This document discusses industrial control system (ICS) cybersecurity. It begins with an introduction to ICS, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and programmable logic controllers (PLC). It then compares ICS and IT security, discussing risks specific to ICS. The document outlines the risk management process and describes ICS security architecture, including network segmentation. It also covers authentication, firewall implementation, and applying the six steps of the NIST risk management framework to implement security controls for ICS.
This document provides an overview of access control, including identification, authentication, and authorization. It discusses different types of access controls like administrative, technical, and physical controls. It also covers specific access control methods like passwords, biometrics, smart cards, and tokens. Identification establishes a subject's identity, while authentication proves the identity. Authorization then controls the subject's access to resources based on their proven identity. The document categorizes access controls as preventive, detective, corrective, recovery, compensating, and directive. It provides examples of different administrative, technical, and physical controls that fall into each category.
This document discusses access controls and various access control models. It defines access control as granting or denying approval to use specific resources. It describes common access control models like discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC). It also discusses access control terminology, technical processes, and best practices for implementing access controls.
Access control is the process of granting or denying access to resources or services on a computer system or network. There are four main access control models: mandatory access control, discretionary access control, role-based access control, and rule-based access control. Access control can be implemented through logical methods like access control lists, group policies, account restrictions, and passwords or through physical methods such as locks, mantraps, video surveillance, and access logs. Strong access control policies and practices help ensure only authorized access and prevent security breaches.
This document discusses ICS/SCADA cybersecurity. It introduces the speaker as a security enthusiast with 2 years of ICS experience. It then provides commands to list and view ICS files. The document defines ICS components like sensors, actuators, PLCs, HMIs, and data historians. It lists resources for ICS security training and trends.
Information Security Principles - Access Controlidingolay
The document discusses various concepts related to access controls and authentication methods in information security. It covers identification, authentication, authorization, accountability and different authentication factors like something you know, something you have, something you are. It also discusses access control models, biometrics, passwords and single sign-on systems.
Basic Network Attacks
The active and passive attacks can be differentiated on the basis of what are they, how they are performed and how much extent of damage they cause to the system resources. But, majorly the active attack modifies the information and causes a lot of damage to the system resources and can affect its operation. Conversely, the passive attack does not make any changes to the system resources and therefore doesn’t causes any damage.
Control physical and logical access to assets, Manage identification and authentication of people and devices, Integrate identity as a service (e.g., cloud identity),
Integrate third-party identity services (e.g., on-premise), Implement and manage authorization mechanisms, Prevent or mitigate access control attacks, Manage the identity and access provisioning life cycle (e.g., provisioning, review)
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
This document discusses network security. It defines network security and outlines some key security challenges such as many networks experiencing security breaches. It then discusses why security has become more important over time due to more dangerous hacking tools and the roles of security changing. The document outlines various security issues, goals, components, data classification approaches, security controls, and addressing security breaches. It stresses the importance of a comprehensive security policy and approach.
The document discusses cybersecurity, including the different types of cyber criminals and cybersecurity specialists. It describes common cybersecurity threats like hacking, malware, and data breaches that can affect individuals, businesses, and organizations. The document also examines factors that contribute to the spread of cybercrime, such as software vulnerabilities, mobile devices, and the growth of internet-connected devices and large datasets. It outlines efforts to increase the cybersecurity workforce through frameworks, certifications, and professional development opportunities for cybersecurity experts.
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
Slides for the presentation about SCADA hacking given on Hackers 2 Hackers Conference 10th edition at São Paulo, Brazil
Demo videos:
- Wago 0day DOS: https://www.youtube.com/watch?v=ACMJmXy4hSg
- Modbus Replay: https://www.youtube.com/watch?v=1pfZDiUUQHQ
Presentation Video (pt_BR)
- https://www.youtube.com/watch?v=R1snsQ_WS9Y
This document discusses network security and firewalls. It defines security threats as risks that can harm computer systems, and notes that network security covers technologies, devices, and processes to protect network integrity, confidentiality, and accessibility. It describes how firewalls monitor incoming and outgoing traffic to block malicious traffic, and explains the importance of network security for trust, protection from malware, and secure online transactions.
