SlideShare a Scribd company logo

[CLASS 2014] Palestra Técnica - Ilan Barda

TI Safe
TI Safe

Título da Palestra: Integração de segurança física e cibernética para sistemas SCADA distribuídos.

Technology
1 of 21
Download to read offline
Holistic Security for Critical Infrastructure Ilan Barda SCADA Security conference November 2014, Brasil
RADiFlow - Overview •Utilities deploy modern Distributed Automation devices connecting Remote locations over large-scale IP networks •Exposing Critical assets to Cyber Security Attacks - 2 - © Copyright 2014, RADiFlow Ltd. RADiFlow provides cyber security solutions for critical distributed automation networks
Growing Install-base - 3 - © Copyright 2014, RADiFlow Ltd.
Cyber Security deployments are lagging •Multiple cases of breaches in critical infrastructure •Multiple studies identified the critical gaps in cyber security •There is a hype of discussions and interest •… but deployments are lagging –Lack of strict regulations –Lack of financial incentives –Lack of blue-print solutions © Copyright 2014, RADiFlow Ltd.
Current OT Cyber Security practices •A Separate operation network is not necessarily secure •L2/L3 security is not sufficient –IP spoofing –VLAN hopping •Security in the control-center can be bypassed –Field to Field attack –Man-in-the-Middle attack - 5 - “smart grid cyber-security guidelines did not address an important element… risk of attacks that use both cyber and physical means” Electricity Grid Modernization; Report to Congressional requesters, US GAO, January 2011 © Copyright 2014, RADiFlow Ltd. A Holistic Security Solution is Required
Protecting Distributed SCADA from Insider Attacks Attack vector • Control-Center malware • Field-site breach • Man-in-the-Middle • Maintenance access Security Measure • Service-aware firewall • Distributed firewalls • Encryption • Identity Management © Copyright 2014, RADiFlow Ltd. HMI Engineering Station Controller1 Controller2 Dev1.2 Dev2.1 Dev2.2 Dev1.1 Facility1 Facility2 Control Center -6-
Distributed IPS for ICS networks • Per-user role-based validation of SCADA sessions – Applied to both IP & Serial devices • Deployment next to each end-point – Inline IPS or Virtual IDS • End-to-End support logic – Intuitive provisioning based on auto-learning – Event log with SOC tools integration -7- © Copyright 2014, RADiFlow Ltd. Protocol Header Function Code Function Parameters Ethernet & IP Header
Firewall use-case – Power meter logic •A field attack from a Smart- Grid site on other sites •SCADA firewall enables all monitoring commands - 8 - © Copyright 2014, RADiFlow Ltd. Data Center Control Center
Firewall use-case – RTU software update •The technician laptop infects the Engineering station in the control center •The Engineering station downloads new software to the field RTUs •Distributed SCADA firewall blocks access to the firmware address-range •Stuxnet scenario can be prevented - 9 - Eng. Station Sub-Station Control Center S.S. RTU Facility RTU IEC61850 IEDs Technician © Copyright 2014, RADiFlow Ltd.
Physical & Cyber security – Integrated solution •Correlate SCADA access rights to physical access-control indications •Validate user operations using DPI of SCADA commands •SCADA DPI integrated in field routers enabling distributed IPS deployment •Automatic learning of the normal traffic patterns of SCADA application •Integration with SIEM tool for roles provisioning and activity log - 10 - © Copyright 2014, RADiFlow Ltd. Restricted user operations in the cyber corridors of Distributed automation networks
Physical & IT & OT security – Integrated solution - 11 - © Copyright 2014, RADiFlow Ltd. Correlation of security events – PACS, IT, OT Detecting APT patterns Active Directory
