Sven Grone – Critical Controls Solutions Consultant
Presenting on behalf of
Glen Bounds Global Modernization Consultant
Are you prepared to be next?
Agenda
• Cyber Security Defined
• Industrial Network Overview
• Industrial Network Security Challenges • Defense In Depth Solutions
• Industry Leading Network Security Solutions
• Best of Breed System Security & Monitoring Solutions • Security Focused Implementations
Cyber Security Defined
•The ability to control and prevent unauthorized external or internal access to critical infrastructure systems
– Why it’s important
• Increases (plant) safety • Reduces down time
• Compliance to internal & country-specific regulations • Protection of intellectual
ICS/SCADA vulnerabilities have increased more than 600%since 2010!
Cyber-Espionage malware program steals sensitive documents from government for5 YEARS before being discovered!
Power company targeted by approximately10,000cyber attacks per month!
Software Defined Radio (SDR) wireless hack targets proprietarySCADA wireless technology.Why Care?
CLIENTS
THREATS
INVENSYS
Mitigate business interruption Manage business risk
More frequent More hostile
Vulnerabilities in offerings Protect against legal action
Still...
• Never happened to our company • Our networks are isolated
• Not my Responsibility • Don’t see the benefit
• Additional security hinders process • Does not increase revenue
• There are more important issues... Sound familiar?
Evolution of Threats
• Nature of threats diversifying – Targeted - destructive
– Stealth - data gathering & IP theft – Time delayed
– Hardware control vs. software corruption – Communities of hackers (e.g. Anonymous)
• Motivation changing
– State sponsored espionage – Politically driven
– Corporate competition – Disgruntled employees – Criminal
• Not just external (malicious) attack
– Unintentional introduction (USB, contactor Laptop) – Covert hardware vulnerabilities
– Obsolete operating system vulnerabilities
Priorities for Cyber Security
Availability
Traditional IT
Availability
Automation
There is a need to strike a balance between competing goals. The right question is “What’s the appropriate amount of security?”
Industrial Network Security
Challenges
• Increased Complexity and Connectivity • Corporate Access, Remote Access
Wireless, PCs, TCP/IP
• Evolving Threat Landscape
• Advanced Persistent Threat Attacks (APT)
• Stuxnet, Duqu, Flame, Gauss, Shamoon, ??? • Malware (Drive-by Exploits)
• Cloud-based Solutions • Insider Threat
Defense In Depth Solutions
• Industry Leading Network Security Solutions
•
Juniper, Enterasys, Cisco, Ultra Electronics•
Best of Breed System Security and Monitoring Solutions•
McAfee, Symantec, Orion Solarwinds, Enterasys NETSIGHT•
Established Software & Hardware Vendors•
Microsoft, Dell, HP•
Experienced and Certified Security Consultants with 3rd partyIndustry Leading Network Security
Solutions
• Juniper SRX and SSG Firewalls with Integrated IPS
Enterasys & Cisco Switches providing Edge to Core and Industrial connectivity
Best of Breed System Security &
Monitoring Solutions
• McAfee - Endpoint Security Solutions • Symantec - Backup Solutions
Security Focused Implementations
• Networking technology utilized to create logical segmentation and
redundant connectivity
• Custom Active Directory Security Configurations which include robust
Consulting Service Offerings
• Vendor Independent Vulnerability Assessments
• On-Site Network Assessment, Design, Implementation • Network / System Audit, Hardening, Security Evaluations • Information Security Program Development / Training
• Change Control and Disaster Recovery Process Design / Review • Incident / Emergency Response
Security-Enhanced Solutions
Microsoft Patch Management
• Individual assessments and manual updates
Host Endpoint Protection
• Host Intrusion Prevention • Anti Virus / Anti Spyware • BIOS Lockdown
Host Backup
• Disaster recovery • System restoration
Vulnerability Assessments
• System hardening / audit
Local Security Policies
• Access Control • Account Management • User Rights Assignments
Microsoft Windows Active Directory
• Centralized system management • Individual User logons
• Group-based security policies
Microsoft Patch Management
• Centralized distribution
Centralized Endpoint Protection
• Host Intrusion Prevention • Anti Virus / Anti Spyware • Device Management (DLP) Centralized Backup • Disaster recovery • System restoration Network Segmentation • Network-based AV / AS • Network-based IPS • Strict access policies
Centralized monitoring
• System Management • System Statistics • System Availability • Alerting and reporting
Isolated Systems Networked Systems
Zoned Network Segregation
DMZ Edge Switch Demilitarized Zone Secure Network Gateway + IPSAny System that requires access to the IT Network
Plant / Enterprise Control
– Pi to Pi – Alarms Management – Data Historian – WSUS – ePO1. Designing and building a secure operating environment is priority #1 at Invensys
2. All products designed with security in mind to comply with Industry and Corporate Standards
3. Dedicated ICST personnel assigned to each Security Project
• Backed up by secondary team members • Proven / certified expertise
• Domain knowledge • Immediate response
“Safety and Cyber Security are job one at Invensys”
The Top 5 Cyber Security Questions
Questions for CEOs
How is our executive leadership informed about the current level and business impact of cyber risks to our company?
What is the current level and business impact of cyber risks to our company? What is our plan to address identified risks?
How does our cyber security program apply industry standards and best practices?
How many and what types of cyber incidents do we detect in a normal week? What is the threshold for notifying our executive leadership?
Wrap Up!
1. Cyber threats are a reality – not if, but when
2. Types of threats are evolving, access vectors expanding - simple
isolation not adequate defense
3. Risk depends on many factors and needs to assessed, with
appropriate protection put in place
4. Threats are evolving at the pace of technology – system hardware
and software currency and management is key
5. Defense in Depth strategy is the bare minimum needed to
establish a base for Cyber Security
6. Additional security layers are needed (hardware, software, people,
practices)
