SlideShare una empresa de Scribd logo

The Stuxnet Worm creation process

Ajay Ohri
Ajay Ohri

based on a NYT article at www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?pagewanted=4&hp

Desarrollo personal
1 de 62
Descargar para leer sin conexión
2008 Automation Summit A Users Conference ID#: 2481 Title: Control System Security Assessments Track: Industrial Security Presenters: Marty Edwards Idaho National Laboratory Todd Stauffer Siemens
Cyber Security Series at the Summit 2488 – Catch me if you can Real Life Examples of Security Professionals Breaking into Industrial Control Rooms and Corporate Offices Jonathan Pollet (Industrial Defender) 2481 – Control System Security Assessments You are here ! 6– Cyber Security Panel Session 4:15pm – 5:30pm Room 327 page 2
Control System Security Assessments 2008 Siemens Automation Summit Program Sponsor: Control Systems Security Program National Cyber Security Division U.S. Department of Homeland Security
Presenter Marty Edwards 17+ yrs of experience working with control systems from the perspectives of a vendor and an end user Marty.Edwards@inl.gov (208) 526-9372 4
Session Overview Introduction Vulnerabilities and Threat Trends Assessment Findings Control Systems Security Program Review Summary and Questions Hand over to Todd Stauffer – Siemens 5
Definition of a Control System The term “Industrial Control System” (ICS) refers to a broad set of control systems, which include: SCADA (Supervisory Control and Data Acquisition) DCS (Distributed Control System) PCS (Process Control System) EMS (Energy Management System) AS (Automation System) SIS (Safety Instrumented System) Any other automated control system 6
Control System Basics Human Machine Interfaces (HMI) and Operator Sensors Control Displays Valves Programmable Logic Controllers (PLC) Motor Controls I/O Remote Comms Master Meters PLC Protocols SCADA Sensors IED Ethernet server Field RTU Serial HMI Devices Controller. Wireless EMS DCS Field Devices Control Center 7
Evolution – Panel Based Controls Push Buttons Single Loop Controls Stand Alone No Networks No Communication From a cyber security standpoint this system is ‘isolated’ 8
Evolution – Legacy Equipment Proprietary Networks Proprietary OS No Ethernet No Intranet connections “Security by Obscurity” From a cyber security standpoint this system is ‘exploitable – but not a trivial task’ 9
Evolution – Modern Equipment Ethernet everywhere Wireless ‘in the rack’ Remote configuration Windows & Linux OS Commercial Off The Shelf (COTS) From a cyber security standpoint this system is ‘a huge challenge – readily exploitable’ 10
Control from your PDA Advancements will make accessing key systems very easy Applications running on known-to-be-vulnerable systems 11
Control via the Internet Systems are DIRECTLY connected to the Internet Some of these systems have very poor security: Lack of encryption methods (like VPN access) Sites use published vendor default passwords Sites using domain names that point to function like “SCADAforyourcity.com” Utilizing Internet search engines it is quite easy to find some of these sites… 12
Example HMI access from the web These screens actually have control of a city’s water pumping facility Real HMI screens pulled off the Internet HMI only required vendor default usernames to login 13
Control Systems Are Gaining Interest Currently, a cyber attack on Industrial Control Systems is one of the only ways to induce real-world physical actions from the virtual realm of the Internet This is leading to an increased level of interest in Industrial Control Systems by ‘black hat’ groups Due to the complex nature of network-based control systems, it becomes very hard to distinguish between normal operational nuances and an actual attack. 14
Risk Drivers: Threats International and domestic terrorism, and nation state cyber warfare – asymmetric warfare Interdependency of critical sectors can increase the overall appeal using cyber as an attack tool Internet increases availability of hacker tools along with information about infrastructures and control systems Emergence of a strong financial motive for cyber crime to exploit vulnerabilities “We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities.” – CIA Senior Analyst 15
Cyber Threat Trends Malicious Code Morphing High “Stealth”/Advanced Era of Modern Scanning Techniques Information BOTS Attack Sophistication Denial of Service Technology Intruder Knowledge Zombies Network Management Diagnostics Distributed Attack Tools Sweepers Current SCADAWWW Attacks Back Doors Automated Probes/Scans Zone of Defense Disabling Audits Packet Spoofing Era of Legacy Sniffers Control SystemHijacking Sessions Exploiting Known Vulnerabilities Technology Password Cracking Self-Replicating Code Low Password Guessing 1980 1985 1990 1995 2000 2005 2010 Lipson, H. F., Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues, Special Report CMS/SEI-2002-SR-009, November 2002, page 10. 16
Types of Attackers Crackers Insiders Break into computers for Disrupt their corporate profit or bragging rights network, sometimes an accident, often for revenge Attackers May Utilize Each Others Resources… Terrorists Hostile Countries Attack systems for cause Attack enemy countries’ or ideology computers 17
Cyber Incidents Incident Plant shutdown from game installed from infected disk onto a PLC workstation. Virus ‘fix’ erased licensing keys. 2003 SoBig virus affected rail dispatch and signaling systems, halting train service for 6 hours. 2004 Sasser worm disabled oil platforms for 2 days by crawling through the network via HTTP and NetBios ports. 100’s of documented cases exist, but details are often sketchy 18
Brown’s Ferry (TVA) August 19,2006 Not a cyber attack, but clearly shows impact of a cyber incident on NPP operations Variable Frequency Drives (VFD) on recirculation pumps became non- responsive 19
Hatch NPP Introduction of SW caused SIS to initiate plant shutdown Connection from Corp to SCADA ensure a synchronization and reboot of all machines …there was full two-way communication between System behaved as it was supposed to certain computers on the plant's corporate and control networks. 20
Harrisburg, PA water facility 21
Polish Trains 22
Insider Threat 2 deny hacking into L.A.'s traffic light system Two accused of hacking into L.A.'s traffic light system plead not guilty. They allegedly chose intersections they knew would cause major jams. By Sharon Bernstein and Andrew Blankstein, Times Staff Writers - January 9, 2007 Back in August, the union representing the city's traffic engineers vowed that on the day of their work action, "Los Angeles is not going to be a fun place to drive." City officials took the threat seriously. Fearful that the strikers could wreak havoc on the surface street system, they temporarily blocked all engineers from access to the computer that controls traffic signals. But officials now allege that two engineers, Kartik Patel and Gabriel Murillo, figured out how to hack in anyway. With a few clicks on a laptop computer, the pair — one a renowned traffic engineer profiled in the national media, the other a computer whiz who helped build the system — allegedly tied up traffic at four intersections for several days. Los Angeles Times 23