Integrated security in a Ruggedized site gateway - 12 - Multi- Service Resilient Network Ruggedized System Secure Access Service Validation Service Management Operational Simplicity Defense-in-depth solution Solid infrastructure © Copyright 2014, RADiFlow Ltd.
Security solution validated by US Research Labs •Role Based IPS/IDS for SCADA Protocols •Securing Data Traffic (Legacy or IP) •Secure Authentication •Persistent, Reliable Logging •Integration with SOC tools - 13 - © Copyright 2014, RADiFlow Ltd.
Focus applications •Power T&D (Smart-Grid, Sub-station automation) © Copyright 2014, RADiFlow Ltd. •Smart-City, Safety and Security •Intelligent Transportation (Railways, Highways) •Drilling and Pipelines (Water, Oil & Gas) •Out-of-Band Maintenance (Telco, CATV)
Case Study – Sub-station LAN - 15 - Router + Firewall 1 Router + Firewall 2 High Availability VRRP Sub station LAN Primary Sub-Station MPLS PE 1 MPLS PE 2 Power Monitoring Serial RTU VoIP GW •IEC61850-3 compliant switch/router •IEC104/61850 Firewall •Inter-site IPSec VPN •Integration with PSIM MPLS carrier 1 Backbone MPLS Carrier 2 Backbone ETH RTU © Copyright 2014, RADiFlow Ltd. CCTV
Case Study – Consolidated Smart-Grid network •Mix of fiber and cellular backhauling •Regulation for Separate VPNs for AMI and DA - 16 - •Implementation highlights −Service-aware VPN functionality −IEC101/104 SCADA firewall −Fiber or cellular uplinks −Service-aware QoS for cellular network © Copyright 2014, RADiFlow Ltd.
Smart-City network infrastructure •Compact ruggedized switch for smart-city cabinets –Ethernet with PoE for CCTV –Serial and discrete I/O ports for simple automation devices –Cellular modem for backup •Integrated security mechanisms –IPSec VPN for public network –ModBus Firewall for automation devices •Integration with PSIM in control center - 17 - Traffic Control Message board Smart-City cabinet CCTV Control Center © Copyright 2014, RADiFlow Ltd.
Case Study – Highway automation & monitoring -18- Ring 1 Ring 6 Ring 1 Ring 6 Central site 1588 clock RS-232/485 Remote site Traffic control Security cameras Tetra base Message stations boards PoE 1588 clock sync QoS • Large-scale transportation control applications require – Scalable & resilient network architecture – Mixture of Ethernet, Serial & Discrete devices – ModBus firewall for critical automation services – PoE support for CCTV cameras – IEEE15888v2 support for radio synchronization © Copyright 2014, RADiFlow Ltd.
Case-study – Gas drilling sites - 19 - •Remote management from across the US –Connecting RTUs, CCTV and user LAN from each site •Main access via private fiber ring + leased-line with backup over cellular –Data Encryption over public network –Validation of SCADA ModBus sessions –Network resiliency – Fiber and Cellular –Compact Ruggedized system with Serial, ETH and PoE Public Carrier © Copyright 2014, RADiFlow Ltd.
•Operators need to establish new remote POPs –CATV, FTTH, Satellite, Campus WiFi, LTE micro-cell •Normal management use in-band network •Out-Of-Band management use alternative physical media Cost-effective Out-Of-Band connectivity –NO need for wired infrastructure –EASY ESTABLISHMENT over LTE/3G –RESILIENT CONNECTIVITY by 2 SIM cards –SECURE connections by IPSec and Firewall –LAN PORTS for seamless LAN connectivity –TERMINAL SERVER for CONSOLE PORT –DISCRETE IO for alarm forwarding Separate Out-Of-Band Network Control Center In-band Management Out-Of-Band Management Network Elements © Copyright 2014, RADiFlow Ltd. Case-study – Out-of-Band maintenance
Summary •Modern critical infrastructure deployments use Ethernet –A holistic security solution is mandatory •RADiFlow Secure communication solution –Unique distributed service-aware firewall by the network –Integrated defense-in-depth tool-set –Optimize CapEx and OpEx - 21 - © Copyright 2014, RADiFlow Ltd. For more details: info@radiflow.com www.radiflow.com

