• Like
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down The Data Center?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down The Data Center?

  • 799 views
Published

Industrial Control Systems (ICS) refer to various types of technology that control physical infrastructure ranging from industrial production - like valves in a manufacturing plant, to environment …

Industrial Control Systems (ICS) refer to various types of technology that control physical infrastructure ranging from industrial production - like valves in a manufacturing plant, to environment controls - like lighting and cooling systems in an office building. Think you don't have ICS on your network? Think again. Data centers, offices and corporate campuses rely on Industrial Control Systems to operate. In fact, virtually every modern building, and corporate campus around the world plays host to environmental controls, building entry systems, safety systems, and many other automation systems that are considered ICS.

As with any system, ICS have known vulnerabilities, which now that they are network-accessible represent a tantalizing target for attackers. Why bother trying to defeat carefully constructed network security measures if you can more easily turn on the sprinkler system and bring down the entire data center?

This webinar will review ICS basics and then detail their various security risks. It will also recommend general do's and don'ts when dealing with ICS. Our featured speakers for this timely webinar are:

- Billy Rios, Technical Director at Cylance.
Billy is seasoned security professional whose background spans both the military and the private sector. He is a noted expert in ICS security.

-Ted Julian, Chief Marketing Officer at Co3 Systems.
Ted is a serial entrepreneur who has launched four companies during his ~20 years in the security / compliance industry.

