Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N

This document discusses the differences between industrial control systems (ICS) and information technology (IT) in terms of cyber security. ICS are used in industrial production to control systems like SCADA and DCS, while IT refers to general business computing. Key differences are that ICS have stricter availability requirements, longer lifecycles, proprietary protocols and specialized software. The document also notes that modern ICS now leverage more off-the-shelf IT components and standards, making them more interconnected and vulnerable to cyber threats like hacking. Finally, it presents ABB's approach to ICS cyber security which includes assessment, first aid services, monitoring with Industrial Defender, and lifelong maintenance through assessment and training.

Industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems face security threats due to outdated protocols with no encryption, long lifespans of 40 years without updates, and systems left unpatched due to maintainability concerns. The researcher worked on a European project with an Austrian electrical distributor to access a real-world testbed. Using custom plugins, they were able to launch a man-in-the-middle attack to hide an earth fault from operators by spoofing ARP packets and manipulating traffic. Signature-based detection is insufficient for ICS/SCADA systems, so anomaly detection using machine learning is being explored to identify suspicious traffic like malware or backdoors on the typically consistent and predictable ICS

The document discusses whether patching control systems is an effective security practice given the challenges of securing industrial control systems. It makes three key points: 1. Patching insecure-by-design devices provides minimal risk reduction since attackers can achieve their goals by exploiting legitimate system features rather than vulnerabilities. 2. Most industrial control systems operate within an insecure-by-design zone, so patching may not prevent attacks since attackers do not need to exploit systems to cause damage. 3. Many control system components have low impact even if compromised, so patching provides little benefit given the effort. Prioritizing patching for systems directly accessible from untrusted networks is recommended over broadly patching everything.

Check Point Software Technologies Ltd. - 2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabilities & Threats

The document discusses cyber security issues related to industrial control systems (ICS) and critical infrastructures. It notes the increasing interdependence between critical infrastructures and the potential for cyber threats to cause disruptions. The document outlines the heterogeneous nature of ICS/SCADA environments and some historical reasons they were considered secure. However, technological changes like increased connectivity now expose these systems to threats. The document advocates a "defense-in-depth" approach to secure ICS, including segregating networks, controlling remote access, and adopting security practices from frameworks. Failure to properly secure ICS could allow threats to cause availability issues, data loss or corruption, and operational disruptions impacting public safety.

This document provides guidance for securing industrial control systems such as SCADA and DCS. It identifies threats and vulnerabilities to these systems and recommends security countermeasures. ICSs often control critical infrastructure systems and face risks due to increased network connectivity and standardized protocols. The document outlines developing a security program including assessing risks, deploying controls, and network segmentation best practices to isolate control systems from other networks.

Presented at ISACA's EuroCACS 2015 (Copenhaguen). Understand the impact of Industrial Control Systems (ICS) on the security ecosystem. Expand the knowledge on SCADA systems and how cyberattacks can have physical consequences, bridging the cyber and physical worlds.

This document summarizes a presentation on cyber security in real-time systems. It discusses threats to industrial control systems and SCADA systems, and the differences between traditional IT and industrial control system cultures. It provides examples of attacks on industrial control systems and poor monitoring of SCADA systems. It suggests that security operations centers may provide common ground between IT and ICS. Finally, it discusses recent media reports relating to hacking of rail signaling systems and aircraft systems.

This talk is about how to get into ICS security, whether you’re a control system engineer or an IT security analyst. It will cover the basic paths you can take to get involved, including some helpful resources and standards to help get you started. The ICS Security industry needs more people to help protect Critical Infrastructure!

This slideshow was presented February 2, 2016 and developed for the Iowa Infragard team and discusses the Importance of Security Cyber-Physical Control systems, Elements of a control system, the manufacturing supply chain and consequences of cyber attacks in industrial environments. Please feel free to reach out with questions or comments.