Recommended

Do d directives regarding wireless lan
Do d directives regarding wireless lanDo d directives regarding wireless lan
Do d directives regarding wireless lan
Aruba, a Hewlett Packard Enterprise company
 
IoT LPWAN network security: Sigfox and LoRaWAN (Mikael Falkvidd @ Knowit secu...
IoT LPWAN network security: Sigfox and LoRaWAN (Mikael Falkvidd @ Knowit secu...IoT LPWAN network security: Sigfox and LoRaWAN (Mikael Falkvidd @ Knowit secu...
IoT LPWAN network security: Sigfox and LoRaWAN (Mikael Falkvidd @ Knowit secu...
Mikael Falkvidd
 
Sierra Monitor Corp overview 2015.r1
Sierra Monitor Corp overview 2015.r1Sierra Monitor Corp overview 2015.r1
Sierra Monitor Corp overview 2015.r1
Eric W Dunn
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_Networks
Srinivasa Addepalli
 
M2 m, iot and smart city solution on LoRaWAN
M2 m, iot and smart city solution on LoRaWANM2 m, iot and smart city solution on LoRaWAN
M2 m, iot and smart city solution on LoRaWAN
Utpal Sinha
 
Airheads barcelona 2010 securing wireless la ns
Airheads barcelona 2010 securing wireless la nsAirheads barcelona 2010 securing wireless la ns
Airheads barcelona 2010 securing wireless la ns
Aruba, a Hewlett Packard Enterprise company
 
From SCADA to IoT
From SCADA to IoTFrom SCADA to IoT
From SCADA to IoT
Rich Hunzinger
 
RF Code solutions presentation
RF Code solutions presentationRF Code solutions presentation
RF Code solutions presentation
pe2six
 

Recommended

Do d directives regarding wireless lan
Do d directives regarding wireless lanDo d directives regarding wireless lan
Do d directives regarding wireless lan
Aruba, a Hewlett Packard Enterprise company
 
IoT LPWAN network security: Sigfox and LoRaWAN (Mikael Falkvidd @ Knowit secu...
IoT LPWAN network security: Sigfox and LoRaWAN (Mikael Falkvidd @ Knowit secu...IoT LPWAN network security: Sigfox and LoRaWAN (Mikael Falkvidd @ Knowit secu...
IoT LPWAN network security: Sigfox and LoRaWAN (Mikael Falkvidd @ Knowit secu...
Mikael Falkvidd
 
Sierra Monitor Corp overview 2015.r1
Sierra Monitor Corp overview 2015.r1Sierra Monitor Corp overview 2015.r1
Sierra Monitor Corp overview 2015.r1
Eric W Dunn
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_Networks
Srinivasa Addepalli
 
M2 m, iot and smart city solution on LoRaWAN
M2 m, iot and smart city solution on LoRaWANM2 m, iot and smart city solution on LoRaWAN
M2 m, iot and smart city solution on LoRaWAN
Utpal Sinha
 
Airheads barcelona 2010 securing wireless la ns
Airheads barcelona 2010 securing wireless la nsAirheads barcelona 2010 securing wireless la ns
Airheads barcelona 2010 securing wireless la ns
Aruba, a Hewlett Packard Enterprise company
 
From SCADA to IoT
From SCADA to IoTFrom SCADA to IoT
From SCADA to IoT
Rich Hunzinger
 
RF Code solutions presentation
RF Code solutions presentationRF Code solutions presentation
RF Code solutions presentation
pe2six
 
Operationalizing SDN
Operationalizing SDNOperationalizing SDN
Operationalizing SDN
ADVA
 
Low Power Wireless Sensor Network Technologies and Standards for the Internet...
Low Power Wireless Sensor Network Technologies and Standards for the Internet...Low Power Wireless Sensor Network Technologies and Standards for the Internet...
Low Power Wireless Sensor Network Technologies and Standards for the Internet...
Duncan Purves
 
High-performance, narrowband UHF SCADA radio
High-performance, narrowband UHF SCADA radioHigh-performance, narrowband UHF SCADA radio
High-performance, narrowband UHF SCADA radio
Comms Connect
 
Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...
Aruba, a Hewlett Packard Enterprise company
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
Shah Sheikh
 
Aci presentation
Aci presentationAci presentation
Aci presentation
Joe Ryan
 
Cisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined NetworkingCisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined Networking
Debra Jennings
 
Agile Network Agile Management
Agile Network Agile ManagementAgile Network Agile Management
Agile Network Agile Management
Huawei Enterprise Hong Kong
 
Airheads vail 2011 amigopod overview
Airheads vail 2011 amigopod overviewAirheads vail 2011 amigopod overview
Airheads vail 2011 amigopod overview
Aruba, a Hewlett Packard Enterprise company
 
