Gettozero stealth industrial

457 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
457
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Gettozero stealth industrial

  1. 1. DatePresenter Name, Title Innovative Cyber-Security for the Industrial Sector Unisys Stealth™ Protects Your Critical Infrastructure from Cyber-Attack
  2. 2. © 2014 Unisys Corporation. All rights reserved. 2 Industrial Organizations are in the Cross-Hairs of Cyber-Attacks Accelerating frequency Greater sophistication When it comes to critical infrastructure, there can be no compromise. You must maintain 100% reliabily, 24/7 operations.
  3. 3. © 2014 Unisys Corporation. All rights reserved. 3 Global government mandates and regulations Risk assessments show high levels of vulnerability Act now… or it will cost more later Regulatory are Fueling the Need for Action © 2014 Unisys Corporation. All rights reserved. 3
  4. 4. © 2014 Unisys Corporation. All rights reserved. 4 • Current defenses are vulnerable and reactive • Legacy technologies must continually be patched and upgraded • Modernization poses greater risks in the future • IP theft is on the rise Bigger fortresses and air-gaps are too weak and too costly. Today’s Security Approach Is Not Good Enough Industrial organizations need stronger protection.
  5. 5. © 2014 Unisys Corporation. All rights reserved. 5 • Protect critical industrial automation systems • Secure data-in-motion across any network • Prevent multiple threats with one solution • Safeguard intellectual property • Protect the enterprise, not just SCADA endpoints There is a more secure and cost-effective way to protect your data and systems. Innovative Security Can Help You ‘Get to Zero’ Go invisible. Reduce your attack surface. Incidents
  6. 6. © 2014 Unisys Corporation. All rights reserved. 6 You can’t hack what you can’t see… Stealth is What Innovative Security Looks LikeWhat a Hacker Sees When Enabled • Layered security for mission-critical protection • Scalable and incrementally implemented – with no disruption • Makes endpoints invisible, tightens access control, protects data-in-motion
  7. 7. © 2014 Unisys Corporation. All rights reserved. 7 Stealth is Truly Innovative Security Technology COMMUNICATING SPLIT PORTIONS OF A DATA SET ACROSS MULTIPLE DATA PATHS WORKGROUP KEY WRAPPING FOR COMMUNITY OF INTEREST MEMBERSHIP AUTHENTICATION GATEWAY FOR SECURING DATA TO/FROM A PRIVATE NETWORK SECURING AND PARTITIONING DATA-IN-MOTION USING A COMMUNITY-OF-INTEREST KEY INTEGRATED MULTI-LEVEL SECURITY SYSTEM SECURING MULTICAST DATA PATENTS World-class intellectual propertyUnisys Stealth is protected by more than 60 issued or pending U.S. patents and patent applications.
  8. 8. © 2014 Unisys Corporation. All rights reserved. 8 Crypto-Module JFCOM JIL Testbed IO Range DIACAP – DoD Information Assurance Certification and Accreditation Process MAC – Mission Assurance Category (Level 1 is Highest) DISA – Defense Systems Information Agency EUCOM – European Command SOCOM – Special Operations Command JFCOM – JOINT Forces Command JIL – Joint Intelligence Laboratory CWID – Coalition Warrior Interoperability Demonstration JUICE – Joint User Interoperability Communications Exercise CECOM – Communications Electronics Command (US Army) GTRI – Georgia Tech Research Institute DJC2 – Deployable Joint Command and Control NIST – National Institute of Standards and Technology NIAP – National Information Assurance Partnership 2005 2006 2007 2008 2009 2010 2011 CWID 08 DISA CWID 09 DISA JUICE 09 CECOM Combined Endeavour EUCOM CWID 05 USAF CWID 10 SOCOM GTRI DJC2 PMO SPAWAR Private Lab SSVT Validation: Failed to compromise “Large Integrator” Tests and fails to break Stealth IV&V National Center for Counter-terrorism and Cybercrime SOCOM Export License Dept of Commerce FIPS 140-2 Certification NIST EAL4+ Certification NIAP Unisys Stealth DIACAP MAC-1 Certification CWID 10 Network Risk Assessment CWID 05 AF Comm Agency DIACAP MAC-1 Certification JFCOM SOCOM R&D Prototype 2012 Emerald Warrior ‘12 SIPRNet IATT 2013 Independent Test Client-hired 3rd party: Failed to compromise And again… Different client, different tester: Failed to compromise And again… Commercial & Pub Sector Stealth Has Been Tested by the Best in the World
