• Save
Critical Infrastructure Security by Subodh Belgi
Upcoming SlideShare
Loading in...5
×
 

Critical Infrastructure Security by Subodh Belgi

on

  • 941 views

Industrial Automation & Control Systems are an integral part of various manufacturing & process industries as well as national critical infrastructure. Concerns regarding cyber-security of control ...

Industrial Automation & Control Systems are an integral part of various manufacturing & process industries as well as national critical infrastructure. Concerns regarding cyber-security of control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to corporate networks. These concerns have led to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain. Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability and performance can preclude using contemporary cyber-security solutions. To address cyber-security issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required. The session will highlight some of the latest cyber security risks faced by industrial automation and control systems along with essential security controls & countermeasures.

Statistics

Views

Total Views
941
Views on SlideShare
903
Embed Views
38

Actions

Likes
1
Downloads
5
Comments
0

2 Embeds 38

http://www.clubhack.tv 37
http://115.112.206.131 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Performance – Real time response is critical, May not require high-throughput Controls should not hamper normal or emergency operations Availability – Very high uptime requirement, Outages are not acceptable and may result into physical events, simply rebooting IT systems is not the solution, downtime planning is critical and any changes require extensive testingSecurity Goals differ – Availability is priority, unlike confidentiality for IT systemsResource Constraints – Compute power, memory, bandwidth limitation Typical IT security solutions do consume lot of computing resourcesLong Technology Life Cycle – 10-20 years compared to 3-5 years for IT. Proprietary and complex & non standard systems and communication protocols, not easy to deploy usual IT security solutions in IACS spaceSecurity Staff – Expertise widely differ, Control systems expertise is not available with typical IT staff, require special training and staff development

Critical Infrastructure Security by Subodh Belgi Critical Infrastructure Security by Subodh Belgi Presentation Transcript