The document provides information on vulnerability assessment and penetration testing. It defines vulnerability assessment as a systematic approach to finding security issues in a network or system through manual and automated scanning. Penetration testing involves exploring and exploiting any vulnerabilities that are found to confirm their existence and potential damage. The document outlines the types of testing as blackbox, graybox, and whitebox. It also lists some common tools used for testing like Nmap, ZAP, Nikto, WPScan, and HostedScan. Finally, it provides examples of specific vulnerabilities found and their solutions, such as outdated themes/plugins, backup files being accessible, and SQL injection issues.
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
Scada Industrial Control Systems Penetration Testing
Start from Types of Scada Networks, then Penetration testing, finally what Security should be follow
Information Security Governance: Concepts, Security Management & MetricsMarius FAILLOT DEVARRE
The document discusses information security governance concepts. It defines information security governance as a job practice area that establishes policies and procedures to align information security strategies with business goals. The key tasks within this area include establishing an information security strategy and governance framework, developing security policies, and defining roles and responsibilities. Effective information security governance provides benefits such as reducing security risks and incidents, enhancing customer trust, and ensuring policy compliance. Senior management support is important for information security governance to be implemented successfully.
Chris Sistrunk discussed implementing network security monitoring (NSM) on industrial control systems (ICS). NSM involves collecting network data through tools like Security Onion, analyzing the data to detect anomalies, and investigating anomalies to identify potential threats. While ICS networks pose different challenges than typical IT networks, the same NSM methodology of collection, detection, and analysis can be applied. Free and open source tools like Security Onion allow implementing NSM on ICS to hunt for threats without disrupting operations. The most important part of NSM is having knowledgeable people to interpret data and identify what is normal versus potentially malicious activity on the network.
This document discusses the evolution of cyber security and its growing importance. It covers how cyber security now impacts individuals, businesses, and geopolitics. The document also defines key cyber security terms and concepts, examines perspectives like threat management and information assurance, and argues that cyber security must take an integrated, holistic approach going forward. It concludes by noting that with modern society's growing digital interconnectedness, not taking a comprehensive view of cyber security may be the biggest risk.
Security Issues in SCADA based Industrial Control Systems aswanthmrajeev112
This document discusses security concerns in industrial control systems. It provides an overview of industrial control systems (ICS) and SCADA systems, which are widely used to control infrastructure systems. It outlines several vulnerabilities in ICS, including issues with legacy systems not being designed with modern cybersecurity threats in mind. Specific threats like zero-day vulnerabilities, non-prioritized tasks, and database/communication protocol issues are examined. The conclusion states that additional digital security techniques are needed to protect critical infrastructure control systems.
Presentation from the EPRI-Sandia Symposium on Secure and Resilient Microgrids: Cyber Security R&D for Microgrids, presented by Jason Stamp, Sandia National Laboratories, Baltimore, MD, August 29-31, 2016.
This document discusses trends in threats to SCADA (Supervisory Control and Data Acquisition) systems. It notes that as SCADA systems increasingly use commercial off-the-shelf software and connect to the internet, they have become more vulnerable to cyber threats. The document outlines how SCADA systems work and components like RTUs, PLCs, and HMIs. It also discusses issues like the mistaken belief that SCADA systems are secure due to physical security or isolation from the internet. The conclusion suggests that as capabilities and opportunities for threats increase, the future operational environment will be more vulnerable if an actor emerges with the intent to cause harm.
Integrated Control and Safety - Assessing the Benefits; Weighing the RisksSchneider Electric
While best practice has leaned toward keeping control and
safety isolated from each other, recent enterprise data integration
and cost control initiatives are providing incentive to
achieve some level of integration. This paper describes three
basic integration models, including an “interfaced” approach,
in which separate control and safety communicate via a
custom built software bridge; an “integrated but separate”
approach, in which the disparate systems sit on the same
network, but share information only across isolated network
channels; and a “common” approach, in which both control
and safety systems share a common operating system. The
authors then compare the three approaches according to
compliance with safety standards and cost efficiencies.