Technology Assessments Vendor Assessment Objectives Control Systems Vendor Partnership Utilizing expertise at Control Systems Security Center (CSSC) Benefits: Identify specific cyber security vulnerabilities Mitigate vulnerability in partnership with vendors Deliver cyber security solutions to end users through patches and products 24
Assessments Joint findings from government sector agencies and company sponsored programs Assessments were both on-site and lab based Assessments typically consist of: Interviewing control system operators, engineers, and IT staff on configuration and use Touring the facility to see how things actually operate Doing a “table top” review of network and security (firewalls, IDS/IPS, etc.) In some cases, scanning the network and carrying out penetration type testing in a non-threatening posture (bench test, secondary system) 25
Assessment General Findings Default vendor accounts and passwords still in use Some systems hardcoded and unable to be changed! Guest accounts still available Unused software and services still on systems No security-level agreement with peer sites No security-level agreement with vendors Poor patch management (or patch programs) Extensive auto-logon capability Some findings can provide for attack vectors 26
Assessment General Findings continued Typical IT protections not widely used (firewalls, IDS, etc.) This has been improving in the last 6 months Little emphasis on reviewing security logs (Change management) Control system use of enterprise services (DNS, etc.) Shared passwords Web enabled critical field devices 27
NERC Top 10 Vulnerabilities – 2007 As identified by the Control System Security Working Group 1. Inadequate policies, procedures, and culture that govern control system security 2. Inadequately designed control system networks that lack sufficient defense-in-depth mechanisms 3. Remote access to the control system without appropriate access control 4. System administration mechanisms and software used in control systems are not adequately scrutinized or maintained 5. Use of inadequately secured wireless communication for control These are not in any order of importance 28
NERC Top 10 Vulnerabilities continued 6. Use of a non-dedicated communications channel for command and control and/or inappropriate use of control system network bandwidth for non-control purposes 7. Insufficient application of tools to detect and report on anomalous or inappropriate activity 8. Unauthorized or inappropriate applications or devices on control system networks 9. Control systems command and control data not authenticated 10. Inadequately managed, designed, or implemented critical support infrastructure These are not in any order of importance 29
Chemical Sector Awareness Video Developed in partnership between: U.S. Department of Homeland Security National Cyber Security Division Control Systems Security Program American Chemistry Council Chemical Sector Cyber Security Program 30
Vulnerabilities of System in Video Clear text communications Network switch configuration flaws Dynamic ARP tables Poorly defined firewall policy IDS configured poorly, unusable Poor application coding practices Improper application and service privileges No anti-virus software 32
Attack Process Demonstration Remote Hacker Inventory/ Sales Planning Staff Management PLC Business/ Process Internet Corporate Control Network Network Accounting Operator Human Department Master Machine Interface Slave Database Database 33
Common Perceptions IT’s View of Control Systems Control Systems View of IT They do not comply or They do not understand the cooperate constraints of operations Their systems are not secure They insist on measures that They are not in compliance will adversely affect plant with corporate standards operations They resist change Engineers believe connecting the control system to the Engineering sometimes viewed corporate LAN will increase as future point of attack the risk to operations To secure the entire network (process control and corporate), we need to work together. Realize the importance of each network and strive for security and reliability. 34
Defense-in-Depth Security 35
Security Is A Process, Not A Product Work closely with vendors and integrators to ensure security is a priority. Stay current on threats and vulnerabilities to control system environment. Get involved! Standards committees and working groups are looking for your input. 36
CSSP Mission and Objectives To strengthen the control system security posture by To strengthen the control system security posture by coordinating across government, private sector and international coordinating across government, private sector and international organizations to reduce the risk organizations to reduce the risk Build a culture of reliability, security and resilience Demonstrate value Address cross sector security interdependencies Provide thought leadership 37
18 Critical Infrastructure Sectors Homeland Security Presidential Directive 7 (HSPD-7) along with the National Infrastructure Protection Plan (NIPP) identified and categorized U.S. critical infrastructure into the following 17 CIKR sectors • Agriculture and Food • National Monuments and • Banking and Finance Icons • Chemical • Nuclear Reactors, • Commercial Facilities Materials, and Waste • Dams • Postal and Shipping • Defense Industrial Base • Public Health and • Emergency Services Healthcare • Energy • Telecommunications • Government Facilities • Transportation • Information Technology • Water “Critical Manufacturing” was announced as the 18th sector in April 2008 Many of the processes controlled by computerized control systems have advanced to the point that they can no longer be operated without the control system. 38
Cross Sector Interdependencies Control systems security is not sector specific Connectivity crosses geographic boundaries Sectors are not operationally isolated 39
Vulnerability Analysis Information Sharing Control System Vulnerability reports may be submitted via US-CERT Web Site and entered into National Vulnerability Database (NVD) CSSP Web site ‘Vulnerability Notes’ 14 vulnerability Notes published between May 2006 – February 2008 Vulnerabilities patched by vendors CSSC analysis shared across all sectors through products and trainings PCII is an information-protection tool that facilitates private sector information sharing with the government 40
Scenario Development Advance Vulnerability Discovery Identifying cyber attacks capable of achieving physical damage Combining cyber vulnerabilities with specific tactics, techniques & procedures to achieve maximum consequence Requires industry experience to identify control system risks 41
Briefings & Training Web Based Training Cyber Security for Control Systems Engineers & Operators OPSEC for Control Systems Instructor Led Courses Cyber Security Who Needs It? Control Systems Security for Managers Solutions for Process Control Security Introduction to Control Systems Security For the IT Professional Intermediate Control Systems Security Cyber Security Advanced Training and Workshop 42
Risk Reduction Products Self-Assessment Tool – CS2SAT Based on industry standards Capability: Creates baseline security posture Provides recommended solutions to improve security posture Standards specific reports (e.g. NERC CIP, DOD 8500.2) Availability: To industry through licensed distributors (fee based) To federal government through DHS (free) 43
