Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anatomy of Industrial Cyber Attacks

Published byMarianna Charles Modified over 5 years ago

Similar presentations

Presentation on theme: "Anatomy of Industrial Cyber Attacks"— Presentation transcript:

1 Anatomy of Industrial Cyber Attacks
SBX3-W4 Anatomy of Industrial Cyber Attacks Mille Gandlesman Barak Perelman CTO Indegy @mgandelsman CEO Indegy @BarakPerelman

2 Top Concerns as ICS Manager
How do I ensure my revenue generating process keeps running? How quickly will I discover a failure? How quickly can I pinpoint the source of the incident? How quickly can I recover?

3 How Would You Attack this System?
Controller A/C Thermometer System Input System Output Reference Measured Output Keypad

4 Vocabulary & Definitions
SCADA / DCS –Supervisory, Control And Data Acquisition system (or a distributed one): HMI, Engineering station – Windows machines for operators to interact with system PLC/RTU/Controller – Dedicated 24/7 real time Industrial computers Sensors/Actuators/IO – Industrial Equipment (Turbines, Pumps, Valves, etc.) HMI PLC RTU DCS Controller Circuit Breaker Pressure meter Valve

5 How Would You Attack this System?
Controller Turbine Pressure Meter System Input System Output Reference Measured Output HMI

6 Vocabulary & Definitions
Process Parameters Logic Configuration Firmware

7 Security Gaps in an ICS Network
Understanding what you have in your network No visibility into critical control-layer activity Blindspots of physical access to devices

8 #1: Understanding What You Have in Your Network
System implemented a very long time ago Changes made over years Without documentation Or: It was recently inherited: Nobody knows anything

9 #2: No Visibility into Critical Control Plane Activity

10 #2: No Visibility into Critical Control Plane Activity

11 #2: No Visibility into Critical Control Plane Activity
No Authentication Required: Anyone with network access can change controller logic! Difficult to monitor: The meaningful changes are the hardest to identify Note that there is no need to exploit vulnerabilities

12 #2: No Visibility into Critical Control Plane Activity
Controller logic is the most critical part of an ICS network Unfortunately it’s also the weakest link there Sensor reading is not reliable for finding malicious activity And also, might be too late Standard network monitoring is not enough Control-layer aware deep packet inspection needed Physical cyber attacks can occur

13 #3: Blindspots of Physical Access to Devices
On-The-Fly-Changes: What changed? What was the previous configuration? System integrator access: Who to blame on failure?

14 Apply What You Have Learned Today
Next month you should: Identify and create a backup of all your controllers Next quarter you should: Keep track of control-layer actions in your ICS network Within six months you should: Apply a security system that is aware to changes in controller logic, both those emerging from the network as well as locally

Download ppt "Anatomy of Industrial Cyber Attacks"

Similar presentations

© Alan Burns and Andy Wellings, 2001 Real-Time Systems and Programming Languages n Buy Real-Time Systems: Ada 95, Real-Time Java and Real-Time POSIX by.

© Alan Burns and Andy Wellings, 2001 Real-Time Systems and Programming Languages n Buy Real-Time Systems: Ada 95, Real-Time Java and Real-Time POSIX by.
Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.

Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.
SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.

SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.
Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.

Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.
Personnel 500-600 hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.

Personnel hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.
Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.

Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.
An Introduction to SCADA Fundamentals and Implementation

An Introduction to SCADA Fundamentals and Implementation
SCADA and Telemetry Presented By:.

SCADA and Telemetry Presented By:.
Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran.

Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran.
SCADA FOR WATER DISTRIBUTION IC DEPT. GECGn SEC28.

SCADA FOR WATER DISTRIBUTION IC DEPT. GECGn SEC28.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
NetVuze Precision Network Meter standalone, easy to use, networked with data logging.

NetVuze Precision Network Meter standalone, easy to use, networked with data logging.
1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.

1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.
הקריה למחקר גרעיני - נגב Nuclear Research Center – Negev (NRCN) Society of Electrical and Electronics Engineers in Israel (SEEEI) 2012 Eran Salfati, Amir.

הקריה למחקר גרעיני - נגב Nuclear Research Center – Negev (NRCN) Society of Electrical and Electronics Engineers in Israel (SEEEI) 2012 Eran Salfati, Amir.
 AUTOMATION  PLC  SCADA  INSTRUMENTATION  DRIVES & MOTORS.

 AUTOMATION  PLC  SCADA  INSTRUMENTATION  DRIVES & MOTORS.
Unit 5 CONTROL CENTERS AND POWER SYSTEM SECURITY.

Unit 5 CONTROL CENTERS AND POWER SYSTEM SECURITY.
Cyber Terrorism Shawn Carpenter Computer Security Analyst

Cyber Terrorism Shawn Carpenter Computer Security Analyst

Similar presentations

Ads by Google