3 rd Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop,

Slides:



Advertisements
Similar presentations
Secure and Web Browsing Sébastien Dellabella – Computer Security Team.
Advertisements

4 th Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) 4 th (CS) 2 /HEP Workshop,
How things go wrong. The lucky one and the unlucky one Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop, Grenoble (France)
3 rd Control System Cyber-Security Workshop A Summary of this year’s meeting Dr. Stefan Lüders (CERN Computer Security Officer) with contributions from.
David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.
Control Systems Under Attack !? …about the Cyber-Security of modern Control Systems Dr. Stefan Lüders (CERN Computer Security Officer) Openlab Summer Student.
AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.
Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Introduction to Service-Oriented Architecture. Outline Definition Features Examples of SOA Web Service Standards Example Pros and Cons Integration with.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Control System Cyber-Security in Industry Dr. Stefan Lüders (CERN IT/CO) (CS) 2 /HEP Workshop, Knoxville (U.S.) October 14th 2007.
A First Course in Information Security
[Name / Title] [Date] Effective Threat Protection Strategies.
Information Systems Today, 2/C/e ©2008 Pearson Education Canada Lecture Outline eCommerce Highlights of Electronic Business 2-1.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Presented by: Dr. Munam Ali Shah
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Introduction to Computers Lesson 12A. home Information System A mechanism that helps people collect, store, organize and use information.
National Cyber Security Awareness Month October 20, 2011 Cyber Security – Our Shared Responsibility.
Control System Cyber-Security Workshop A Summary of Yesterday’s Meeting Dr. Stefan Lüders (CERN IT/CO) with slides from P. Chochula (ALICE), S. Gysin (FNAL),
Control Systems Under Attack !? …about the Cyber-Security of modern Control Systems Dr. Stefan Lüders (CERN IT/CO) (CS) 2 /HEP Workshop, Knoxville (U.S.)
Frequently Asked Questions NCSC Product Certification Payroll Anytime, Anywhere!
Network security Product Group 2 McAfee Network Security Platform.
ENISA efforts for securing European Internet Infrastructure
Use of CERN’s Computing Facilities Why is security important? What are the rules? HR Induction Programme.
Cyber Security Awareness Why people are of N o 1 importance… CERN Computer Security Team (2009) L. Cons, S. Lopienski, S. Lüders, D. Myers “Protecting.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
Enterprise Cybersecurity Strategy
Slide to sign on Leverage your existing Wi-Fi assets to provide the home Wi-Fi user experience anywhere.
NetTech Solutions Supporting Users and Troubleshooting Desktop Applications on Microsoft Windows XP Instructor Richard Fredrickson.
Problems to Overcome Implementation Issues at CERN Dr. Stefan Lüders (CERN Computer Security Officer) (CS) 2 /HEP Workshop, Kobe (Japan) October 11th 2009.
Introduction TO Network Administration
Cyber Security Awareness Academic Freedom vs. Operations vs. Security CERN Computer Security Team (2010) S. Lopienski, S. Lüders, R. Mollon, R. Wartel.
Control System Cyber-Security Workshop A Summary of Yesterday’s Meeting Dr. Stefan Lüders (CERN Computer Security Officer) with slides from B. Copy (CERN),
Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) (CS) 2 /HEP Workshop, Kobe (Japan)
CERN Computing and Network Infrastructure for Controls (CNIC) Status Report on the Implementation Dr. Stefan Lüders (CERN IT/CO) (CS) 2 /HEP Workshop,
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Sniper Corporation. Sniper Corporation is an IT security solution company that has introduced security products for the comprehensive protection related.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA303 Donny Rose Senior Program Manager.
Thandi Tesfagiorgis Supervisor: Prof John Ledger (University of Johannesburg) Co Supervisor: Andrew Paverd (Oxford University)
Open-source fuzzing testing for critical equipment robustness Brice Copy Engineering Department CERN, Switzerland (CS)2/HEP Workshop 18 th October 2015,
CompTIA Security+ Certification Exam SY COMPTIA SECURITY+SY0-401 Q&A is a straight forward,efficient,and effective method of preparing for the new.
Cyber Security Awareness Academic Freedom vs. Operations vs. Security CERN Computer Security Team (2010) S. Lopienski, S. Lüders, R. Mollon, R. Wartel.
Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.
Sean Moriarty, Oswego State CTS 2016 Cyber Security Update
ISSeG Integrated Site Security for Grids WP2 - Methodology
Network Security Analysis Name : Waleed Al-Rumaih ID :
Cyber Security Awareness
CYB 110 Education Begins / Snaptutorial.com. CYB 110 All Assignments For more classes visit CYB 110 Week 1 Individual Protecting.
SMB practice development: Security play
12 STEPS TO A GDPR AWARE NETWORK
SMB practice development: Security play
Cybersecurity Am I concerned?
Windows 10 Enterprise subscriptions in CSP – Messaging Summary
We secure the communication
Cybersecurity Threat Assessment
Securing web applications Externally
Microsoft Virtual Academy
Presentation transcript:

3 rd Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop, Grenoble (France) October 9 th, 2011

3 rd Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop, Grenoble (France) October 9 th, 2011 Year 1 after Stuxnet

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Dr. Stefan Lüders — 3 rd CS2/HEP Workshop ― October 9 th 2011 Security in a Nutshell Security is as good as the weakest link: ► Attacker chooses the time, place, method ► Defender needs to protect against all possible attacks (currently known, and those yet to be discovered) Security is a system property (not a feature) Security is a permanent process (not a product) Security cannot be proven (phase-space-problem) Security is difficult to achieve, and only to 100%-ε. ► YOU define ε as user, developer, system expert, admin, project manager BTW: Security is not a synonym for safety.

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Dr. Stefan Lüders — 3 rd CS2/HEP Workshop ― October 9 th 2011 (R)Evolution, all over again!!!!

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Dr. Stefan Lüders — 3 rd CS2/HEP Workshop ― October 9 th 2011 (R)Evolution, all over again!!!! In the wake/hype/rush/panic… after Stuxnet: Attackers and analysts turn to control systems Security companies claim expertise in control systems Control system vendors provide (immature) solutions

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Dr. Stefan Lüders — 3 rd CS2/HEP Workshop ― October 9 th 2011 Use case: ► Measuring your consumption at home ► Online with the grid: Optimizing the power usage ► Publicly accessible, off-the-shelf, open networks Risks: ► Exploitation of meter vulnerabilities: registration process, firmware, data, … ► Loss of confidentiality: customer data available to others ► Loss of integrity: manipulation of reading data ► Loss of availability: data not available in a timely manner ► Misuse as attack platform The Bad Example: Smart Meters courtesy of M. Tritschler (KEMA)

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Dr. Stefan Lüders — 3 rd CS2/HEP Workshop ― October 9 th 2011 Use case: ► Measuring your consumption at home ► Online with the grid: Optimizing the power usage ► Publicly accessible, off-the-shelf, open networks Risks: ► Exploitation of meter vulnerabilities: registration process, firmware, data, … ► Loss of confidentiality: customer data available to others ► Loss of integrity: manipulation of reading data ► Loss of availability: data not available in a timely manner ► Misuse as attack platform The Bad Example: Smart Meters courtesy of M. Tritschler (KEMA) We had this before  : Modems in the 80’s Windows PCs in the 90’s (before XP SP2) …and can do better!!

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Dr. Stefan Lüders — 3 rd CS2/HEP Workshop ― October 9 th 2011 Scope: ► All security aspects related with HEP control systems ► Control PCs, control software, controls devices, accounts, … ► Planning aspects, implementation aspects, operational aspects, … Objectives: ► Raise awareness ► Exchange of good practices, ideas, and implementations ► Discuss what works & what not, pros & cons ► Report on security events, lessons learned & successes ► Update on the progress made since the last workshop If there are questions, feel free to ask at anytime!!! The agenda is very flexible to accommodate any changes ! (CS) 2 in HEP ― The Objectives

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Dr. Stefan Lüders — 3 rd CS2/HEP Workshop ― October 9 th 2011 (CS) 2 in HEP ― The Agenda conferenceDisplay.py? confId=57050

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 Dr. Stefan Lüders — 3 rd CS2/HEP Workshop ― October 9 th 2011 (CS) 2 in HEP ― The Agenda conferenceDisplay.py? confId=57050 Enjoy!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.