Risk Reduction Products Cyber Security Procurement Language for Control Systems Building Security into Control Systems Provides sample or recommended language for control systems security requirements – New SCADA / control systems – Legacy systems – Maintenance contracts 44
Risk Reduction Products Catalog of Control Systems Security: Recommendations for Standards Developers Supporting Standards Development Provide guidance for cyber security requirements specific to control systems Enable a common security language across all industry sectors (harmonization of standards) Support standards bodies and industry associations to implement sound security practices in current standards 45
Develop Partnerships – Industry Control System Cyber Security Vendor’s Forum 46
Develop Partnerships – Public Process Control Systems Forum (PCSF) Mission: To accelerate the design, development, & deployment of more secure control & legacy systems Participants include national & international stakeholders from government, academia, industry users, owner/operators, systems integrators, & the vendor community For more information: www.pcsforum.org August 25-28, 2008 LaJolla CA 47
Cyber Security is a Shared Responsibility Report cyber incidents & vulnerabilities at www.us-cert.gov, soc@us-cert.gov, 703-235-5110, or 888-282-0870 Sign up for cyber alerts at www.us-cert.gov Learn more about CSSP at www.us-cert.gov/control_systems or email: CSSP@dhs.gov Contact information: National Cyber Security Division Seán P. McGurk, Director – Control Systems Security Program Sean.McGurk@dhs.gov 48
Bio for Todd Stauffer, Siemens PCS 7 Marketing Manager SE&A Liaison to PCSF (Process Control Security Forum) Vendor Forum Leading Security Assessment of PCS 7 by the Department of Homeland Security at the Idaho National Laboratory Siemens Marketing Representative to the ISA Security Compliance Institute (ISCI) page 49
DHS Control System Security Center Cyber Security Assessment of PCS 7 PCS 7 is being assessed for cyber vulnerabilities at the Control System Security Center. Part of: Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Control Systems Security Program (CSSP) The CSSP: - Helps industry and government improve the security of the control systems used in US critical infrastructure - (e.g. chemical, oil & gas, electric utilities, water & wastewater…) - Mission is assessment of control systems to identify vulnerabilities that could put critical infrastructures at risk from a cyber attack - Once vulnerabilities are identified, mitigation strategies are developed to enhance control system security Significant investment by both DHS and Siemens page 50
Motivation - Why would Siemens ask DHS to perform a security assessment on PCS 7 ? Validate & Improve PCS 7 Security Concept Leverage CSSP’s unique skillsets (eg. Aurora) Help us enhance the security posture of PCS 7 control systems Knowledge transfer for members of PCS 7 Security Lab Expand DHS / INL body of knowledge for protecting control systems that control US Critical Infrastructure Help our customers comply with new government regulations (eg. DHS’s Chemical Facility Antiterrorism standard) No official recognized body for certification at this time (ISCI will help change this) page 51
Siemens has a team within System Test that is dedicated to Industrial Security – PCS 7 Security Lab SIMATIC PCS 7/ WinCC security test system Tests MS security patches for compatibility Test Virus Scanner releases Definition / Testing of Approved Architectures Wrote PCS 7 Security Recommendations Document Ensures fast response to new security threats Performs intense Forefront testing to proactively identify vulnerabilities and minimize risks (results are fedback to R&D) Security Lab involvement in CSSP testing helps improve knowledge of attacker methods page 52
ISA Security Compliance Institute (ISCI) • Goal: Establish a collaborative industry- wide program that improves the security of our Nation’s Critical Infrastructure by providing a Control Environment that is…. Safer More Reliable Intrinsically Secure • To create a single recognizable body for Security Compliance - just like “TUV” is for Safety... ISASecure ISASecure
Test Architecture was derived based on what is described in the PCS 7 Security Manual 3rd Party OS Web Client Remote OPC Support Connection PC DMZ VPN Tunnel SCALANCE S Windows ISA Firewall OS Server ES SCALANCE S Safety System (SIS) BPCS page 54
Targets of Evaluation (TOE) were selected to stress key parts of the system and to leverage CSSP’s expertise Specific targets have been selected which are key functions of PCS 7 Test Plan Objectives cover steps that might be potential goals of a real attacker in order to exploit the control system and cause damage to equipment, service, or users TOE TOE Description Priority Number 1 Assess Vulnerabilities in DMZ Servers 2 Unauthorized Access to the Engineering Station 3 Unauthorized Access to Operators Workstation 4 Assess VPN Communications Security 5 Perform Protocol Fuzzing to Find Vulnerabilities 6 Unauthorized Configuration Database Access 7 Unauthorized Access to the Administrative Server page 55
TOE 1: Assess Vulnerability of DMZ Servers – Goal is for attacker to gain control of a server inside the DMZ Servers in the DMZ Central Archive Server (CAS) OS Web Server OpenPCS7 Server Infrastructure Server (includes WSUS, Virus Scan, and Certification Authority Servers) Gaining Control of a Server inside the DMZ is a stepping stone for getting into the Control System page 56
TOE 2: Unauthorized Access to the Engineering Station – Goal is for attacker to gain interactive login to PCS 7 ES The ES is used for development, maintenance and troubleshooting of the Basic Process Control System (BPCS) and for the Process Safety System (SIS). page 57
TOE 5: Perform Protocol Fuzzing to Find Vulnerabilities – Goal is to cause a communication disruption / overload Communication Paths TUV certified Safety System Communication Controller-to- Controller Plant Bus Terminal Bus Creating a Communication Overload Scenario is a common hacker method for attempting to take down a control system page 58
TOE 6: Unauthorized Configuration Database Access – Goal is to modify configuration from the PCS 7 ES Objectives Infiltrate PCS 7 ES and modify configuration Access / modify control system configuration without being detected Compromise controller configurations in BPCS (AS6) and SIS (AS4 – AS5) ES Hacker modifying a controller configuration would be a significant security breach page 59
Timeline for CSSP’s Security Testing of PCS 7 March (2008) – Face to-face Planning Meeting in KHE April / May – Procure Hardware and Stage test system May – Ship Test System from Germany to Idaho Falls June – Setup Test System at Idaho Falls July 1st – Begin Testing September 15th – Complete Testing Mid Sept – Mid Nov – Review & Document results November 15th – Deliver Final report to Siemens May 15th (2009) – Siemens After Action Report Due page 60
Lessons Learned We should make it easier for users to setup their system per the recommendations in the security manual PCS 7 Product documentation is inconsistent in places (Security Manual should override) Engineering System has the keys to the kingdom – Protect it ! Integrated Safety System has extra security features - Passwords - CRC checking - Controller Switch prevents unplanned downloads Establishing and following a workflow process (including Change Management) is important page 61
Q&A Thanks for Attending ! page 62

