Is Your Data Center Ready for STUXNET?<br />Eric Gallant<br />Industry Author & Consultant <br />Lee Technologies<br />
Objectives:<br />Get you thinking differently about what cyber weapons are capable of.<br />Get you thinking differently a...
Agenda:<br />Discuss the tools and economic impact of cyber attacks.<br />Show how critical electrical and mechanical infr...
Weapons of Cyber attackers	<br />Malware<br />Viruses, Worms, Trojan Horses, Spyware, Adware, Tracking programs, Bots<br /...
Proliferation & Cost of Cyber Attacks<br />According to Symantec in 2008 “The rate of malware creation exceeds the rate of...
Physical Infrastructure Vulnerability <br />For data centers defending against cyber attacks is a nightmare for IT but not...
SCADA Technology Shifts<br />Dedicated mainframes replaced by off the shelf PCs and Servers<br />Operate in vulnerable Win...
Probing National Critical Infrastructure<br />4/09 WSJ Reports Chinese, Russians have attempted to map electrical grid<br ...
Aurora Generator Test<br /><ul><li>Spring 2008
DoEnergy/DOHS
Demonstrated  capability of an Internet attack to damage infrastructure
20 seconds to complete failure</li></li></ul><li>Stuxnet<br />STUXNET SCADA Worm<br />Discovered mid 2010<br />First PLC r...
Federal Response to Threat <br />US President Barack Obama stated, "It is now clear this cyber threat is one [of] the most...
Who Would Attack a Data Center? <br />Nation-states engaged in Cyberwar<br />Corporations<br />Criminal Organizations<br /...
News Since STUXNET<br />SKY News reported that the STUXNET source code had been sold on the black market<br />Anonymous re...
Solutions?<br />Better manufacturer SUPPORT<br />Better control system DESIGN<br />Better operational BEST PRACTICES<br />...
Recommendations:<br />Be aware of the threat<br />Close the gap between IT and facilities<br />Discuss and implement AV pr...
SITREP Summary<br />Cyber war is raging<br />A cyber super-weapon has been deployed<br />Weapons are now capable of crossi...
Upcoming SlideShare
Loading in...5
×

Is Your Data Center Ready for STUXNET?

853

Published on

Recently, a computer worm known as STUXNET was able to infiltrate an Iranian nuclear power facility and damage a number of uranium purification centrifuges. This is the first known malware with the ability to cause physical damage to electrical or mechanical devices.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
853
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
34
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • In January 2011 the NSA broke ground on a $1.6B Utah cybersecurity data center
  • In data centers one of the ways in which we address the requirement for high availability and uptime is redundancy.
  • We stated to hear warnings from IEEE, DOEnergy, Controls professional organizations that these changes had opened a door.
  • INELRequired a hacker actively involved in process
  • First malware to cross the boundary between the cyber and the real
  • Jan 2011 ground breaks on DHS cyber security data center in Utah estimated $1.6B project
  • The 2010 HBGary story
  • Transcript of "Is Your Data Center Ready for STUXNET?"

    1. 1. Is Your Data Center Ready for STUXNET?<br />Eric Gallant<br />Industry Author & Consultant <br />Lee Technologies<br />
    2. 2. Objectives:<br />Get you thinking differently about what cyber weapons are capable of.<br />Get you thinking differently about the vulnerability of data center infrastructure.<br />Provide some first steps you can use to help protect your facility <br />
    3. 3. Agenda:<br />Discuss the tools and economic impact of cyber attacks.<br />Show how critical electrical and mechanical infrastructure became vulnerable.<br />Discuss who would want to attack a data center and why.<br />Discuss solutions and recommendations.<br />
    4. 4. Weapons of Cyber attackers <br />Malware<br />Viruses, Worms, Trojan Horses, Spyware, Adware, Tracking programs, Bots<br />Hackers<br />Identity Theft, Spear-phishing, Data Theft, Denial of Service Attacks (DoS, DDoS), Espionage, Sabotage<br />These weapons are constantly evolving, endlessly creative and increasingly potent.<br />
    5. 5. Proliferation & Cost of Cyber Attacks<br />According to Symantec in 2008 “The rate of malware creation exceeds the rate of legitimate software”<br />In a 2009 speech President Obama said, “It's been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion.”<br />Between 1995 and 2000 cost of cyber attacks to worldwide business rose from $500M to $17B<br />
    6. 6. Physical Infrastructure Vulnerability <br />For data centers defending against cyber attacks is a nightmare for IT but not usually an issue for FACILITIES.<br />That dynamic is rapidly changing<br /><ul><li>Electrical and mechanical infrastructure has become vulnerable to catastrophic physical damage from hackers and malware.</li></li></ul><li>Attack Vector: SCADA Systems<br />Monitoring and Control Systems AKA: Supervisory Control and Data Acquisition (SCADA) Systems<br />Used extensively for automated functions in:<br />Complex Switchgear<br />Generator Systems<br />Mechanical Systems <br />Technology advances are making these control systems increasingly like IT systems and susceptible to the same cyber attacks.<br />
    7. 7. SCADA Technology Shifts<br />Dedicated mainframes replaced by off the shelf PCs and Servers<br />Operate in vulnerable Windows and Unix environments<br />Standardized, non-authenticated communication protocols<br />Sharing corporate network resources<br />
    8. 8. Probing National Critical Infrastructure<br />4/09 WSJ Reports Chinese, Russians have attempted to map electrical grid<br />No hostile intent?<br />No ability to cause physical damage?<br />
    9. 9. Aurora Generator Test<br /><ul><li>Spring 2008
    10. 10. DoEnergy/DOHS
    11. 11. Demonstrated capability of an Internet attack to damage infrastructure
    12. 12. 20 seconds to complete failure</li></li></ul><li>Stuxnet<br />STUXNET SCADA Worm<br />Discovered mid 2010<br />First PLC rootkit<br />Infiltrated SCADA systems at highly secure nuclear facility<br />Infiltrated control systems that were not connected to the Internet<br />Altered PLC code and concealed the changes from human operators<br />Caused speed changes in uranium purification centrifuges<br />Destroyed some centrifuges<br />Reportedly rendered batches of purified uranium unusable<br />
    13. 13. Federal Response to Threat <br />US President Barack Obama stated, "It is now clear this cyber threat is one [of] the most serious economic and national security challenges we face as a nation." <br />Stuxnet called a “game-changer” by DHS<br />Comprehensive National Cybersecurity Initiative (CNCI) <br />U.S. Federal Cybersecurity market valued at $55 billion (2010 – 2015), the market will grow steadily – at about 6.2% CAGR over the next six years.<br />Securing physical infrastructure vital to nation interests is a one of the fastest growing segments in the federal Cybersecurity market<br />
    14. 14. Who Would Attack a Data Center? <br />Nation-states engaged in Cyberwar<br />Corporations<br />Criminal Organizations<br />Targets of Opportunity<br />Hacktivists<br />Environmentalists<br />“Tyler Durden”<br />4/Chan Anonymous – HBGary<br />Terrorists<br />Asymmetric warfare<br />
    15. 15. News Since STUXNET<br />SKY News reported that the STUXNET source code had been sold on the black market<br />Anonymous reported that they are in possession of the STUXNET code<br />Richard Clark, terrorism expert under four presidents stated that, “cyber warfare has caused generators and pipelines to explode, trains to crash and financial systems to become confused. “<br />Ralph Langner “The next cyber weapon will be considerably cheaper, since much of the attack vector and the specifics of how to use automation equipment will simply be copied. Sabotage with the motivation of extortion will get a commonplace scenario. At this time targets are no longer limited to critical infrastructure but will especially cover the private sector—a TARGET-RICH AREA where it cannot be assumed that organizations will install countermeasures, large scale in a reasonable amount of time.”<br />
    16. 16. Solutions?<br />Better manufacturer SUPPORT<br />Better control system DESIGN<br />Better operational BEST PRACTICES<br />Better vendor management<br />Proactive malware and antivirus protection<br />
    17. 17. Recommendations:<br />Be aware of the threat<br />Close the gap between IT and facilities<br />Discuss and implement AV protection with equipment manufacturers and service providers<br />Don’t share network infrastructure<br />Understand your network map<br />Extend physical security to include equipment yards<br />Penetration testing/red team testing<br />
    18. 18. SITREP Summary<br />Cyber war is raging<br />A cyber super-weapon has been deployed<br />Weapons are now capable of crossing the boundary separating data from the real world<br />The weapon technology is proliferating<br />Everyone is a potential target <br />
    19. 19. Questions?<br />Contact:<br />egallant@leetechnologies.com<br />404-418-1409<br />
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×