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
799
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
20
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Industrial Control Systems 101Why Hack The Network If You CanShut Down The Data Center?
  • 2. Page 2Agenda• Introductions• What are Industrial Control Systems (ICS)?• Security Risks associated with ICS• Do’s & Don’ts of ICS• Q&A
  • 3. Page 3Remembering Boston – 4/15/13http://onefundboston.org/
  • 4. Page 4Introductions: Today’s Speakers• Ted Julian – Chief Marketing Officer, Co3 SystemsTed is a serial entrepreneur who has launched fourcompanies during his ~20 years in the security /compliance industry.• Billy Rios – Technical Director, CylanceBilly is seasoned security professional whosebackground spans both the military and the privatesector. He is a noted expert in ICS security.
  • 5. Page 5Co3 Automates Breach ManagementPREPAREImprove OrganizationalReadiness• Assign response team• Describe environment• Simulate events and incidents• Focus on organizational gapsREPORTDocument Results andTrack Performance• Document incident results• Track historical performance• Demonstrate organizationalpreparedness• Generate audit/compliance reportsASSESSQuantify Potential Impact,Support Privacy ImpactAssessments• Track events• Scope regulatory requirements• See $ exposure• Send notice to team• Generate Impact AssessmentsMANAGEEasily Generate DetailedIncident Response Plans• Escalate to complete IR plan• Oversee the complete plan• Assign tasks: who/what/when• Notify regulators and clients• Monitor progress to completion
  • 6. Page 6• Cyber Services &Technology• Led by Stuart McClure,former CTO McAfee &founder of FoundstoneVulnerability Mgmt Co.• 55 employees• Irvine, CA HQCylance, Inc. – Secures the Unsecurable
  • 7. Page 7ICS Expertise• http://www.us-cert.gov/control_systems/pdf/ICSA-11-175-01.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-11-175-02.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-02.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-11-195-01.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-02.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-11-244-01.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-11-273-01.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-03.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-03A.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-11-285-01.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-11-356-01.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01A.pdf
  • 8. Page 8ICS Expertise• http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf• http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01.pdf• https://ics-cert.us-cert.gov/pdf/ICS-ALERT-12-195-01.pdf• http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-343-01.pdf• http://ics-cert.us-cert.gov/pdf/ICS-ALERT-11-343-01A.pdf• https://ics-cert.us-cert.gov/pdf/ICSA-12-228-01.pdf• http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf
  • 9. Page 9You might have ICS… 
  • 10. Page 10Unoccupied building, Saturday nightCard AccessVideoIntrusion Elevator HVAC LightingEnergyTenant BillingSystemInteraction:Examples of ICS
  • 11. Page 11Scott swipes card at main entrance, works on 4th floor SouthCard AccessVideoIntrusion Elevator HVAC LightingEnergyTenant BillingSystemInteraction:“Access Granted,Zone 4”Examples of ICS
  • 12. Page 12Video system needs to verify and record Scott’s entranceCard AccessVideoIntrusion Elevator HVAC LightingEnergyTenant BillingSystemInteraction:“Access Granted,Zone 4”“Camera Preset 1,Initiate Recording”HTTPExamples of ICS
  • 13. Page 13Alarm system armed, need to disarm 4th floor intrusion zoneCard AccessVideoIntrusion Elevator HVAC LightingEnergyTenant BillingSystemInteraction:“Access Granted,Zone 4”“Camera Preset 1,Initiate Recording”HTTP“Disarm IntrusionZone 4”LEGACYExamples of ICS
  • 14. Page 14Allow access to 4th floorCard AccessVideoIntrusion Elevator HVAC LightingEnergyTenant BillingSystemInteraction:“Access Granted,Zone 4”“Camera Preset 1,Initiate Recording”HTTP“Disarm IntrusionZone 4”“Floor 3 Enable”XMLLEGACYExamples of ICS
  • 15. Page 15It is hot in Scott’s office, turn on ACCard AccessVideoIntrusion Elevator HVAC LightingEnergyTenant BillingSystemInteraction:“Access Granted,Zone 4”“Camera Preset 1,Initiate Recording”HTTP“Disarm IntrusionZone 4”“Floor 3 Enable”XML“Zone 4 Occupied”LEGACYExamples of ICS
  • 16. Page 16Scott needs light on 4th floor hallway and officeCard AccessVideoIntrusion Elevator HVAC LightingEnergyTenant BillingSystemInteraction:“Access Granted,Zone 4”“Camera Preset 1,Initiate Recording”HTTP“Disarm IntrusionZone 4”“Floor 3 Enable”XML“Zone 4 Occupied”“Circuit 1, 2 ON”MODBUS®LEGACYExamples of ICS
  • 17. Page 17Lights and AC for Scott used 50 kWHCard AccessVideoIntrusion Elevator HVAC LightingEnergyTenant BillingSystemInteraction:“Access Granted,Zone 4”“Camera Preset 1,Initiate Recording”HTTP“Disarm IntrusionZone 4”“Floor 3 Enable”XML“Zone 4 Occupied”“Circuit 1, 2 ON”MODBUS®“Totalize light andHVAC for Zone4”LEGACYExamples of ICS
  • 18. Page 18Invoice Scott for $150 of after hours energy usageCard AccessVideoIntrusion Elevator HVAC LightingEnergyTenant BillingSystemInteraction:“Access Granted,Zone 4”“Camera Preset 1,Initiate Recording”HTTP“Disarm IntrusionZone 4”LEGACY“Floor 3 Enable”XML“Zone 4 Occupied”“Circuit 1, 2 ON”MODBUS®“Totalize light andHVAC for Zone4”“Generate / emailInvoice for Sat”SMTPExamples of ICS
  • 19. Page 19We can work without AC
  • 20. Page 20We can work without AC
  • 21. Page 21We can work without AC
  • 22. Page 22But Billy… who would do such a thing?
  • 23. Page 23But Billy… who would do such a thing?
  • 24. Page 24We need to move quickly
  • 25. Page 25We need to move quickly
  • 26. Page 26We need to move quickly
  • 27. Page 27We need to move quickly
  • 28. POLL
  • 29. Page 29ICS Security – Current State• Software:• Extremely poor, Windows XP• Vulnerable to common, unsophisticated attacks(remote/local)• Lack of industry standard exploit mitigations (DEP/ASLR)• Deployment:• Extremely poor• Be wary of remote access• Poor guidance from vendors• Impossible/unreasonable deployment architectures• Lack of automated verification
  • 30. Page 30ICS Security – Current State• Vulnerability Management:• Extremely poor• Lack of managed awareness• Lack of managed patch management• Lack of vulnerability detection• Lack of mature reporting• Lack of awareness• Inability to scale limited expertise
  • 31. Page 31ICS Security – Current State• Detection and Enumeration:• Foundation for all ICS security operations• Safety is a priority• Differentiate between ICS deployments• Manual processes are common• Expertise is limited
  • 32. POLL
  • 33. Page 33ICS Dos and Don’ts• Don’ts• Run a traditional vulnerability scanner on ICSdevices/software• Expect traditional tools to identify vulnerabilities with ICSsoftware• Expect notification of vulnerabilities• Expect centralized patch management from vendors
  • 34. Page 34ICS Dos and Don’ts• Do• Identify where your ICS is on the network• Identify the paths to reaching ICS• Monitor paths to ICS devices• Identify users/engineers that work with ICS
  • 35. QUESTIONS
  • 36. Page 36Next Webinar“Introducing the Co3 Security Module”• IR for security incidents: malware, systemintrusion, DDoS, etc.• Wednesday, May 1 @ 1 PM ET“One of the hottest products at RSA…”NETWORK WORLD – FEBRUARY 2013“…an invaluable weapon when respondingto security incidents.”GOVERNMENT COMPUTER NEWS – APRIL 2013
  • 37. One Alewife Center, Suite 450Cambridge, MA 02140PHONE 617.206.3900WWW.CO3SYS.COM“Co3 Systems makes the process ofplanning for a nightmare scenario aspainless as possible, making it an Editors’Choice.”PC MAGAZINE, EDITOR’S CHOICE“Co3…defines what software packagesfor privacy look like.”GARTNER“Platform is comprehensive, userfriendly, and very well designed.”PONEMON INSTITUTEBilly RiosTechnical DirectorCylancebrios@cylance.comwww.cylance.com