SlideShare a Scribd company logo

Cybersecurity in Industrial Control Systems (ICS)

Joan Figueras Tugas
Joan Figueras Tugas

Presented at ISACA's EuroCACS 2015 (Copenhaguen). Understand the impact of Industrial Control Systems (ICS) on the security ecosystem. Expand the knowledge on SCADA systems and how cyberattacks can have physical consequences, bridging the cyber and physical worlds.

Technology
1 of 24
Download to read offline
Juan Figueras, CISA
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS AGENDA • Introduction to Industrial Control Systems • Security Concerns (Cyber Incidents, CERT) • Threats and Vulnerabilities (ICS Exploitation, SHODAN) • IT/OT Convergence (Security Principles, Countermeasures) • Best Practices, Guidelines and Frameworks Juan Figueras, CISA Security & Privacy Consultant
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS INTRODUCTION Industrial processes • Manufacturing • Smart Grid • Utilities • Oil & Gas • Transport • Telecomm • Chemicals
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS DEFINITION Industrial Control Systems (ICS) are command and control network and systems designed to support industrial processes[1] [1] ENISA “Protecting Industrial Control Systems. Recommendations for Europe and Member States” (2011)
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS COMPONENTS • IED – Intelligent Electronic Device • RTU – Remote Terminal Units • PLC – Programmable Logic Controllers • DCS – Distributed Control Systems • HMI – Human-Machine Interfaces • SCADA – Supervisory Control and Data Acquisition
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS COMPONENTS SCADA DCS RTU PLC HMI IED
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS SECURITY CONCERNS • Weak communication protocols – Lack of authentication in most cases – Lack of encryption • Weak passwords – Default passwords – Insecure password management • Poor QoS (Quality of Service) – DoS “friendly” • Internet connected web servers without protection • Difficult or nonexistent patching – “If it isn’t broke, don’t fix it” – Extensive use of Windows XP
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS CYBER INCIDENTS Attack Year Description Vector Outcome Motivation German Steel Mill Cyber Attack 2014 Malware to gain access to the corporate network an then moved into the plant network Spear Phishing email Physical damage Unknown DragonFly 2014 Campaign against energy companies compromising ICS equipment SQL Injection & Remote Access Trojan Sabotage Espionage / Sabotage Telvent Canada attack 2012 Access to SCADA Admin Tools Malware New project files stolen Information Thief Stuxnet 2010 Rootkit to take control of ICS of nuclear power plants Infected USB flash drive Systems stop Sabotage Baku – Tbilisi - Ceyhan (BTC) pipeline attack 2009 Access to the pipeline’s control System to supress alarms ans manipulate the process Physical access to network Temporary disruption in pipeline transfers Geopolitics (?)
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS-CERT MONITOR 245 incidents received by ICS-CERT in 2014 [2] [2] ICS-CERT Monitor, September 2014 - February 2015, NCCIC
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS-CERT MONITOR 245 incidents received by ICS-CERT in 2014 • Unauthorized access and exploitation of Internet facing ICS/Supervisory Control and Data Acquisition (SCADA) devices • Exploitation of zero-day vulnerabilities in control system devices and software • Malware infections within air-gapped control system networks • SQL injection via exploitation of web application vulnerabilities • Network scanning and probing • Lateral movement between network zones • Targeted spear-phishing campaigns
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS-CERT MONITOR
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS EXPLOITATION: SHODAN DEMO (I) Gathering information
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS EXPLOITATION Project SHINE, uncovered that over 1 million SCADA / ICS systems are connected to the internet with unique IPs, and this figure is growing by between 2000 – 8000 per day.
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS EXPLOITATION: SHODAN DEMO (II) Common ICS ports port 102 Siemens S7 port 502 Modbus port 789 Red Lion port 20000 DNP3 port 34980 EtherCAT port 34962 PROFINET port 44818 EtherNet/IP port 47808 BACnet/IP
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS EXPLOITATION Open Sourced Vulnerability Database (http://www.osvdb.org)
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS IT/OT CONVERGENCE «The purpose of ENTERPRISE security is to protect the data residing in the servers from attack. The purpose of ICS security is to protect the ability of the facility to safely and securely operate, regardless of what may befall the rest of the network» [3] [3] Weiss, Joe; “Assuring Industrial Control Systems (ICS) Cyber Security”
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS SECURITY PRINCIPLES (IT vs. OT) CONFIDENTIALITY INTEGRITY AVAILABILITY IT Systems OT Systems (Business) (ICS) + importance - - importance +
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ISA95: ENTERPRISE – CONTROL SYSTEM INTEGRATION
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ISA95: ENTERPRISE – CONTROL SYSTEM INTEGRATION Level 0 Level 1 I/O, Devices and Sensors Production Process Device Networks Level 2 HMI, SCADA Level 3 MES, Batch, Historian Level 4 ERP. CRM, BI Business Planning & Logistics Manufacturing Operations Manufacturing Control and Monitoring Automation Networks Operations Networks Business Networks PLCs, DCS
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS COUNTERMEASURES [4] 1. Assess existing systems: Understand risk and prioritize vulnerabilities 2. Document policies and procedures: Determine position regarding ICS and develop company-specific policies 3. Train personnel and contractors: Develop and institute policy awareness and training programs 4. Segment the control system network: Create distinct network segments and isolate critical parts of the system using a “zone and conduit” model 5. Control access to the system: Provide physical and logistical access controls to both your zones and equipment 6. Harden the components of the system: Lock down the functionality of components 7. Monitor and maintain the system: Update antivirus signatures, install patches, and monitor the system for suspicious activity [4] Byres, Eric; “The Industrial Cybersecurity Problem” – ISA White Paper
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS BEST PRACTICES & GUIDELINES • ISA99/IEC 62443 Security for Industrial Automation and Control Systems • NIST SP 800-82 Guide to Industrial Control Systems (ICS) Security • ENISA Report (2011) Protecting Industrial Control Systems. Recommendations for Europe and Member States • IIC Technical Paper (2015) Industrial Internet Reference Architecture
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS FRAMEWORK: COBIT 5 Implementing NIST Cybersecurity Framework Using COBIT 5
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS SECURITY FRAMEWORK [5] Alcoforado, Ivan; “Leveraging Industrial Standards to Address Industrial Cybersecurity Risk”; ISACA Journal, Volume 4, 2016 Standards Leveraged for IACS Cybersecurity Framework Example [5]
#ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS THANK YOU! Juan Figueras, CISA Security & Privacy Consultant @JoanFiguerasT

