SlideShare a Scribd company logo

Security in Industrial Environments

Anne Borcherding
Anne Borcherding

This talk was presented for the SoftwareCampus Alumni e.V. on 11.03.2021. For more Information about the program check https://softwarecampus-alumni.de/ and https://softwarecampus.de/ Abstract: Industrial Control Systems (ICS) are used to control and monitor industrial environments such as production or chemical processes. Due to their elementary role in critical infrastructure, ICS pose an interesting target for attacker. This is why it is necessary to secure ICS, to close vulnerabilities, and to make them more robust against attacks. In this talk, we will dive into the art of industrial ethical hacking, vulnerability scanning, and fuzzing. This will come along with an overview of the state-of-the-art in the field of industrial security. In addition, this talk will give information on different recent attacks and vulnerabilities such as TRITON and Ripple20. CV: Anne Borcherding (M.Sc.) graduated from the Karlsruhe Institute of Technology (KIT) in 2018 with a Master’s degree in Computer Science. During her studies, she took part in the Software Campus program and worked with Software AG on activity recognition. She is now part of the research group on Securely Networked Systems at Fraunhofer IOSB in Karlsruhe. She has been involved with multiple publicly funded research projects as well as projects for industry partners in the area of industrial security. Her research interests include penetration testing, web server security for industrial systems, and black-box fuzzing.

