SlideShare una empresa de Scribd logo

Critical Infrastructure Cybersecurity Risks

Descargar como PPTX, PDF
Massimiliano Falcinelli
Massimiliano Falcinelli
1 de 37
Cybersecurity and Critical Infrastructure Massimiliano Falcinelli IT security systems International Atomic Energy Agency
Critical Infrastructure Sectors A definition from Department of Homeland Security of USA. There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.
Cybersecurity and Critical Infrastructure Chemical Sector Communications Sector Dams Sector Emergency Services Sector Financial Services Sector Government Facilities Sector Information Technology Sector Transportation Systems Sector Commercial Facilities Sector Critical Manufacturing Sector Defense Industrial Base Sector Energy Sector Food and Agriculture Sector Healthcare and Public Health Sector Nuclear Reactors Materials and Waste Sector Water and Wastewater Systems Sector
Looking back… First appearance of a dedicated section to the critical infrastructure sectors
What is missing .. On my opinion Chemical Sector Communications Sector Dams Sector Emergency Services Sector Financial Services Sector Government Facilities Sector Information Technology Sector Transportation Systems Sector Commercial Facilities Sector Critical Manufacturing Sector Defense Industrial Base Sector Energy Sector Food and Agriculture Sector Healthcare and Public Health Sector Nuclear Reactors Materials and Waste Sector Water and Wastewater Systems Sector The security engineer 
A security engineer: do we really need a Sec. Eng?
The awareness on Infosec is always growing.How come?
Cybersecurity investment: a cultural change Factors: - high-profile security incidents - cybersecurity and privacy A cultural change Companies are allocating more of their overall budget to protect themselves from the increased number of threats. ?????
Cybersecurity investment: a cultural change A cultural change TODAY
Cybersecurity investment: a cultural change Looking back…
What changed !!! The world has changed !!! Robotic Surgery ! Do you see any risk? So many IMEIs Do you see any risk?
What changed !!! The world has changed !!! Industrial Control Systems (ICS) are physical equipment oriented technologies and systems. Within the controls systems industry, Industrial Control Systems (ICS) are often referred to as Operational Technology (OT). An emerging classification developed by the National Science Foundation and NIST is to classify the hybrid IT and OT as Cyber- Physical Systems (CPS).
What changed !!! xxx.xxx.net//admin/admin.shtml
The world has changed !!! Not only for us !!! Info Sharing
The world has changed !!! Not only for us !!! Professional Tools
Social Network and Communication The world has changed !!! Not only for us !!!
Info Access The world has changed !!! Not only for us !!!
The SunnyWebBox example
The SunnyWebBox example This is not a critical infrastructure!! Yes .. It is .. 1 MWh circa 250 $  2,7 * 250$ = circa 700$/day !! 100 found in 1 hour  I can login, change the password, start to intercept modbus messages.. etc.. etc..
Info Access: So easy today .. and not only for us ..
Info Access: So easy today .. and not only for us ..
Info Access: So easy today .. and not only for us ..
The Modbus protocol, from SANS forum "Modbus Protocol is a messaging structure developed by Modicon in 1979. It is used to establish master-slave/client-server communication between intelligent devices. Modbus was originally developed as a proprietary communication/command protocol for SCADA/Process Control systems. It has been migrated to TCP/IP since 1999. One of the first main issues with Modbus is that it is not designed to be run on open networks, it was intended to be used on dedicated lines, such as a serial connection, or a closed network. Ideally this is achieved through an airgap between the PCS network and the corporate IT network. The Modbus protocol itself contains no security whatsoever. If you can communicate directly with a Modbus server or client you can issue commands. This can be quite important depending on the function that the slave devices are performing. The only real choices are as mentioned previously to completely airgap Modbus from any other network, or severely limit access to authorized masters.
Is the Modbus protocol today really secure? Not really… still many legacy systems with no security… and many new ones with no security settings…plus the encryption domain is still unknown(man in the middle  ) The Protocol Data Unit (PDU) of the MODBUS protocol is simple and independent from the underlying layers. It is composed of a Function code that determines the action to be taken with the following Data segment. SCADA (Supervisory Control and Data Acquisition) – (ICS Industrial Control Systems)
OK.. But are ICS/SCADA systems today in general secure? An example: The Modbus protocol. In an imagined scenario, if an attacker successfully insert a transceiver device between two nodes, it can monitor, disrupt and modify the communication or compromise it entirely. In 2010 a malware called Stuxnet systematically destroyed a fifth of Iran’s nuclear centrifuges by causing them to spin out of control. In 2013 two American cyber security experts took over the control of an oil rig. It could have been cause serious environmental disaster. In 2013 the SCADA Strangelove team reported their findings about the vulnerabilities of several industrial protocols including MODBUS. They exploited “zero day” bugs and took over entire networks within the matter of hours. In 2013 two ICS expert compromised multiple industrial facilities through radio frequency channel. They took access over temperature sensors, and were able to falsify the real data And Today?