  9. 9. © 2014 Unisys Corporation. All rights reserved. 9 Mobile Apps SCADA ICS HMI How Stealth Protects Industrial Controls Cloaked Endpoints 256-bit Encryption Communities of Interest Reduce Your Attack Surface You Can’t Hack What You Can’t See
  10. 10. © 2014 Unisys Corporation. All rights reserved. 10 Sample Use Cases: Protect What Matters Most Manufacturing Guard ERP and shop-floor integration Chemical Processing Improve safety, prevent ICS damage and IP theft Oil and Gas Production Keep pipelines, well heads, IP, and remote operations secure © 2014 Unisys Corporation. All rights reserved. 10
  11. 11. © 2014 Unisys Corporation. All rights reserved. 11 Business Risk Challenges • Good Enough • Non-compliant • Security profile varied Business Cost Challenges • Complex hardware deployment • Financial impact of breach • Private networks Operational Challenges • Afraid to change anything • Management by location • Integrating multiple solutions Risk Convenience CostSecurity Agility Cost Reduction Stealth Security • Reduces attack surface • Facilitates compliance • Contained compromise Stealth Cost Reduction Potential • Leverage cost benefits of cloud • Prevent rather than remediate • Significantly reduce IT costs Stealth Agility • Software-defined networking • Incremental, non-disruptive • No application changes Why Stealth Now? © 2014 Unisys Corporation. All rights reserved. 11
  12. 12. © 2014 Unisys Corporation. All rights reserved. 12 A non-US department of defense agency uses Stealth in a secure virtual desktop infrastructure solution A US government agency uses Stealth for secure telecommuting Large science company is implementing Stealth to protect its process control environment and safeguard its IP A healthcare organization is using Stealth to verify secure transmission of data between multiple hospitals Industry leader in graphical processors securing remote access to virtual desktops, and segmenting the internal network with COI to secure to sensitive data Brazil service provider to Public Sector social services using Stealth to securely transmit copies of disk images between multiple sites PCI DSS compliance for point of sale environment; conventional approach buying new switches and firewalls was too expensive Unisys uses Stealth to secure and protect our high-value application and database servers, for secure remote telecommuting and regional isolation Clients with Zero Tolerance for Breaches Use Stealth
  13. 13. © 2014 Unisys Corporation. All rights reserved. 13 Don’t Just Take Our Word For It “Unisys markets the product with the tag line, “you can’t hack what you can’t see,” and we have to agree with them.” “Stealth is an interesting product that might just be a great way to hide from hackers.” - David Strom, editor-in-chief, Network World Finalist: announcement Sept 2014 Click to view May 2014 Stealth product review Winner: Cybersecurity Product of the Year 2014
  14. 14. © 2014 Unisys Corporation. All rights reserved. Thank you.
  15. 15. © 2014 Unisys Corporation. All rights reserved. Sub-Vertical Slides
  16. 16. © 2014 Unisys Corporation. All rights reserved. 16 How to use this deck Replace slide #10 of the main presentation (Sample Use Cases) with the appropriate set of sub-vertical slides • Industrial has three sub-verticals to choose from : – Manufacturing – Chemical Processing – Oil and Gad Production
  17. 17. © 2014 Unisys Corporation. All rights reserved.© 2014 Unisys Corporation. All rights reserved. Manufacturing Cyber Threats Section DELETE the Use Case slide from the Industrial Core PPT Deck and insert the Manufacturing slides from this deck
  18. 18. © 2014 Unisys Corporation. All rights reserved. 18 Top Three Manufacturing Cyber Targets 1. ICS/SCADA: New controls and all-digital infrastructures create vulnerabilities 2. Command and control software: Hackers and malicious code target Human-Machine Interfaces (HMI) and Machine Execution Systems (MES) 3. Intellectual property: Backdoor hacks can steal valuable industrial assets
  19. 19. © 2014 Unisys Corporation. All rights reserved. 19 Recent Events 600%+ increase in ICS/SCADA vulnerabilities from 2010 to 2013 Over 25% ICS/SCADA cyber-attacks on Industrial sector in 2013 In 2013, a major ICS/SCADA supplier infected with malware