Recomendados

[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber SecurityOWASP EEE
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C KNarinrit Prem-apiwathanokul
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Zetakey Company Overview - IoT solutions 2021
Zetakey Company Overview - IoT solutions 2021Zetakey Company Overview - IoT solutions 2021
Zetakey Company Overview - IoT solutions 2021Jack Wong
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
SCADA Security
SCADA SecuritySCADA Security
SCADA Securityamiable_indian
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 

Recomendados

[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber SecurityOWASP EEE
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C KNarinrit Prem-apiwathanokul
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Zetakey Company Overview - IoT solutions 2021
Zetakey Company Overview - IoT solutions 2021Zetakey Company Overview - IoT solutions 2021
Zetakey Company Overview - IoT solutions 2021Jack Wong
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
SCADA Security
SCADA SecuritySCADA Security
SCADA Securityamiable_indian
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale funJan Seidl
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Digitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT systemDigitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT systemArron Zhao
 
U-level Data Center Asset IoT system
U-level Data Center Asset IoT systemU-level Data Center Asset IoT system
U-level Data Center Asset IoT systemArron Zhao
 
U level asset tracking system
U level asset tracking systemU level asset tracking system
U level asset tracking systemArron Zhao
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
SmarRack DCAM Solution
SmarRack DCAM SolutionSmarRack DCAM Solution
SmarRack DCAM SolutionArron Zhao
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET Journal
 
IRJET - Raspberry Pi based Intelligent Security System
IRJET - Raspberry Pi based Intelligent Security SystemIRJET - Raspberry Pi based Intelligent Security System
IRJET - Raspberry Pi based Intelligent Security SystemIRJET Journal
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 
Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...FAST-Lab. Factory Automation Systems and Technologies Laboratory, Tampere University of Technology
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 

Más contenido relacionado

La actualidad más candente

Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale funJan Seidl
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Digitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT systemDigitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT systemArron Zhao
 
U-level Data Center Asset IoT system
U-level Data Center Asset IoT systemU-level Data Center Asset IoT system
U-level Data Center Asset IoT systemArron Zhao
 
U level asset tracking system
U level asset tracking systemU level asset tracking system
U level asset tracking systemArron Zhao
 
SmarRack DCAM Solution
SmarRack DCAM SolutionSmarRack DCAM Solution
SmarRack DCAM SolutionArron Zhao
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET Journal
 
IRJET - Raspberry Pi based Intelligent Security System
IRJET - Raspberry Pi based Intelligent Security SystemIRJET - Raspberry Pi based Intelligent Security System
IRJET - Raspberry Pi based Intelligent Security SystemIRJET Journal
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 

La actualidad más candente (20)

Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale fun
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrol
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
Digitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT systemDigitalor U-level data center asset IoT system
Digitalor U-level data center asset IoT system
 
U-level Data Center Asset IoT system
U-level Data Center Asset IoT systemU-level Data Center Asset IoT system
U-level Data Center Asset IoT system
 
U level asset tracking system
U level asset tracking systemU level asset tracking system
U level asset tracking system
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
SmarRack DCAM Solution
SmarRack DCAM SolutionSmarRack DCAM Solution
SmarRack DCAM Solution
 
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
IRJET- Multifactor Authentication in IoT Devices for Ensuring Secure Cloud St...
 
IRJET - Raspberry Pi based Intelligent Security System
IRJET - Raspberry Pi based Intelligent Security SystemIRJET - Raspberry Pi based Intelligent Security System
IRJET - Raspberry Pi based Intelligent Security System
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
 

Similar a The Stuxnet Worm creation process

Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 
Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems aswanthmrajeev112
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesIşınsu Akçetin
 
Plugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlowPlugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlowNetFlow Analyzer
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security SuiteCharles McNeil
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesKrishna Chennareddy
 
Comparison of network intrusion detection
Comparison of network intrusion detectionComparison of network intrusion detection
Comparison of network intrusion detectionmtamilpriya
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Scada Strangelove - 29c3
Scada Strangelove - 29c3Scada Strangelove - 29c3
Scada Strangelove - 29c3qqlan
 
Distributed Control System (Presentation)
Distributed Control System (Presentation)Distributed Control System (Presentation)
Distributed Control System (Presentation)Thunder Bolt
 
ICSA 2019 Architectural Security Weaknesses in Industrial Control Systems
ICSA 2019 Architectural Security Weaknesses in Industrial Control SystemsICSA 2019 Architectural Security Weaknesses in Industrial Control Systems
ICSA 2019 Architectural Security Weaknesses in Industrial Control SystemsDanielleGonzalez25
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
Pervasive computing and its Security Issues
Pervasive computing and its Security IssuesPervasive computing and its Security Issues
Pervasive computing and its Security IssuesPhearin Sok
 
Advanced Metering Infrastructure Security Test.pptx
Advanced Metering Infrastructure Security Test.pptxAdvanced Metering Infrastructure Security Test.pptx
Advanced Metering Infrastructure Security Test.pptxFrancesco Faenzi
 
[cb22] Red light in the factory - From 0 to 100 OT adversary emulation by Vi...
[cb22] Red light in the factory - From 0 to 100 OT adversary emulation by Vi...[cb22] Red light in the factory - From 0 to 100 OT adversary emulation by Vi...
[cb22] Red light in the factory - From 0 to 100 OT adversary emulation by Vi...CODE BLUE
 
NGSoft General Overview
NGSoft General OverviewNGSoft General Overview
NGSoft General OverviewMichael Starr
 

Similar a The Stuxnet Worm creation process (20)

Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2
 
Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded Devices
 
Plugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlowPlugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlow
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security Suite
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for Utilities
 
Comparison of network intrusion detection
Comparison of network intrusion detectionComparison of network intrusion detection
Comparison of network intrusion detection
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter Gateways
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Scada Strangelove - 29c3
Scada Strangelove - 29c3Scada Strangelove - 29c3
Scada Strangelove - 29c3
 
Distributed Control System (Presentation)
Distributed Control System (Presentation)Distributed Control System (Presentation)
Distributed Control System (Presentation)
 
ICSA 2019 Architectural Security Weaknesses in Industrial Control Systems
ICSA 2019 Architectural Security Weaknesses in Industrial Control SystemsICSA 2019 Architectural Security Weaknesses in Industrial Control Systems
ICSA 2019 Architectural Security Weaknesses in Industrial Control Systems
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles
 
Pervasive computing and its Security Issues
Pervasive computing and its Security IssuesPervasive computing and its Security Issues
Pervasive computing and its Security Issues
 
Advanced Metering Infrastructure Security Test.pptx
Advanced Metering Infrastructure Security Test.pptxAdvanced Metering Infrastructure Security Test.pptx
Advanced Metering Infrastructure Security Test.pptx
 
[cb22] Red light in the factory - From 0 to 100 OT adversary emulation by Vi...
[cb22] Red light in the factory - From 0 to 100 OT adversary emulation by Vi...[cb22] Red light in the factory - From 0 to 100 OT adversary emulation by Vi...
[cb22] Red light in the factory - From 0 to 100 OT adversary emulation by Vi...
 
