SlideShare a Scribd company logo

Critical Infrastructure Security by Subodh Belgi

ClubHack
ClubHack

Industrial Automation & Control Systems are an integral part of various manufacturing & process industries as well as national critical infrastructure. Concerns regarding cyber-security of control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to corporate networks. These concerns have led to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain. Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability and performance can preclude using contemporary cyber-security solutions. To address cyber-security issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required. The session will highlight some of the latest cyber security risks faced by industrial automation and control systems along with essential security controls & countermeasures.

Related slideshows

Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
 
1 of 19
Subodh Belgi VP & Chief Security Evangelist
Critical Infrastructure & Control Systems • Modern society is dependent on several critical infrastructure industries • Industrial Control Systems (SCADA/DCS/PLCs) are extensively used to manage the operation of critical infrastructure Copyright © 2012 MIEL e-Security Pvt. Ltd. 2
Critical Infrastructure is Under Attack !! Copyright © 2012 MIEL e-Security Pvt. Ltd. 3
SCADA/Control Systems Becoming Easy Target.. Copyright © 2012 MIEL e-Security Pvt. Ltd. 4

Recommended for you

Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico

NIST Cybersecurity Framework is voluntary framework to support the emerging needs for having robust and effective cyber security practices across an enterprise. This presentation recaps the Framework 6 months into implementation and along with changes. Also, discusses the capabilities of TrustedAgent GRC to accelerate and strengthen the implementation of an effective cybersecurity program by automating or addressing many of the practices required by the framework.

 
by Tuan Phan
cybersecuritytrustedagent grctrust
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity Risk

1) OT cybersecurity requires taking a holistic view of plant risk that considers impacts beyond financials, such as safety, environmental and operational impacts. Assets should be classified according to risk so priorities can be set. 2) Knowing the assets in the OT environment is essential before strategies can be developed. New technologies can help with asset inventory. 3) OT cybersecurity responsibilities need to be clearly defined, which could include one or two CISO roles to oversee both IT and OT, with close collaboration.

 
by Mighty Guides, Inc.
#strategies #ot #cybersecurity #risk#infosec #data #ciso
Best Practices for Network Security Management
Best Practices for Network Security Management Best Practices for Network Security Management
Best Practices for Network Security Management

Gidi Cohen, Founder & CEO, Skybox Security Changing technology and business trends pose new challenges to network security management, including firewall change management processes, management of security configurations in a BYOD-world, regulatory compliance, validation of firewall migrations, and troubleshooting access problems to complex networks. Through case studies, survey data, and real-world practices, this session will grant insight into automating and optimizing network security management. Learn to streamline and automate firewall analysis to improve productivity Discover how to automate network device configuration to minimize error Gain insight into how secure change management can ensure stringent security compliance

 
by Skybox Security
network securitycyber threatsattack simulation
Stuxnet Attack – The Wakeup Call ! • Most sophisticated and targeted attack on Industrial Control Systems • Disabling specific types of drives used in Uranium Enrichment process by infecting a specific model of Siemens PLC • 7 different modes of propagation, 4 different zero day vulnerabilities exploited • 2 rootkits – For windows and Siemens PLC • Using stolen certificates to sign the rootkit code • Remote command & control • P2P update capability Copyright © 2012 MIEL e-Security Pvt. Ltd. 5
ICS Security : Risk Drivers Increased Connectivity • Need for ‘REAL TIME’ information, for taking Informed decisions. • Control systems are linked to corporate information systems & networks. Open Technology • Increasingly using standardized IT Technologies • IP based network for PLCs, DCS, IEDs, Field devices etc. Copyright © 2012 MIEL e-Security Pvt. Ltd. 6
ICS Security : Risk Drivers Design Limitations • Historically, designed for productivity, safety and reliability • Security by obscurity – Proprietary protocols, air gapped network Lack of Cyber Security Awareness • Enterprise IT Security professionals lack control systems expertise • Control systems professionals not aware of security issues and controls Copyright © 2012 MIEL e-Security Pvt. Ltd. 7
Industrial Control Systems in an Organization Copyright © 2012 MIEL e-Security Pvt. Ltd. 8