Recommended

Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptDelforChacnCornejo
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsCommunity Protection Forum
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 

Recommended

Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptDelforChacnCornejo
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsCommunity Protection Forum
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Industrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceIndustrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceMichelle Holley
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
IoT security
IoT securityIoT security
IoT securityYashKesharwani2
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologiesSalih Islam
 
Soc
SocSoc
SocMukesh Chaudhari
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.AbutalebFahmi Albaheth
 
IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSJim Gilsinn
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 

More Related Content

What's hot

Industrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceIndustrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceMichelle Holley
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologiesSalih Islam
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.AbutalebFahmi Albaheth
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 

What's hot (20)

Industrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceIndustrial IoT and OT/IT Convergence
Industrial IoT and OT/IT Convergence
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security Presentation
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
IoT security
IoT securityIoT security
IoT security
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworks
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologies
 
Soc
SocSoc
Soc
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 

Viewers also liked

Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSJim Gilsinn
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsDavid Spinks
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14James Nesbitt
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksMaurice Dawson
 
Cyber Security resilience - what's in a number? The real threat to industrial...
Cyber Security resilience - what's in a number? The real threat to industrial...Cyber Security resilience - what's in a number? The real threat to industrial...
Cyber Security resilience - what's in a number? The real threat to industrial...Schneider Electric
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Digital Bond
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsShah Sheikh
 
CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonPatricia M Watson
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.Hardeep Bhurji
 
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Schneider Electric
 
Industrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentationIndustrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentationGavin Davey
 
BSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS securityBSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS securityChris Sistrunk
 
УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"
УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"
УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"Expolink
 

Viewers also liked (20)

Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control Systems
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
 
Cyber Security resilience - what's in a number? The real threat to industrial...
Cyber Security resilience - what's in a number? The real threat to industrial...Cyber Security resilience - what's in a number? The real threat to industrial...
Cyber Security resilience - what's in a number? The real threat to industrial...
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
 
Exp r35
Exp r35Exp r35
Exp r35
 
CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 Watson
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.
 