Industrial control systems (ICS) are used to control industrial processes and manufacturing equipment. They face unique security challenges compared to traditional IT systems due to their real-time operation and custom hardware and software. This document discusses several past ICS cyber attacks and identifies vulnerabilities in ICS security architecture, configuration management, patch management, and change testing. Proper ICS security requires a cross-functional team approach and careful management of the specialized ICS environment.

This webinar will help you get more informed on PenTesting in SCADA and also best practices and methods used on risk assessment. Learning about the criticality in industry, makes you more flexible to boost the skills. Main points covered: • The SCADA ICS function in critical infrastructure industry • Risk exposure of IT vs. SCADA ICS from Cyber Security Perspective • Do's and don’ts of Vulnerability Assessment and Penetration Testing in SCADA ICS Environment Presenter: This webinar was presented by Pedro Putu Wirya, an IT and ICS Security Consultant with an extensive experience in ISMS, and PECB Certified Trainer. Link of the recorded session published on YouTube: https://youtu.be/icq-RTwusZ8

With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe. Topics Covered in this Seminar Include: Overview Of Cyber Threat Introduction - ISA IEC Industrial Control Security Standards An Example - Advanced Persistent Threat (APT) ISA/IEC 62443-3-2 Network Separation - An APT countermeasure The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards ISA/IEC 62443 Cybersecurity Standards Current Efforts The Future of ISA/IEC 62443 Cybersecurity Standards

This document provides information about the Industrial Control Cybersecurity conference to be held on October 13-14, 2015 in Sacramento, California. The conference will address key topics such as vulnerability detection and mitigation in critical infrastructure sectors like energy, oil, gas, electric and water. It will feature presentations from industry and government leaders as well as cybersecurity experts. The goal is to enhance public-private collaboration and information sharing to improve security of national infrastructure systems.

This document discusses cyber security concerns regarding smart grid technology integration. It outlines how increased data sharing and connectivity between new and legacy systems introduces new cyber vulnerabilities. It then summarizes existing cyber security standards from organizations like ISO, NERC, and IEC that can provide frameworks for addressing these vulnerabilities. Finally, it notes challenges integrating new technologies with legacy systems and the need for a strategic roadmap to help guide secure technology adoption.

Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016 The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.

In today’s connected world, cyber security is a topic that nobody can afford to ignore. In recent years the number and frequency of attacks on industrial devices and other critical infrastructure has risen dramatically. Recent news stories about hackers shutting down critical infrastructure have left many companies wondering if they are vulnerable to similar attacks. In this webinar we will discuss the most common security threats and unique challenges in securing industrial networks. We will introduce the current standards and share some useful resources and best practices for addressing industrial cyber security. Key Takeaways: 1. Gain perspective regarding common security threats facing industrial networks. 2. Learn about the relevant standards governing industrial cyber security. 3. Increase understanding of some best practices for securing industrial networks.

The document discusses cyber security risks for SCADA systems used in water and wastewater treatment plants. Modern SCADA systems now use open network protocols and wireless connectivity, leaving them vulnerable to attacks. The most destructive cyber attack targeted Siemens PLCs at an Iranian nuclear facility using a infected USB drive. If a water treatment plant's SCADA system is compromised, it could lead to over or under dosing of chemicals, loss of water pressure, or disabled alarms. Mott MacDonald offers cyber security risk analyses and programs to help clients address vulnerabilities and obtain federal funding to implement solutions.

This presentation explains the ANSI/ISA-99 and IEC 62443 standards for industrial control systems (ICS). It describes the Zone and Conduit security model and how it is used in an plant or factory. As well, the issues of security configuration errors are discussed. A case history of zone security deployment for a Safety Integrated System in a refinery is provided. For additional information see www.tofinosecurity.com.

Electrical protective or emergency shutdown systems are utilized throughout the petrochemical industry for safety and to avoid severe environmental and/or economic events. Requirements fur these critical systems are that they work every time, on demand, and do not initiate nuisance events. These requirements were difficult to achieve in most early systems but the systems have improved over the years. Emergency shutdown system design has been unregulated in the U.S., but new standards will require strict guidelines for design, application, docllmentation, and software testing and control.