Science
1 of 37
Download to read offline
© Fraunhofer IOSB SECURITY IN INDUSTRIAL ENVIRONMENTS Anne Borcherding, MSc 11.03.2021 Seite 1
© Fraunhofer IOSB OBJECTIVE ◼ Awareness for security in industrial environments ◼ Teaser for different techniques to improve the security Seite 2 Anne Borcherding – Industrial Security
© Fraunhofer IOSB INDUSTRIAL SECURITY Seite 3 Anne Borcherding – Industrial Security
© Fraunhofer IOSB Industry 4.0 ◼ Greater efficiency through intelligent crosslinking of product development, production, logistics and customers ◼ Individual, flexible production ◼ New business models through service orientation Seite 4 Machine Learning Predictive Maintenance Condition Monitoring Industrial Internet of Things Anne Borcherding – Industrial Security
© Fraunhofer IOSB Industrial Networks of the Past Seite 5 Internet Office-Net Wireless Devices Directly Plugged Devices Printer Wireless Router Switch Control Workstation PLC HMI Process Industrial Network Air Gap Anne Borcherding – Industrial Security
© Fraunhofer IOSB Industrial Networks nowadays Seite 6 Internet Office-Net Wireless Devices Directly Plugged Devices Printer Wireless Router Switch Control Workstation PLC HMI Process Industrial Network Firewall Anne Borcherding – Industrial Security
© Fraunhofer IOSB Future Industrial Networks Seite 7 Internet Office-Net Wireless Devices Directly Plugged Devices Printer Wireless Router Switch Control Workstation PLC HMI Process Industrial Network Firewall Anne Borcherding – Industrial Security
© Fraunhofer IOSB Attacks on Industrial Networks TRITON Seite 8 Petrochemical Plant Chemical Process Office Network Industrial Network ◼ Attack on a petrochemical plant ◼ Aim: Explosion Anne Borcherding – Industrial Security
© Fraunhofer IOSB Attacks on Industrial Networks TRITON Seite 9 Petrochemical Plant Chemical Process Office Network Industrial Network ◼ Attack on a petrochemical plant ◼ Aim: Explosion Anne Borcherding – Industrial Security
© Fraunhofer IOSB Attacks on Industrial Networks TRITON Seite 10 Petrochemical Plant Chemical Process Office Network Industrial Network ◼ Attack on a petrochemical plant ◼ Aim: Explosion Anne Borcherding – Industrial Security
© Fraunhofer IOSB Attacks on Industrial Networks TRITON Seite 11 Petrochemical Plant Chemical Process Office Network Industrial Network ◼ Attack on a petrochemical plant ◼ Aim: Explosion Anne Borcherding – Industrial Security
© Fraunhofer IOSB Attacks on Industrial Networks TRITON Seite 12 Petrochemical Plant Chemical Process Office Network Industrial Network ◼ Attack on a petrochemical plant ◼ Aim: Explosion Anne Borcherding – Industrial Security
© Fraunhofer IOSB Attacks on Industrial Networks TRITON Seite 13 Petrochemical Plant Chemical Process Office Network Industrial Network ◼ Attack on a petrochemical plant ◼ Aim: Explosion Anne Borcherding – Industrial Security
© Fraunhofer IOSB Vulnerabilities in Industrial Networks Ripple20 CVE Severity (CVSS) CVE-2020-11901 9.0 CVE-2020-11898 9.1 CVE-2020-11896 10.0 Seite 14 Integer Overflow Missing Input Validation Predictable Transaction IDs Heap Overflow Anne Borcherding – Industrial Security
© Fraunhofer IOSB Top 10 Threats Top 10 Threats Trend Infiltration of Malware via Removable Media and External Hardware Malware Infection via Internet and Intranet Human Error and Sabotage Compromosing of Extranet and Cloud Components Social Engineering and Fishing (D)Dos Attacks Control Components Connected to the Internet Intrusion via Remote Access Technical Malfunctions and Force Majeure Compromising of Smartphones in the Production Environment Seite 15 Source: Industrial Control System SecurityTop 10 Threats and Countermeasures 2019, Federal Office for Information Security Anne Borcherding – Industrial Security
© Fraunhofer IOSB Improving Security Seite 16 based on IEC62443 Processes Components Systems Anne Borcherding – Industrial Security
© Fraunhofer IOSB Improving Security Seite 17 Processes Components Systems Anne Borcherding – Industrial Security
© Fraunhofer IOSB VULNERABILITY SCANNING Seite 18 Anne Borcherding – Industrial Security
© Fraunhofer IOSB Automated Black Box Security Testing Seite 19 Test Device Device under Test Anne Borcherding – Industrial Security
© Fraunhofer IOSB Automated Black Box Security Testing Seite 20 Test Device Device under Test Input Output Anne Borcherding – Industrial Security
© Fraunhofer IOSB Automated Black Box Security Testing Seite 21 Testing Monitoring Test Device Device under Test Input Output Anne Borcherding – Industrial Security