  20. 20. © 2014 Unisys Corporation. All rights reserved. 20 Command and Control Software Vulnerabilities HMI and MES Advantages for Manufacturing • Can help tie shop floor visibility to ERP systems • Result is reduced time-to-market and greater operational efficiencies Vulnerabilities • Runs on off-the-shelf OSs, known hacker targets • MES-Enterprise software gaps • Hackers and viruses have multiple entry points © 2014 Unisys Corporation. All rights reserved. 20
  21. 21. © 2014 Unisys Corporation. All rights reserved. 21 • Intelligent Control Circuit (ICC) • Supervisory Control and Data Acquisition (SCADA) • Remote Terminal Unit (RTU) • In field ICS/SCADA: most never designed for IP-connectivity • Mixture of old (analog) and new devices in field • Connectivity to control center via cell, radio, wireless, Ethernet and fiber Industrial Control Attack Surfaces exploitable vulnerabilities in 1,330 models of control devices1 More than 2,600 © 2014 Unisys Corporation. All rights reserved. 211 SCADA and Security of Critical Infrastructure. InfoSec Institute. |
  22. 22. © 2014 Unisys Corporation. All rights reserved. 22 Go to the MANUFACTURING Core PPT Deck Continue with the Stealth value proposition slides
  23. 23. © 2014 Unisys Corporation. All rights reserved.© 2014 Unisys Corporation. All rights reserved. Chemical Processing Cyber Threats DELETE the Use Case slide from the Industrial Core PPT Deck and insert the Chemical Processing slides from this deck
  24. 24. © 2014 Unisys Corporation. All rights reserved. 24 Top Three Chemical Processing Cyber Targets 1. ICS/SCADA: Increased vulnerabilities as more and newer devices enter market 2. Command and control software: Human-Machine Interface (HMI) and Machine Execution System (MES) software targets 3. Theft of intellectual property: Proprietary processes and formulas at risk
  25. 25. © 2014 Unisys Corporation. All rights reserved. 25 Recent Events 600%+ increase in ICS/SCADA vulnerabilities from 2010 to 2013 277ICS/SCADA cyber-attacks voluntarily reported in 2013 48chemical and defense plants breached with Nitro virus in 2014
  26. 26. © 2014 Unisys Corporation. All rights reserved. 26 Command and Control Software Vulnerabilities Human-Machine Interface (HMI) Programs for Chemical Processing Command and Control Centers • Proprietary software (supply chain compromise, bugs, questionable security measures) • Runs on off-the-shelf OS, known hacker target • Must be patched and maintained © 2014 Unisys Corporation. All rights reserved. 26
  27. 27. © 2014 Unisys Corporation. All rights reserved. 27 • Intelligent Control Circuit (ICC) • Supervisory Control and Data Acquisition (SCADA) • Remote Terminal Unit (RTU) • Mixture of old (analog) and new devices • Moving from analog to digital systems Chemical Processing Control Attack Surfaces exploitable vulnerabilities in 1,330 models of control devices1 More than 2,600 © 2014 Unisys Corporation. All rights reserved. 271 SCADA and Security of Critical Infrastructure. InfoSec Institute. |
  28. 28. © 2014 Unisys Corporation. All rights reserved. 28 Go to the Industrial Core PPT Deck Continue with the Stealth value proposition slides
  29. 29. © 2014 Unisys Corporation. All rights reserved.© 2014 Unisys Corporation. All rights reserved. Oil and Gas Cyber Threats DELETE the Use Case slide from the Industrial Core PPT Deck and insert the Oil and Gas slides from this deck
  30. 30. © 2014 Unisys Corporation. All rights reserved. 30 Pipeline Cyber Attack “Cyberspies linked to China’s military targeted nearly two dozen US natural gas pipeline operators over a recent six-month period, stealing information that could be used to sabotage US gas pipelines, according to a restricted US government report and a source familiar with the government investigation.” – Christian Science Monitor February 27, 2013
  31. 31. © 2014 Unisys Corporation. All rights reserved. 31 Recent Events 600%+ increase in ICS/SCADA vulnerabilities from 2010 to 2013 Data Theft besieges Oil Industry Compromising industrial facilities from 40 milesaway
  32. 32. © 2014 Unisys Corporation. All rights reserved. 32 Command and Control Software Vulnerabilities Human-Machine Interface (HMI) Programs for Oil and Gas Production Command and Control Centers • Proprietary software (supply chain compromise, bugs, questionable security measures) • Runs on off-the-shelf OSs, known hacker targets Mobile Controls • Remote operation of gas and oil rigs/well-heads at risk from hacks and viruses © 2014 Unisys Corporation. All rights reserved. 32