Standards based security for energy utilitiesNirmal Thaliyil
The document discusses standards for cybersecurity in the energy sector. It notes that threats are increasing as energy infrastructure becomes more connected and data-driven. The document outlines some key cybersecurity standards for the energy industry including NERC CIP, IEEE1686, and IEC 62351. It maps these standards based on their level of technical detail and completeness. The document also discusses best practices for cybersecurity including technological and operational controls and how standards relate to controls for protection, detection and response.
The document discusses securing industrial control systems (ICS) infrastructure for compliance with NERC CIP standards and beyond. It outlines the network security challenges for bulk power systems in meeting compliance standards while balancing performance and costs. Real-world security vulnerabilities are described from assessments done by the GAO and Department of Energy. The paper then explains how a unified threat management approach using a single security platform can help simplify NERC compliance by providing firewall, VPN, antivirus, IPS, and authentication capabilities required without needing separate point products. This integrated solution secures the infrastructure while maintaining performance.
This document discusses the cyber security risks of smart grids and proposes an integrated security framework to address these risks. Smart grids integrate information infrastructure with electrical infrastructure, improving performance but also increasing vulnerability to cyber attacks. The framework features security agents, managed security switches, and a security manager to provide layered protection, intrusion detection, and access control across the power automation network in a scalable and extensible manner. This integrated approach is needed as power systems have different security needs than traditional IT networks.
Are your industrial networks protected...Ethernet Security Firewalls Schneider Electric
Security incidents rise at an alarming rate each year. As the complexity of the threats increases, so do the security measures required to protect industrial networks. Plant operations personnel need to understand security basics as plant processes integrate with outside networks. This paper reviews network security fundamentals, with an emphasis on firewalls specific to industry applications. The variety of firewalls is defined, explained, and compared.
The document provides guidance on securing industrial control systems through a defense-in-depth approach. It summarizes the Purdue Model for Control Hierarchy, which defines five zones and six levels of operations for industrial control systems. It then presents a reference architecture based on this model, with multiple zones and security controls between the enterprise, manufacturing and process zones. Specifically, it identifies security patterns and controls for access control, log management, network security and remote access that are critical for industrial control system security.
This presentation discusses why cybersecurity is an issue for safety instrumented systems and will examine example architectures when communicating with the SIS.
SCADA systems are used to monitor and control equipment and processes in industries like oil/gas, water treatment, and manufacturing. They gather data in real-time from remote locations and send control commands back. SCADA has evolved through 3 generations from standalone monolithic systems to distributed systems on local networks to today's networked systems using open standards and wide area networks. Security issues need to be addressed like encrypting communications, securing devices, auditing networks, and implementing threat protection. The future of SCADA involves more sophisticated systems that can handle huge data volumes and territories with some having artificial intelligence capabilities.
As more enterprises and small and medium (SMB) businesses move critical data and applications over to virtualized, multi-tenant systems in public and private clouds, cyber-criminals will aggressively attack potential security vulnerabilities. Security strategies and best practices must evolve to mitigate rapidly emerging, increasingly dangerous threats. The Cisco VMDC Cloud Security 1.0 solution protects against such threats, and provides a reference design for effectively and economically securing cloud-based physical and virtualized cloud data center deployments.
This design guide describes how to build security into cloud data center deployments. The VMDC Cloud Security 1.0 solution integrates additional security capabilities into data center design with minimal deployment risks, addresses governance and regulatory requirements, and provides improved technical controls to reduce security threats.
Providing end-to-end security for multi-tenant cloud data centers is a critical task that challenges service providers (SPs) and enterprises. However, deploying successful cloud data centers depends upon on end-to-end security in both data center infrastructures and the virtualized environments that host application and service loads for cloud consumers.
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
SCADA systems control some of the most vital infrastructure in industrial and energy sectors, from oil and gas pipelines to nuclear facilities to water treatment plants.
Critical infrastructure is defined as the physical and IT assets, networks and services that if disrupted or destroyed would have a serious impact on the health, security, or economic wellbeing of citizens and the efficient functioning of a country’s government.
