ●Only once this was complete did the hacking stop, weeks after it had been identified and initial action had been taken ●Have your strategy ready before, and act quickly in a considered way ●Have a close relationship with your product vendor ●Hacking isn’t always obvious, many intrusions go unnoticed – understand your system, and look for the abnormal

9 DNP3 Secure MasterOutstation Non-critical message Standard protocol response Critical Message Authentication response Authentication challenge Authenticate & perform operation Perform operation ●Non-critical messages operate as usual ●Critical messages are “challenged” ●Operation is only carried out if the challenge “passes” Secure method for assuring that only authorised devices are able to successfully request execution of critical commands such as setting outputs, transfer of files, or configuration changes

10 Conclusion ●Understand what is normal, so you can detect the abnormal ●Have detailed logging ●Have a prepared considered action plan, don’t be caught unawares ●Some helpful places: ●SCADA community of Interest – A working party of the IT Security Expert Advisory Group. Has more than 180 Industry and government representatives ●Forum of Australian SCADA Vendors – Involved in SCADA CoI Practitioner/Vendor Forums

11