Recommended for you

TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptx

TARA: Threat Assessment and Remediation Analysis Originally developed in 2010, TARA is an “engineering methodology used to assess and identify cyber threats and select countermeasures effective at mitigating the vulnerabilities”

 
by Shriya Rai
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief

The Nozomi Networks solution improves ICS cyber resiliency and provides real-time operational visibility. Major customers have improved reliability, cybersecurity and operational efficiency using our technology. Learn more about our solutions and technology here and how they can bring immediate benefit to your industrial control system (ICS)

 
by Nozomi Networks
icscybersecuritycyber security
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview

IBM's security strategy focuses on providing integrated security solutions to address modern security challenges posed by compliance needs, human error, skills gaps, and advanced attacks. IBM's portfolio includes security transformation services, security operations and response, and information risk and protection solutions. The company aims to help customers optimize their security programs, orchestrate defenses throughout the attack lifecycle, and keep critical information protected.

 
by xband
ibm securityincident responsecognitive security
ICS Security Not Same as IT Security Topic IT Systems Industrial Control Systems Typical Lifespan 3-5 years 10-15 years Security Awareness Good Poor, except physical Time Critical Content Generally delays accepted Critical due to safety Availability Occasional downtime 24x7x365 accepted Security Testing/Audit Scheduled, mandated Occasional, uncommon Patch Management Regular, Scheduled Slow, vendor dependent Change Management Regular, scheduled Uncommon Security Controls Extensively deployed Uncommon, except safety related Business Impact Disruption, Monetary Loss, Loss of Life, Loss of Business, Legal sanctions Physical Damage, Environmental Impact, National Security & Economy Copyright © 2012 MIEL e-Security Pvt. Ltd. 9
Who are the Adversaries? • Usual Suspects.. – Script Kiddies – Hackers – Cyber Criminals – Malware Authors/Operators – Organized Crime Groups • Growing Threat.. – Industrial Espionage – Hacktivists – Disgruntled Insiders – State Sponsored Terrorists – Foreign Intelligence Agencies Copyright © 2012 MIEL e-Security Pvt. Ltd. 10
Reported Vulnerabilities – Tip of the Iceberg Inadequate Security Architecture & Design No Periodic Security Assessment/Audit Firewall Non-existent or Improperly Configured Unsecured Remote Access OS and Application Patches not Updated Use of Default Configuration, User Accounts Lack of Verifying Data Authenticity, Integrity Malware Protection not Installed Copyright © 2012 MIEL e-Security Pvt. Ltd. 11
Critical Infrastructure Security Challenges & Opportunities 12

Recommended for you

NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview

The document discusses the NIST Cybersecurity Framework, which provides guidelines for critical infrastructure security and management of cybersecurity risks. It was created through a collaboration between government and industry to help organizations manage and reduce cybersecurity risks. The framework consists of five concurrent and continuous functions - Identify, Protect, Detect, Respond, Recover. It also outlines implementation tiers from Partial to Adaptive to help organizations determine their cybersecurity risk management practices. The framework is meant to be flexible and not prescriptive in order to accommodate different sectors and risks profiles.

 
by Tandhy Simanjuntak
cosocobitnist
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview

the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products

 
by Camilo Fandiño Gómez
securityinformation securitybig data
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture

This document discusses the need for adopting an industry standard network security architecture model to improve security without unnecessary complexity. It outlines the evolution of typical network architectures from closed to increasingly open and exposed. This has introduced new threats that cannot be addressed by isolated security solutions alone. The document advocates aligning security controls according to well-defined architectural principles and business needs, and properly managing the integrated system as a whole.

 
by InnoTech
securityoklahomatechnology
Typical ICS Architecture Copyright © 2012 MIEL e-Security Pvt. Ltd. 13
ICS Communication Protocols • SCADA Modbus, DNP3, ICCP, IEC 60870, IEC 61850 • DCS/Process Automation CIP, ControlNet, DeviceNet, DirectNet, EtherCAT, EtherNet/IP, EtherNet Powerlink, HART, Fieldbus, Modbus, Hostlink, Modbus RTU, Modbus TCP, Profibus, ProfiNet, RAPIENet, Honeywell SDS, SERCOS III, GE SRTP, Sinec, OPC, OPC UA • Smart Buildings/Meters/Vehicles BACnet, C-Bus, CC-Link, Dynet, LonTalk, S-Bus, VSCP, xAP, X10, Zigbee ANSI C12.18, DLMS/IEC 62056, IEC 61107, M-Bus, Zigbee Smart Energy CAN, DC-Bus, FlexRay, IEBus, J1708, J1939, VAN, SMARTWireX, LIN Copyright © 2012 MIEL e-Security Pvt. Ltd. 14
ICS Communication Protocols – Challenges • Lack of Authentication - Works with device addresses and function codes • Lack of Encryption - Command and addresses sent in clear-text • Lack of Message Integrity - No data validity checking • Broadcast Functionality - All devices receive all messages • Programmability - Able to program controllers, PLCs and RTUs • Susceptible to Message spoofing, MITM, DOS attacks • Protocols not supported by commercial firewalls • Not supported by security tools – Snort, Wireshark Copyright © 2012 MIEL e-Security Pvt. Ltd. 15
Automation Devices – Controllers, PLC, RTUs, IEDs… • Used for Communication, Control, I/O, Protection, Monitoring, Metering etc. • Runs vxworks, embedded linux/windows, or proprietary OS on custom hardware • TCP/IP connectivity • Lack of basic security features • Highly susceptible to cyber attacks Copyright © 2012 MIEL e-Security Pvt. Ltd. 16

Recommended for you

Security architecture
Security architectureSecurity architecture
Security architecture

This document provides an overview of how security architecture fits within enterprise architecture. It begins by noting that security architecture is a subset of enterprise architecture. It then discusses a presentation given on this topic, highlighting how security practices are often misunderstood by both IT and security professionals. The presentation explores how to better integrate security architecture with enterprise architecture frameworks and processes to ensure security priorities are properly considered throughout enterprise initiatives. It emphasizes the importance of understanding enterprise architecture, aligning security language with business needs, and using evidence-based approaches to integrate security architecture within overall enterprise architecture.

 
by Duncan Unwin
information securityenterprise architecture
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001

This webinar gives an idea of what is the relation of ISO 27032 with ISO 55001, and how these two standards cover one another. Get more information on Cybersecurity as the importance is given more to the security industry nowadays. Main points covered: • Protection assets in Cyberspace • Covering ISO 27032 in ISO 55001 and ISO 55001 in ISO 27032 • Sample of Cybersecurity Risks in Assets • Highlights of the Implementation of the Cyber Security program Framework Presenter: This webinar was presented by PECB Partner and Trainer Mr. Claude Essomba, who is a Managing Director at GETSEC SARL, and has more than 9 years of experience in IT and Information Security. Link of the recorded session published on YouTube: https://youtu.be/_280jG77iKY

 
by PECB
benefits of iso 27032benefits of iso 55001how iso 27023 and iso 55001 cover one another
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)

The document discusses the key aspects of building a next generation Security Operations Centre (SOC). It emphasizes that skilled people, well-defined processes, and integrating new technologies are critical. Specifically, it recommends adopting automation and analytics to analyze large datasets, integrating threat intelligence from multiple sources, and establishing red and blue teams to continuously test defenses. The goal of a next generation SOC is to use predictive analysis of vast security data to improve threat detection, response, and the overall security posture of an organization.

 
by PECB
security operations centreiso trainingiso certification
Automation Devices – Challenges Copyright © 2012 MIEL e-Security Pvt. Ltd. 17
How Could You Contribute ? Building Research Community Focused on Industrial Control Systems Security  Network Protocol Analysis  Firmware Analysis/Hacking  Embedded Systems Hacking  Vulnerability Analysis  Exploit Development  Malware Analysis  Security Tools Development Copyright © 2012 MIEL e-Security Pvt. Ltd. 18
Thank you! Subodh Belgi sbelgi@miel.in

More Related Content

What's hot

Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
Amy Daly
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
Tuan Phan
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity Risk
Mighty Guides, Inc.
 