  33. 33. © 2014 Unisys Corporation. All rights reserved. 33 • Intelligent Control Circuit (ICC) • Supervisory Control and Data Acquisition (SCADA) • Remote Terminal Unit (RTU) • In field ICS/SCADA: most never designed for IP-connectivity • Mixture of old (analog) and new devices in field • Connectivity to control center via cell, radio, wireless, Ethernet and fiber Oil and Gas Production Control Attack Surfaces exploitable vulnerabilities in 1,330 models of control devices1 More than 2,600 © 2014 Unisys Corporation. All rights reserved. 331 SCADA and Security of Critical Infrastructure. InfoSec Institute. |
  34. 34. © 2014 Unisys Corporation. All rights reserved. 34 Go to the Industrial Core PPT Deck Continue with the Stealth value proposition slides
  35. 35. © 2014 Unisys Corporation. All rights reserved. Appendix Technical Slides
  36. 36. © 2014 Unisys Corporation. All rights reserved. 36 Info Dispersal Algorithm and Data Reconstitution Virtual Communities of Interest (COI) Cryptographic Service Module AES 256 Encryption You can’t hack what you can’t see… Protect Data-in-Motion Make Endpoints Invisible Executes Low in the Protocol Stack Stealth Shim 7. Application 6. Presentation 5. Session 4. Transport 3. Network 1. Physical 2. Link NIC Stealth: Four Key Elements
  37. 37. © 2014 Unisys Corporation. All rights reserved. 37 How We Cloak TCP UDP DHCP ARPIP Stealth Driver credentials authorized into COI MAC Layer 2 Layer 3 Layer 4 Message from COI member processed Message from COI member discarded Message from non-Stealth endpoint discarded Unisys Stealth Endpoint Driver
  38. 38. © 2014 Unisys Corporation. All rights reserved. 38 Stealth for Critical Infrastructure EAL4+ FIPS 140-2 Internet Control Bus Terminal Bus Enterprise Network HMI EWS CCTV ServerHistorianOPC ServerDomain Controller Plant Firewall Corporate Firewall Control Firewall Alarm Aggregation EPA DatabaseERPRTU HMI Application Server Plant Bus Hardwired Instrumentation Field Bus to Instrumentation Hardwired Instrumentation PLC PLC PLC PLC • Identify the most sensitive endpoints in the critical infrastructure and who should have access • Create compartmentalized security model based on need-to-access • Protect and enforce the security model with strong end-to-end encryption, properly managed keys and CLOAKED endpoints
  39. 39. © 2014 Unisys Corporation. All rights reserved. 39 Unisys Stealth protects critical app processing environments through cloaking techniques— effectively rendering them invisible and providing protection from internal and external threats Unisys Stealth for Mobile extends the protection of these mission-critical assets to mobile environments— providing only the right mobile users access to the right environments Email Server Unprotected Protected Server (Phys or VM) Protected App Server Protected Database Server Mobile Security starts in the data center and extends out to your mobile devices Unisys Stealth for Mobile
  40. 40. © 2014 Unisys Corporation. All rights reserved. 40 Application Wrapping Software Stealth Data Center Segmentation Email Server Unprotected Protected Server (Phys or VM) Protected App Server Protected Database Server Stealth for Mobile Gateway vDR vDR Broker Wraps individual applications on a device—enabling fine-grained security controls to be applied to individual applications Provides secure passage for mobile data to application processing environments— connects authenticated mobile application users into Stealth Communities of Interest Compartmentalizes data center using Communities of Interest instead of physical infrastructure Unisys Stealth for Mobile Three Components
  41. 41. © 2014 Unisys Corporation. All rights reserved. 41 Stealth for Mobile Software Legal Finance Stealth Authorization Service Stealth Appliance VPN Server DMZ (Audit, IDS) Broker vDR vDR Enterprise Identity Store Internet Wrapped applications Stealth-Enabled Mobile App • Captures user credentials • Wrapped for security IPsec Connection Gateway • Off-the-shelf IPsec VPN gateway Mobile Stealth Gateway • Broker – Authorizes users – Manages vDRs’ COIs • Virtual Device Relay (vDR) – Relays data between app and Stealth network Stealth Network DMZ • Clear-text network segment • Allows monitoring, firewalling, etc. Unisys Stealth for Mobile Architecture

×