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
 
Industrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentationIndustrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentation
 
BSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS securityBSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS security
 
УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"
УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"
УЦСБ. Алексей Комаров. "Решения для ИБ АСУ ТП"
 

Similar to Cybersecurity in Industrial Control Systems (ICS)

[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksPriyanka Aash
 
Chariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsChariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsVandana Verma
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityA. V. Rajabahadur
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Samuel Kamuli
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...Dale Butler
 
European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada securityYulia Rotar
 
iFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
iFluids Cybersecurity Seminar CIC Qatar 2018 AgendaiFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
iFluids Cybersecurity Seminar CIC Qatar 2018 AgendaJohn Kingsley
 
Smart Manufacturing
Smart ManufacturingSmart Manufacturing
Smart ManufacturingCSA Group
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Dawn Yankeelov
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdfdhanywahyudi17
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 
Get to zero stealth natural gas_executive_overview_ch
Get to zero stealth natural gas_executive_overview_chGet to zero stealth natural gas_executive_overview_ch
Get to zero stealth natural gas_executive_overview_chSherid444
 

Similar to Cybersecurity in Industrial Control Systems (ICS) (20)

Iio t security std
Iio t security stdIio t security std
Iio t security std
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 
Chariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsChariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_Infosecgirls
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
 
European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada security
 
iFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
iFluids Cybersecurity Seminar CIC Qatar 2018 AgendaiFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
iFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
 
Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphy
 
Smart Manufacturing
Smart ManufacturingSmart Manufacturing
Smart Manufacturing
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdf
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
 
Get to zero stealth natural gas_executive_overview_ch
Get to zero stealth natural gas_executive_overview_chGet to zero stealth natural gas_executive_overview_ch
Get to zero stealth natural gas_executive_overview_ch
 

Recently uploaded

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 

Recently uploaded (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

Cybersecurity in Industrial Control Systems (ICS)

