• No results found

Security Analytics for Smart Grid

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Security Analytics for Smart Grid"

Copied!
16
0
0

Loading.... (view fulltext now)

Download now ( 16 Page )

Full text

(1)

Security Analytics

for Smart Grid

Dr. Robert W. Griffin

Chief Security Architect

RSA, the Security Division of EMC

[email protected]

(2)

No Shortage of Hard Security Challenges

Infrastructure

Transformation

Mobile

Cloud

Less control over access

device and back-end

infrastructure

Threat Landscape

Transformation

APTs

Sophisticated

Fraud

Fundamentally

different tactics, more

(3)

Emergence of New Attackers

Nation

state

actors

PII, government, defense industrial base, IP

rich organizations

Criminals

Petty criminals

Organized crime

Organized, sophisticated supply

chains (PII, financial services,

retail)

Unsophisticated

Non-state

actors

Terrorists

Anti-establishment vigilantes

“Hacktivists”

Targets of opportunity

PII, Government,

(4)

Speed

Response Time

2

Decrease

Dwell Time

1

TIME

Attack Identified

Response

System

Intrusion

Begins

Attack

Cover-Up

Complete

Targeted Attacks

Cover-Up Discovery

Leap Frog Attacks

1

TARGETED

SPECIFIC OBJECTIVE

STEALTHY

LOW AND SLOW

2

3

INTERACTIVE

HUMAN INVOLVEMENT

(5)
(6)

Incident

Response

Endpoint

Visibility

& Analysis

Additional

Business &

IT Context

Threat Intelligence | Rules | Parsers | Alerts | Feeds | Apps | Directory Services | Reports & Custom Actions

Capture Time

Data

Enrichment

PACKET METADATA

Distributed

Data

Collection

PACKETS

LIVE

LIVE

LIVE

PARSING & METADATA TAGGING LOGS LOG METADATA

Reporting

& Alerting

Investigation

& Forensics

Compliance

Malware

Analysis

Intelligence

Feeds

(7)

Network Security Use Case

(capture)

Incident

Response

Endpoint

Visibility

& Analysis

Additional

Business &

IT Context

Threat Intelligence | Rules | Parsers | Alerts | Feeds | Apps | Directory Services | Reports & Custom Actions

(8)

Incident Detection Use Case

(streaming)

Incident

Response

Endpoint

Visibility

& Analysis

Additional

Business &

IT Context

Threat Intelligence | Rules | Parsers | Alerts | Feeds | Apps | Directory Services | Reports & Custom Actions

Capture Time

Data

Enrichment

Distributed

Data

Collection

LIVE

LIVE

LIVE

PARSING & METADATA TAGGING

LOGS METADATA LOG

(9)

Advanced Analysis Use Case

(historical)

Incident

Response

Endpoint

Visibility

& Analysis

Additional

Business &

IT Context

Threat Intelligence | Rules | Parsers | Alerts | Feeds | Apps | Directory Services | Reports & Custom Actions

(10)

Incident

Response

Endpoint

Visibility

& Analysis

Additional

Business &

IT Context

Threat Intelligence | Rules | Parsers | Alerts | Feeds | Apps | Directory Services | Reports & Custom Actions

Capture Time

Data

Enrichment

PACKET METADATA

Distributed

Data

Collection

PACKETS

LIVE

LIVE

LIVE

PARSING & METADATA TAGGING LOGS LOG METADATA

Reporting

& Alerting

Investigation

& Forensics

Compliance

Malware

Analysis

Intelligence

Feeds

(11)

Anomalous Behavior Detection

Differentiating Cyber Criminals from Online Customers

Sign-in

Homepage

My Account

Bill Pay Home

Add Bill Payee

Enter Pay Amount

Select Bill Payee

(12)

Compromised Host Investigation

Find compromised Server

or Workstation acting as SPAM host

Multiple outbound SMTP connections from workstation.

Multiple internet DNS connections from workstation

Find out how the

workstation got infected

User clicked on the link and got infected by

Trojan from drive-by download.

Recreate phishing

e-mail message

Determine whether targeted

phishing attack at play

Analyze malware

Determine whether targeted

or vanilla malware in use

2

3

4

(13)

Single UI

Incident Management & Reporting

Visibility

Security

Architecture

Team

Device Administration Data Warehouse & Ticketing System

IT Team

Applying Security Analytics

Readiness, Response & Resilience (R3)

Workflow & Automation, Rules, Alerts & Reports

Threat Triage

Analytic Intelligence

Content Intelligence

Expertise

Level 1 Triage Level 2 Triage Level 3 Triage

Threat

Intelligence

Controls

A/V IDS/IPS Firewall/VPN Proxy Packets Host File DLP

SIEM Log Alerts

DLP Alerts

Signature less Alerts

(14)

Questions for Discussion

Are the concerns regarding changes in threat landscape, information technology

and business models relevant and significant?

Are there use cases for security analytic for Smart Grid that would be a good

place to start or particularly important?

If you do security analytics currently, what information sources do you use to

inform your security analyses?

Security and safety analysis are closely related. Do you perform safety-related

analysis currently?

What is the main challenge SPARKS should address in the area of security

analytics?

(15)
(16)

Additional Questions for Discussion

How much data does your smart-grid generate on average daily? How much of this data

do you analyze?

References

Download now ( PDF - 16 Page - 2.56 MB )

Related documents

Lease Structures & Occupancy Costs in Eco-Labeled Buildings

However, buildings with net lease structures are also associated with higher total occupancy costs on average, thus eco-labels may be a useful strategy to extract higher gross

Euro-VO DCA. Board Meeting #1 Oct 2-3, Nic Walton for Mike Watson. CDS Strasbourg

• CASU: Cambridge • WFAU: Edinburgh High Energy Astrophysics data • LEDAS: Leicester Radio data • Jodrell Bank AstroGrid Solar/STP data • MSSL • RAL.. Wider UK

AChristmasCarol. by Charles Dickens 1/38

Scrooge said to the Ghost, 'Oh, please tell me who that dead man was!' The Ghost took him near his office, but it didn't stop. 'Wait!'

Physician-Patient Relationship and Medication Compliance: A Primary Care Investigation ABSTRACT

In any consultation several attributes of the physician-patient relation- ship may affect the outcome, including a longitudinal relationship between patient and physician

Disturbances in lipid metabolism are commonly

Figure 2 — The correlation between serum triglyceride (TG) levels after CAPD treatment (Post-D TG, mg/dL) and serum insulin levels ( µ U/mL) at fasting (a), 1 hour (b), and 2 hours

Philippines Coronavirus Disease 2019 (COVID-19) Situation Report #70 10 February 2021 Data reported by the Department of Health on 10 Feb 2021

It may be recalled that the transport and health agencies clarified that private vehicle motorists may not wear face masks when driving alone.. If driving with passengers, the rule

Selected crime and justice issues for Indigenous families

However, insights into the socioeconomic forces underlying Indigenous interaction with the justice system can only be obtained by interrogating omnibus social surveys like the

Impact of Endometallofullerene on P84 Copolyimide Transport and Thermomechanical Properties

The aim of the present work is the development of novel thin film membranes through modification of copolyimide P84 with Fe@C 60 nanoparticles (0.1, 0.5, and 1 wt %) and the study