NGSoft General Overview
NGSoft General OverviewNGSoft General Overview
NGSoft General Overview
 
12 wireless ips-ss_12-17-10_a
12 wireless ips-ss_12-17-10_a12 wireless ips-ss_12-17-10_a
12 wireless ips-ss_12-17-10_a
 

Más de Ajay Ohri

Introduction to R ajay Ohri
Introduction to R ajay OhriIntroduction to R ajay Ohri
Introduction to R ajay OhriAjay Ohri
 
Introduction to R
Introduction to RIntroduction to R
Introduction to RAjay Ohri
 
Social Media and Fake News in the 2016 Election
Social Media and Fake News in the 2016 ElectionSocial Media and Fake News in the 2016 Election
Social Media and Fake News in the 2016 ElectionAjay Ohri
 
Download Python for R Users pdf for free
Download Python for R Users pdf for freeDownload Python for R Users pdf for free
Download Python for R Users pdf for freeAjay Ohri
 
Install spark on_windows10
Install spark on_windows10Install spark on_windows10
Install spark on_windows10Ajay Ohri
 
Ajay ohri Resume
Ajay ohri ResumeAjay ohri Resume
Ajay ohri ResumeAjay Ohri
 
Statistics for data scientists
Statistics for data scientistsStatistics for data scientists
Statistics for data scientistsAjay Ohri
 
National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...Ajay Ohri
 
Tools and techniques for data science
Tools and techniques for data scienceTools and techniques for data science
Tools and techniques for data scienceAjay Ohri
 
How Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessHow Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessAjay Ohri
 
Training in Analytics and Data Science
Training in Analytics and Data ScienceTraining in Analytics and Data Science
Training in Analytics and Data ScienceAjay Ohri
 
Software Testing for Data Scientists
Software Testing for Data ScientistsSoftware Testing for Data Scientists
Software Testing for Data ScientistsAjay Ohri
 
A Data Science Tutorial in Python
A Data Science Tutorial in PythonA Data Science Tutorial in Python
A Data Science Tutorial in PythonAjay Ohri
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsAjay Ohri
 
Using R for Social Media and Sports Analytics
Using R for Social Media and Sports AnalyticsUsing R for Social Media and Sports Analytics
Using R for Social Media and Sports AnalyticsAjay Ohri
 
Kush stats alpha
Kush stats alpha Kush stats alpha
Kush stats alpha Ajay Ohri
 
Analyze this
Analyze thisAnalyze this
Analyze thisAjay Ohri
 

Más de Ajay Ohri (20)

Introduction to R ajay Ohri
Introduction to R ajay OhriIntroduction to R ajay Ohri
Introduction to R ajay Ohri
 
Introduction to R
Introduction to RIntroduction to R
Introduction to R
 
Social Media and Fake News in the 2016 Election
Social Media and Fake News in the 2016 ElectionSocial Media and Fake News in the 2016 Election
Social Media and Fake News in the 2016 Election
 
Pyspark
PysparkPyspark
Pyspark
 
Download Python for R Users pdf for free
Download Python for R Users pdf for freeDownload Python for R Users pdf for free
Download Python for R Users pdf for free
 
Install spark on_windows10
Install spark on_windows10Install spark on_windows10
Install spark on_windows10
 
Ajay ohri Resume
Ajay ohri ResumeAjay ohri Resume
Ajay ohri Resume
 
Statistics for data scientists
Statistics for data scientistsStatistics for data scientists
Statistics for data scientists
 
National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...
 
Tools and techniques for data science
Tools and techniques for data scienceTools and techniques for data science
Tools and techniques for data science
 
How Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessHow Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help business
 
Training in Analytics and Data Science
Training in Analytics and Data ScienceTraining in Analytics and Data Science
Training in Analytics and Data Science
 
Tradecraft
Tradecraft Tradecraft
Tradecraft
 
Software Testing for Data Scientists
Software Testing for Data ScientistsSoftware Testing for Data Scientists
Software Testing for Data Scientists
 
Craps
CrapsCraps
Craps
 
A Data Science Tutorial in Python
A Data Science Tutorial in PythonA Data Science Tutorial in Python
A Data Science Tutorial in Python
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen Ooms
 
Using R for Social Media and Sports Analytics
Using R for Social Media and Sports AnalyticsUsing R for Social Media and Sports Analytics
Using R for Social Media and Sports Analytics
 
Kush stats alpha
Kush stats alpha Kush stats alpha
Kush stats alpha
 
Analyze this
Analyze thisAnalyze this
Analyze this
 

Último

2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)Delhi Call girls
 
The Selfspace Journal Preview by Mindbrush
The Selfspace Journal Preview by MindbrushThe Selfspace Journal Preview by Mindbrush
The Selfspace Journal Preview by MindbrushShivain97
 
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Morcall Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Morvikas rana
 
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female serviceanilsa9823
 
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)Delhi Call girls
 
Call Girls Anjuna beach Mariott Resort ₰8588052666
Call Girls Anjuna beach Mariott Resort ₰8588052666Call Girls Anjuna beach Mariott Resort ₰8588052666
Call Girls Anjuna beach Mariott Resort ₰8588052666nishakur201
 
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...anilsa9823
 
CALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual serviceanilsa9823
 
CALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual serviceanilsa9823
 
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Pokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy TheoryPokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy Theorydrae5
 
Introducing to billionaire brain wave.pdf
Introducing to billionaire brain wave.pdfIntroducing to billionaire brain wave.pdf
Introducing to billionaire brain wave.pdfnoumannajam04
 
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girlsPooja Nehwal
 
call girls in candolim beach 9870370636] NORTH GOA ..
call girls in candolim beach 9870370636] NORTH GOA ..call girls in candolim beach 9870370636] NORTH GOA ..
call girls in candolim beach 9870370636] NORTH GOA ..nishakur201
 
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual serviceanilsa9823
 
LC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdfLC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdfpastor83
 
CALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual serviceanilsa9823
 
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...PsychicRuben LoveSpells
 

Último (20)

2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)
 
The Selfspace Journal Preview by Mindbrush
The Selfspace Journal Preview by MindbrushThe Selfspace Journal Preview by Mindbrush
The Selfspace Journal Preview by Mindbrush
 
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Morcall Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
 
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
 
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
 
Call Girls Anjuna beach Mariott Resort ₰8588052666
Call Girls Anjuna beach Mariott Resort ₰8588052666Call Girls Anjuna beach Mariott Resort ₰8588052666
Call Girls Anjuna beach Mariott Resort ₰8588052666
 
(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7
(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7
(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7
 
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
 
CALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual service
 
CALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual service
 
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Pokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy TheoryPokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy Theory
 
Introducing to billionaire brain wave.pdf
Introducing to billionaire brain wave.pdfIntroducing to billionaire brain wave.pdf
Introducing to billionaire brain wave.pdf
 
(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...
(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...
(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...
 
