SlideShare una empresa de Scribd logo

Industrial Cybersecurity & SCADA hacks presentation

G
Gavin Davey
1 de 11
Descargar para leer sin conexión
SCADA Cyber Security Attacks & & Mitigation Presentation Friday 8th 2016 Gavin Davey B.S.c (Hons 1st), CRISC, CEH, CISA, ISO RM, CLSSP, CCNP
What is different? • SbD • Air gaps • Network segmentation • Security Programme and policies • Risk Management • Regular audits • On-going pen testing & gap analysis
High Level Design
Real world examples • 2000 – Gazprom, Russia – Gas control lost for 1 week • 2001 – Australian treatment plant – 246, 000 gallons sewerage released • 2003 – US Power – 50 million people affected • 2003 – Ohio Nuclear Plant – Slammer worm • 2008 – Lodz city – 4 trams derailed • 2012 – Aramco – 10% of worlds oil • 2013 – Dragonfly with malware – Havex/Energetic bear • 2 weeks ago -Ukrainian power grid – 70, 000 homes affected
2008 Turkey – 1$bn
Incidents reported in 2014 to ICS –CERT (245 in total)
High Level Plan • Security-by-design (SbD) • Recruiting: • Commercial/Funded research • Resource
Questions?

Recomendados

16928 6274 1
16928 6274 116928 6274 1
16928 6274 1kibet sang
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009Narinrit Prem-apiwathanokul
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104pgmaynard
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14James Nesbitt
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 

Recomendados

16928 6274 1
16928 6274 116928 6274 1
16928 6274 1kibet sang
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009Narinrit Prem-apiwathanokul
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104pgmaynard
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14James Nesbitt
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksMaurice Dawson
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSJim Gilsinn
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and SecurityCan Demirel
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
Introduction to ICS/SCADA security
Introduction to ICS/SCADA securityIntroduction to ICS/SCADA security
Introduction to ICS/SCADA securityCysinfo Cyber Security Community
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel LinaresTI Safe
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale funJan Seidl
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael FirstenbergTI Safe
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA SecurityNarinrit Prem-apiwathanokul
 
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyAccenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyHoneywell
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 NetworksChris Sistrunk
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsCommunity Protection Forum
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...AVEVA
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 

Más contenido relacionado

La actualidad más candente

Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksMaurice Dawson
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSJim Gilsinn
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and SecurityCan Demirel
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel LinaresTI Safe
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale funJan Seidl
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael FirstenbergTI Safe
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
 
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyAccenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyHoneywell
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 NetworksChris Sistrunk
 

La actualidad más candente (20)

Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and Security
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
Introduction to ICS/SCADA security
Introduction to ICS/SCADA securityIntroduction to ICS/SCADA security
Introduction to ICS/SCADA security
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
 
[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale fun
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA Security
 
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyAccenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 Networks
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
 

Destacado

Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...AVEVA
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015AVEVA
 
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...RodBeckstrom
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityBen Liu
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsNowSecure
 

Destacado (10)

Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
 
chile-2015 (2)
chile-2015 (2)chile-2015 (2)
chile-2015 (2)
 
InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015
 
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
 

Similar a Industrial Cybersecurity & SCADA hacks presentation

Disruptive technologies smart grid jayant sinha final_2016
Disruptive technologies smart grid jayant sinha final_2016Disruptive technologies smart grid jayant sinha final_2016
Disruptive technologies smart grid jayant sinha final_2016Jayant Sinha
 
Volunteer Crowd Computing and Federated Cloud developments
Volunteer Crowd Computing and Federated Cloud developmentsVolunteer Crowd Computing and Federated Cloud developments
Volunteer Crowd Computing and Federated Cloud developmentsDavid Wallom
 
System Level Data and Technology Requirements of REV
System Level Data and Technology Requirements of REV System Level Data and Technology Requirements of REV
System Level Data and Technology Requirements of REV Smarter Grid Solutions
 
Industrial Threats Landscape, H2'2017
Industrial Threats Landscape, H2'2017Industrial Threats Landscape, H2'2017
Industrial Threats Landscape, H2'2017Kaspersky
 
U.S. Department of Energy 2015 Quadrennial Technology Review
U.S. Department of Energy 2015 Quadrennial Technology ReviewU.S. Department of Energy 2015 Quadrennial Technology Review
U.S. Department of Energy 2015 Quadrennial Technology ReviewKeith D. Patch
 
ACCC conductor overview
ACCC conductor overviewACCC conductor overview
ACCC conductor overviewDave Bryant
 
Thrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In ReviewThrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In ReviewJoe Slowik
 
Ahmed_Salah-El-Din_ instrument service engineer
Ahmed_Salah-El-Din_ instrument service engineerAhmed_Salah-El-Din_ instrument service engineer
Ahmed_Salah-El-Din_ instrument service engineerahmed salah
 
LLW challenges and developments FINAL pptx
LLW challenges and developments FINAL pptxLLW challenges and developments FINAL pptx
LLW challenges and developments FINAL pptxPeter ORMAI
 
SE4SG 2013 : MODAM: A MODular Agent-Based Modelling Framework
SE4SG 2013 : MODAM: A MODular Agent-Based Modelling Framework SE4SG 2013 : MODAM: A MODular Agent-Based Modelling Framework
SE4SG 2013 : MODAM: A MODular Agent-Based Modelling Framework Jenny Liu
 