Where are we today? Cyber attacks against supervisory control and data acquisition (SCADA) systems doubled in 2014, according to Dell’s annual threat report. The majority of these attacks targeted Finland, the United Kingdom, and the United States, Dell said, noting that the reason is likely the fact that SCADA systems are more common in these regions and more likely to be connected to the Internet. In 2014, Dell said that it saw 202,322 SCADA attacks in Finland, 69,656 in the UK, and 51,258 in the US.
Where are we today? “Since companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported,” said Patrick Sweeney, executive director, Dell Security. “This lack of information sharing combined with an aging industrial machinery infrastructure presents huge security challenges that will to continue to grow in the coming months and years.” “Because companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported,” Dell said in its report. “As a result, other industrial companies within the space might not even know a SCADA threat exists until they are targeted themselves.”
Where are we today? A recent report published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) showed that while ICS vendors have been targeted by various types of malicious actors, over half of the attacks reported to the agency in 2014 involved advanced persistent threats (APTs). ICS-CERT has issued alerts for multiple campaigns over the last year, including one which focused on the use of the Havex RAT in attacks aimed at ICS, and the second related to BlackEnergy Attacks exploiting vulnerabilities in products from GE, Advantech/Broadwin, and Siemens.
Where are we today? SCADA systems Acquisition: includes sensors, meters and field devices, such as photo sensors, pressure sensors, temperature sensors and flow sensors. In 2014, only about 1% of the total ICS/SCADA vulnerabilities were present in data acquisition. CVE-2014-2378. (road traffic sensor accepted modifications without sufficient checks) Conversion: Remote terminal unit (RTU), intelligent electronic devices (IEDs) and programmable logic controllers (PLC) In 2014 about 14% of vulnerabilities were present in the conversation component. PLC in CVE-2014-0769. (Port 4000/TCP debug service and Port 4001/TCP log service could allow modification of memory and logging). Communication: ModBus, DNP3, ControlNet, ProfiBus, ICCP, OCP and others. 21% of vulnerabilities were present in communication. CVE-2014-5410, CVE-2014-0761, CVE- 2014-2342, CVE-2013-6143 are some of the example that affected DNP3 components and DNP3 components. Source: Presentation and Control (HMI): This consists of devices used to monitor and control data received from various communication channels. It includes Human Machine Interface (HMI), which the operator uses to monitor and react to alerts and alarms. 63% were found in this component. Most ics/scada vendors have shifted or are shifting to web based HMIs. As a result a lot of directory traversal attacks, buffer overflows, XSS, SQL Injection, CSRF and other web related vulnerabilities affected this component. Some examples are CVE-2014-5436, CVE-2014-5417, CVE-2014-2358, CVE-2014-2376, CVE-2014- 2353 and CVE-2014-0751.
Where are we today? Source: As vendors migrate HMI to web based systems, more vulnerabilities have now appear in web HMI components. Data communication and conversion are still affected with vulnerabilities but attackers tend to gravitate towards the easiest path to exploitation and web based HMI is an easy target. HMI: human–machine interface
15 mins of my systems crawling for this presentation 
So many internet-connected systems.. No interest? “Allo stato attuale”, spiega il legale a Formiche.net, “i gruppi terroristici utilizzano le tecnologie o la rete Internet esclusivamente per scopi specifici, che però non hanno niente a che vedere con la raccolta di informazioni, ovvero con la possibilità di compiere attentati o, più in generale, di ingenerare terrore attraverso questi strumenti”. Will it change?
Be informed, be proactive …. And always ask your security engineers to double check, if you have one 
Be informed, be proactive and don’t forget the basic  Follow basic security practices: - Access control and access roles - Patching - Removing debug services - Check if your system is inadvertently exposed to the Internet - Couple that all above with auditing and vulnerability assessments - and you are on your way to a much better (and more secure) ICS/SCADA infrastructure. http://www.toolswatch.org/wp- content/uploads/2015/11/ICSSCADA-Top-10- Most-Dangerous-Software-Weaknesses.pdf
Be informed, be proactive and don’t forget the basic  Be aware of the threaths: Cyber Threats Black Energy Duqu Flame Havex Operation Cleaver Shamoon Stuxnet
Be informed, be proactive and don’t forget the basic  Tools and Guidelines:

Recomendados

IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET Journal
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Yokogawa
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443WoMaster
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
 
Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsEswar Publications
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
188
188188
188vivatechijri
 

Recomendados

IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET Journal
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Whitepaper | Network Security - How to defend your Plant against the threats ...
Whitepaper | Network Security - How to defend your Plant against the threats ...Yokogawa
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443WoMaster
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
 
Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsEswar Publications
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
188
188188
188vivatechijri
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]Sharpe Smith
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0mobileironmarketing
 
Security In an IoT World
Security In an IoT WorldSecurity In an IoT World
Security In an IoT Worldsyrinxtech
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...eSAT Publishing House
 
IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET Journal
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...SyedImranAliKazmi1
 
PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?syrinxtech
 
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud ComputingA Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computingijsrd.com
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52Felipe Prado
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 African Cyber Security Summit
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and SystemParam Nanavati
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution marketSameerShaikh225
 
Yared Hankins Wireless Key
Yared Hankins Wireless KeyYared Hankins Wireless Key
Yared Hankins Wireless Keysolvecore
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Deepak Mishra
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsSergey Gordeychik
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016David Glover
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
 
IT security - a never ending saga - M Falcinelli
IT security - a never ending saga - M FalcinelliIT security - a never ending saga - M Falcinelli
IT security - a never ending saga - M FalcinelliMassimiliano Falcinelli
 
Industrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentationIndustrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentationGavin Davey
 

Más contenido relacionado

La actualidad más candente

Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]Sharpe Smith
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0mobileironmarketing
 
Security In an IoT World
Security In an IoT WorldSecurity In an IoT World
Security In an IoT Worldsyrinxtech
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...eSAT Publishing House
 
IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET Journal
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...SyedImranAliKazmi1
 
PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?syrinxtech
 
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud ComputingA Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computingijsrd.com
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52Felipe Prado
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and SystemParam Nanavati
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution marketSameerShaikh225
 
Yared Hankins Wireless Key
Yared Hankins Wireless KeyYared Hankins Wireless Key
Yared Hankins Wireless Keysolvecore
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Deepak Mishra
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsSergey Gordeychik
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016David Glover
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
 

La actualidad más candente (20)

Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0
 
Security In an IoT World
Security In an IoT WorldSecurity In an IoT World
Security In an IoT World
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
 
IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the Decade
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
 
PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?
 
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud ComputingA Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computing
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and System
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution market
 
Yared Hankins Wireless Key
Yared Hankins Wireless KeyYared Hankins Wireless Key
Yared Hankins Wireless Key
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart grids
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
 

Destacado

IT security - a never ending saga - M Falcinelli
IT security - a never ending saga - M FalcinelliIT security - a never ending saga - M Falcinelli
IT security - a never ending saga - M FalcinelliMassimiliano Falcinelli
 
Industrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentationIndustrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentationGavin Davey
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...AVEVA
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Hacking Critical Infrastructure Like You’re Not a N00b
Hacking Critical Infrastructure Like You’re Not a N00bHacking Critical Infrastructure Like You’re Not a N00b
Hacking Critical Infrastructure Like You’re Not a N00bPriyanka Aash
 
Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015
Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015
Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015tmuehleisen
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
DocomUSA Cyber Security
DocomUSA Cyber SecurityDocomUSA Cyber Security
DocomUSA Cyber Securitydocomusa
 
Cybersecurity: Critical Infrastructure Threats from Main Street to Wall Street
Cybersecurity: Critical Infrastructure Threats from Main Street to Wall StreetCybersecurity: Critical Infrastructure Threats from Main Street to Wall Street
Cybersecurity: Critical Infrastructure Threats from Main Street to Wall StreetJuniper Networks
 
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...Carlos Moreno
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorEuropean Services Institute
 
City Infrastructure Cybersecurity
City Infrastructure CybersecurityCity Infrastructure Cybersecurity
City Infrastructure CybersecurityLogitek Solutions
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
 
InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015AVEVA
 
Symantec 2010 Critical Infrastructure Protection Study
Symantec 2010 Critical Infrastructure Protection StudySymantec 2010 Critical Infrastructure Protection Study
Symantec 2010 Critical Infrastructure Protection StudySymantec
 
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...Cybersecurity Critical Infrastructure Framework Course Textbook and the class...
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...AVEVA
 
Network security and policies
Network security and policiesNetwork security and policies
Network security and policieswardjo
 

Destacado (20)

IT security - a never ending saga - M Falcinelli
IT security - a never ending saga - M FalcinelliIT security - a never ending saga - M Falcinelli
IT security - a never ending saga - M Falcinelli
 
Industrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentationIndustrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentation
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
 
Hacking Critical Infrastructure Like You’re Not a N00b
Hacking Critical Infrastructure Like You’re Not a N00bHacking Critical Infrastructure Like You’re Not a N00b
Hacking Critical Infrastructure Like You’re Not a N00b
 
Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015
Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015
Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
 
DocomUSA Cyber Security
DocomUSA Cyber SecurityDocomUSA Cyber Security
DocomUSA Cyber Security
 
Cybersecurity: Critical Infrastructure Threats from Main Street to Wall Street
Cybersecurity: Critical Infrastructure Threats from Main Street to Wall StreetCybersecurity: Critical Infrastructure Threats from Main Street to Wall Street
Cybersecurity: Critical Infrastructure Threats from Main Street to Wall Street
 
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...
 
Presentation
Presentation Presentation
Presentation
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
 
City Infrastructure Cybersecurity
City Infrastructure CybersecurityCity Infrastructure Cybersecurity
City Infrastructure Cybersecurity
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
 
InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015
 
Symantec 2010 Critical Infrastructure Protection Study
Symantec 2010 Critical Infrastructure Protection StudySymantec 2010 Critical Infrastructure Protection Study
Symantec 2010 Critical Infrastructure Protection Study
 
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...Cybersecurity Critical Infrastructure Framework Course Textbook and the class...
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...
 
Critical infrastructure
Critical infrastructureCritical infrastructure
Critical infrastructure
 
Bio Daniel Donatelli
Bio Daniel DonatelliBio Daniel Donatelli
Bio Daniel Donatelli
 
Network security and policies
Network security and policiesNetwork security and policies
Network security and policies
 

Similar a Critical Infrastructure Cybersecurity Risks

David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco
 
Vulnerabilities on the Wire: Mitigations for Insecure ICS Device Communication
Vulnerabilities on the Wire: Mitigations for Insecure ICS Device CommunicationVulnerabilities on the Wire: Mitigations for Insecure ICS Device Communication
Vulnerabilities on the Wire: Mitigations for Insecure ICS Device CommunicationMuhammad FAHAD
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)Gerardo Pardo-Castellote
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxjeffevans62972
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxodiliagilby
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre DarcherifIndustrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre DarcherifAlexandre Darcherif
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...qqlan
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin RodillasTI Safe
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices IJECEIAES
 

Similar a Critical Infrastructure Cybersecurity Risks (20)

David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016
 
Vulnerabilities on the Wire: Mitigations for Insecure ICS Device Communication
Vulnerabilities on the Wire: Mitigations for Insecure ICS Device CommunicationVulnerabilities on the Wire: Mitigations for Insecure ICS Device Communication
Vulnerabilities on the Wire: Mitigations for Insecure ICS Device Communication
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
IBM Xforce Q4 2014
IBM Xforce Q4 2014IBM Xforce Q4 2014
IBM Xforce Q4 2014
 
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
 
Industrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity StandardIndustrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity Standard
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docx
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docx
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
 
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre DarcherifIndustrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
 