This document provides an overview of how Fortinet solutions can help secure industrial control systems (ICS) in accordance with IEC 62443 standards. It describes common ICS vulnerabilities and challenges, and recommends implementing network segmentation, access controls, and multi-layered security using Fortinet products to monitor traffic and enforce security policies across different ICS zones. Specific Fortinet products mentioned include the FortiGate firewall, FortiAuthenticator for authentication, and FortiAnalyzer for logging and reporting.
The NIST SP 800-82 document provides guidance on establishing secure industrial control systems (ICS). It discusses ICS characteristics and security challenges. It recommends developing a comprehensive ICS security program that includes senior management support, risk assessments, defined policies and procedures, inventory of assets, and training. It also provides recommendations on network architecture design and implementing NIST SP 800-53 security controls for ICS environments.
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but not published due to unforeseen withdrawal of author)
Critical Information Infrastructure Systems WorldwideAngela Hays
The document discusses the training that the author underwent at Finetech Controls Pvt. Ltd., which covered the fundamentals of industrial automation including components like switches, sensors, controllers, drives, and programmable logic controllers. The training also included how to operate and program PLCs to remotely control industrial processes, as well as the basics of variable frequency drives for motor speed and rotation control. The author was educated on the principles, applications, and installation of automation equipment used in manufacturing and material handling processes.
Robust Cyber Security for Power UtilitiesNir Cohen
The security of critical networks is at the center of attention of industry and government regulators alike. Check Point and RAD offer a joint end-to-end cyber security solution that protects any utility operational technology (OT) network by eliminating RTU and SCADA equipment vulnerabilities, as well as defends against cyber-attacks on the network’s control and data planes. This solution brief explains how the joint solution enables compliance with NERC-CIP directives, provides deep visibility and control of ICS/SCADA communications, and allows secure remote access into OT networks.
Cybridge Secure Content Filter for SCADA NetworksGeorge Wainblat
Industrial infrastructures are growing in size and complexity. And it’s all too clear that traditional enterprise IT solutions have not been successful in safeguarding them from
cyber-attack.
They do not meet the best-practice deep-packet inspection capability in the field, nor do they place an emphasis on zone protection network segmentation.
As well, they tend to focus on preventing loss of confidential information, rather than
what really matters in the industrial world – reliability and integrity of the system.In this architecture, a Cybridge is used as a one way content filter gateway which enables the extraction and export of protocol data and information from within the industrial networks, carried upon industrial protocols, to enterprise networks.
This allows safe and easy integration of the machine data coming from the SCADA
network in enterprise reporting and statistical services, within external or public networks without any Cyber-attacks apprehension.
Similar to Industrial control systems cybersecurity.ppt (20)
The DealBook is our annual overview of the Ukrainian tech investment industry. This edition comprehensively covers the full year 2023 and the first deals of 2024.
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
Mitigating the Impact of State Management in Cloud Stream Processing SystemsScyllaDB
Stream processing is a crucial component of modern data infrastructure, but constructing an efficient and scalable stream processing system can be challenging. Decoupling compute and storage architecture has emerged as an effective solution to these challenges, but it can introduce high latency issues, especially when dealing with complex continuous queries that necessitate managing extra-large internal states.
In this talk, we focus on addressing the high latency issues associated with S3 storage in stream processing systems that employ a decoupled compute and storage architecture. We delve into the root causes of latency in this context and explore various techniques to minimize the impact of S3 latency on stream processing performance. Our proposed approach is to implement a tiered storage mechanism that leverages a blend of high-performance and low-cost storage tiers to reduce data movement between the compute and storage layers while maintaining efficient processing.
Throughout the talk, we will present experimental results that demonstrate the effectiveness of our approach in mitigating the impact of S3 latency on stream processing. By the end of the talk, attendees will have gained insights into how to optimize their stream processing systems for reduced latency and improved cost-efficiency.
Best Programming Language for Civil EngineersAwais Yaseen
The integration of programming into civil engineering is transforming the industry. We can design complex infrastructure projects and analyse large datasets. Imagine revolutionizing the way we build our cities and infrastructure, all by the power of coding. Programming skills are no longer just a bonus—they’re a game changer in this era.
