Your SlideShare is downloading. ×

Scada Security


Published on

Published in: Business, Technology

  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • So security for critical infrastructure is now an issue around the world. Because these systems are no longer isolated, they need to be protected from Internet-borne threats that can come in through the corporate IT network.Typical IT security products rely heavily on the need to take down the network on a regular basis for maintenance, security patches, and signature updates. While a signature file update can only take a few minutes, in a controlled system like the power grid, that would constitute a denial of service, causing outages and service disruptions.Non-employees are now being given access to the control networks as well. Separate entities, like the Independent Systems Operators, need to aggregate power between multiple companies.Remote access poses its own security risks and hacking into wired or wireless communications is fairly routine.Since critical systems were never designed with security in mind, it can be extremely difficult to diagnose an attack. In a famous case in Australia in 2000, an attacker was able to penetrate a water treatment plant over 20 times before they even realized they were under attack. The hacker was caught after his 46th infiltration, but it was already too late. His hacking caused a pumping station to overflow, dumping raw sewage into a residential neighborhood and tidal canal.In addition, there are about 1500 potential regulations and standards that these industries could be subject to. It’s almost a guarantee that every company is out of compliance with SOMETHING.And don’t think that the hacker community hasn’t been aware of these vulnerabilities. Chatter on hacker sites using “control systems” or “scada” as key words has grown astronomically over the last 2 years. And it only takes one talented hacker … or one disgruntled employee … to give away the keys to the kingdom to every miscreant on the planet.
  • Here are the 9 CIP standards. Secure Computing can provide solutions for almost every CIP standard. The only one that we can’t help with is physical security.These regulations have some real teeth in them, too. While it might seem like the target date to be “auditably” compliant is far off, it really isn’t based on the amount of thought and planning that needs to go into making critical infrastructure really secure. And that planning will pay off. Companies who meet the deadlines will be spared the fines of up to $1 million US per day.Now let’s discuss the four most critical ones where Secure Computing can help you meet and exceed CIP requirements.
  • The first is to protect the critical network from everything else … whether it’s the IT corporate network or an independent systems’ operator … the control network must be segmented and secured.The second is to control users … everything from allowing access to monitoring their behaviour in the network. Insiders pose the greatest risks … the best protection is monitoring and control.The third is protection of critical asset information. If network schematics or topologies were to fall into the wrong hands, serious damage could ensue.And lastly, these all need to be done without jeopardizing the business reasons for the networks’ existence .. Availability, integrity and reliability.
  • Transcript