Best Practices for Network Security Management
Best Practices for Network Security Management Best Practices for Network Security Management
Best Practices for Network Security Management
Skybox Security
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptx
Shriya Rai
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
Nozomi Networks
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
xband
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
InnoTech
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
Chris Sistrunk
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Ekonomikas ministrija
 

What's hot (20)

Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity Risk
 
Best Practices for Network Security Management
Best Practices for Network Security Management Best Practices for Network Security Management
Best Practices for Network Security Management
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptx
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...
 

Similar to Critical Infrastructure Security by Subodh Belgi

Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
IBM Security
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
IT@Intel
 
Enterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesEnterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security Cases
Hakan Yüksel
 
Security and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalSecurity and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 final
John Chowdhury
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
AVEVA
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real life
Mona Arkhipova
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
Cloudera, Inc.
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
IBM Security
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
EMC
 
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales PresentationKey Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentation
rfragola
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
Novell
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
Lancope, Inc.
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
Charles Li
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Kenneth de Brucq
 
Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012
henkpieper
 
Security on a budget
Security on a budget Security on a budget
Security on a budget
nCircle - a Tripwire Company
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
 

Similar to Critical Infrastructure Security by Subodh Belgi (20)

Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
 
Enterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesEnterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security Cases
 
Security and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalSecurity and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 final
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real life
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales PresentationKey Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentation
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
 
Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012
 
Security on a budget
Security on a budget Security on a budget
Security on a budget
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 

More from ClubHack

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
ClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
ClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
ClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
ClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
ClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
ClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
ClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
ClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
ClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
ClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
ClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
ClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
ClubHack
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)
ClubHack
 

More from ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)
 