Technology is revolutionizing civil engineering by integrating advanced tools and techniques. Programming allows for the automation of repetitive tasks, enhancing the accuracy of designs, simulations, and analyses. With the advent of artificial intelligence and machine learning, engineers can now predict structural behaviors under various conditions, optimize material usage, and improve project planning.
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
Details of description part II: Describing images in practice - Tech Forum 2024BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and transcript: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Choose our Linux Web Hosting for a seamless and successful online presencerajancomputerfbd
Our Linux Web Hosting plans offer unbeatable performance, security, and scalability, ensuring your website runs smoothly and efficiently.
Visit- https://onliveserver.com/linux-web-hosting/
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionBert Blevins
Cybersecurity is a major concern in today's connected digital world. Threats to organizations are constantly evolving and have the potential to compromise sensitive information, disrupt operations, and lead to significant financial losses. Traditional cybersecurity techniques often fall short against modern attackers. Therefore, advanced techniques for cyber security analysis and anomaly detection are essential for protecting digital assets. This blog explores these cutting-edge methods, providing a comprehensive overview of their application and importance.
How RPA Help in the Transportation and Logistics Industry.pptxSynapseIndia
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
Sustainability requires ingenuity and stewardship. Did you know Pigging Solutions pigging systems help you achieve your sustainable manufacturing goals AND provide rapid return on investment.
How? Our systems recover over 99% of product in transfer piping. Recovering trapped product from transfer lines that would otherwise become flush-waste, means you can increase batch yields and eliminate flush waste. From raw materials to finished product, if you can pump it, we can pig it.
Blockchain technology is transforming industries and reshaping the way we conduct business, manage data, and secure transactions. Whether you're new to blockchain or looking to deepen your knowledge, our guidebook, "Blockchain for Dummies", is your ultimate resource.
1. INDUSTRIAL CONTROL
SYSTEM (ICS) CYBER
SECURITY
DR. MOFEED TURKY RASHID
ELECTRICAL ENG. DEP.
BASRAH UNIVERSITY
HUDA AMEER ZEKI
COMPUTER SCIENCE DEP.
SHATT AL-ARAB UNI. COLLEGE
National Institute of Standards and Technology
(NIST) Special Publication 800-82
Revision 2
https://www.nist.gov/
2. OUTLINE
Introduction to Industrial Control Systems (ICS).
Supervisory Control and Data Acquisition (SCADA).
Distributed Control Systems (DCS).
Programmable Logic Controller (PLC).
Comparing ICS and IT Systems Security.
The Risk Management Process.
ICS Security Architecture.
Authentication and Authorization.
Applying Security Controls to ICS.
3. INTRODUCTION TO ICS
An ICS is a general term that encompasses several types
of control systems, including
• Supervisory control and data acquisition (SCADA).
• Systems, distributed control systems (DCS).
• Control system configurations such as Programmable
Logic Controllers (PLC).
• Human Machine Interfaces (HMIs).
• Remote diagnostics and maintenance tools built using
an array of network protocols.
4. ICS control industrial processes are typically used in:
• Electrical.
• Water and wastewater.
• Oil and natural gas.
• Chemical.
• Transportation.
• Pharmaceutical.
• Pulp and paper.
• Food and beverage.
• Discrete manufacturing (e.g., automotive, aerospace,
and durable goods) industries.
6. SCADA SYSTEMS
SCADA systems are designed to collect field
information, transfer it to a central computer facility, and
display the information to the operator graphically or
textually, thereby allowing the operator to monitor or
control an entire system from a central location in near
real time.
Typical hardware includes a control server placed at a
control center, communications equipment (e.g., radio,
telephone line, cable, or satellite), and one or more
geographically distributed field sites consisting of
Remote Terminal Units (RTUs) and/or PLCs, which
controls actuators and/or monitors sensors.