© Fraunhofer IOSB Web Security Scanners Seite 22 Web Vulnerability Scanners Web Application Scanners DB Versions? Known? -1 UNION SELECT 1 INTO @,@ '& cat /etc/passwd AND 1=1– … Scanner Scanner Anne Borcherding – Industrial Security
© Fraunhofer IOSB Web Application Scanners Seite 23 0% 20% 40% 60% 80% 100% Nikto Skipfish Vega Wapiti ZAP Cumulative Percentage of Vulnerabilities found manually Vulnerability Scanner Vulnerabilities Found Automatically Vulnerabilities found Source: Pfrang, S., Borcherding, A., Meier, D., et al. 2019. Automated security testing for web applications on industrial automation and control systems. at - Automatisierungstechnik. 67(5): 383-401 Anne Borcherding – Industrial Security Web Application Scanners only find half of the vulnerabilities found manually But they are a lot faster
© Fraunhofer IOSB Helper-in-the-Middle Seite 24 Web application scanner Test device Device under test Proxy Authentication Watchdog Crawling Dynamic Content Borcherding, A., Pfrang, S., Haas, C., Weiche, A., & Beyerer, J. (2020). Helper-in-the-Middle: Supporting web application scanners targeting industial control systems, SECRYPT 17th International Conference on Security and Cryptography Anne Borcherding – Industrial Security
© Fraunhofer IOSB Helper-in-the-Middle Seite 25 Web application scanner Test device Device under test Proxy ISuTest 1. alert 2. interrupt 4. resume 3. restart Anne Borcherding – Industrial Security Borcherding, A., Pfrang, S., Haas, C., Weiche, A., & Beyerer, J. (2020). Helper-in-the-Middle: Supporting web application scanners targeting industial control systems, SECRYPT 17th International Conference on Security and Cryptography
© Fraunhofer IOSB Helper-in-the-Middle Seite 26 143 133 35 928 743 73 0 100 200 300 400 500 600 700 800 900 1000 PROFINET Buscoupler OPC UA Gateway Firewall Number of true positive reports True Positive Reports, Summarized over the WAS Bare Proxy Anne Borcherding – Industrial Security Proxy helps to improve performance Borcherding, A., Pfrang, S., Haas, C., Weiche, A., & Beyerer, J. (2020). Helper-in-the-Middle: Supporting web application scanners targeting industial control systems, SECRYPT 17th International Conference on Security and Cryptography
© Fraunhofer IOSB FUZZING Seite 27 Anne Borcherding – Industrial Security
© Fraunhofer IOSB Network Fuzzing Seite 28 Ethernet Anne Borcherding – Industrial Security
© Fraunhofer IOSB Network Fuzzing Seite 29 Ethernet Image Source: https://commons.wikimedia.org/wiki/File:TCP_header.png TCP Package Anne Borcherding – Industrial Security
© Fraunhofer IOSB Network Fuzzing Seite 30 Ethernet Image Source: https://commons.wikimedia.org/wiki/File:TCP_header.png TCP Package Anne Borcherding – Industrial Security
© Fraunhofer IOSB Network Fuzzing ◼ Full test of 2 Bytes: 216 possibilities ➢ Assuming 1 test per second, this will last for 18,2 hours Seite 31 Anne Borcherding – Industrial Security
© Fraunhofer IOSB Network Fuzzing ◼ Full test of 2 Bytes: 216 possibilities ➢ Assuming 1 test per second, this will last for 18,2 hours Seite 32 Heuristics Anne Borcherding – Industrial Security
© Fraunhofer IOSB Network Fuzzing ◼ Full test of 2 Bytes: 216 possibilities ➢ Assuming 1 test per second, this will last for 18,2 hours ◼ Using experience from ealier projects and detected vulnerabilities ◼ Examples ◼ Integer: minimum, maximum, 2𝑛, 2𝑛−1 ◼ String: "A" ∗ 𝑠𝑒𝑙𝑓. 𝑠𝑖𝑧𝑒(), "2019-02-31" Seite 33 Heuristics Anne Borcherding – Industrial Security
© Fraunhofer IOSB Bus Coupler Study ◼ 6 Profinet bus coupler from different German manufacturers ◼ Security tests of the Profinet implementation (DCE/RPC and PNIO-CM) ◼ ~ 70 000 test cases per bus coupler Seite 34 Anne Borcherding – Industrial Security
© Fraunhofer IOSB Bus Coupler Study ◼ 6 Profinet bus coupler from different German manufacturers ◼ Security tests of the Profinet implementation (DCE/RPC and PNIO-CM) ◼ ~ 70 000 test cases per bus coupler ◼ Szenario A: without PLC ◼ Szenario B: with PLC Seite 35 ISuTest DUT Switch Process PLC Anne Borcherding – Industrial Security
© Fraunhofer IOSB Bus Coupler Study Seite 36 Source: Steffen Pfrang, Anne Borcherding: Security-Testing für industrielle Automatisierungskomponenten: Ein Framework, sein Einsatz und Ergebnisse am Beispiel von Profinet-Buskopplern,16. Deutscher IT-Sicherheitskongress des BSI, 2019 Anne Borcherding – Industrial Security All bus couplers are vulnerable Similarity of stacks is visible
© Fraunhofer IOSB Summary ◼ Transformation of industrial networks ◼ Recent attacks, vulnerabilities, and threats ◼ Web Application Scanners ◼ Fuzzing Seite 37 Anne Borcherding – Industrial Security