  • Subodh BelgiVP & Chief Security Evangelist
  • Critical Infrastructure & Control Systems• Modern society is dependent on several critical infrastructure industries• Industrial Control Systems (SCADA/DCS/PLCs) are extensively used to manage the operation of critical infrastructure Copyright © 2012 MIEL e-Security Pvt. Ltd. 2
  • Critical Infrastructure is Under Attack !! Copyright © 2012 MIEL e-Security Pvt. Ltd. 3 View slide
  • SCADA/Control Systems Becoming Easy Target.. Copyright © 2012 MIEL e-Security Pvt. Ltd. 4 View slide
  • Stuxnet Attack – The Wakeup Call !• Most sophisticated and targeted attack on Industrial Control Systems• Disabling specific types of drives used in Uranium Enrichment process by infecting a specific model of Siemens PLC• 7 different modes of propagation, 4 different zero day vulnerabilities exploited• 2 rootkits – For windows and Siemens PLC• Using stolen certificates to sign the rootkit code• Remote command & control• P2P update capability Copyright © 2012 MIEL e-Security Pvt. Ltd. 5
  • ICS Security : Risk Drivers Increased Connectivity• Need for ‘REAL TIME’ information, for taking Informed decisions.• Control systems are linked to corporate information systems & networks. Open Technology • Increasingly using standardized IT Technologies • IP based network for PLCs, DCS, IEDs, Field devices etc. Copyright © 2012 MIEL e-Security Pvt. Ltd. 6
  • ICS Security : Risk Drivers Design Limitations • Historically, designed for productivity, safety and reliability • Security by obscurity – Proprietary protocols, air gapped network Lack of Cyber Security Awareness• Enterprise IT Security professionals lack control systems expertise• Control systems professionals not aware of security issues and controls Copyright © 2012 MIEL e-Security Pvt. Ltd. 7
  • Industrial Control Systems in an Organization Copyright © 2012 MIEL e-Security Pvt. Ltd. 8
  • ICS Security Not Same as IT Security Topic IT Systems Industrial Control Systems Typical Lifespan 3-5 years 10-15 years Security Awareness Good Poor, except physical Time Critical Content Generally delays accepted Critical due to safety Availability Occasional downtime 24x7x365 accepted Security Testing/Audit Scheduled, mandated Occasional, uncommon Patch Management Regular, Scheduled Slow, vendor dependent Change Management Regular, scheduled Uncommon Security Controls Extensively deployed Uncommon, except safety related Business Impact Disruption, Monetary Loss, Loss of Life, Loss of Business, Legal sanctions Physical Damage, Environmental Impact, National Security & Economy Copyright © 2012 MIEL e-Security Pvt. Ltd. 9
  • Who are the Adversaries?• Usual Suspects.. – Script Kiddies – Hackers – Cyber Criminals – Malware Authors/Operators – Organized Crime Groups• Growing Threat.. – Industrial Espionage – Hacktivists – Disgruntled Insiders – State Sponsored Terrorists – Foreign Intelligence Agencies Copyright © 2012 MIEL e-Security Pvt. Ltd. 10
  • Reported Vulnerabilities – Tip of the Iceberg Inadequate Security Architecture & Design No Periodic Security Assessment/Audit Firewall Non-existent or Improperly Configured Unsecured Remote Access OS and Application Patches not Updated Use of Default Configuration, User Accounts Lack of Verifying Data Authenticity, Integrity Malware Protection not Installed Copyright © 2012 MIEL e-Security Pvt. Ltd. 11
  • Critical Infrastructure SecurityChallenges & Opportunities 12
  • Typical ICS Architecture Copyright © 2012 MIEL e-Security Pvt. Ltd. 13
  • ICS Communication Protocols• SCADA Modbus, DNP3, ICCP, IEC 60870, IEC 61850• DCS/Process Automation CIP, ControlNet, DeviceNet, DirectNet, EtherCAT, EtherNet/IP, EtherNet Powerlink, HART, Fieldbus, Modbus, Hostlink, Modbus RTU, Modbus TCP, Profibus, ProfiNet, RAPIENet, Honeywell SDS, SERCOS III, GE SRTP, Sinec, OPC, OPC UA• Smart Buildings/Meters/Vehicles BACnet, C-Bus, CC-Link, Dynet, LonTalk, S-Bus, VSCP, xAP, X10, Zigbee ANSI C12.18, DLMS/IEC 62056, IEC 61107, M-Bus, Zigbee Smart Energy CAN, DC-Bus, FlexRay, IEBus, J1708, J1939, VAN, SMARTWireX, LIN Copyright © 2012 MIEL e-Security Pvt. Ltd. 14
  • ICS Communication Protocols – Challenges• Lack of Authentication - Works with device addresses and function codes• Lack of Encryption - Command and addresses sent in clear-text• Lack of Message Integrity - No data validity checking• Broadcast Functionality - All devices receive all messages• Programmability - Able to program controllers, PLCs and RTUs• Susceptible to Message spoofing, MITM, DOS attacks• Protocols not supported by commercial firewalls• Not supported by security tools – Snort, Wireshark Copyright © 2012 MIEL e-Security Pvt. Ltd. 15
  • Automation Devices – Controllers, PLC, RTUs, IEDs…• Used for Communication, Control, I/O, Protection, Monitoring, Metering etc.• Runs vxworks, embedded linux/windows, or proprietary OS on custom hardware• TCP/IP connectivity• Lack of basic security features• Highly susceptible to cyber attacks Copyright © 2012 MIEL e-Security Pvt. Ltd. 16
  • Automation Devices – Challenges Copyright © 2012 MIEL e-Security Pvt. Ltd. 17
  • How Could You Contribute ?Building Research Community Focused on Industrial ControlSystems Security  Network Protocol Analysis  Firmware Analysis/Hacking  Embedded Systems Hacking  Vulnerability Analysis  Exploit Development  Malware Analysis  Security Tools Development Copyright © 2012 MIEL e-Security Pvt. Ltd. 18
  • Thank you!Subodh Belgisbelgi@miel.in