8. DISTRIBUTED CONTROL
SYSTEMS (DCS)
DCS are used to control production systems within the
same geographic location for industries such as oil
refineries, water and wastewater treatment, electric
power generation plants, chemical manufacturing plants,
automotive production, and pharmaceutical processing
facilities.
DCS are integrated as a control architecture containing a
supervisory level of control overseeing multiple,
integrated sub-systems that are responsible for
controlling the details of a localized process. A DCS uses
a centralized supervisory control loop to mediate a group
of localized controllers that share the overall tasks of
carrying out an entire production process.
10. PROGRAMMABLE LOGIC
CONTROLLER (PLC)
PLCs are used in both SCADA and DCS systems as the
control components of an overall hierarchical system to
provide local management of processes through
feedback control.
PLCs are also implemented as the primary controller in
smaller control system configurations to provide
operational control of discrete processes such as
automobile assembly lines and power plant soot blower
controls.
PLCs have a user-programmable memory for storing
instructions for the purpose of implementing specific
functions such as I/O control, logic, timing, counting, PID
controller, communication, arithmetic, and data and file
processing.
12. COMPARING ICS AND IT
SYSTEMS SECURITY
ICS control is the physical world while IT system is data
management. ICS have many characteristics that differ
from traditional IT systems, including
• Significant risk to the health and safety of human
lives.
• Serious damage to the environment.
• Financial issues such as production losses and
negative impact to a nation’s economy.
• ICS have different performance and reliability
requirements, and also use operating systems and
applications that may be considered unconventional
in a typical IT network environment.
13. The following lists some special considerations when
considering security for ICS:
Timeliness and Performance Requirements.
Availability Requirements.
Risk Management Requirements.
Physical Effects.
System Operation.
Resource Constraints.
Communications.
Change Management.
Managed Support.
Component Lifetime.
Component Location.
14. THE RISK MANAGEMENT PROCESS
The risk management process has four components:
Framing, Assessing, Responding and Monitoring.
15. ICS SECURITY ARCHITECTURE
It is usually recommended to separate the ICS network from the
corporate network.
Internet access, FTP, email, and remote access will typically be
permitted on the corporate network but should not be allowed on
the ICS network.
If ICS network traffic is carried on the corporate network, it could
be intercepted or be subjected to attacks.
By having separate networks, security and performance problems
on the corporate network should not be able to affect the ICS
network.
If the networks must be connected, it is recommended that only
minimal (single if possible) connections be allowed and that the
connection is through a firewall and a demilitarized zones (DMZ).
A DMZ is a separate network segment that connects directly to the
firewall.
16. NETWORK SEGMENTATION AND SEGREGATION
The aim of network segmentation and segregation is to minimize
access to sensitive information for those systems and people
who don’t need it, while ensuring that the organization can
continue to operate effectively.
Traditionally, network segmentation and segregation is
implemented at the gateway between domains.
ICS environments often have multiple well-defined domains,
such as:
operational LANs.
control LANs.
operational DMZs.
gateways to non-ICS.
less trustworthy domains such as the Internet and the corporate
LANs.
Network segregation involves developing and enforcing a rule
set controlling which communications are permitted through the
boundary.
17. FIREWALLS
Network firewalls are devices or systems that
control the flow of network traffic between
networks employing differing security postures.
There are three general classes of firewalls:
• Packet Filtering Firewalls at layer 3 (transport)
by IP. (More Delay).
• Stateful Inspection Firewalls at layer 4 (TCP /
UDP). (Complex and expensive).
• Application-Proxy Gateway Firewalls at
Application layer. (Overheads and Delay).
22. AUTHENTICATION AND AUTHORIZATION
An ICS may contain a large number of systems, each of which must be
accessed by a variety of users. Performing the authentication and
authorization of these users presents a challenge to the ICS.
Authentication and authorization can be performed either in a
distributed or centralized approach.
Managing these user’s accounts can be problematic as employees are
added, removed, and as their roles change.
As the number of systems and users grow, the process of managing
these accounts becomes more complicated.
The authentication of a user or system is the process of verifying the
claimed identity.
Authorization, the process of granting the user access privileges, is
determined by applying policy rules to the authenticated identity and
other relevant information. Authorization is enforced by some access
control mechanism.
