• Save
The 4horsemen of ics secapocalypse
Upcoming SlideShare
Loading in...5
×
 

The 4horsemen of ics secapocalypse

on

  • 465 views

What are the myths & legends around securing Industrial Controlled Systems? In a short presentation some of the day to day experiences are explained around problems/risks, fairy-tales around securing ...

What are the myths & legends around securing Industrial Controlled Systems? In a short presentation some of the day to day experiences are explained around problems/risks, fairy-tales around securing ICS. After reading the presentation will lead to start doing some homework....

Statistics

Views

Total Views
465
Views on SlideShare
463
Embed Views
2

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 2

http://www.linkedin.com 1
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

The 4horsemen of ics secapocalypse The 4horsemen of ics secapocalypse Presentation Transcript

  • “The four horsemen of the ICS security apocalypse” Christiaan Beek Director of Incident Response & Forensics EMEA
  • What to expect v Intro v ICS security a myth? v The Four Horsemen v Wrap-up v Questions? Thanks @Beaker for approving the title of this presentation
  • Foundstone Foundstone Services – McAfee Strategic Security
  • McAfee Cyber Defense Center Incident Response Training Advanced Malware Analysis Strategic Services/ Assessments Contextual Threat intelligence SCADA assessments Mobile Forensics Computer Forensics McAfee CDC in Dubai
  • Forensics and IR Lead for EMEA Christiaan Beek •  Digital Forensics As an Enterprise Architect on the Foundstone Services team, Christiaan is the Head of and practice lead for the Incident Response and Forensics services team in EMEA. He has performed numerous forensic investigations from system compromise, theft, child pornography, malware infections, Advanced Persistent Threats (APT) and mobile devices. He has also participated as an expert witness for the Dutch Department of Justice in high-profile investigations and leading a team of computer forensics specialists assisting police with evidence recovery. •  Vulnerability Assessment and Network Penetration Testing Since 2000 Christiaan has been performing security assessments and penetration testing for companies in in almost every industry. •  Risk Assessment and Policy Development With extensive experience in PCI-DSS, Christiaan has assisted numerous international clients in Banking, Insurance, Government with their Risk Management strategy. As the Security Officer of the largest water company in the Netherlands, he developed IT security policies for both the data and SCADA networks. •  Foundstone Education Christiaan is the author and lead-instructor of the class ‘Malware Forensics and Incident Response’ (MFIRE). •  Hack Exposed Book Christiaan has co-authored the APT chapter in the new Hacking Exposed 7 book. Our Incident Response Team •  Most of the first responders have more than a decade of experience •  Many of them have participated in law enforcement investigations •  Our consultants write articles for digital forensics magazines, and well known security e-publications •  We teach forensics and malware analysis to governments and at globally-known conferences like… •  We participate in
  • ICS Security….. March6
  • The Four Horsemen of the Apocalypse are described in the Book of Revelation. The four riders are seen as symbolizing & represent the following powers: -  War -  Famine -  Death -  Pestilence
  • Horseman #1:
  • War: IT departments Corporate IT Production IT
  • War: Last 6 months.. Position Country 1 KSA 2 Iran 3 Egypt 4 UAE 5 Turkey Vertical Government Oil & Gas Financials Telco ISP Attack Types DDoS SQL injection Defacements Targeted malware Account Hijacking
  • Horseman #2:
  • Famine: Priorities ICS/SCADA perspective Availability Integrity Confidentiality IT perspective Confidentiality Integrity Availability
  • Famine: Incident Response v Handling incidents in an ICS environment is different v Forensics could be challenging v Where’s the evidence-data v Different OS & applications than corporate
  • Famine: People & Education v Lack of skilled, experienced and passionate people v  Not a lot of good education around v Only a few good books out there
  • Famine: sigh….. Some still don’t get it, So for once and for all: BASE64 is NOT encryption!
  • Horseman #3:
  • An Intel company
  • An Intel company Your ICS vendor We s..ck The MS09-XX patch cannot be applied for the next two years on our product…. Kind regards, your ICS vendor
  • Horseman # 4:
  • Easiness of attack: SCADA networks are attached to the corporate network or Internet. Exploiting of the systems is becoming easy… Background & S7 example: project IRAM – http://www.scadacs.org
  • Researchers focus more on exploits Still many firmware updates contain username & pwd in cleartext….
  • Don’t give up!!!
  • Initiatives v Many ICS vendors nowadays have a dedicated security team and are addressing vulnerabilities v Security vendors are partnering with ICS vendors to certify their products for the platforms used
  • How is McAfee contributing? EndpointNetworkData Corporate IT SCADA Device Network Enterprise Apps Ethernet, TCP/IP Modern Computers (Windows, Linux, Mac) SCADA, HMI Ethernet, Serial Legacy Computers (Windows) Ladder Logic Ethernet, Serial, Relays Special Function (Embedded OS)
  • McAfee is working with all major SCADA & ICS vendors to test, certify, and in many cases embed McAfee technology
  • Product Acceptance & Certification Currently Supported Products Cert’d OEM Integrity Control, Embedded Control, Device Control, HIPS, VirusScan Enterprise, AntiSpyware Enterprise, ePO, Roque System Detection, McAfee Agent Integrity Control, Embedded Control, Device Control Embedded Control, Device Control, HIPS, ePO, Enterprise Security Manager, IPS Integrity Control, Embedded Control, Device Control, HIPS, VirusScan Enterprise, AntiSpyware Enterprise, ePO, Rogue System Detection, McAfee Agent VirusScan Enterprise, Embedded Control ✔ ✔ ✔ OEM✔ Enterprise Security Manager, IPS VirusScan Enterprise, Embedded Control ✔ OEM✔ OEM✔ Process Management Vendor In October 2013, McAfee announced partnership with Yokogawa
  • Final thoughts….. •  What is your outside footprint? •  Do you know your critical assets? (they are not equal to a server or single system) •  Who’s responsible for what? •  When was your last assessment? •  Be realistic and agree on what risk is accepted •  What metrics do you use?