Recommended

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 

Recommended

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
PATNA CALL GIRLS 8617370543 LOW PRICE ESCORT SERVICE
PATNA CALL GIRLS 8617370543 LOW PRICE ESCORT SERVICEPATNA CALL GIRLS 8617370543 LOW PRICE ESCORT SERVICE
PATNA CALL GIRLS 8617370543 LOW PRICE ESCORT SERVICE
Goa Call Girls High Profile Escorts
 
Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....
Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....
Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....
muralinath2
 
Clean In Place(CIP).pptx .
Clean In Place(CIP).pptx .Clean In Place(CIP).pptx .
Clean In Place(CIP).pptx .
Poonam Aher Patil
 
THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptxTHE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
ANSARKHAN96
 
Porella : features, morphology, anatomy, reproduction etc.
Porella : features, morphology, anatomy, reproduction etc.Porella : features, morphology, anatomy, reproduction etc.
Porella : features, morphology, anatomy, reproduction etc.
Silpa
 
LUNULARIA -features, morphology, anatomy ,reproduction etc.
LUNULARIA -features, morphology, anatomy ,reproduction etc.LUNULARIA -features, morphology, anatomy ,reproduction etc.
LUNULARIA -features, morphology, anatomy ,reproduction etc.
Silpa
 
Module for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learningModule for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learning
levieagacer
 
Digital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptxDigital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptx
MohamedFarag457087
 
Cyathodium bryophyte: morphology, anatomy, reproduction etc.
Cyathodium bryophyte: morphology, anatomy, reproduction etc.Cyathodium bryophyte: morphology, anatomy, reproduction etc.
Cyathodium bryophyte: morphology, anatomy, reproduction etc.
Silpa
 
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRLGwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
kantirani197
 
PSYCHOSOCIAL NEEDS. in nursing II sem pptx
PSYCHOSOCIAL NEEDS. in nursing II sem pptxPSYCHOSOCIAL NEEDS. in nursing II sem pptx
PSYCHOSOCIAL NEEDS. in nursing II sem pptx
Suji236384
 
GBSN - Biochemistry (Unit 2) Basic concept of organic chemistry
GBSN - Biochemistry (Unit 2) Basic concept of organic chemistry GBSN - Biochemistry (Unit 2) Basic concept of organic chemistry
GBSN - Biochemistry (Unit 2) Basic concept of organic chemistry
Areesha Ahmad
 
module for grade 9 for distance learning
module for grade 9 for distance learningmodule for grade 9 for distance learning
module for grade 9 for distance learning
levieagacer
 
Climate Change Impacts on Terrestrial and Aquatic Ecosystems.pptx
Climate Change Impacts on Terrestrial and Aquatic Ecosystems.pptxClimate Change Impacts on Terrestrial and Aquatic Ecosystems.pptx
Climate Change Impacts on Terrestrial and Aquatic Ecosystems.pptx
DiariAli
 
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryFAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
Alex Henderson
 
Cyanide resistant respiration pathway.pptx
Cyanide resistant respiration pathway.pptxCyanide resistant respiration pathway.pptx
Cyanide resistant respiration pathway.pptx
Silpa
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .
Poonam Aher Patil
 
Human genetics..........................pptx
Human genetics..........................pptxHuman genetics..........................pptx
Human genetics..........................pptx
Silpa
 
The Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptxThe Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptx
seri bangash
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 

More Related Content

Recently uploaded

THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptxTHE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
ANSARKHAN96
 
Porella : features, morphology, anatomy, reproduction etc.
Porella : features, morphology, anatomy, reproduction etc.Porella : features, morphology, anatomy, reproduction etc.
Porella : features, morphology, anatomy, reproduction etc.
Silpa
 
LUNULARIA -features, morphology, anatomy ,reproduction etc.
LUNULARIA -features, morphology, anatomy ,reproduction etc.LUNULARIA -features, morphology, anatomy ,reproduction etc.
LUNULARIA -features, morphology, anatomy ,reproduction etc.
Silpa
 
Module for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learningModule for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learning
levieagacer
 
Digital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptxDigital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptx
MohamedFarag457087
 
Cyathodium bryophyte: morphology, anatomy, reproduction etc.
Cyathodium bryophyte: morphology, anatomy, reproduction etc.Cyathodium bryophyte: morphology, anatomy, reproduction etc.
Cyathodium bryophyte: morphology, anatomy, reproduction etc.
Silpa
 
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRLGwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
kantirani197
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Human genetics..........................pptx
Human genetics..........................pptxHuman genetics..........................pptx
Human genetics..........................pptx
Silpa
 
The Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptxThe Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptx
seri bangash
 

Recently uploaded (20)

PATNA CALL GIRLS 8617370543 LOW PRICE ESCORT SERVICE
PATNA CALL GIRLS 8617370543 LOW PRICE ESCORT SERVICEPATNA CALL GIRLS 8617370543 LOW PRICE ESCORT SERVICE
PATNA CALL GIRLS 8617370543 LOW PRICE ESCORT SERVICE
 
Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....
Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....
Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....
 