The authentication process can be used to control access to both
systems (e.g. HMIs, field devices, SCADA servers) and networks (e.g.,
remote substations LANs).
24. STEP 1: CATEGORIZE INFORMATION
SYSTEM
The first activity in the Risk Management Framework
(RMF) is to categorize the information and information
system according to potential impact of loss.
For each information type and information system under
consideration, the three Federal Information Security
Modernization Act (FISMA) defined security objectives:
(confidentiality, integrity, and availability) are associated
with one of three levels of potential impact should there
be a breach of security.
The standards and guidance for this categorization
process can be found in FIPS 199 and NIST SP 800-60.
The following ICS example is taken from FIPS 199:
25. A power plant contains a SCADA system controlling the
distribution of electric power for a large military
installation. The SCADA system contains both real-time
sensor data and routine administrative information.
The management at the power plant determines that:
(i) for the sensor data being acquired by the SCADA
system, there is no potential impact from a loss of
confidentiality, a high potential impact from a loss of
integrity, and a high potential impact from a loss of
availability; and
(ii) for the administrative information being processed by
the system, there is a low potential impact from a loss of
confidentiality, a low potential impact from a loss of
integrity, and a low potential impact from a loss of
availability.
26. The resulting security categories, SC, of these
information types are expressed as:
SC sensor data = {(confidentiality, NA), (integrity, HIGH),
(availability, HIGH)},
and
SC administrative information = {(confidentiality, LOW),
(integrity, LOW), (availability, LOW)}.
The resulting security category of the information
system is initially expressed as:
SC SCADA system = {(confidentiality, LOW), (integrity,
HIGH), (availability, HIGH)},
27. STEP 2: SELECT SECURITY CONTROLS
This framework activity includes the initial selection of
minimum security controls planned or in place to protect the
information system based on a set of requirements.
FIPS 200 documents a set of minimum-security requirements
covering 18 security-related areas with regard to protecting the
confidentiality, integrity, and availability of federal information
systems and the information processed, stored, and transmitted
by those systems.
An overlay is a fully specified set of security controls, control
enhancements, and supplemental guidance derived from the
application of tailoring guidance to security control baselines
described in NIST SP 800-53.
In general, overlays are intended to reduce the need for ad hoc
tailoring of baselines by organizations through the selection of
a set of controls and control enhancements that more closely
correspond to common circumstances, situations, and/or
conditions.
28. STEP 3: IMPLEMENT SECURITY CONTROLS
The security control selection process can be applied to ICS from
two different perspectives: (i) new development; and (ii) legacy.
For new development systems, the security control selection
process is applied from a requirements definition perspective
since the systems do not yet exist and organizations are
conducting initial security categorizations. The security controls
included in the security plans for the information systems serve
as a security specification and are expected to be incorporated
into the systems during the development and implementation
phases of the system development life cycle.
In contrast, for legacy information systems, the security control
selection process is applied from a gap analysis perspective when
organizations are anticipating significant changes to the systems
(e.g., during major upgrades, modifications, or outsourcing).
29. STEP 4: ASSESS SECURITY CONTROLS
This activity determines the extent to which the
security controls in the information system are
effective in their application.
NIST SP 800-53A provides guidance for assessing
security controls initially selected from NIST SP 800-
53 to ensure that they are implemented correctly,
operating as intended, and producing the desired
outcome with respect to meeting the security
requirements of the system.
To accomplish this, NIST SP 800-53A provides
expectations based on assurance requirements
defined in NIST SP 800-53 for characterizing the
expectations of security assessments by FIPS 199
impact level.
30. STEP 5: AUTHORIZE INFORMATION SYSTEM
This activity results in a management decision to authorize the
operation of an information system and to explicitly accept the
risk to agency operations, agency assets, or individuals based on
the implementation of an agreed-upon set of security controls.
STEP 6: MONITOR SECURITY CONTROLS
This activity continuously tracks changes to the information
system that may affect security controls and assesses control
effectiveness. NIST SP 800-137 provides guidance on
information security continuous monitoring.