Más contenido relacionado La actualidad más candente (20) Similar a SANS ICS Security Survey Report 2016 (20) SANS ICS Security Survey Report 2016 1. Security in Industrial Control
Systems Today:
A SANS Survey Webcast
Sponsored by Anomali, Arbor Networks, Belden, and Carbon Black
© 2016 The SANS™ Institute – www.sans.org
Survey and Report Authors:
• Derek Harp, SANS Director, ICS Security
• Bengt Gregory-Brown, SANS Analyst
2. © 2016 The SANS™ Institute – www.sans.org
Industries Represented
2
0%
5%
10%
15%
20%
25%
30%
35%
69%
14%
17%
U.S.
Europe
Everywhere
Else
For the full report, see: http://bit.ly/SANSICSSecRep2016
3. © 2016 The SANS™ Institute – www.sans.org
Current Threat Level of ICS
3
24%
43%
23%
8%
Severe/Critical
High
Moderate
Low
For the full report, see: http://bit.ly/SANSICSSecRep2016
4. © 2016 The SANS™ Institute – www.sans.org
Top ICS Threat Vectors
4
0% 10% 20% 30% 40% 50% 60% 70%
External hacktivists, nation states
Internal-Unintentional
Malware
Phishing
IT/OT Integration
Internal-Intentional
Supply chain/Partners
First Second Third
For the full report, see: http://bit.ly/SANSICSSecRep2016
5. © 2016 The SANS™ Institute – www.sans.org
Lack of Visibility into ICS Networks
5
26.6%
13.0%
52.0%
3.4%
5.1%
Have your control system cyber assets and/or control system
network ever been infected or infiltrated?
Yes
No, we’re sure we haven’t been
infiltrated
Not that we know of
We’ve had suspicions but were
never able to prove it
We don’t know and have no
suspicions
For the full report, see: http://bit.ly/SANSICSSecRep2016
6. © 2016 The SANS™ Institute – www.sans.org
Recent ICS Security Breaches
6
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
35.0%
40.0%
45.0%
1 to 2 3 to 5 6 to 10 11 to 25 26 + Unknown
How many times did such events occur in the past 12 months?
2014 2015 2016
For the full report, see: http://bit.ly/SANSICSSecRep2016
7. © 2016 The SANS™ Institute – www.sans.org
Most Recent ICS Security Assessment
7
26%
42%
31%
In past 3 months
in past 4-12 months
More than 1 year
ago/Never
For the full report, see: http://bit.ly/SANSICSSecRep2016
8. © 2016 The SANS™ Institute – www.sans.org
Security Standards Mapping
8
47%
37%34%
27%
24%
Select all cybersecurity standards you use
NIST Guide to SCADA and
Industrial Control Systems
Security
20 Critical Security Controls
NERC CIP
ISO 27000 series including
27001 and others
ISA99 (Industrial
Automation and Control
Systems Security)
For the full report, see: http://bit.ly/SANSICSSecRep2016
9. © 2016 The SANS™ Institute – www.sans.org
Top ICS Security Initiatives
9
0% 10% 20% 30% 40% 50%
Implementation of greater controls over
mobile devices/wireless communications
Acquisition of additional skilled staff
Implementation of intrusion detection tools
Implementation of anomaly detection tools
Staff training and certification
Security assessment
Security awareness training
For the full report, see: http://bit.ly/SANSICSSecRep2016
10. © 2016 The SANS™ Institute – www.sans.org
ICS Security Certification
10
66%
28%
12%
10%
6%
Please indicate what certifications you hold.
Select all that apply.
Industrial Cyber Security
Certification (GICSP)
ISA99 Cybersecurity
Fundamentals Specialist
Certificate
IACRB Certified SCADA
Security Architect (CSSA)
ISA Security Compliance
Institute (ISCI) System Security
Assurance (SSA) Certification
ISA Security Compliance
Institute (ISCI) Embedded
Device Security Assurance
(EDSA) Certification
For the full report, see: http://bit.ly/SANSICSSecRep2016
11. © 2016 The SANS™ Institute – www.sans.org
ICS Components at Greatest Risk
11
0% 20% 40% 60%
Computer assets running commercial OS
Connections to business systems
Network devices
Connections to field SCADA network
Wireless devices/protocols
Control system communication protocols
Control system applications
For the full report, see: http://bit.ly/SANSICSSecRep2016
12. © 2016 The SANS™ Institute – www.sans.org
Top ICS Security Tools/Technologies
12
In Use Planned
Tool Used By Tool Planned By
Anti-malware/ Antivirus 80% Anomaly detection tools 35%
Physical controls for
access to control
systems and networks
73%
Control system
enhancements/Upgrade
services
33%
Use of zones or network
segmentation
71% Application whitelisting 32%
Monitoring and log
analysis
65% Vulnerability scanning 31%
Technical access
controls
63%
Intrusion prevention
tools on control systems
and networks
29%
For the full report, see: http://bit.ly/SANSICSSecRep2016
14. ICS Security Annual Survey 2016 Report: http://bit.ly/SANSICSSecRep2016
ICS Security Survey 2016 Report Webcast: http://bit.ly/SANSICSSecCast2016
Upcoming ICS Webcasts
Sep 7: Incorporating ICS Cybersecurity Into Water Utility Master Planning
with Jason Dely
Sep 28: The GICSP: A Keystone ICS Security Certification
with Mike Assante, Derek Harp, Scott Cassity, et al
Oct 4: ICS Cyber Security as a Business Investment
with Austin Scott
Nov 2: Securing OT in an IT World
with Derek Harp and Bengt Gregory-Brown
Sponsored by Wurldtech/GE
Dec 6: Advanced Persistent Trickery in ICS Defense
with Bryce Galbraith