Clean In Place(CIP).pptx .
Clean In Place(CIP).pptx .Clean In Place(CIP).pptx .
Clean In Place(CIP).pptx .
 
THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptxTHE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
 
Porella : features, morphology, anatomy, reproduction etc.
Porella : features, morphology, anatomy, reproduction etc.Porella : features, morphology, anatomy, reproduction etc.
Porella : features, morphology, anatomy, reproduction etc.
 
LUNULARIA -features, morphology, anatomy ,reproduction etc.
LUNULARIA -features, morphology, anatomy ,reproduction etc.LUNULARIA -features, morphology, anatomy ,reproduction etc.
LUNULARIA -features, morphology, anatomy ,reproduction etc.
 
Module for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learningModule for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learning
 
Digital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptxDigital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptx
 
Cyathodium bryophyte: morphology, anatomy, reproduction etc.
Cyathodium bryophyte: morphology, anatomy, reproduction etc.Cyathodium bryophyte: morphology, anatomy, reproduction etc.
Cyathodium bryophyte: morphology, anatomy, reproduction etc.
 
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRLGwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
 
PSYCHOSOCIAL NEEDS. in nursing II sem pptx
PSYCHOSOCIAL NEEDS. in nursing II sem pptxPSYCHOSOCIAL NEEDS. in nursing II sem pptx
PSYCHOSOCIAL NEEDS. in nursing II sem pptx
 
GBSN - Biochemistry (Unit 2) Basic concept of organic chemistry
GBSN - Biochemistry (Unit 2) Basic concept of organic chemistry GBSN - Biochemistry (Unit 2) Basic concept of organic chemistry
GBSN - Biochemistry (Unit 2) Basic concept of organic chemistry
 
module for grade 9 for distance learning
module for grade 9 for distance learningmodule for grade 9 for distance learning
module for grade 9 for distance learning
 
Climate Change Impacts on Terrestrial and Aquatic Ecosystems.pptx
Climate Change Impacts on Terrestrial and Aquatic Ecosystems.pptxClimate Change Impacts on Terrestrial and Aquatic Ecosystems.pptx
Climate Change Impacts on Terrestrial and Aquatic Ecosystems.pptx
 
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryFAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
 
Cyanide resistant respiration pathway.pptx
Cyanide resistant respiration pathway.pptxCyanide resistant respiration pathway.pptx
Cyanide resistant respiration pathway.pptx
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .
 
Human genetics..........................pptx
Human genetics..........................pptxHuman genetics..........................pptx
Human genetics..........................pptx
 
The Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptxThe Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptx
 

Featured

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Saba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
Simplilearn
 

Featured (20)