A Software Defined Hierarchical Communication and Data Management Architectur...
A Software Defined Hierarchical Communication and Data Management Architectur...A Software Defined Hierarchical Communication and Data Management Architectur...
A Software Defined Hierarchical Communication and Data Management Architectur...
AUTOWARE
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
Creekside Marketing Group, LLC
 
M240 reader-bundle for environmental monitoring in IT / Network Closets.
M240 reader-bundle for environmental monitoring in IT / Network Closets.M240 reader-bundle for environmental monitoring in IT / Network Closets.
M240 reader-bundle for environmental monitoring in IT / Network Closets.
pe2six
 
5G in Brownfield how SDN makes 5G Deployments Work
5G in Brownfield how SDN makes 5G Deployments Work5G in Brownfield how SDN makes 5G Deployments Work
5G in Brownfield how SDN makes 5G Deployments Work
Lumina Networks
 
Lowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of OwnershipLowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of Ownership
Creekside Marketing Group, LLC
 
Cellular lpwan paris nov 2015
Cellular lpwan paris nov 2015Cellular lpwan paris nov 2015
Cellular lpwan paris nov 2015
robert huynh
 
Aruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
Aruba Atmosphere / Airheads 2014 Keerti Melkote KeynoteAruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
Aruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
Aruba, a Hewlett Packard Enterprise company
 
Lumina Networks Overview
Lumina Networks OverviewLumina Networks Overview
Lumina Networks Overview
Lumina Networks
 
IDC Aruba Webinar - 3 Feb 15
IDC Aruba Webinar - 3 Feb 15IDC Aruba Webinar - 3 Feb 15
IDC Aruba Webinar - 3 Feb 15
Aruba, a Hewlett Packard Enterprise company
 
Nfv orchestration open stack summit may2015 aricent
Nfv orchestration open stack summit may2015 aricentNfv orchestration open stack summit may2015 aricent
Nfv orchestration open stack summit may2015 aricent
Aricent
 
A consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networksA consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networks
Aruba, a Hewlett Packard Enterprise company
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C K
Narinrit Prem-apiwathanokul
 
Smart Grids & Dumb Security => A Guide For Business Managers
Smart Grids & Dumb Security => A Guide For Business ManagersSmart Grids & Dumb Security => A Guide For Business Managers
Smart Grids & Dumb Security => A Guide For Business Managers
Faris Al-Kharusi
 

More Related Content

What's hot

DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
Shah Sheikh
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
Creekside Marketing Group, LLC
 
Lowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of OwnershipLowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of Ownership
Creekside Marketing Group, LLC
 

What's hot (20)

Operationalizing SDN
Operationalizing SDNOperationalizing SDN
Operationalizing SDN
 
Low Power Wireless Sensor Network Technologies and Standards for the Internet...
Low Power Wireless Sensor Network Technologies and Standards for the Internet...Low Power Wireless Sensor Network Technologies and Standards for the Internet...
Low Power Wireless Sensor Network Technologies and Standards for the Internet...
 
High-performance, narrowband UHF SCADA radio
High-performance, narrowband UHF SCADA radioHigh-performance, narrowband UHF SCADA radio
High-performance, narrowband UHF SCADA radio
 
Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
 
Aci presentation
Aci presentationAci presentation
Aci presentation
 
Cisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined NetworkingCisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined Networking
 
Agile Network Agile Management
Agile Network Agile ManagementAgile Network Agile Management
Agile Network Agile Management
 
Airheads vail 2011 amigopod overview
Airheads vail 2011 amigopod overviewAirheads vail 2011 amigopod overview
Airheads vail 2011 amigopod overview
 
A Software Defined Hierarchical Communication and Data Management Architectur...
A Software Defined Hierarchical Communication and Data Management Architectur...A Software Defined Hierarchical Communication and Data Management Architectur...
A Software Defined Hierarchical Communication and Data Management Architectur...
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
 
M240 reader-bundle for environmental monitoring in IT / Network Closets.
M240 reader-bundle for environmental monitoring in IT / Network Closets.M240 reader-bundle for environmental monitoring in IT / Network Closets.
M240 reader-bundle for environmental monitoring in IT / Network Closets.
 