    • 1. Secure SCADA
      supervisory control and data acquisition
      Presenter: Tal Ein-Habar, CISSP
      Security Architect
    • 2. What is SCADA Network?
      Government Services
      Transportation (Road, rail, air, local public transportation, hazardous materials)
      Energy (Electrical utility transmission & distribution, oil and gas pipelines, nuclear materials & power)
      Water Controls (Dams, levees,reservoirs)
      Public Health (Hospitals, disease control)
      Services (Fire and police departments)
      Defense Industrial Base
      Critical Infrastructures
      Industry (Petroleum, hazardous waste)
      State & Municipal Services (Safe water systems, waste disposal)
      And Finance (Trading systems, automated clearinghouse network, ATM networks)
      Telecommunications (Broadcast television and radio)
      Postal & Shipping
    • 3. Why Security Is An Issue ?
      Connections to IT networks are now the norm
      Normal security maintenance causes disruptions and outages
      Remote access suffers from wireless and radio communication vulnerabilities
      Critical asset information is unsecured
      Security forensics are almost non-existent
      Identification of cyber attacks is difficult to impossible
      > 1500 potential and existing regulations and standards
      Control systems are on the hackers’ radar
      Specific malware has already been created and downloadable
      Insiders pose biggest threat
      75-80% of incidents have been caused by current employees
    • 4. Threat is changing
      Countries are looking at Cyber war as primary & legitimate way of Damaging their opponents
      The incentive for using cyberwar are:
      damage citizens to lead into chaos / changing political policy
      Acting from religious / political agenda
      Cyberwar is intended to create fear on the remote populations
    • 5. Attacks are here …
      דני יתום, לשעבר ראש המוסד, חושף:
      "ארגוני הטרור הגדולים מפעילים כיום אקדמיות לפיגועים מקוונים"
      • ככל שמדינה מבססת יותר ויותר את תשתיותיה הלאומיות על רשת האינטרנט הציבורית והפתוחה - כך היא חושפת עצמה לסכנת טרור קיברנטי הולכת וגדלה, לפריצה ולשיבוש מערכות מוחלט"
      • 6. מדינות בעולם מודעות לפגיעה אפשרית בתשתיות שלהן והן חוששות ממנה: תקשורת, בנקאות, חשמל, אנרגיה, נפט, שינוע גז, מים, תחבורה, שירותי חירום ושירותי ממשלה, "כולן יכולות לקרוס במקרה התקפה קיברנטית.
    • Attacks are here …
      Russian Hackers Attack an Azerbaijani Energy Pipeline
      Aviation week reported that Russian hackers attacked servers controlling an energy pipeline carrying gas from Azerbaijan to Europe bypassing Russia.
      The hacker attacks caused suspension in the pipeline operations, forcing the operating company to redirect the oil through Baku-Novorossiysk Russian pipeline.
      Georgian websites claim that the attacks had the same IPs as those of Estonian websites DDos during the 2007 Estonian Cyber attacks.
      Information Security News 08/24/2009
    • 7. Attacks are here …
      • Cyber Terror
      “CIA Confirms Cyber Attack Caused Multi-City Power Outage: We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, butall involved intrusions through the Internet.”
      (SANS Organization - January 18, 2008. )
      • Cyber CRIME
      “Federal prosecutors have charged 11 people with stealing more than 41 million credit and debit card numbers, cracking what officials said on Tuesday appeared to be the largest hacking and identity theft ring ever exposed. … Once the thieves identified technical weaknesses in the networks, they installed so-called sniffer programs, obtained from collaborators overseas.”
      (New York Times – 5 August 2008)
      • Cyber WARFARE
      ““While Russia and Estonia are embroiled in their worst dispute since the collapse of the Soviet Union, a row that erupted at the end of last month over the Estonians' removal of the Bronze Soldier Soviet war memorial in central Tallinn, the country has been subjected to a barrage of cyber warfare, disabling the websites of government ministries, political parties, newspapers, banks, and companies.
      (The Guardian, May 17, 2007)
    • 8. Where is the problem
      We divide the problem into several main segments:
      Connection between control networks & their sensor’s
      Connection between Control network & IT network
      Remote management of critical Infrastructure
    • 9. Sample Network Design
    • 10. 9 Critical Infrastructure Protection (CIP) Standards
      Affected companies must be “auditably” compliance by mid-2010
      Compliance must be re-confirmed annually
      Consequence of non-compliance:
      Up to $1m USD per day
    • 11. 4 Design Requirements
      Segment and Protect Critical Infrastructure Assets from Interconnected Networks
      Know Who Has Access and What They’re Doing in the Network
      Protect Information about Critical Infrastructure Assets from Data Leakage