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 

Security in Industrial Environments

  • 1. © Fraunhofer IOSB SECURITY IN INDUSTRIAL ENVIRONMENTS Anne Borcherding, MSc 11.03.2021 Seite 1
  • 2. © Fraunhofer IOSB OBJECTIVE ◼ Awareness for security in industrial environments ◼ Teaser for different techniques to improve the security Seite 2 Anne Borcherding – Industrial Security
  • 3. © Fraunhofer IOSB INDUSTRIAL SECURITY Seite 3 Anne Borcherding – Industrial Security
  • 4. © Fraunhofer IOSB Industry 4.0 ◼ Greater efficiency through intelligent crosslinking of product development, production, logistics and customers ◼ Individual, flexible production ◼ New business models through service orientation Seite 4 Machine Learning Predictive Maintenance Condition Monitoring Industrial Internet of Things Anne Borcherding – Industrial Security
  • 5. © Fraunhofer IOSB Industrial Networks of the Past Seite 5 Internet Office-Net Wireless Devices Directly Plugged Devices Printer Wireless Router Switch Control Workstation PLC HMI Process Industrial Network Air Gap Anne Borcherding – Industrial Security
  • 6. © Fraunhofer IOSB Industrial Networks nowadays Seite 6 Internet Office-Net Wireless Devices Directly Plugged Devices Printer Wireless Router Switch Control Workstation PLC HMI Process Industrial Network Firewall Anne Borcherding – Industrial Security
  • 7. © Fraunhofer IOSB Future Industrial Networks Seite 7 Internet Office-Net Wireless Devices Directly Plugged Devices Printer Wireless Router Switch Control Workstation PLC HMI Process Industrial Network Firewall Anne Borcherding – Industrial Security
  • 8. © Fraunhofer IOSB Attacks on Industrial Networks TRITON Seite 8 Petrochemical Plant Chemical Process Office Network Industrial Network ◼ Attack on a petrochemical plant ◼ Aim: Explosion Anne Borcherding – Industrial Security
  • 9. © Fraunhofer IOSB Attacks on Industrial Networks TRITON Seite 9 Petrochemical Plant Chemical Process Office Network Industrial Network ◼ Attack on a petrochemical plant ◼ Aim: Explosion Anne Borcherding – Industrial Security
  • 10. © Fraunhofer IOSB Attacks on Industrial Networks TRITON Seite 10 Petrochemical Plant Chemical Process Office Network Industrial Network ◼ Attack on a petrochemical plant ◼ Aim: Explosion Anne Borcherding – Industrial Security
  • 11. © Fraunhofer IOSB Attacks on Industrial Networks TRITON Seite 11 Petrochemical Plant Chemical Process Office Network Industrial Network ◼ Attack on a petrochemical plant ◼ Aim: Explosion Anne Borcherding – Industrial Security
  • 12. © Fraunhofer IOSB Attacks on Industrial Networks TRITON Seite 12 Petrochemical Plant Chemical Process Office Network Industrial Network ◼ Attack on a petrochemical plant ◼ Aim: Explosion Anne Borcherding – Industrial Security
  • 13. © Fraunhofer IOSB Attacks on Industrial Networks TRITON Seite 13 Petrochemical Plant Chemical Process Office Network Industrial Network ◼ Attack on a petrochemical plant ◼ Aim: Explosion Anne Borcherding – Industrial Security
  • 14. © Fraunhofer IOSB Vulnerabilities in Industrial Networks Ripple20 CVE Severity (CVSS) CVE-2020-11901 9.0 CVE-2020-11898 9.1 CVE-2020-11896 10.0 Seite 14 Integer Overflow Missing Input Validation Predictable Transaction IDs Heap Overflow Anne Borcherding – Industrial Security
  • 15. © Fraunhofer IOSB Top 10 Threats Top 10 Threats Trend Infiltration of Malware via Removable Media and External Hardware Malware Infection via Internet and Intranet Human Error and Sabotage Compromosing of Extranet and Cloud Components Social Engineering and Fishing (D)Dos Attacks Control Components Connected to the Internet Intrusion via Remote Access Technical Malfunctions and Force Majeure Compromising of Smartphones in the Production Environment Seite 15 Source: Industrial Control System SecurityTop 10 Threats and Countermeasures 2019, Federal Office for Information Security Anne Borcherding – Industrial Security
  • 16. © Fraunhofer IOSB Improving Security Seite 16 based on IEC62443 Processes Components Systems Anne Borcherding – Industrial Security
  • 17. © Fraunhofer IOSB Improving Security Seite 17 Processes Components Systems Anne Borcherding – Industrial Security
  • 18. © Fraunhofer IOSB VULNERABILITY SCANNING Seite 18 Anne Borcherding – Industrial Security
  • 19. © Fraunhofer IOSB Automated Black Box Security Testing Seite 19 Test Device Device under Test Anne Borcherding – Industrial Security