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
 
call girls in candolim beach 9870370636] NORTH GOA ..
call girls in candolim beach 9870370636] NORTH GOA ..call girls in candolim beach 9870370636] NORTH GOA ..
call girls in candolim beach 9870370636] NORTH GOA ..
 
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
 
LC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdfLC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdf
 
CALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual service
 
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
 

The Stuxnet Worm creation process

  • 1. 2008 Automation Summit A Users Conference ID#: 2481 Title: Control System Security Assessments Track: Industrial Security Presenters: Marty Edwards Idaho National Laboratory Todd Stauffer Siemens
  • 2. Cyber Security Series at the Summit 2488 – Catch me if you can Real Life Examples of Security Professionals Breaking into Industrial Control Rooms and Corporate Offices Jonathan Pollet (Industrial Defender) 2481 – Control System Security Assessments You are here ! 6– Cyber Security Panel Session 4:15pm – 5:30pm Room 327 page 2
  • 3. Control System Security Assessments 2008 Siemens Automation Summit Program Sponsor: Control Systems Security Program National Cyber Security Division U.S. Department of Homeland Security
  • 4. Presenter Marty Edwards 17+ yrs of experience working with control systems from the perspectives of a vendor and an end user Marty.Edwards@inl.gov (208) 526-9372 4
  • 5. Session Overview Introduction Vulnerabilities and Threat Trends Assessment Findings Control Systems Security Program Review Summary and Questions Hand over to Todd Stauffer – Siemens 5
  • 6. Definition of a Control System The term “Industrial Control System” (ICS) refers to a broad set of control systems, which include: SCADA (Supervisory Control and Data Acquisition) DCS (Distributed Control System) PCS (Process Control System) EMS (Energy Management System) AS (Automation System) SIS (Safety Instrumented System) Any other automated control system 6
  • 7. Control System Basics Human Machine Interfaces (HMI) and Operator Sensors Control Displays Valves Programmable Logic Controllers (PLC) Motor Controls I/O Remote Comms Master Meters PLC Protocols SCADA Sensors IED Ethernet server Field RTU Serial HMI Devices Controller. Wireless EMS DCS Field Devices Control Center 7
  • 8. Evolution – Panel Based Controls Push Buttons Single Loop Controls Stand Alone No Networks No Communication From a cyber security standpoint this system is ‘isolated’ 8
  • 9. Evolution – Legacy Equipment Proprietary Networks Proprietary OS No Ethernet No Intranet connections “Security by Obscurity” From a cyber security standpoint this system is ‘exploitable – but not a trivial task’ 9
  • 10. Evolution – Modern Equipment Ethernet everywhere Wireless ‘in the rack’ Remote configuration Windows & Linux OS Commercial Off The Shelf (COTS) From a cyber security standpoint this system is ‘a huge challenge – readily exploitable’ 10
  • 11. Control from your PDA Advancements will make accessing key systems very easy Applications running on known-to-be-vulnerable systems 11
  • 12. Control via the Internet Systems are DIRECTLY connected to the Internet Some of these systems have very poor security: Lack of encryption methods (like VPN access) Sites use published vendor default passwords Sites using domain names that point to function like “SCADAforyourcity.com” Utilizing Internet search engines it is quite easy to find some of these sites… 12
  • 13. Example HMI access from the web These screens actually have control of a city’s water pumping facility Real HMI screens pulled off the Internet HMI only required vendor default usernames to login 13
  • 14. Control Systems Are Gaining Interest Currently, a cyber attack on Industrial Control Systems is one of the only ways to induce real-world physical actions from the virtual realm of the Internet This is leading to an increased level of interest in Industrial Control Systems by ‘black hat’ groups Due to the complex nature of network-based control systems, it becomes very hard to distinguish between normal operational nuances and an actual attack. 14
  • 15. Risk Drivers: Threats International and domestic terrorism, and nation state cyber warfare – asymmetric warfare Interdependency of critical sectors can increase the overall appeal using cyber as an attack tool Internet increases availability of hacker tools along with information about infrastructures and control systems Emergence of a strong financial motive for cyber crime to exploit vulnerabilities “We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities.” – CIA Senior Analyst 15
  • 16. Cyber Threat Trends Malicious Code Morphing High “Stealth”/Advanced Era of Modern Scanning Techniques Information BOTS Attack Sophistication Denial of Service Technology Intruder Knowledge Zombies Network Management Diagnostics Distributed Attack Tools Sweepers Current SCADAWWW Attacks Back Doors Automated Probes/Scans Zone of Defense Disabling Audits Packet Spoofing Era of Legacy Sniffers Control SystemHijacking Sessions Exploiting Known Vulnerabilities Technology Password Cracking Self-Replicating Code Low Password Guessing 1980 1985 1990 1995 2000 2005 2010 Lipson, H. F., Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues, Special Report CMS/SEI-2002-SR-009, November 2002, page 10. 16
  • 17. Types of Attackers Crackers Insiders Break into computers for Disrupt their corporate profit or bragging rights network, sometimes an accident, often for revenge Attackers May Utilize Each Others Resources… Terrorists Hostile Countries Attack systems for cause Attack enemy countries’ or ideology computers 17
  • 18. Cyber Incidents Incident Plant shutdown from game installed from infected disk onto a PLC workstation. Virus ‘fix’ erased licensing keys. 2003 SoBig virus affected rail dispatch and signaling systems, halting train service for 6 hours. 2004 Sasser worm disabled oil platforms for 2 days by crawling through the network via HTTP and NetBios ports. 100’s of documented cases exist, but details are often sketchy 18
  • 19. Brown’s Ferry (TVA) August 19,2006 Not a cyber attack, but clearly shows impact of a cyber incident on NPP operations Variable Frequency Drives (VFD) on recirculation pumps became non- responsive 19
  • 20. Hatch NPP Introduction of SW caused SIS to initiate plant shutdown Connection from Corp to SCADA ensure a synchronization and reboot of all machines …there was full two-way communication between System behaved as it was supposed to certain computers on the plant's corporate and control networks. 20
  • 21. Harrisburg, PA water facility 21
  • 23. Insider Threat 2 deny hacking into L.A.'s traffic light system Two accused of hacking into L.A.'s traffic light system plead not guilty. They allegedly chose intersections they knew would cause major jams. By Sharon Bernstein and Andrew Blankstein, Times Staff Writers - January 9, 2007 Back in August, the union representing the city's traffic engineers vowed that on the day of their work action, "Los Angeles is not going to be a fun place to drive." City officials took the threat seriously. Fearful that the strikers could wreak havoc on the surface street system, they temporarily blocked all engineers from access to the computer that controls traffic signals. But officials now allege that two engineers, Kartik Patel and Gabriel Murillo, figured out how to hack in anyway. With a few clicks on a laptop computer, the pair — one a renowned traffic engineer profiled in the national media, the other a computer whiz who helped build the system — allegedly tied up traffic at four intersections for several days. Los Angeles Times 23
  • 24. Technology Assessments Vendor Assessment Objectives Control Systems Vendor Partnership Utilizing expertise at Control Systems Security Center (CSSC) Benefits: Identify specific cyber security vulnerabilities Mitigate vulnerability in partnership with vendors Deliver cyber security solutions to end users through patches and products 24
  • 25. Assessments Joint findings from government sector agencies and company sponsored programs Assessments were both on-site and lab based Assessments typically consist of: Interviewing control system operators, engineers, and IT staff on configuration and use Touring the facility to see how things actually operate Doing a “table top” review of network and security (firewalls, IDS/IPS, etc.) In some cases, scanning the network and carrying out penetration type testing in a non-threatening posture (bench test, secondary system) 25
  • 26. Assessment General Findings Default vendor accounts and passwords still in use Some systems hardcoded and unable to be changed! Guest accounts still available Unused software and services still on systems No security-level agreement with peer sites No security-level agreement with vendors Poor patch management (or patch programs) Extensive auto-logon capability Some findings can provide for attack vectors 26
  • 27. Assessment General Findings continued Typical IT protections not widely used (firewalls, IDS, etc.) This has been improving in the last 6 months Little emphasis on reviewing security logs (Change management) Control system use of enterprise services (DNS, etc.) Shared passwords Web enabled critical field devices 27
  • 28. NERC Top 10 Vulnerabilities – 2007 As identified by the Control System Security Working Group 1. Inadequate policies, procedures, and culture that govern control system security 2. Inadequately designed control system networks that lack sufficient defense-in-depth mechanisms 3. Remote access to the control system without appropriate access control 4. System administration mechanisms and software used in control systems are not adequately scrutinized or maintained 5. Use of inadequately secured wireless communication for control These are not in any order of importance 28
  • 29. NERC Top 10 Vulnerabilities continued 6. Use of a non-dedicated communications channel for command and control and/or inappropriate use of control system network bandwidth for non-control purposes 7. Insufficient application of tools to detect and report on anomalous or inappropriate activity 8. Unauthorized or inappropriate applications or devices on control system networks 9. Control systems command and control data not authenticated 10. Inadequately managed, designed, or implemented critical support infrastructure These are not in any order of importance 29
  • 30. Chemical Sector Awareness Video Developed in partnership between: U.S. Department of Homeland Security National Cyber Security Division Control Systems Security Program American Chemistry Council Chemical Sector Cyber Security Program 30
  • 31.
  • 32. Vulnerabilities of System in Video Clear text communications Network switch configuration flaws Dynamic ARP tables Poorly defined firewall policy IDS configured poorly, unusable Poor application coding practices Improper application and service privileges No anti-virus software 32
  • 33. Attack Process Demonstration Remote Hacker Inventory/ Sales Planning Staff Management PLC Business/ Process Internet Corporate Control Network Network Accounting Operator Human Department Master Machine Interface Slave Database Database 33
  • 34. Common Perceptions IT’s View of Control Systems Control Systems View of IT They do not comply or They do not understand the cooperate constraints of operations Their systems are not secure They insist on measures that They are not in compliance will adversely affect plant with corporate standards operations They resist change Engineers believe connecting the control system to the Engineering sometimes viewed corporate LAN will increase as future point of attack the risk to operations To secure the entire network (process control and corporate), we need to work together. Realize the importance of each network and strive for security and reliability. 34
  • 36. Security Is A Process, Not A Product Work closely with vendors and integrators to ensure security is a priority. Stay current on threats and vulnerabilities to control system environment. Get involved! Standards committees and working groups are looking for your input. 36
  • 37. CSSP Mission and Objectives To strengthen the control system security posture by To strengthen the control system security posture by coordinating across government, private sector and international coordinating across government, private sector and international organizations to reduce the risk organizations to reduce the risk Build a culture of reliability, security and resilience Demonstrate value Address cross sector security interdependencies Provide thought leadership 37
  • 38. 18 Critical Infrastructure Sectors Homeland Security Presidential Directive 7 (HSPD-7) along with the National Infrastructure Protection Plan (NIPP) identified and categorized U.S. critical infrastructure into the following 17 CIKR sectors • Agriculture and Food • National Monuments and • Banking and Finance Icons • Chemical • Nuclear Reactors, • Commercial Facilities Materials, and Waste • Dams • Postal and Shipping • Defense Industrial Base • Public Health and • Emergency Services Healthcare • Energy • Telecommunications • Government Facilities • Transportation • Information Technology • Water “Critical Manufacturing” was announced as the 18th sector in April 2008 Many of the processes controlled by computerized control systems have advanced to the point that they can no longer be operated without the control system. 38
  • 39. Cross Sector Interdependencies Control systems security is not sector specific Connectivity crosses geographic boundaries Sectors are not operationally isolated 39
  • 40. Vulnerability Analysis Information Sharing Control System Vulnerability reports may be submitted via US-CERT Web Site and entered into National Vulnerability Database (NVD) CSSP Web site ‘Vulnerability Notes’ 14 vulnerability Notes published between May 2006 – February 2008 Vulnerabilities patched by vendors CSSC analysis shared across all sectors through products and trainings PCII is an information-protection tool that facilitates private sector information sharing with the government 40
  • 41. Scenario Development Advance Vulnerability Discovery Identifying cyber attacks capable of achieving physical damage Combining cyber vulnerabilities with specific tactics, techniques & procedures to achieve maximum consequence Requires industry experience to identify control system risks 41
  • 42. Briefings & Training Web Based Training Cyber Security for Control Systems Engineers & Operators OPSEC for Control Systems Instructor Led Courses Cyber Security Who Needs It? Control Systems Security for Managers Solutions for Process Control Security Introduction to Control Systems Security For the IT Professional Intermediate Control Systems Security Cyber Security Advanced Training and Workshop 42
  • 43. Risk Reduction Products Self-Assessment Tool – CS2SAT Based on industry standards Capability: Creates baseline security posture Provides recommended solutions to improve security posture Standards specific reports (e.g. NERC CIP, DOD 8500.2) Availability: To industry through licensed distributors (fee based) To federal government through DHS (free) 43
