Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Emerson Ovation User Group BOD Meeting
1. National Electric Sector
Cybersecurity Organization
Patrick C Miller, President and CEO
April 14 2011
Emerson Ovation User Group
Board of Directors Meeting
3. Advantage: Adversaries
• Security approaches favor new installations,
legacy environments are still vulnerable
• Very difficult to replace/patch in-service devices
• Isolation has diminishing security value
• Security products vs. buying secure products
• Engineering (N-1) and Security are different
– Nature may be sophisticated, but it isn’t malicious
• Hackers don’t use a compliance checklist
– Following a compliance checklist won’t make you
secure
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 2
4. Advantage: Attackers
• Intelligent, adaptive adversaries exist
• Cyberwar:
– Stuxnet is a game changer, sets the new bar
• Espionage:
– Project, market and customer data
• Organized crime:
– Same old tricks, new platform
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 3
5. Advantage: Adversaries
• Google search for “APT”
– 34 hits in Jul 09
– 169 hits in Jan 10
– 1.4M+ today
• Google search for “cyber war”
– 416 hits Dec 09
– 1.4M hits Feb 10
– 2.7M+ hits today
• Welcome to the cyberarms race
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 4
6. SHODAN, ERIPP, ETC
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 5
7. SHODAN, ERIPP, ETC
Berkeley Cyclotron HMI images
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 6
8. The “Air-Gap” Myth
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 7
10. There’s An App For That
• “Get mobile access to your
control system via an
iPhone, iPad, Android and other
smartphones and tablet devices.
The Ignition Mobile Module
gives you instant access to any
HMI / SCADA project created
with the Ignition Vision Module.”
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 9
11. HMI In The Cloud
“Use any standard browser on any
device to access HMI. No
downloads, no tedious installs, no
plug-ins. Login and you have the
HMI in your hands wherever you
are: factory cafeteria, or parking
lot, or on the beach, or even the
golf course!”
“GoToMyHMI provides Secure, Easy and Fast access
from any Browser to InstantHMI 6.0, ready to serve you
on the cloud today. Remotely Monitor, ACK Alarms and
Control your HMI for one low flat fee.”
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 10
12. Public Domain
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 11
13. Research and Disclosure
46 zero-day SCADA vulnerabilities issued a two-week
span
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 12
14. Research and Disclosure
• October 24, 2010, 12:39PM, Threat Post
– SCADA Vendors Still Need Security Wake Up Call
• http://threatpost.com/en_us/blogs/scada-vendors-still-need-security-wake-call-102410
– “Please don’t waste my time”
• October 28, 2010: ICSJWG Seattle Meeting
– Invensys, IOActive, ICS-CERT presented on case
study on Wonderware vulnerability
• Disclosure positions are hotly debated
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 13
15. From Obscurity To Novelty
• Smart Meter hacking
• Hacking cookbooks
• Metasploit, Core Impact, etc
• Fuzzers
• Supply chain attacks
• Manuals available in all languages on Internet
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 14
16. Shiny Object
• Shiny object for the mass media
• 60 minutes
• Wall Street Journal, National Journal, CNN
• Too many IT trade publications to name
• Blockbuster films
• Prime time television shows
• Social Media (blogosphere, Twitter)
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 15
17. Economic Drivers
• Recession economy brings unique challenges
• Decreased participation working groups and
conferences
• Static or shrinking headcount; increased
workload
• Downsizing, pay freezes, etc increase insider
threat
• Decreased spending on new equipment
• Older products extended beyond intended
lifespan
The National Electric Sector Cybersecurity Organization
• Security more expensive for customers and
(NESCO) is a DOE-funded EnergySec Program 16
18. People Problem
• Humans are the weakest link in any security
system
– Passwords for candy; Social engineering
• Humans are also the strongest link
– The Aware Person System (APS)
– ICS culture shift is very slow, but powerful
• Danger: untrained operators of power
tools can cause significant damage
– Increasing complexity = training treadmill
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 17
19. Back In The Good Old
Days
• Pneumatic, electromechanical, analog
• Telephone meant POTS or “bat phone” – no
VoIP
• No Internet
• Less automation
• Less complexity
• Proprietary
• Long life span
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 18
20. ICS Gen-X
• Automation, more complexity
• Internet Protocol (TCP/UDP/etc)
• Data, more data and even more data
• Processing power, memory, bandwidth
• Interconnected business
• Migration from flat to segmented networks
• COTS software and hardware
• Increasingly shorter lifespans
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 19
21. Millennium Systems
• Highly digital, highly complex
• Highly interconnected, highly layered
• Bitflocking, dynamic emergent behavior
• New protocols
• New interdependencies
• Homogenization
• Innovation treadmill; constant lifespan flux
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 20
22. Current Landscape
• Regulatory compliance is stealing the show
• Mixing legacy and bleeding edge tech is difficult
• Logical distance between kinetic endpoint and
HMI is exponentially increasing;
“hyperembeddedness”
• Many vendors are forced to put features ahead
of security due to market conditions
• Researchers and hackers know all of this and
more
• Sufficient motive, means and opportunity exist to
The National Electric Sector Cybersecurity Organization
take the threat seriously
(NESCO) is a DOE-funded EnergySec Program 21
24. History
• 7/2004: EnergySec founded as E-Sec NW
• 1/2008: SANS Information Sharing Award
• 12/2008: Incorporated as EnergySec
• 10/2009: 501(c)(3) nonprofit determination
• 4/2010: EnergySec applied for National
Electric Sector Cybersecurity Organization
(NESCO) FOA
• 7/2010: NESCO grant award from DOE
• 10/2010: NESCO became operational
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 23
25. What Is The NESCO?
• Mission: Lead a broad-based, public-private
partnership to improve electric sector energy
systems cyber security; become the security voice
of the electric industry
• Goals:
– Identify and disseminate common, effective cyber security
practices
– Analyze, monitor and relay infrastructure threat information
– Focus cybersecurity research and development priorities
– Work with federal agencies to improve electric sector cyber
security
– Encourage key electric sector supplier and vendor support
/ interaction
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 24
26. Participant Statistics
651 members from 167 organizations
US Nameplate Generation US Residential Distribution
74% 60%
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 25
27. Holy Grail: Info Sharing
• Many asset owners are already sharing
• Challenges:
– Increase and improve asset-owner sharing
– Establish two-way sharing from the government
and vendor segments
– Connect/harmonize all of the existing
cybersecurity efforts and minimize duplication
– Turn the tide of negative perception on industry
security posture
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 26
28. Connect and Support
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 27
29. Public-Private Perceptions
• Government moves too slowly, over-classifies
and narrowly distributes
• Industry can’t protect the shared information and
doesn’t respond appropriately
• Lack of parity in degree and quality of
information shared in both directions
• Differing goals and motivation between
Government and Industry
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 28
30. How Does This Work?
• Sharing requires trust
• Trust is built on relationships
• NESCO fosters trustworthy
relationships
– Bringing people together
– Flexible technology options to extend
and enhance relationships
– Organic growth; birds of a feather
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 29
31. NESCO Outreach
• NESCO outreach programs
– Annual Summit (October 2011, San Diego)
– Town Hall Meetings (April 27, Austin)
– Voice Of The Industry Meetings (everywhere)
– Interest Groups (Workforce Development, Forensics,
etc)
– Webinars, Briefings
– Portal/Forums
– Email distribution lists
– Social media
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 30
32. NESCO Technology
• Email distribution lists
• Secure portal with forums
• Secure instant messaging
• Rapid notification mechanisms
• Web collaboration
• Resource repository*
• Most technologies have non-
attribution (anonymous)
options
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 31
33. Resource Repository
• Code snippets
• IDS/attack signatures
• Audit templates
• Reference architectures
• System configurations
• Policy, process, procedure templates
• Compliance practices
• And more…
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 32
34. Industry Collaboration
• What works, what doesn’t
• Informal benchmarking
• Situational (tactical) awareness
• Threat and vulnerability analysis
• Shared/crowd-sourced resources (repository)
• Mentoring
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 33
35. Case Study: Tactical Aid
• “Over the weekend between 13:00 - 15:00 and
19:00 - 20:00 PST we saw significant port
scanning of our edge, originating from;
60.29.244.11…”
– Great discussion of port scanning threats
– Many follow up posts with yes/no indicators
– Dumps of all activity from source address
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 34
36. Case Study: Night Dragon
• 2.9.11:1400 - McAfee reached out to NESCO with
pre-release draft of Night Dragon white paper
• 2.9.11:1747 - NESCO staff completed
analysis, summarized paper and posted to secure
portal
• 2.10.11:0800 - NESCO & McAfee held joint
technical call with over 60 attendees across NA
– Dmitri Alperovitch, McAfee's VP Threat Research
– Technical talk, answered questions from members
• 2.10.11:1200 - McAfee executive public call
• NESCO utilities were reviewing the report over six
hours prior to public release
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 35
37. Case Study: DOE Request
• DOE was interested in getting informal "boots on
the ground” feedback quickly
– Question: Does an FBI report about a terrorist
targeting various critical assets help strengthen the
case for your organization to further improve physical
or cyber security? Does it help the business case?
• NESCO was able to collect responses without
attribution and submit a response to DOE in a
matter of a few days
• DOE stated that this rapid method for informal
questions and answers is very valuable to them
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 36
38. Case Study: Compliance
• Much initial confusion and uncertainty around
Regional compliance audits…
– What is the auditor disposition?
– What was the depth and breadth of questions?
– What did they cover?
– What failed and what succeeded?
• Conference calls with entities willing to share
• Real stories of audits were shared
• Real documentation was shared
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 37
39. NESCO Summary
• Unique non-profit, independent, public-private
information sharing organization
• Focused on building trust through relationships
• Security collaboration, facilitation and sharing
hub
• Flexible technology facilitates and catalyzes
information and resource sharing efforts
• Security voice of the electric sector
• Supports existing successful programs
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 38
40. Questions?
Non-profit. Independent. Trusted.
Patrick C Miller, President and CEO
patrick@energysec.org
503-446-1212
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 39