SCADA systems are used to monitor and control equipment and processes in industries like oil/gas, water treatment, and manufacturing. They gather data in real-time from remote locations and send control commands back. SCADA has evolved through 3 generations from standalone monolithic systems to distributed systems on local networks to today's networked systems using open standards and wide area networks. Security issues need to be addressed like encrypting communications, securing devices, auditing networks, and implementing threat protection. The future of SCADA involves more sophisticated systems that can handle huge data volumes and territories with some having artificial intelligence capabilities.

This document provides an overview of SCADA (Supervisory Control and Data Acquisition) systems, including basic terminology, components, architecture, communication protocols, applications, security vulnerabilities, and threats. It defines sensors, actuators, relays, PLCs, HMIs, RTUs. It describes the typical SCADA architecture with a master system collecting data from remote units via communication networks. Examples of common industrial protocols like Modbus are provided. Applications of SCADA for monitoring, control, alarm handling and data logging are outlined. Security risks from malware, insiders, hackers and terrorists exploiting vulnerabilities in old operating systems and web interfaces are summarized. The 2015 Ukraine grid cyberattack is reviewed as a case study.

This document discusses trends in threats to SCADA (Supervisory Control and Data Acquisition) systems. It notes that as SCADA systems increasingly use commercial off-the-shelf software and connect to the internet, they have become more vulnerable to cyber threats. The document outlines how SCADA systems work and components like RTUs, PLCs, and HMIs. It also discusses issues like the mistaken belief that SCADA systems are secure due to physical security or isolation from the internet. The conclusion suggests that as capabilities and opportunities for threats increase, the future operational environment will be more vulnerable if an actor emerges with the intent to cause harm.

The document provides an overview of control systems security from the perspective of the U.S. Department of Homeland Security. It discusses critical infrastructure sectors, risk drivers like modernization and globalization, vulnerability lifecycles, findings from control system assessments, and several cyber incidents involving control systems that impacted industrial operations. The department works to improve control system security through assessments, training, partnerships with industry, and developing guidance on topics like cyber forensics and firewall deployment.

For a number of years, some industries have used UPSs as a matter of course in applications requiring uninterrupted process control. These include power-generation facilities, both fossil and nuclear, and petrochemical plants and refineries. Recently, other types of industrial companies (pulp and paper mills, steel mills, pharmaceutical manufacturing and cogeneration facilities) have created a need for UPSs by incorporating DCSs into their plants to control their processes. Additional control equipment, such as supervisory control and data acquisition (SCADA) systems, energy management systems (EMSs), boiler-control and microprocessor-based instrumentation, give power protection an even more important role in industry.

This document provides an introduction to the Table Definition Language (TDL) and Exchange Data Language (EDL) for use by Advanced Metering Infrastructure (AMI) systems deployed using ANSI C12.19 tables and ANSI C12.22 networks. It defines key terms related to AMI, time-based pricing, load control, performance metrics, auditing, and legal units of measure. The presentation also outlines the TDL and EDL documents and import/export process, and discusses benefits of registering ANSI C12.19 data models using TDL and EDL.

Supervisory control and data acquisition (SCADA) systems have their own constrains and specifications. These systems control many of our critical industrial infrastructures, yet they are hardly secured. The biggest problem in securing these systems is the lack of cryptography support especially that most SCADA systems work in real-time which is not compatible with most cryptography algorithms. Additionally, a SCADA network may include a huge amount of embedded devices with little computational powers which adds to the cost of any security improvement. In this paper we present a new approach that would secure SCADA communications by coding information without the need of the complex cryptography algorithms. The reconfigurable information transmitter agent (RITA) protocol that we present does not need the already installed devices to be modified nor replaced, it only needs to add costless electrical chips to these devices. This approach can also be used to secure any type of communication that respects the protocol's constraints.