  • 44. Risk Reduction Products Cyber Security Procurement Language for Control Systems Building Security into Control Systems Provides sample or recommended language for control systems security requirements – New SCADA / control systems – Legacy systems – Maintenance contracts 44
  • 45. Risk Reduction Products Catalog of Control Systems Security: Recommendations for Standards Developers Supporting Standards Development Provide guidance for cyber security requirements specific to control systems Enable a common security language across all industry sectors (harmonization of standards) Support standards bodies and industry associations to implement sound security practices in current standards 45
  • 46. Develop Partnerships – Industry Control System Cyber Security Vendor’s Forum 46
  • 47. Develop Partnerships – Public Process Control Systems Forum (PCSF) Mission: To accelerate the design, development, & deployment of more secure control & legacy systems Participants include national & international stakeholders from government, academia, industry users, owner/operators, systems integrators, & the vendor community For more information: www.pcsforum.org August 25-28, 2008 LaJolla CA 47
  • 48. Cyber Security is a Shared Responsibility Report cyber incidents & vulnerabilities at www.us-cert.gov, soc@us-cert.gov, 703-235-5110, or 888-282-0870 Sign up for cyber alerts at www.us-cert.gov Learn more about CSSP at www.us-cert.gov/control_systems or email: CSSP@dhs.gov Contact information: National Cyber Security Division Seán P. McGurk, Director – Control Systems Security Program Sean.McGurk@dhs.gov 48
  • 49. Bio for Todd Stauffer, Siemens PCS 7 Marketing Manager SE&A Liaison to PCSF (Process Control Security Forum) Vendor Forum Leading Security Assessment of PCS 7 by the Department of Homeland Security at the Idaho National Laboratory Siemens Marketing Representative to the ISA Security Compliance Institute (ISCI) page 49
  • 50. DHS Control System Security Center Cyber Security Assessment of PCS 7 PCS 7 is being assessed for cyber vulnerabilities at the Control System Security Center. Part of: Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Control Systems Security Program (CSSP) The CSSP: - Helps industry and government improve the security of the control systems used in US critical infrastructure - (e.g. chemical, oil & gas, electric utilities, water & wastewater…) - Mission is assessment of control systems to identify vulnerabilities that could put critical infrastructures at risk from a cyber attack - Once vulnerabilities are identified, mitigation strategies are developed to enhance control system security Significant investment by both DHS and Siemens page 50
  • 51. Motivation - Why would Siemens ask DHS to perform a security assessment on PCS 7 ? Validate & Improve PCS 7 Security Concept Leverage CSSP’s unique skillsets (eg. Aurora) Help us enhance the security posture of PCS 7 control systems Knowledge transfer for members of PCS 7 Security Lab Expand DHS / INL body of knowledge for protecting control systems that control US Critical Infrastructure Help our customers comply with new government regulations (eg. DHS’s Chemical Facility Antiterrorism standard) No official recognized body for certification at this time (ISCI will help change this) page 51
  • 52. Siemens has a team within System Test that is dedicated to Industrial Security – PCS 7 Security Lab SIMATIC PCS 7/ WinCC security test system Tests MS security patches for compatibility Test Virus Scanner releases Definition / Testing of Approved Architectures Wrote PCS 7 Security Recommendations Document Ensures fast response to new security threats Performs intense Forefront testing to proactively identify vulnerabilities and minimize risks (results are fedback to R&D) Security Lab involvement in CSSP testing helps improve knowledge of attacker methods page 52
  • 53. ISA Security Compliance Institute (ISCI) • Goal: Establish a collaborative industry- wide program that improves the security of our Nation’s Critical Infrastructure by providing a Control Environment that is…. Safer More Reliable Intrinsically Secure • To create a single recognizable body for Security Compliance - just like “TUV” is for Safety... ISASecure ISASecure
  • 54. Test Architecture was derived based on what is described in the PCS 7 Security Manual 3rd Party OS Web Client Remote OPC Support Connection PC DMZ VPN Tunnel SCALANCE S Windows ISA Firewall OS Server ES SCALANCE S Safety System (SIS) BPCS page 54
  • 55. Targets of Evaluation (TOE) were selected to stress key parts of the system and to leverage CSSP’s expertise Specific targets have been selected which are key functions of PCS 7 Test Plan Objectives cover steps that might be potential goals of a real attacker in order to exploit the control system and cause damage to equipment, service, or users TOE TOE Description Priority Number 1 Assess Vulnerabilities in DMZ Servers 2 Unauthorized Access to the Engineering Station 3 Unauthorized Access to Operators Workstation 4 Assess VPN Communications Security 5 Perform Protocol Fuzzing to Find Vulnerabilities 6 Unauthorized Configuration Database Access 7 Unauthorized Access to the Administrative Server page 55
  • 56. TOE 1: Assess Vulnerability of DMZ Servers – Goal is for attacker to gain control of a server inside the DMZ Servers in the DMZ Central Archive Server (CAS) OS Web Server OpenPCS7 Server Infrastructure Server (includes WSUS, Virus Scan, and Certification Authority Servers) Gaining Control of a Server inside the DMZ is a stepping stone for getting into the Control System page 56
  • 57. TOE 2: Unauthorized Access to the Engineering Station – Goal is for attacker to gain interactive login to PCS 7 ES The ES is used for development, maintenance and troubleshooting of the Basic Process Control System (BPCS) and for the Process Safety System (SIS). page 57
  • 58. TOE 5: Perform Protocol Fuzzing to Find Vulnerabilities – Goal is to cause a communication disruption / overload Communication Paths TUV certified Safety System Communication Controller-to- Controller Plant Bus Terminal Bus Creating a Communication Overload Scenario is a common hacker method for attempting to take down a control system page 58
  • 59. TOE 6: Unauthorized Configuration Database Access – Goal is to modify configuration from the PCS 7 ES Objectives Infiltrate PCS 7 ES and modify configuration Access / modify control system configuration without being detected Compromise controller configurations in BPCS (AS6) and SIS (AS4 – AS5) ES Hacker modifying a controller configuration would be a significant security breach page 59
  • 60. Timeline for CSSP’s Security Testing of PCS 7 March (2008) – Face to-face Planning Meeting in KHE April / May – Procure Hardware and Stage test system May – Ship Test System from Germany to Idaho Falls June – Setup Test System at Idaho Falls July 1st – Begin Testing September 15th – Complete Testing Mid Sept – Mid Nov – Review & Document results November 15th – Deliver Final report to Siemens May 15th (2009) – Siemens After Action Report Due page 60
  • 61. Lessons Learned We should make it easier for users to setup their system per the recommendations in the security manual PCS 7 Product documentation is inconsistent in places (Security Manual should override) Engineering System has the keys to the kingdom – Protect it ! Integrated Safety System has extra security features - Passwords - CRC checking - Controller Switch prevents unplanned downloads Establishing and following a workflow process (including Change Management) is important page 61
  • 62. Q&A Thanks for Attending ! page 62