      Implement Strong Security without Jeopardizing Availability, Integrity, and Reliability Requirements
    • 12. Vendors
    • 13. Waterfall
      • פריסה של מערך שערים חד כיוונים לכל הקישורים לעולם החיצוני.
      • 14. ניתן למנף את יכולות השערים הללו לשם ביצוע בבטחון מלא , של :
      • 15. שליחת סטטוס שוטף למרכזי ניטור ובקרה מרוחקים.
      • 16. שליחת נתוני ייצור לרשת הארגונית.
      • 17. ניהול מבוקר של פעולות תחזוקה בחומרות המפוקחות.
      • 18. יתרונות השיטה - A Win-Win situation :
      • 19. הפרדה חלקית / קישור חלקי.
      • 20. הדרישות העסקיות באות על סיפוקן ( הגישה המסורתית) .
      • 21. בטחון ברמה הגבוהה ביותר ( הגישה הקפדנית ) .
    • 22. Waterfall
      קישור חד כיווני מוחלט בין רשתות בעלות סיווג / רגישות שונה זו מזו
      • המערכת הינה חד כיוונית לחלוטין על בסיס תקשורת אופטית .
      • 23. שני רכיבי חומרה אחד לשליחה בלבד –TX והשני לקבלה בלבד –RX .
      • 24. הרכיבים שונים זה מזה ברמת החומרה , לא ניתן להפוך ליחידת שידור ליחידת קליטה וההיפך .
      • 25. הפרוטוקול הינו חד כיווני בתיכנונו כך שאינו מחייב ACKs אינו מצטריך תהליך ראשוני של Hand Shake ואינו פונה בבקשת מיידע לאחור בשום מקרה שהוא.
      • 26. המוצר תומך בכל שיטות העברת הקבצים הקיימות =ביכולתו להעבירכל מיידע באשר הוא המוגדר כקובץ . בין אם מדובר במיידע מוצפן , קבצי ZIP , קבצי דואר , קבצים שמקורם בעברת FTP , וכו'
      Hardware Based One-Way Data-Flow Gate
      Laser – Transmit Only
      Photocell– Receive Only
    • 27. Waterfall
      פתרון קל להטמעה :
      • העברת פקטות מידע ( UDP , TCP ) .
      • 28. העברת קבצים ( כולל תקיית עצים ) .
      • 29. העברת Stream ( קול , וידאו ) .
      • 30. רפליקציה של DB .
      • 31. תמיכה ב Historians: OSISOFT , Siemens,GE .
      • 32. תמיכה בפרוטוקולים תעשייתים מובילים כמו :
      Modbus, OPC, DNP3, Profibus, ICCP
    • 33. Waterfall
      Waterfall One-Way™ includes connectors for :
      Leading Industrial Applications/Historians
      • OSISoft PI, GE iHistorian, GE iFIX
      • 34. GE OSM, Siemens WinTS, SINAUT
      Leading IT Monitoring Applications
      • Log Transfer, SNMP, SYSLOG
      • 35. CA Unicenter, CA SIM, HP OpenView
      • 36. Matrikon Alert Manager
      File/Folder Mirroring
      • Folder, tree mirroring, remote folders (CIFS)
      Remove Screen View™
      • Unidirectional transfer of real-time screen display capture
      Leading Industrial Protocols
      • Modbus, OPC (DA, HDA, A&&E)
      • 38. DNP3, ICCP
      Other connectors
      • UDP, TCP/IP
      • 39. Video/Audio stream transfer
      • 40. Mail server/mail box replication
      • 41. IBM Websphere MQ series
      • 42. Antivirus updater, patch (WSUS) updater
      • 43. Remote Print server
    • Waterfall
      ניטור מרחוק – הפתרון :
      • הקישור מבוצע באמצעות שער חד כיווני.
      • 44. הנכסים היקרים מאובטחים לחלוטין – אין יכולת כלשהי להגעה אליהם.
    • Waterfall
      מוצר חדש להעברת "מסכים": טופולוגיה אופיינית לחדר בקרה
      חדר בקרה
      רשת חיצונית
      Waterfall RSV שומר על הפרדה פיסית בין רשתות הבקרה לרשתות חיצוניות ומונע כל גישה "מבחוץ".
      Waterfall Tx
      Waterfall Rx
      Standard Browser
    • 45. McAfee is a trusted partner to many civil, military, and intelligence customers
      Secure Firewall (Sidewinder) is used in many sensitive and highly important networks around the world.
      Governments having deployments include:
    • 52. McAfee - Trust = Positive Security + Reputation
      Positive Secure Model:
      Everything is bad EXCEPT what is EXPLICITLY determined to be good
      In-depth understanding of individuals
      In-depth understanding of malicious practices
      In-depth understanding of applications
      Protects from both known, and zero-hour unknown attacks
      Inbound AccessControls
      Access Controls
      Stop KnownThreats
      Stop UnknownThreats
      Virus &
      Application Inspection
      Reputation Services
      Network Access Rules
      Auth & Role-based access
      Network Access Rules
      Auth & Role-based access
    • 53. McAfee – Design solution
    • 54. McAfee - Application Visibility & Control Case Studies
      Many customers depend upon the positive model & application proxies to protect critical apps and data:
      Database - Oracle & MS-SQL
      DOD– protects all Human Resources records (several million) held in Oracle
      Web App – HTTP/S
      Insurance–protects all in/out Web traffic using Sidewinder
      Retail– largest vacation travel provider uses for protecting inbound web traffic & PCI compliance
      Remote Access for Citrix
      Finance–protects the Citrix-delivered trading infrastructure of the largest stock exchange
      VOIP (SIP), DNS, FTP, etc.
      Finance – protects data transfers (FTP)
      Plant CML – largest worldwide 911 network MSP protects all VoIP
      Classified Agencies – secure imaging and intelligence data using the IIOP proxy
      Multiple Utilities –segment their network & control systems
      2 of out the 3 Largest Energy Producers –NERC CIP regulations