Cyber Security

878 views
816 views

Published on

In 2009, Control Engineering released a survey to determine how industrial users perceive threats to their networks, and what steps they’ve taken to defend against cyber attackers. The results then suggested that companies were moving slowly in recognizing threats and preparing defenses, and one out of four industrial users reported that they saw no potential cyber threats that could affect their businesses. Much has happened in that world over the last four years, including Stuxnet and other high-profile disturbances in a variety of industries.

So the question is, have those perceptions changed in the face of what seems to be a more threatening landscape? A new cyber security perceptions and practices survey, available now, duplicates many of the questions from 2009, along with a few new ones that have emerged with the evolving picture.

Visit www.controleng.com to view this as an "On Demand Webcast," download the slides, and to take the CEU Exam. One (1) RCEP / ACEC Certified Professional Development Hour (PDH) available.


Published in: Education, Technology, Business
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total views
878
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide
  • To access the presentation slides, or to learn more about our sponsors, use the “links” option at the top of your screen. From this option, you can download the presentation, or visit our webcast sponsor, at any time. The Links tab also has information on how to get your certificate of completion. If you’re watching the presentation from the archive, you’ll see that the instructions are a little different. Simply click “Meeting Links” on your console.   There will be a Q&A session after the presentations. You can use the question box to type questions to speakers during their presentations and we’ll answer as many as possible later in the broadcast.  This webcast is being recorded, including the Q&A session. We’ll post the archive on the Control Engineering Website in a few days, and send you an email message with a link connecting directly to it. We are offering a professional development hour (PDH) for attending today’s event. Please fill out the evaluation form at the end of the event and once you click submit, you will be lead to a page where you can download your PDH certificate. If you are having technical problems with audio or the slides, click the Help button to bring up a list of system checks you should try before escalating to an online technician. If you need a technician, type a message into the question box and one will get to you as quickly as possible.
  • Control Engineering has met the standards and requirements of the Registered Continuing Education Program. Credit earned on completion of this program will be reported to RCEP at RCEP.net. A certificate of completion will be available for each participant to download upon completion of an evaluation at the end of the presentation.As such, it does not include content that may be deemed or construed to be an approval or endorsement by RCEP.
  • Belden
  • Thank you to today’s webcast sponsors; Belden and Honeywell
  • Cyber Security

