Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Services Cyber Security 101 © ABB February, 18 2013 | Slide 1.

Published byTamsin Todd Modified over 6 years ago

Similar presentations

Presentation on theme: "Advanced Services Cyber Security 101 © ABB February, 18 2013 | Slide 1."— Presentation transcript:

1 Advanced Services Cyber Security 101 © ABB February, | Slide 1

2 Cyber Security What is Cyber Security?
“Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack” Merriam-Webster’s dictionary © ABB Group | Slide ‹#›

3 Cyber Security Security breaches
Control System Personal computer Hacking Malicious software Unauthorized use © ABB Group | Slide ‹#›

4 Cyber Security Stuxnet: The first malware targeting industrial control systems
© ABB Group | Slide ‹#›

5 Cyber Security Bill Would Have Businesses Foot Cost Of Cyber war
© ABB Group | Slide ‹#›

6 Cyber Security Vulnerability disclosure growth by year
1 new vulnerability every hour, every day. © ABB Group | Slide ‹#› Source: IBM X-Force®

7 Cyber Security Security Cost
The cost of security measures should be balanced against the achieved risk reduction Risk = (probability of successful attack) x (potential consequences) Optimal security for minimum cost Cost of security According to a study by the Ponemon Institute, the cross-industry average cost of a cyber security breach in 2011 was $5.9 MUSD Cost Probable cost of a security breach Security Level © ABB Group | Slide ‹#›

8 Cyber Security Enterprise IT vs. Industrial Control Systems
Primary risk impact Information disclosure, financial Safety, health, environment, financial Availability 95 – 99% (accept. downtime/year: days) 99.9 – % (accept. downtime/year: 8.76 hrs – 5.25 minutes) Typical System Lifetime 3-5 years 15-30 years Problem response Reboot, patching/upgrade Fault tolerance, online repair Confidentiality Availability Integrity Availability Integrity Confidentiality © ABB Group | Slide ‹#›

9 Cyber Security Why traditional approaches don’t work
Action Consequence Lock out accounts after three bad password tries Operator has no control over process for 10 minutes Install patches as soon as they are released and reboot A control system reboot means shutting down the whole plant, and it might take days to get everything running again Frequently update antivirus scan engine and virus definitions False positives might have fatal consequences Use of crypto functions to protect data in transit Real time constraints cannot be met due to limited resources on embedded devices Use of firewalls and intrusion detection systems Do you speak IEC , IEC 61850, OPC, HART, ProfiNet, Modbus... Use of intrusion prevention systems One false positive might have fatal consequences Information Systems Security is a good starting point, but approaches and technologies need to be applied with care © ABB Group | Slide ‹#›

10 Cyber Security If it’s worth having it’s worth stealing
Source Code Diagrams, Plans and Blueprints Design documents and Metrics data Mechanisms for infrastructure improvements Certificates and Credentials Source: MSI Microsolved Inc. © ABB Group | Slide ‹#›

11 Cyber Security Aurora Project
The generator room at the Idaho National Laboratory was remotely accessed by a hacker and a $1 Million diesel-electric generator was destroyed. ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ © ABB Group | Slide ‹#›

12 Cyber Security Iranshahr
______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ © ABB Group | Slide ‹#›

13 Cyber Security Damage from within
Companies are really just people—and most people fear being labeled “the bad guy.” That fear puts the company at risk. No one person should have enough power to completely destroy company assets or infrastructure. Regular security audits are a key to protecting the company. Security audits should include simulations that cover dealing with disgruntled or terminated employees. ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ © ABB Group | Slide ‹#›

14 Procedures and Protocols Shamoon
Destroyed computers. Insider "Not a single drop of oil was lost.“ CEO Khalid Al-Falih "In our experience in conducting hundreds of vulnerability assessments in the private sector, in no case have we ever found the operations network, the SCADA system or energy management system separated from the enterprise network. On average, we see 11 direct connections between those networks.” Source: Sean McGurk, The Subcommittee on National Security, Homeland Defense, and Foreign Operations May 25, 2011 hearing. ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ © ABB Group | Slide ‹#›

15 Cyber Security Airgaps
Source: Tofino Sercurity. © ABB Group | Slide ‹#›

16 Cyber Security Protection
Basic Advanced Procedures and Policies Whitelisting Update management Intrusion detection Antivirus Intrusion prevention Account management Firewalls Services and ports Software management © ABB Group

17 Cyber Security Share information
© ABB Group | Slide ‹#›

18 Cyber Security Remote access
Support Center Service Center Internet Virtual Support Engineer © ABB Group November 12, 2018 | Slide 18

19 Cyber Security www.abb.com/cybersecurity
9AKK105713A6280 A © ABB Group

20 © ABB Group November 12, 2018 | Slide 20

Download ppt "Advanced Services Cyber Security 101 © ABB February, 18 2013 | Slide 1."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Slide 1 Using Models Introduced in ISA-d99.00.01 Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.

Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.
PREPARED BY: SHOUA VANG ABHINAV JUWA CHASE PAUL EASy Security Project Anonymous vs HBGary Inc.

PREPARED BY: SHOUA VANG ABHINAV JUWA CHASE PAUL EASy Security Project Anonymous vs HBGary Inc.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Similar presentations

Ads by Google