Critical Infrastructure Cybersecurity Risks

  • 1. Cybersecurity and Critical Infrastructure Massimiliano Falcinelli IT security systems International Atomic Energy Agency
  • 2.
  • 3. Critical Infrastructure Sectors A definition from Department of Homeland Security of USA. There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.
  • 4. Cybersecurity and Critical Infrastructure Chemical Sector Communications Sector Dams Sector Emergency Services Sector Financial Services Sector Government Facilities Sector Information Technology Sector Transportation Systems Sector Commercial Facilities Sector Critical Manufacturing Sector Defense Industrial Base Sector Energy Sector Food and Agriculture Sector Healthcare and Public Health Sector Nuclear Reactors Materials and Waste Sector Water and Wastewater Systems Sector
  • 5. Looking back… First appearance of a dedicated section to the critical infrastructure sectors
  • 6. What is missing .. On my opinion Chemical Sector Communications Sector Dams Sector Emergency Services Sector Financial Services Sector Government Facilities Sector Information Technology Sector Transportation Systems Sector Commercial Facilities Sector Critical Manufacturing Sector Defense Industrial Base Sector Energy Sector Food and Agriculture Sector Healthcare and Public Health Sector Nuclear Reactors Materials and Waste Sector Water and Wastewater Systems Sector The security engineer 
  • 7. A security engineer: do we really need a Sec. Eng?
  • 8. The awareness on Infosec is always growing.How come?
  • 9. Cybersecurity investment: a cultural change Factors: - high-profile security incidents - cybersecurity and privacy A cultural change Companies are allocating more of their overall budget to protect themselves from the increased number of threats. ?????
  • 10. Cybersecurity investment: a cultural change A cultural change TODAY
  • 11. Cybersecurity investment: a cultural change Looking back…
  • 12. What changed !!! The world has changed !!! Robotic Surgery ! Do you see any risk? So many IMEIs Do you see any risk?
  • 13. What changed !!! The world has changed !!! Industrial Control Systems (ICS) are physical equipment oriented technologies and systems. Within the controls systems industry, Industrial Control Systems (ICS) are often referred to as Operational Technology (OT). An emerging classification developed by the National Science Foundation and NIST is to classify the hybrid IT and OT as Cyber- Physical Systems (CPS).
  • 15. The world has changed !!! Not only for us !!! Info Sharing
  • 16. The world has changed !!! Not only for us !!! Professional Tools
  • 17. Social Network and Communication The world has changed !!! Not only for us !!!
  • 18. Info Access The world has changed !!! Not only for us !!!
  • 20. The SunnyWebBox example This is not a critical infrastructure!! Yes .. It is .. 1 MWh circa 250 $  2,7 * 250$ = circa 700$/day !! 100 found in 1 hour  I can login, change the password, start to intercept modbus messages.. etc.. etc..
  • 21. Info Access: So easy today .. and not only for us ..
  • 22. Info Access: So easy today .. and not only for us ..
  • 23. Info Access: So easy today .. and not only for us ..
  • 24. The Modbus protocol, from SANS forum "Modbus Protocol is a messaging structure developed by Modicon in 1979. It is used to establish master-slave/client-server communication between intelligent devices. Modbus was originally developed as a proprietary communication/command protocol for SCADA/Process Control systems. It has been migrated to TCP/IP since 1999. One of the first main issues with Modbus is that it is not designed to be run on open networks, it was intended to be used on dedicated lines, such as a serial connection, or a closed network. Ideally this is achieved through an airgap between the PCS network and the corporate IT network. The Modbus protocol itself contains no security whatsoever. If you can communicate directly with a Modbus server or client you can issue commands. This can be quite important depending on the function that the slave devices are performing. The only real choices are as mentioned previously to completely airgap Modbus from any other network, or severely limit access to authorized masters.
  • 25. Is the Modbus protocol today really secure? Not really… still many legacy systems with no security… and many new ones with no security settings…plus the encryption domain is still unknown(man in the middle  ) The Protocol Data Unit (PDU) of the MODBUS protocol is simple and independent from the underlying layers. It is composed of a Function code that determines the action to be taken with the following Data segment. SCADA (Supervisory Control and Data Acquisition) – (ICS Industrial Control Systems)
  • 26. OK.. But are ICS/SCADA systems today in general secure? An example: The Modbus protocol. In an imagined scenario, if an attacker successfully insert a transceiver device between two nodes, it can monitor, disrupt and modify the communication or compromise it entirely. In 2010 a malware called Stuxnet systematically destroyed a fifth of Iran’s nuclear centrifuges by causing them to spin out of control. In 2013 two American cyber security experts took over the control of an oil rig. It could have been cause serious environmental disaster. In 2013 the SCADA Strangelove team reported their findings about the vulnerabilities of several industrial protocols including MODBUS. They exploited “zero day” bugs and took over entire networks within the matter of hours. In 2013 two ICS expert compromised multiple industrial facilities through radio frequency channel. They took access over temperature sensors, and were able to falsify the real data And Today?