    1. 1. Cyber Security Sponsored by:
    2. 2. Related information regarding the webcast: •Download slides: http://www.controleng.com/index.php?id=8263 •CEU Exam: http://www.controleng.com/index.php?id=8269 •For more information on Belden: http://www.belden.com •For more information on Honeywell: http://www.Becybersecure.com •For more information on another Control Engineering webcast visit http://www.controleng.com/media-library/webcasts.html
    3. 3. RCEP standards Control Engineering has met the standards and requirements of the Registered Continuing Education Program. Credit earned on completion of this program will be reported to RCEP at RCEP.net. A certificate of completion will be issued to each participant. As such, it does not include content that may be deemed or construed to be an approval or endorsement by RCEP.
    4. 4. Purpose and learning objectives • Examine the 2013 survey results • Discuss the implications of the answers • Compare your own situation • Consider strategies for mitigating threats • Lay out steps for launching a larger defensive program • Questions
    5. 5. • Matt Luallen , Cyber Security Trainer and Consultant, Cybati • Tim Conway, Technical Director, ICS and SCADA, SANS Institute • Peter Welander, Content Manager, Control Engineering, CFE Media Speakers:
    6. 6. 2013 Cyber Security Survey
    7. 7. Respondent Profile
    8. 8. 9% 10% 11% 6% 4% 3% 4% 25% 10% 17% 2% 0% 5% 10% 15% 20% 25% 30% The top 3 primary industries selected by respondents are: Manufacturing (25%); Other (17%); and Engineering services (11%). Q: What is your organization’s primary industry? (n=322)
    9. 9. Q: What is (are) your roles(s) in the organization? The top 3 organization roles selected by respondents are: Process control engineer (41%); Other (30%); and Production engineering manager (16%). 5% 2% 8% 2% 16% 7% 8% 4% 2% 41% 6% 2% 30% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% (n=321)
    10. 10. Implementation
    11. 11. Q: What level do you perceive the control system cyber security threat to be? 46% of respondents reported the level of control system cyber security threat to be high or severe. 3% of respondents were unsure. Low 12% Moderate 39%High 35% Severe 11% Don't know 3% (n=317)
    12. 12. Q: What potential system-components are you most concerned with? 24% percent of respondents reported computer assets are a potential system-components concern, while 15% reported network devices are a concern. 24% 15% 13% 12% 12% 9% 8% 6% 1% Computer assets (HMI, server, workstations) running commercial operating systems (Windows, Unix, Linux) Network devices (firewall, switches, routers, gateways) Wireless communication devices and protocols used in the automation system Connections to other internal systems (office networks) Embedded controllers and other components such as PLCs (program logic controllers), IED (intelligent electronic devices) Control system communication protocols used (Modbus, DNP3, Profibus, Fieldbus, TCP/IP) Control system applications Connections to the field SCADA network Other (n=319)
    13. 13. Q: When is the last time your organization performed any type of vulnerability assessment? 58% of respondents reported their organization has performed a vulnerability assessment within the year or sooner, while 27% reported they have never performed an assessment. Within past 6 months 30% Within past year 28% Within past 18 months 4% Within past 2 years 11% Never 27% (n=316)
    14. 14. Q: Have your control system cyber assets and/or control system network ever been infected or infiltrated in the last 12 months? 81% percent of respondents reported their organization has not had an infection or infiltration to their control system cyber assets or network within the past 12 months. No, 81% Yes, 19% (n=318)
    15. 15. Q: Does your organization have an operating computer emergency response team to detect cyber security breach attempts and successful cyber security breaches? Over half (55%) of respondents reported their organization has an operating computer emergency response team. Yes, 55% No, 45% (n=318)
    16. 16. Q: Does your organization have an operating operational response team to respond to any type of security/breach incident? 59% of respondents reported their organization has an operating operational response team. Yes, 59% No, 41% (n=312)
    17. 17. Q: Does your organization currently have the capability of performing vulnerability assessments in house without using any external assistance? Over half (54%) of respondents reported their organization has the capabilities of performing vulnerability assessments without external assistance. Yes , 54% No, 46% (n=314)
    18. 18. Q: Has your organization implemented a cyber change control process that is able to prevent unauthorized and potentially vulnerable cyber changes from taking place on your control system? 53% percent of respondents reported their organization has implemented a cyber change control process. Yes, 53% No, 47% (n=309)
    19. 19. Q: Does your organization allow access to control system networks from smartphones and/or tablets (e.g. iPads)? Three-fourths (75%) of respondents reported their organization does not allow access to control system networks from smartphones and/or tablets. No, 75% Yes, 25% (n=312)
    20. 20. Q: Is your organization involved in an industry where you are compelled to implement specific information control system protections for control system cyber assets? Over half of respondents (53%) reported their organization is not involved in an industry compelled to implement specific information control system protections. No, 53% Yes, 47% (n=312)
    21. 21. Q: Does your organization have an accurate and complete inventory of all information systems that reside and operate on your control network? 68%of respondents reported their organization has an accurate and complete inventory of all information systems on their control network. Yes, 68% No, 32% (n=314)
    22. 22. Q: Does your organization protect the logical configurations of all control system devices(e.g. PLCs, PACs, MTUs, RTUs)? About two-thirds of respondents reported their organization protects the logical configurations of control system devices. Yes, 67% No, 33% (n=313)
    23. 23. Q: Has your organization performed an internal spear phishing campaign? 70% of respondents reported their organization has not implemented a spear phishing campaign. No, 70% Yes, 30% (n=308)
    24. 24. Submitting Questions, Exit Survey and Archive Question? Type your question in the “Questions & Answers” box on the Webcast console and click “Send.” We will get to as many questions as we have time for. Exit Survey: Please take a moment to answer a few questions on our exit survey that should pop up on your screen. We use the answers to help make improvements to our webcast program. Archive: • Within 7 days, an archive with Q&A will be posted • We will send an email to registered attendees with hyperlink • Can also access from www.controleng.com home page
    25. 25. • Matt Luallen , Cyber Security Trainer and Consultant, Cybati • Tim Conway, Technical Director, ICS and SCADA, SANS Institute • Peter Welander, Content Manager, Control Engineering, CFE Media Speakers:
    26. 26. Today’s Webcast Sponsors
    27. 27. Cyber Security Sponsored by:

    ×