  • 2. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS AGENDA • Introduction to Industrial Control Systems • Security Concerns (Cyber Incidents, CERT) • Threats and Vulnerabilities (ICS Exploitation, SHODAN) • IT/OT Convergence (Security Principles, Countermeasures) • Best Practices, Guidelines and Frameworks Juan Figueras, CISA Security & Privacy Consultant
  • 3. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS INTRODUCTION Industrial processes • Manufacturing • Smart Grid • Utilities • Oil & Gas • Transport • Telecomm • Chemicals
  • 4. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS DEFINITION Industrial Control Systems (ICS) are command and control network and systems designed to support industrial processes[1] [1] ENISA “Protecting Industrial Control Systems. Recommendations for Europe and Member States” (2011)
  • 5. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS COMPONENTS • IED – Intelligent Electronic Device • RTU – Remote Terminal Units • PLC – Programmable Logic Controllers • DCS – Distributed Control Systems • HMI – Human-Machine Interfaces • SCADA – Supervisory Control and Data Acquisition
  • 6. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS COMPONENTS SCADA DCS RTU PLC HMI IED
  • 7. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS SECURITY CONCERNS • Weak communication protocols – Lack of authentication in most cases – Lack of encryption • Weak passwords – Default passwords – Insecure password management • Poor QoS (Quality of Service) – DoS “friendly” • Internet connected web servers without protection • Difficult or nonexistent patching – “If it isn’t broke, don’t fix it” – Extensive use of Windows XP
  • 8. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS CYBER INCIDENTS Attack Year Description Vector Outcome Motivation German Steel Mill Cyber Attack 2014 Malware to gain access to the corporate network an then moved into the plant network Spear Phishing email Physical damage Unknown DragonFly 2014 Campaign against energy companies compromising ICS equipment SQL Injection & Remote Access Trojan Sabotage Espionage / Sabotage Telvent Canada attack 2012 Access to SCADA Admin Tools Malware New project files stolen Information Thief Stuxnet 2010 Rootkit to take control of ICS of nuclear power plants Infected USB flash drive Systems stop Sabotage Baku – Tbilisi - Ceyhan (BTC) pipeline attack 2009 Access to the pipeline’s control System to supress alarms ans manipulate the process Physical access to network Temporary disruption in pipeline transfers Geopolitics (?)
  • 9. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS-CERT MONITOR 245 incidents received by ICS-CERT in 2014 [2] [2] ICS-CERT Monitor, September 2014 - February 2015, NCCIC
  • 10. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS-CERT MONITOR 245 incidents received by ICS-CERT in 2014 • Unauthorized access and exploitation of Internet facing ICS/Supervisory Control and Data Acquisition (SCADA) devices • Exploitation of zero-day vulnerabilities in control system devices and software • Malware infections within air-gapped control system networks • SQL injection via exploitation of web application vulnerabilities • Network scanning and probing • Lateral movement between network zones • Targeted spear-phishing campaigns
  • 11. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS-CERT MONITOR
  • 12. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS EXPLOITATION: SHODAN DEMO (I) Gathering information
  • 13. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS EXPLOITATION Project SHINE, uncovered that over 1 million SCADA / ICS systems are connected to the internet with unique IPs, and this figure is growing by between 2000 – 8000 per day.
  • 14. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS EXPLOITATION: SHODAN DEMO (II) Common ICS ports port 102 Siemens S7 port 502 Modbus port 789 Red Lion port 20000 DNP3 port 34980 EtherCAT port 34962 PROFINET port 44818 EtherNet/IP port 47808 BACnet/IP
  • 15. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS EXPLOITATION Open Sourced Vulnerability Database (http://www.osvdb.org)
  • 16. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS IT/OT CONVERGENCE «The purpose of ENTERPRISE security is to protect the data residing in the servers from attack. The purpose of ICS security is to protect the ability of the facility to safely and securely operate, regardless of what may befall the rest of the network» [3] [3] Weiss, Joe; “Assuring Industrial Control Systems (ICS) Cyber Security”
  • 17. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS SECURITY PRINCIPLES (IT vs. OT) CONFIDENTIALITY INTEGRITY AVAILABILITY IT Systems OT Systems (Business) (ICS) + importance - - importance +
  • 18. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ISA95: ENTERPRISE – CONTROL SYSTEM INTEGRATION
  • 19. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ISA95: ENTERPRISE – CONTROL SYSTEM INTEGRATION Level 0 Level 1 I/O, Devices and Sensors Production Process Device Networks Level 2 HMI, SCADA Level 3 MES, Batch, Historian Level 4 ERP. CRM, BI Business Planning & Logistics Manufacturing Operations Manufacturing Control and Monitoring Automation Networks Operations Networks Business Networks PLCs, DCS
  • 20. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS COUNTERMEASURES [4] 1. Assess existing systems: Understand risk and prioritize vulnerabilities 2. Document policies and procedures: Determine position regarding ICS and develop company-specific policies 3. Train personnel and contractors: Develop and institute policy awareness and training programs 4. Segment the control system network: Create distinct network segments and isolate critical parts of the system using a “zone and conduit” model 5. Control access to the system: Provide physical and logistical access controls to both your zones and equipment 6. Harden the components of the system: Lock down the functionality of components 7. Monitor and maintain the system: Update antivirus signatures, install patches, and monitor the system for suspicious activity [4] Byres, Eric; “The Industrial Cybersecurity Problem” – ISA White Paper
  • 21. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS BEST PRACTICES & GUIDELINES • ISA99/IEC 62443 Security for Industrial Automation and Control Systems • NIST SP 800-82 Guide to Industrial Control Systems (ICS) Security • ENISA Report (2011) Protecting Industrial Control Systems. Recommendations for Europe and Member States • IIC Technical Paper (2015) Industrial Internet Reference Architecture
  • 22. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS FRAMEWORK: COBIT 5 Implementing NIST Cybersecurity Framework Using COBIT 5
  • 23. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS ICS SECURITY FRAMEWORK [5] Alcoforado, Ivan; “Leveraging Industrial Standards to Address Industrial Cybersecurity Risk”; ISACA Journal, Volume 4, 2016 Standards Leveraged for IACS Cybersecurity Framework Example [5]
  • 24. #ICSSecurity Juan Figueras (@JoanFiguerasT) #EUROCACS THANK YOU! Juan Figueras, CISA Security & Privacy Consultant @JoanFiguerasT