5G in Brownfield how SDN makes 5G Deployments Work
5G in Brownfield how SDN makes 5G Deployments Work5G in Brownfield how SDN makes 5G Deployments Work
5G in Brownfield how SDN makes 5G Deployments Work
 
Lowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of OwnershipLowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of Ownership
 
Cellular lpwan paris nov 2015
Cellular lpwan paris nov 2015Cellular lpwan paris nov 2015
Cellular lpwan paris nov 2015
 
Aruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
Aruba Atmosphere / Airheads 2014 Keerti Melkote KeynoteAruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
Aruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
 
Lumina Networks Overview
Lumina Networks OverviewLumina Networks Overview
Lumina Networks Overview
 
IDC Aruba Webinar - 3 Feb 15
IDC Aruba Webinar - 3 Feb 15IDC Aruba Webinar - 3 Feb 15
IDC Aruba Webinar - 3 Feb 15
 
Nfv orchestration open stack summit may2015 aricent
Nfv orchestration open stack summit may2015 aricentNfv orchestration open stack summit may2015 aricent
Nfv orchestration open stack summit may2015 aricent
 
A consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networksA consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networks
 

Viewers also liked

Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
majolic
 
Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security Experts
James Arlen
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 

Viewers also liked (10)

S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C K
 
Smart Grids & Dumb Security => A Guide For Business Managers
Smart Grids & Dumb Security => A Guide For Business ManagersSmart Grids & Dumb Security => A Guide For Business Managers
Smart Grids & Dumb Security => A Guide For Business Managers
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security Experts
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 

Similar to [CLASS 2014] Palestra Técnica - Ilan Barda

Palo_Alto_Networks_Cust_June_2009.ppt
Palo_Alto_Networks_Cust_June_2009.pptPalo_Alto_Networks_Cust_June_2009.ppt
Palo_Alto_Networks_Cust_June_2009.ppt
PatrickAng14
 
Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)
Real-Time Innovations (RTI)
 
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
Sergiy Pitel
 

Similar to [CLASS 2014] Palestra Técnica - Ilan Barda (20)

Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...
 
SDN use cases_2014
SDN use cases_2014SDN use cases_2014
SDN use cases_2014
 
6TiSCH + RPL @ Telecom Bretagne 2014
6TiSCH + RPL @ Telecom Bretagne 20146TiSCH + RPL @ Telecom Bretagne 2014
6TiSCH + RPL @ Telecom Bretagne 2014
 
Connectivité temps réel et bi-directionnelle ​ pour solutions IOT
Connectivité temps réel et bi-directionnelle ​ pour solutions IOTConnectivité temps réel et bi-directionnelle ​ pour solutions IOT
Connectivité temps réel et bi-directionnelle ​ pour solutions IOT
 
Palo_Alto_Networks_Cust_June_2009.ppt
Palo_Alto_Networks_Cust_June_2009.pptPalo_Alto_Networks_Cust_June_2009.ppt
Palo_Alto_Networks_Cust_June_2009.ppt
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2
 
October Southern CA Road Shows - Build Safe and Secure Distributed Systems
October Southern CA Road Shows - Build Safe and Secure Distributed SystemsOctober Southern CA Road Shows - Build Safe and Secure Distributed Systems
October Southern CA Road Shows - Build Safe and Secure Distributed Systems
 
ICP DAS USA Products Presentation
ICP DAS USA Products PresentationICP DAS USA Products Presentation
ICP DAS USA Products Presentation
 
Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)
 
Sentry IT Fire & Gas Detection Overview
Sentry IT Fire & Gas Detection OverviewSentry IT Fire & Gas Detection Overview
Sentry IT Fire & Gas Detection Overview
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
 
Disaggregation, automation and autonomy in optical networking
Disaggregation, automation and autonomy in optical networkingDisaggregation, automation and autonomy in optical networking
Disaggregation, automation and autonomy in optical networking
 
Oracle Cloud Networking And Security Exposed
Oracle Cloud Networking And Security Exposed Oracle Cloud Networking And Security Exposed
Oracle Cloud Networking And Security Exposed
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas
 
remoteEye Preview
remoteEye PreviewremoteEye Preview
remoteEye Preview
 
Cisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksCisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager Networks
 
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
 
Wireless World
Wireless World Wireless World
Wireless World
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
 
