Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of Energy PI for Security and Securing PI Dale Peterson Digital Bond, Inc. © 2008 Digital Bond, Inc.

Published byEva Lamie Modified over 10 years ago

Similar presentations

Presentation on theme: "Department of Energy PI for Security and Securing PI Dale Peterson Digital Bond, Inc. © 2008 Digital Bond, Inc."— Presentation transcript:

1 Department of Energy PI for Security and Securing PI Dale Peterson Digital Bond, Inc. peterson@digitalbond.com © 2008 Digital Bond, Inc.

2 Digital Bond  Control System Security Practice –Research and Consulting  Available on Digital Bond Site –IDS Signatures for Control System Protocols –Nessus SCADA Plugins –SCADA PLC Honeynet –Blog, SCADApedia, White Papers, Podcasts –SCADA Security Scientific Symposium (S4)

3 Digital Bond Research Approach  Add control system intelligence to existing security solutions –Control system IDS signatures –SCADA plugins for Nessus scanner  Add security intelligence to deployed control system products  Make resulting tools available to Digital Bond site subscribers –Almost free, $100 / year

4 Department of Energy Contract  Digital Bond is one of the recipients  OSIsoft was a partner in the submission –Generous contribution of PI software –Training and technical support –Access to top OSIsoft technical talent  Two-year research program –Results will begin to be available Summer, ‘08

5 Part 1 - Bandolier  Concept: How do we verify that our control system workstations and servers are in a secure / best practice configuration. –Identify best practice [gold standard] –Create an audit template that can be used in Nessus and other scanners –Asset owners audit systems at install and periodically Audits are much less risky than typical scanning

6 Bandolier  Tests for ‘goodness’ rather than ‘badness’  Operating system tests  Application tests [web server, database]  Control system application tests –Work closely with vendor to understand configuration settings and gold standard  Result identifies variations from Gold Standard

7 Bandolier Candidates  OSIsoft PI Server –Possibly OPC interface  OPC UA Server  Telvent OASyS DNA  ABB Ranger  SNC GENe  Matrikon OPC server  Siemens Telegyr  Emerson Ovation  More to come –At least twenty

8 Part 2 - Portaledge  Concept: How do we aggregate and correlate security events on control system networks to identify attacks? –PI server aggregates and correlates data –PI server exists on a huge percentage of control system networks –Add security event management intelligence to PI server

9 Step 1: Identify Security Events  Security events are everywhere  Network and security systems –Firewall and IDS logs –Router netflow data  Workstation and server logs  Control system application logs  Field device logs  …

10 Step 2: Get the Data Into PI  PI interfaces offer tremendous flexibility –IT Monitor interfaces [syslog, snmp, netflow] –Protocol interfaces –Application interfaces –Exceeded our expectations –You all know this –Only challenge to date is IEC 61850 interface

11

12 Step 3: Identify Meta Events  What is a meta event –A sequence of security events that indicate a specific attack goal or achievement Firewall log rejection, followed by scanning, followed by exploit attempt, followed by new user added to control system application New workstation on control system network, followed by function code scan of PLC, followed by reboot or write commands

13 How to Identify Meta Events  Digital Bond has an offensive team –Attack and build exploits –Used for application assessments  Run application assessment and exploit building in our lab  Follow respected attack taxonomies  Defensive team identifies created evidence

14 Step 4: Write ACE Modules  Correlation is what PI ACE does today –Now using it for security incident detection  ACE modules and documentation on meta events will be available on Digital Bond site –Will require appropriate ACE and interface licenses from OSIsoft

15 How Can You Help?  Fill out anonymous survey on what interfaces you currently use and what interfaces you own  If you are highly interested in this we could use a couple more test sites

16 Questions? Dale Peterson Digital Bond, Inc. 954-384-7049 peterson@digitalbond.com

Download ppt "Department of Energy PI for Security and Securing PI Dale Peterson Digital Bond, Inc. © 2008 Digital Bond, Inc."

Similar presentations

Marc Grégoire, DRDC Ottawa Luc Beaudoin, Bologik Inc.

Marc Grégoire, DRDC Ottawa Luc Beaudoin, Bologik Inc.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Using PI to Aggregate & Correlate Security Events to Detect Cyber Attacks Dale Peterson Digital Bond, Inc.

Using PI to Aggregate & Correlate Security Events to Detect Cyber Attacks Dale Peterson Digital Bond, Inc.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
© 2002-2014 Nuance Communications, Inc. All rights reserved. Page 1 Nuance ® AutoStore ® for SAP ® solutions.

© Nuance Communications, Inc. All rights reserved. Page 1 Nuance ® AutoStore ® for SAP ® solutions.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
29 Oded Moshe, Director of Product Management Beta Release May 3rd, 2010 Official Release May 24, 2010.

29 Oded Moshe, Director of Product Management Beta Release May 3rd, 2010 Official Release May 24, 2010.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Mod Security (Is it worth it?) By Rich Helton. Abstract (see my paper for sources)  Based on statistics, Apache is the most used web server being used.

Mod Security (Is it worth it?) By Rich Helton. Abstract (see my paper for sources)  Based on statistics, Apache is the most used web server being used.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.

SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.
Personnel 500-600 hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.

Personnel hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.
Vulnerability Types And How to Use Them.

Vulnerability Types And How to Use Them.
Appliance Firewalls A Technology Review By: Brent Huston T h e B l a c k H a t B r i e f i n g s July 7-8, 1999 Las Vegas.

Appliance Firewalls A Technology Review By: Brent Huston T h e B l a c k H a t B r i e f i n g s July 7-8, 1999 Las Vegas.

Similar presentations

Ads by Google