Critical Infrastructure Security by Subodh Belgi

  • 1. Subodh Belgi VP & Chief Security Evangelist
  • 2. Critical Infrastructure & Control Systems • Modern society is dependent on several critical infrastructure industries • Industrial Control Systems (SCADA/DCS/PLCs) are extensively used to manage the operation of critical infrastructure Copyright © 2012 MIEL e-Security Pvt. Ltd. 2
  • 3. Critical Infrastructure is Under Attack !! Copyright © 2012 MIEL e-Security Pvt. Ltd. 3
  • 4. SCADA/Control Systems Becoming Easy Target.. Copyright © 2012 MIEL e-Security Pvt. Ltd. 4
  • 5. Stuxnet Attack – The Wakeup Call ! • Most sophisticated and targeted attack on Industrial Control Systems • Disabling specific types of drives used in Uranium Enrichment process by infecting a specific model of Siemens PLC • 7 different modes of propagation, 4 different zero day vulnerabilities exploited • 2 rootkits – For windows and Siemens PLC • Using stolen certificates to sign the rootkit code • Remote command & control • P2P update capability Copyright © 2012 MIEL e-Security Pvt. Ltd. 5
  • 6. ICS Security : Risk Drivers Increased Connectivity • Need for ‘REAL TIME’ information, for taking Informed decisions. • Control systems are linked to corporate information systems & networks. Open Technology • Increasingly using standardized IT Technologies • IP based network for PLCs, DCS, IEDs, Field devices etc. Copyright © 2012 MIEL e-Security Pvt. Ltd. 6
  • 7. ICS Security : Risk Drivers Design Limitations • Historically, designed for productivity, safety and reliability • Security by obscurity – Proprietary protocols, air gapped network Lack of Cyber Security Awareness • Enterprise IT Security professionals lack control systems expertise • Control systems professionals not aware of security issues and controls Copyright © 2012 MIEL e-Security Pvt. Ltd. 7
  • 8. Industrial Control Systems in an Organization Copyright © 2012 MIEL e-Security Pvt. Ltd. 8
  • 9. ICS Security Not Same as IT Security Topic IT Systems Industrial Control Systems Typical Lifespan 3-5 years 10-15 years Security Awareness Good Poor, except physical Time Critical Content Generally delays accepted Critical due to safety Availability Occasional downtime 24x7x365 accepted Security Testing/Audit Scheduled, mandated Occasional, uncommon Patch Management Regular, Scheduled Slow, vendor dependent Change Management Regular, scheduled Uncommon Security Controls Extensively deployed Uncommon, except safety related Business Impact Disruption, Monetary Loss, Loss of Life, Loss of Business, Legal sanctions Physical Damage, Environmental Impact, National Security & Economy Copyright © 2012 MIEL e-Security Pvt. Ltd. 9
  • 10. Who are the Adversaries? • Usual Suspects.. – Script Kiddies – Hackers – Cyber Criminals – Malware Authors/Operators – Organized Crime Groups • Growing Threat.. – Industrial Espionage – Hacktivists – Disgruntled Insiders – State Sponsored Terrorists – Foreign Intelligence Agencies Copyright © 2012 MIEL e-Security Pvt. Ltd. 10
  • 11. Reported Vulnerabilities – Tip of the Iceberg Inadequate Security Architecture & Design No Periodic Security Assessment/Audit Firewall Non-existent or Improperly Configured Unsecured Remote Access OS and Application Patches not Updated Use of Default Configuration, User Accounts Lack of Verifying Data Authenticity, Integrity Malware Protection not Installed Copyright © 2012 MIEL e-Security Pvt. Ltd. 11
  • 13. Typical ICS Architecture Copyright © 2012 MIEL e-Security Pvt. Ltd. 13
  • 14. ICS Communication Protocols • SCADA Modbus, DNP3, ICCP, IEC 60870, IEC 61850 • DCS/Process Automation CIP, ControlNet, DeviceNet, DirectNet, EtherCAT, EtherNet/IP, EtherNet Powerlink, HART, Fieldbus, Modbus, Hostlink, Modbus RTU, Modbus TCP, Profibus, ProfiNet, RAPIENet, Honeywell SDS, SERCOS III, GE SRTP, Sinec, OPC, OPC UA • Smart Buildings/Meters/Vehicles BACnet, C-Bus, CC-Link, Dynet, LonTalk, S-Bus, VSCP, xAP, X10, Zigbee ANSI C12.18, DLMS/IEC 62056, IEC 61107, M-Bus, Zigbee Smart Energy CAN, DC-Bus, FlexRay, IEBus, J1708, J1939, VAN, SMARTWireX, LIN Copyright © 2012 MIEL e-Security Pvt. Ltd. 14
  • 15. ICS Communication Protocols – Challenges • Lack of Authentication - Works with device addresses and function codes • Lack of Encryption - Command and addresses sent in clear-text • Lack of Message Integrity - No data validity checking • Broadcast Functionality - All devices receive all messages • Programmability - Able to program controllers, PLCs and RTUs • Susceptible to Message spoofing, MITM, DOS attacks • Protocols not supported by commercial firewalls • Not supported by security tools – Snort, Wireshark Copyright © 2012 MIEL e-Security Pvt. Ltd. 15
  • 16. Automation Devices – Controllers, PLC, RTUs, IEDs… • Used for Communication, Control, I/O, Protection, Monitoring, Metering etc. • Runs vxworks, embedded linux/windows, or proprietary OS on custom hardware • TCP/IP connectivity • Lack of basic security features • Highly susceptible to cyber attacks Copyright © 2012 MIEL e-Security Pvt. Ltd. 16
  • 17. Automation Devices – Challenges Copyright © 2012 MIEL e-Security Pvt. Ltd. 17
  • 18. How Could You Contribute ? Building Research Community Focused on Industrial Control Systems Security  Network Protocol Analysis  Firmware Analysis/Hacking  Embedded Systems Hacking  Vulnerability Analysis  Exploit Development  Malware Analysis  Security Tools Development Copyright © 2012 MIEL e-Security Pvt. Ltd. 18

Editor's Notes

  1. Performance – Real time response is critical, May not require high-throughput Controls should not hamper normal or emergency operations Availability – Very high uptime requirement, Outages are not acceptable and may result into physical events, simply rebooting IT systems is not the solution, downtime planning is critical and any changes require extensive testingSecurity Goals differ – Availability is priority, unlike confidentiality for IT systemsResource Constraints – Compute power, memory, bandwidth limitation Typical IT security solutions do consume lot of computing resourcesLong Technology Life Cycle – 10-20 years compared to 3-5 years for IT. Proprietary and complex & non standard systems and communication protocols, not easy to deploy usual IT security solutions in IACS spaceSecurity Staff – Expertise widely differ, Control systems expertise is not available with typical IT staff, require special training and staff development