Engineering the power system of the future
Engineering the power system of the futureEngineering the power system of the future
Engineering the power system of the futureemmaroche
 

Similar a Industrial Cybersecurity & SCADA hacks presentation (20)

Disruptive technologies smart grid jayant sinha final_2016
Disruptive technologies smart grid jayant sinha final_2016Disruptive technologies smart grid jayant sinha final_2016
Disruptive technologies smart grid jayant sinha final_2016
 
CaLEAP Energy Strategies Workshop June 25, 2013
CaLEAP Energy Strategies Workshop June 25, 2013CaLEAP Energy Strategies Workshop June 25, 2013
CaLEAP Energy Strategies Workshop June 25, 2013
 
2.3_SPIDERS Lessons and Observations_Sanborn_EPRI/SNL Microgrid
2.3_SPIDERS Lessons and Observations_Sanborn_EPRI/SNL Microgrid2.3_SPIDERS Lessons and Observations_Sanborn_EPRI/SNL Microgrid
2.3_SPIDERS Lessons and Observations_Sanborn_EPRI/SNL Microgrid
 
Volunteer Crowd Computing and Federated Cloud developments
Volunteer Crowd Computing and Federated Cloud developmentsVolunteer Crowd Computing and Federated Cloud developments
Volunteer Crowd Computing and Federated Cloud developments
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C K
 
System Level Data and Technology Requirements of REV
System Level Data and Technology Requirements of REV System Level Data and Technology Requirements of REV
System Level Data and Technology Requirements of REV
 
Space elevatorjun02
Space elevatorjun02Space elevatorjun02
Space elevatorjun02
 
Industrial Threats Landscape, H2'2017
Industrial Threats Landscape, H2'2017Industrial Threats Landscape, H2'2017
Industrial Threats Landscape, H2'2017
 
9.2_Microgrid Hardware-in-the-Loop Laboratory Testbed and Open Platform (HILL...
9.2_Microgrid Hardware-in-the-Loop Laboratory Testbed and Open Platform (HILL...9.2_Microgrid Hardware-in-the-Loop Laboratory Testbed and Open Platform (HILL...
9.2_Microgrid Hardware-in-the-Loop Laboratory Testbed and Open Platform (HILL...
 
U.S. Department of Energy 2015 Quadrennial Technology Review
U.S. Department of Energy 2015 Quadrennial Technology ReviewU.S. Department of Energy 2015 Quadrennial Technology Review
U.S. Department of Energy 2015 Quadrennial Technology Review
 
10.6_Utility Microgrids_Reid_EPRI/SNL Microgrid Symposium
10.6_Utility Microgrids_Reid_EPRI/SNL Microgrid Symposium10.6_Utility Microgrids_Reid_EPRI/SNL Microgrid Symposium
10.6_Utility Microgrids_Reid_EPRI/SNL Microgrid Symposium
 
ACCC conductor overview
ACCC conductor overviewACCC conductor overview
ACCC conductor overview
 
Thrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In ReviewThrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In Review
 
Power Grid Cybersecurity
Power Grid CybersecurityPower Grid Cybersecurity
Power Grid Cybersecurity
 
Ahmed_Salah-El-Din_ instrument service engineer
Ahmed_Salah-El-Din_ instrument service engineerAhmed_Salah-El-Din_ instrument service engineer
Ahmed_Salah-El-Din_ instrument service engineer
 
LLW challenges and developments FINAL pptx
LLW challenges and developments FINAL pptxLLW challenges and developments FINAL pptx
LLW challenges and developments FINAL pptx
 
BLD brochure
BLD brochureBLD brochure
BLD brochure
 
SE4SG 2013 : MODAM: A MODular Agent-Based Modelling Framework
SE4SG 2013 : MODAM: A MODular Agent-Based Modelling Framework SE4SG 2013 : MODAM: A MODular Agent-Based Modelling Framework
SE4SG 2013 : MODAM: A MODular Agent-Based Modelling Framework
 
Quantum Computing at NIST
Quantum Computing at NISTQuantum Computing at NIST
Quantum Computing at NIST
 
Engineering the power system of the future
Engineering the power system of the futureEngineering the power system of the future
Engineering the power system of the future
 

Industrial Cybersecurity & SCADA hacks presentation

  • 1. SCADA Cyber Security Attacks & & Mitigation Presentation Friday 8th 2016 Gavin Davey B.S.c (Hons 1st), CRISC, CEH, CISA, ISO RM, CLSSP, CCNP
  • 2. What is different? • SbD • Air gaps • Network segmentation • Security Programme and policies • Risk Management • Regular audits • On-going pen testing & gap analysis
  • 4. Real world examples • 2000 – Gazprom, Russia – Gas control lost for 1 week • 2001 – Australian treatment plant – 246, 000 gallons sewerage released • 2003 – US Power – 50 million people affected • 2003 – Ohio Nuclear Plant – Slammer worm • 2008 – Lodz city – 4 trams derailed • 2012 – Aramco – 10% of worlds oil • 2013 – Dragonfly with malware – Havex/Energetic bear • 2 weeks ago -Ukrainian power grid – 70, 000 homes affected
  • 6.
  • 7.
  • 8.
  • 9. Incidents reported in 2014 to ICS –CERT (245 in total)
  • 10. High Level Plan • Security-by-design (SbD) • Recruiting: • Commercial/Funded research • Resource