10. PI_Dunton - OT Security.pdf
•
0 likes•11 views
This document discusses operational technology (OT) cyber security. It begins by explaining why OT networks need security due to the merging of IT and OT networks, which has exposed OT assets to compromise. It then describes the differences between IT and OT approaches, with OT prioritizing control, availability, integrity and confidentiality over just data. Several common attack paths for OT networks are outlined, including social engineering, malware from removable devices, and internet-connected components. The document advocates for a multi-layered protection concept including security awareness training, firewalls, physical protection and network monitoring. It stresses that security should be considered from the initial design phase.
Report
Share
10. PI_Dunton - OT Security.pdf
- 1. Tim Beech – TGN Project Services Ltd / Indu-Sol OT Cyber Security
- 2. 2 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Why? 1 IT vs OT - Differences and Approach to Security 2 Threats / Attack Paths 3 Implementing OT Security 4 © 2021 Aims
- 3. 3 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Why Do We Need Security? ▪ Merge of IT and OT has opened up OT networks to compromise ▪ OT networks / assets have become targets ▪ Protect data & assets from attack ▪ Cost of a Cyber Attack ▪ Financial cost – ransom, downtime & recovery ▪ Data loss ▪ Damage to reputation ▪ Third Quarter of 2022 - £1.6billion in losses © 2021
- 4. 4 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Why Do We Need Security? © 2021
- 5. 5 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 IT vs OT Information Technology ▪ Data flow and storage focussed ▪ Business Functions (HR, Finance, Email) ▪ Protection of Data is critical CIA ▪ Confidentiality / Integrity / Availability Operation Technology ▪ Control focussed ▪ Manufacturing functions & Safety Systems ▪ Protection of people / process is critical CAIC ▪ Control / Availability / Integrity / Confidentiality © 2021
- 6. 6 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 © 2021 IT vs OT – Network Levels Level 5 – Clients / Workstations Level 4 – Servers, Data Storage Level 3 – ES / Historians / MES Level 2 – SCADA / HMI Level 1 – PLC & IO Devices Level 3.5 / DMZ – Data Servers / DHCP / Edge Devices OT IT
- 7. 7 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Threats & Attack Paths for OT Networks Top 10 Threats to OT Networks (According to BSI) 1. Social Engineering & Phishing 2. Malware via removable media / external hardware 3. Human Error & Sabotage 4. Malware via Internet / Intranet 5. Internet connected control components 6. Intrusion via Remote Access 7. Technical Malpractice 8. Compromise of Extranet & Cloud Components 9. (D)DOS Attacks 10. Compromise from personal devices in the production environment © 2021
- 8. 8 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Threats & Attack Paths 1. Social Engineering & Phishing 2. Malware via removable media / external hardware 3. Human Error & Sabotage © 2021
- 9. 9 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Threats & Attack Paths 4. Malware via Internet / Intranet 5. Internet connected components 6. Intrusion via Remote Access © 2021
- 10. 10 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Threats & Attack Paths 7. Technical Malpractice 8. Compromise of Extranet & Cloud Components 9. (D)DoS Attacks 10. Compromise from personal devices in the production environment © 2021
- 11. 11 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Protection Concept © 2021 Security Awareness Trusted Zone Firewalls / DMZ / Remote Access Physical Protection Locking ports / Restrict MCC Access Network Monitoring Asset Management and Monitoring ▪ Multilevel approach ▪ Scalable ▪ Fit for purpose ▪ Training ▪ Supported by policies, procedures and standards ▪ Multi-discipline teams
- 12. 12 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 Implementing OT Security ▪ Security shouldn’t be an after thought!! ▪ Protection Concept ▪ Defence in Depth ▪ Policies, Procedures & Standards ▪ Planning ▪ Threats and risks should be assessed ▪ DMZ between IT and OT ▪ Initial design and consider impact of modifications ▪ Selection of components ▪ Criteria for selection (standards) © 2021
- 13. 13 PROFIBUS& PROFINETInternational(PI) What Happened To Profibus? – Ford Dunton 16-Feb-2023 © 2021 Case Study – Bad Network / No Security
- 14. Questions?