Firetide Wireless Mesh Nodes for Transportation
Firetide Wireless Mesh Nodes for TransportationFiretide Wireless Mesh Nodes for Transportation
Firetide Wireless Mesh Nodes for Transportation
 

More from TI Safe

Retrospectiva
RetrospectivaRetrospectiva
Retrospectiva
TI Safe
 

More from TI Safe (20)

CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
 
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
 
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor... CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
 
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
 
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
 
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
 
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
 
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
 
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
 
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
 
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
 
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
 
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
 
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
 
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
 
Retrospectiva
RetrospectivaRetrospectiva
Retrospectiva
 
Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Recently uploaded (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

[CLASS 2014] Palestra Técnica - Ilan Barda

  • 1. Holistic Security for Critical Infrastructure Ilan Barda SCADA Security conference November 2014, Brasil
  • 2. RADiFlow - Overview •Utilities deploy modern Distributed Automation devices connecting Remote locations over large-scale IP networks •Exposing Critical assets to Cyber Security Attacks - 2 - © Copyright 2014, RADiFlow Ltd. RADiFlow provides cyber security solutions for critical distributed automation networks
  • 3. Growing Install-base - 3 - © Copyright 2014, RADiFlow Ltd.
  • 4. Cyber Security deployments are lagging •Multiple cases of breaches in critical infrastructure •Multiple studies identified the critical gaps in cyber security •There is a hype of discussions and interest •… but deployments are lagging –Lack of strict regulations –Lack of financial incentives –Lack of blue-print solutions © Copyright 2014, RADiFlow Ltd.
  • 5. Current OT Cyber Security practices •A Separate operation network is not necessarily secure •L2/L3 security is not sufficient –IP spoofing –VLAN hopping •Security in the control-center can be bypassed –Field to Field attack –Man-in-the-Middle attack - 5 - “smart grid cyber-security guidelines did not address an important element… risk of attacks that use both cyber and physical means” Electricity Grid Modernization; Report to Congressional requesters, US GAO, January 2011 © Copyright 2014, RADiFlow Ltd. A Holistic Security Solution is Required
  • 6. Protecting Distributed SCADA from Insider Attacks Attack vector • Control-Center malware • Field-site breach • Man-in-the-Middle • Maintenance access Security Measure • Service-aware firewall • Distributed firewalls • Encryption • Identity Management © Copyright 2014, RADiFlow Ltd. HMI Engineering Station Controller1 Controller2 Dev1.2 Dev2.1 Dev2.2 Dev1.1 Facility1 Facility2 Control Center -6-
  • 7. Distributed IPS for ICS networks • Per-user role-based validation of SCADA sessions – Applied to both IP & Serial devices • Deployment next to each end-point – Inline IPS or Virtual IDS • End-to-End support logic – Intuitive provisioning based on auto-learning – Event log with SOC tools integration -7- © Copyright 2014, RADiFlow Ltd. Protocol Header Function Code Function Parameters Ethernet & IP Header
  • 8. Firewall use-case – Power meter logic •A field attack from a Smart- Grid site on other sites •SCADA firewall enables all monitoring commands - 8 - © Copyright 2014, RADiFlow Ltd. Data Center Control Center
  • 9. Firewall use-case – RTU software update •The technician laptop infects the Engineering station in the control center •The Engineering station downloads new software to the field RTUs •Distributed SCADA firewall blocks access to the firmware address-range •Stuxnet scenario can be prevented - 9 - Eng. Station Sub-Station Control Center S.S. RTU Facility RTU IEC61850 IEDs Technician © Copyright 2014, RADiFlow Ltd.