  • 27. Where are we today? Cyber attacks against supervisory control and data acquisition (SCADA) systems doubled in 2014, according to Dell’s annual threat report. The majority of these attacks targeted Finland, the United Kingdom, and the United States, Dell said, noting that the reason is likely the fact that SCADA systems are more common in these regions and more likely to be connected to the Internet. In 2014, Dell said that it saw 202,322 SCADA attacks in Finland, 69,656 in the UK, and 51,258 in the US.
  • 28. Where are we today? “Since companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported,” said Patrick Sweeney, executive director, Dell Security. “This lack of information sharing combined with an aging industrial machinery infrastructure presents huge security challenges that will to continue to grow in the coming months and years.” “Because companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported,” Dell said in its report. “As a result, other industrial companies within the space might not even know a SCADA threat exists until they are targeted themselves.”
  • 29. Where are we today? A recent report published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) showed that while ICS vendors have been targeted by various types of malicious actors, over half of the attacks reported to the agency in 2014 involved advanced persistent threats (APTs). ICS-CERT has issued alerts for multiple campaigns over the last year, including one which focused on the use of the Havex RAT in attacks aimed at ICS, and the second related to BlackEnergy Attacks exploiting vulnerabilities in products from GE, Advantech/Broadwin, and Siemens.
  • 30. Where are we today? SCADA systems Acquisition: includes sensors, meters and field devices, such as photo sensors, pressure sensors, temperature sensors and flow sensors. In 2014, only about 1% of the total ICS/SCADA vulnerabilities were present in data acquisition. CVE-2014-2378. (road traffic sensor accepted modifications without sufficient checks) Conversion: Remote terminal unit (RTU), intelligent electronic devices (IEDs) and programmable logic controllers (PLC) In 2014 about 14% of vulnerabilities were present in the conversation component. PLC in CVE-2014-0769. (Port 4000/TCP debug service and Port 4001/TCP log service could allow modification of memory and logging). Communication: ModBus, DNP3, ControlNet, ProfiBus, ICCP, OCP and others. 21% of vulnerabilities were present in communication. CVE-2014-5410, CVE-2014-0761, CVE- 2014-2342, CVE-2013-6143 are some of the example that affected DNP3 components and DNP3 components. Source: Presentation and Control (HMI): This consists of devices used to monitor and control data received from various communication channels. It includes Human Machine Interface (HMI), which the operator uses to monitor and react to alerts and alarms. 63% were found in this component. Most ics/scada vendors have shifted or are shifting to web based HMIs. As a result a lot of directory traversal attacks, buffer overflows, XSS, SQL Injection, CSRF and other web related vulnerabilities affected this component. Some examples are CVE-2014-5436, CVE-2014-5417, CVE-2014-2358, CVE-2014-2376, CVE-2014- 2353 and CVE-2014-0751.
  • 31. Where are we today? Source: As vendors migrate HMI to web based systems, more vulnerabilities have now appear in web HMI components. Data communication and conversion are still affected with vulnerabilities but attackers tend to gravitate towards the easiest path to exploitation and web based HMI is an easy target. HMI: human–machine interface
  • 32. 15 mins of my systems crawling for this presentation 
  • 33. So many internet-connected systems.. No interest? “Allo stato attuale”, spiega il legale a Formiche.net, “i gruppi terroristici utilizzano le tecnologie o la rete Internet esclusivamente per scopi specifici, che però non hanno niente a che vedere con la raccolta di informazioni, ovvero con la possibilità di compiere attentati o, più in generale, di ingenerare terrore attraverso questi strumenti”. Will it change?
  • 34. Be informed, be proactive …. And always ask your security engineers to double check, if you have one 
  • 35. Be informed, be proactive and don’t forget the basic  Follow basic security practices: - Access control and access roles - Patching - Removing debug services - Check if your system is inadvertently exposed to the Internet - Couple that all above with auditing and vulnerability assessments - and you are on your way to a much better (and more secure) ICS/SCADA infrastructure. http://www.toolswatch.org/wp- content/uploads/2015/11/ICSSCADA-Top-10- Most-Dangerous-Software-Weaknesses.pdf
  • 36. Be informed, be proactive and don’t forget the basic  Be aware of the threaths: Cyber Threats Black Energy Duqu Flame Havex Operation Cleaver Shamoon Stuxnet
  • 37. Be informed, be proactive and don’t forget the basic  Tools and Guidelines: