ICS security

The document discusses the NIST Cybersecurity Framework, which provides guidelines for critical infrastructure security and management of cybersecurity risks. It was created through a collaboration between government and industry to help organizations manage and reduce cybersecurity risks. The framework consists of five concurrent and continuous functions - Identify, Protect, Detect, Respond, Recover. It also outlines implementation tiers from Partial to Adaptive to help organizations determine their cybersecurity risk management practices. The framework is meant to be flexible and not prescriptive in order to accommodate different sectors and risks profiles.

Presentation I gave to a client on showing the importance of implementing a vulnerability management program life cycle.

Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables. (Source : RSA Conference USA 2017)

The NIST SP 800-82 document provides guidance on establishing secure industrial control systems (ICS). It discusses ICS characteristics and security challenges. It recommends developing a comprehensive ICS security program that includes senior management support, risk assessments, defined policies and procedures, inventory of assets, and training. It also provides recommendations on network architecture design and implementing NIST SP 800-53 security controls for ICS environments.

This document discusses ICS/SCADA cybersecurity. It introduces the speaker as a security enthusiast with 2 years of ICS experience. It then provides commands to list and view ICS files. The document defines ICS components like sensors, actuators, PLCs, HMIs, and data historians. It lists resources for ICS security training and trends.

Chris Sistrunk discussed implementing network security monitoring (NSM) on industrial control systems (ICS). NSM involves collecting network data through tools like Security Onion, analyzing the data to detect anomalies, and investigating anomalies to identify potential threats. While ICS networks pose different challenges than typical IT networks, the same NSM methodology of collection, detection, and analysis can be applied. Free and open source tools like Security Onion allow implementing NSM on ICS to hunt for threats without disrupting operations. The most important part of NSM is having knowledgeable people to interpret data and identify what is normal versus potentially malicious activity on the network.

This document discusses requirements for physical and information security systems for data centers. It outlines two major types of protection: physical security, involving safeguarding assets and personnel through controls like access points, alarms and cameras; and information security, protecting data through measures such as firewalls, antivirus software and identity management. The document provides steps for physical security including site placement, utilities redundancy, and access limitations. It also presents examples of Cisco security products that can be used like the ASA firewall and NAC appliance for network admission control.

This session will present a real case study of methodology and advanced cybersecurity tools used along with important tips and lessons learned on implementing an ISOC project at the second largest city of the nation. Topics include the critical success factors, advanced tools and technologies for ISOC, Situational Awareness, Threat Intelligence Sharing and cybersecurity collaboration. (Source: RSA USA 2016-San Francisco)

Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.

This document provides an overview of how security architecture fits within enterprise architecture. It begins by noting that security architecture is a subset of enterprise architecture. It then discusses a presentation given on this topic, highlighting how security practices are often misunderstood by both IT and security professionals. The presentation explores how to better integrate security architecture with enterprise architecture frameworks and processes to ensure security priorities are properly considered throughout enterprise initiatives. It emphasizes the importance of understanding enterprise architecture, aligning security language with business needs, and using evidence-based approaches to integrate security architecture within overall enterprise architecture.

This document discusses implementing a secure software development lifecycle (SDLC). It emphasizes building security into software from the start rather than adding it later. The summary is: The document outlines a secure SDLC process involving defining security requirements, designing for security, implementing secure coding practices, testing software security, and ongoing security monitoring. It notes that software security is a shared responsibility and discusses challenges like team pushback and measuring security benefits. The document also presents a case study of a company that implemented a secure SDLC process to address client security issues and prevent future problems.

The document discusses information security governance and strategy. It defines governance and management, with governance determining decision rights and providing oversight, while management implements controls. Effective governance is risk-based, defines roles and responsibilities, and commits adequate resources. Challenges include understanding security implications and establishing proper structures. Outcomes include strategic alignment of security and risk management. Governance structures depend on desired outcomes such as revenue growth or profit.

The Cybersecurity Risk Management Framework Strategy for Defense Platform Systems course prepares command leadership to implement the National Institute of Standards and Technology’s (NIST) cybersecurity Risk Management Framework (RMF) from a Platform Information Technology (PIT) perspective. This one-day workshop reviews the five functions of cybersecurity that leadership must consider when making decisions about program resources and requirements.

This document discusses security and compliance when using AWS. It makes three main points: 1. AWS and customers share responsibility for security, with AWS managing security of the cloud infrastructure and customers responsible for security in their use of AWS services. 2. AWS provides security tools and features that customers can use to protect their cloud resources and data. Customers can architect for security and follow security best practices. 3. AWS offers certifications and assurance programs to help customers meet various compliance standards and regulations.

In September 2011, Prolifics & IBM hosted a speaking session at a Cyber Security Summit in California. The presentation focused on the importance of Identity and Access Management in the Energy & Utilities industry as well as today's critical regulatory requirements.

What is the NIST Cybersecurity Framework? Why YOU should care? How would I apply it? Would you drive BLINDFOLDED? A false sense of security? Without a Security Framework… Why Cyber Security Framework? How would I measure my effectiveness?

The project title for this task force is “Cyber Security Maturity Model for Organizations”. Some of the key things that you are going to learn from this presentation is: The user organizations will learn, how to easily adapt a cyber security maturity assessmentmodel based on the widely accepted frameworks such as NIST CSF and ISO27001:2013 The readers will learn about the core information security domains and how to plan forsecurity activities around those core domains The readers will learn how to prioritize the security budget and draw out the securitycontrol implementation roadmap for their organization The readers will learn to apply a risk informed approach to information security for theirorganizations which can be used to educate about and sell security to their CEO’s and board members.

How securing ICS/SCADA/Critical Infrastructure is different from conventional Information Technology System.

The document discusses securing industrial control systems (ICS) infrastructure for compliance with NERC CIP standards and beyond. It outlines the network security challenges for bulk power systems in meeting compliance standards while balancing performance and costs. Real-world security vulnerabilities are described from assessments done by the GAO and Department of Energy. The paper then explains how a unified threat management approach using a single security platform can help simplify NERC compliance by providing firewall, VPN, antivirus, IPS, and authentication capabilities required without needing separate point products. This integrated solution secures the infrastructure while maintaining performance.

Supervisory Control And Data Acquisition (SCADA) networks are used to control large industrial machines and systems remotely. SCADA systems were designed for efficiency, not security, so they are vulnerable to exploitation. There are numerous entry points for attackers, including wireless networks connecting SCADA systems, gateways between computer and SCADA networks, and modifying unencrypted command traffic. Organizations need to implement controls separating SCADA networks, monitor for abnormalities, regularly upgrade firmware, and consider the human element for securely controlling SCADA systems.

This document discusses security concerns in industrial control systems. It provides an overview of industrial control systems (ICS) and SCADA systems, which are widely used to control infrastructure systems. It outlines several vulnerabilities in ICS, including issues with legacy systems not being designed with modern cybersecurity threats in mind. Specific threats like zero-day vulnerabilities, non-prioritized tasks, and database/communication protocol issues are examined. The conclusion states that additional digital security techniques are needed to protect critical infrastructure control systems.

This presentation discusses why cybersecurity is an issue for safety instrumented systems and will examine example architectures when communicating with the SIS.

The security of critical networks is at the center of attention of industry and government regulators alike. Check Point and RAD offer a joint end-to-end cyber security solution that protects any utility operational technology (OT) network by eliminating RTU and SCADA equipment vulnerabilities, as well as defends against cyber-attacks on the network’s control and data planes. This solution brief explains how the joint solution enables compliance with NERC-CIP directives, provides deep visibility and control of ICS/SCADA communications, and allows secure remote access into OT networks.

Federal agencies are moving their industrial control systems (ICS) from operational business networks to separate, dedicated networks in order to enhance security. However, without a system to test the new equipment and software coming into these separate networks, security risks will persist. This paper explores the impact on security of instituting a sanctioned ICS test lab and recommends best practices for setting up and operating these labs.

SCADA systems control some of the most vital infrastructure in industrial and energy sectors, from oil and gas pipelines to nuclear facilities to water treatment plants. Critical infrastructure is defined as the physical and IT assets, networks and services that if disrupted or destroyed would have a serious impact on the health, security, or economic wellbeing of citizens and the efficient functioning of a country’s government.

This document summarizes a research paper that implemented a SCADA-based firewall to protect data transmission from external hacking devices. The paper first discusses a case study where an industrial control system was hacked 46 times. It then provides an overview of industrial firewalls and the differences between industrial and IT firewalls. The paper describes configuring a Tofino industrial firewall with SCADA-HMI and PLC assets. It tests the firewall by simulating scenarios without and with the firewall, showing the firewall prevents an attacker from accessing the PLC simulator based on communication protocols. The paper concludes customized industrial firewalls are needed and protocols must be regularly updated as cyber attacks evolve.

1. Cloud computing provides flexibility and economies of scale but introduces new security risks as sensitive data and infrastructure are placed outside traditional secure perimeters. 2. Traditional security measures like firewalls and intrusion detection become more difficult in cloud environments where virtual machines are dynamically allocated across shared physical servers. 3. Ensuring data integrity, updating security software, complying with regulations, and monitoring administrator access require new solutions to prove security and respond to vulnerabilities in cloud infrastructure and virtual environments.