  • 10. Physical & Cyber security – Integrated solution •Correlate SCADA access rights to physical access-control indications •Validate user operations using DPI of SCADA commands •SCADA DPI integrated in field routers enabling distributed IPS deployment •Automatic learning of the normal traffic patterns of SCADA application •Integration with SIEM tool for roles provisioning and activity log - 10 - © Copyright 2014, RADiFlow Ltd. Restricted user operations in the cyber corridors of Distributed automation networks
  • 11. Physical & IT & OT security – Integrated solution - 11 - © Copyright 2014, RADiFlow Ltd. Correlation of security events – PACS, IT, OT Detecting APT patterns Active Directory
  • 12. Integrated security in a Ruggedized site gateway - 12 - Multi- Service Resilient Network Ruggedized System Secure Access Service Validation Service Management Operational Simplicity Defense-in-depth solution Solid infrastructure © Copyright 2014, RADiFlow Ltd.
  • 13. Security solution validated by US Research Labs •Role Based IPS/IDS for SCADA Protocols •Securing Data Traffic (Legacy or IP) •Secure Authentication •Persistent, Reliable Logging •Integration with SOC tools - 13 - © Copyright 2014, RADiFlow Ltd.
  • 14. Focus applications •Power T&D (Smart-Grid, Sub-station automation) © Copyright 2014, RADiFlow Ltd. •Smart-City, Safety and Security •Intelligent Transportation (Railways, Highways) •Drilling and Pipelines (Water, Oil & Gas) •Out-of-Band Maintenance (Telco, CATV)
  • 15. Case Study – Sub-station LAN - 15 - Router + Firewall 1 Router + Firewall 2 High Availability VRRP Sub station LAN Primary Sub-Station MPLS PE 1 MPLS PE 2 Power Monitoring Serial RTU VoIP GW •IEC61850-3 compliant switch/router •IEC104/61850 Firewall •Inter-site IPSec VPN •Integration with PSIM MPLS carrier 1 Backbone MPLS Carrier 2 Backbone ETH RTU © Copyright 2014, RADiFlow Ltd. CCTV
  • 16. Case Study – Consolidated Smart-Grid network •Mix of fiber and cellular backhauling •Regulation for Separate VPNs for AMI and DA - 16 - •Implementation highlights −Service-aware VPN functionality −IEC101/104 SCADA firewall −Fiber or cellular uplinks −Service-aware QoS for cellular network © Copyright 2014, RADiFlow Ltd.
  • 17. Smart-City network infrastructure •Compact ruggedized switch for smart-city cabinets –Ethernet with PoE for CCTV –Serial and discrete I/O ports for simple automation devices –Cellular modem for backup •Integrated security mechanisms –IPSec VPN for public network –ModBus Firewall for automation devices •Integration with PSIM in control center - 17 - Traffic Control Message board Smart-City cabinet CCTV Control Center © Copyright 2014, RADiFlow Ltd.
  • 18. Case Study – Highway automation & monitoring -18- Ring 1 Ring 6 Ring 1 Ring 6 Central site 1588 clock RS-232/485 Remote site Traffic control Security cameras Tetra base Message stations boards PoE 1588 clock sync QoS • Large-scale transportation control applications require – Scalable & resilient network architecture – Mixture of Ethernet, Serial & Discrete devices – ModBus firewall for critical automation services – PoE support for CCTV cameras – IEEE15888v2 support for radio synchronization © Copyright 2014, RADiFlow Ltd.
  • 19. Case-study – Gas drilling sites - 19 - •Remote management from across the US –Connecting RTUs, CCTV and user LAN from each site •Main access via private fiber ring + leased-line with backup over cellular –Data Encryption over public network –Validation of SCADA ModBus sessions –Network resiliency – Fiber and Cellular –Compact Ruggedized system with Serial, ETH and PoE Public Carrier © Copyright 2014, RADiFlow Ltd.
  • 20. •Operators need to establish new remote POPs –CATV, FTTH, Satellite, Campus WiFi, LTE micro-cell •Normal management use in-band network •Out-Of-Band management use alternative physical media Cost-effective Out-Of-Band connectivity –NO need for wired infrastructure –EASY ESTABLISHMENT over LTE/3G –RESILIENT CONNECTIVITY by 2 SIM cards –SECURE connections by IPSec and Firewall –LAN PORTS for seamless LAN connectivity –TERMINAL SERVER for CONSOLE PORT –DISCRETE IO for alarm forwarding Separate Out-Of-Band Network Control Center In-band Management Out-Of-Band Management Network Elements © Copyright 2014, RADiFlow Ltd. Case-study – Out-of-Band maintenance
  • 21. Summary •Modern critical infrastructure deployments use Ethernet –A holistic security solution is mandatory •RADiFlow Secure communication solution –Unique distributed service-aware firewall by the network –Integrated defense-in-depth tool-set –Optimize CapEx and OpEx - 21 - © Copyright 2014, RADiFlow Ltd. For more details: info@radiflow.com www.radiflow.com