  • 20. © Fraunhofer IOSB Automated Black Box Security Testing Seite 20 Test Device Device under Test Input Output Anne Borcherding – Industrial Security
  • 21. © Fraunhofer IOSB Automated Black Box Security Testing Seite 21 Testing Monitoring Test Device Device under Test Input Output Anne Borcherding – Industrial Security
  • 22. © Fraunhofer IOSB Web Security Scanners Seite 22 Web Vulnerability Scanners Web Application Scanners DB Versions? Known? -1 UNION SELECT 1 INTO @,@ '& cat /etc/passwd AND 1=1– … Scanner Scanner Anne Borcherding – Industrial Security
  • 23. © Fraunhofer IOSB Web Application Scanners Seite 23 0% 20% 40% 60% 80% 100% Nikto Skipfish Vega Wapiti ZAP Cumulative Percentage of Vulnerabilities found manually Vulnerability Scanner Vulnerabilities Found Automatically Vulnerabilities found Source: Pfrang, S., Borcherding, A., Meier, D., et al. 2019. Automated security testing for web applications on industrial automation and control systems. at - Automatisierungstechnik. 67(5): 383-401 Anne Borcherding – Industrial Security Web Application Scanners only find half of the vulnerabilities found manually But they are a lot faster
  • 24. © Fraunhofer IOSB Helper-in-the-Middle Seite 24 Web application scanner Test device Device under test Proxy Authentication Watchdog Crawling Dynamic Content Borcherding, A., Pfrang, S., Haas, C., Weiche, A., & Beyerer, J. (2020). Helper-in-the-Middle: Supporting web application scanners targeting industial control systems, SECRYPT 17th International Conference on Security and Cryptography Anne Borcherding – Industrial Security
  • 25. © Fraunhofer IOSB Helper-in-the-Middle Seite 25 Web application scanner Test device Device under test Proxy ISuTest 1. alert 2. interrupt 4. resume 3. restart Anne Borcherding – Industrial Security Borcherding, A., Pfrang, S., Haas, C., Weiche, A., & Beyerer, J. (2020). Helper-in-the-Middle: Supporting web application scanners targeting industial control systems, SECRYPT 17th International Conference on Security and Cryptography
  • 26. © Fraunhofer IOSB Helper-in-the-Middle Seite 26 143 133 35 928 743 73 0 100 200 300 400 500 600 700 800 900 1000 PROFINET Buscoupler OPC UA Gateway Firewall Number of true positive reports True Positive Reports, Summarized over the WAS Bare Proxy Anne Borcherding – Industrial Security Proxy helps to improve performance Borcherding, A., Pfrang, S., Haas, C., Weiche, A., & Beyerer, J. (2020). Helper-in-the-Middle: Supporting web application scanners targeting industial control systems, SECRYPT 17th International Conference on Security and Cryptography
  • 27. © Fraunhofer IOSB FUZZING Seite 27 Anne Borcherding – Industrial Security
  • 28. © Fraunhofer IOSB Network Fuzzing Seite 28 Ethernet Anne Borcherding – Industrial Security
  • 29. © Fraunhofer IOSB Network Fuzzing Seite 29 Ethernet Image Source: https://commons.wikimedia.org/wiki/File:TCP_header.png TCP Package Anne Borcherding – Industrial Security
  • 30. © Fraunhofer IOSB Network Fuzzing Seite 30 Ethernet Image Source: https://commons.wikimedia.org/wiki/File:TCP_header.png TCP Package Anne Borcherding – Industrial Security
  • 31. © Fraunhofer IOSB Network Fuzzing ◼ Full test of 2 Bytes: 216 possibilities ➢ Assuming 1 test per second, this will last for 18,2 hours Seite 31 Anne Borcherding – Industrial Security
  • 32. © Fraunhofer IOSB Network Fuzzing ◼ Full test of 2 Bytes: 216 possibilities ➢ Assuming 1 test per second, this will last for 18,2 hours Seite 32 Heuristics Anne Borcherding – Industrial Security
  • 33. © Fraunhofer IOSB Network Fuzzing ◼ Full test of 2 Bytes: 216 possibilities ➢ Assuming 1 test per second, this will last for 18,2 hours ◼ Using experience from ealier projects and detected vulnerabilities ◼ Examples ◼ Integer: minimum, maximum, 2𝑛, 2𝑛−1 ◼ String: "A" ∗ 𝑠𝑒𝑙𝑓. 𝑠𝑖𝑧𝑒(), "2019-02-31" Seite 33 Heuristics Anne Borcherding – Industrial Security
  • 34. © Fraunhofer IOSB Bus Coupler Study ◼ 6 Profinet bus coupler from different German manufacturers ◼ Security tests of the Profinet implementation (DCE/RPC and PNIO-CM) ◼ ~ 70 000 test cases per bus coupler Seite 34 Anne Borcherding – Industrial Security
  • 35. © Fraunhofer IOSB Bus Coupler Study ◼ 6 Profinet bus coupler from different German manufacturers ◼ Security tests of the Profinet implementation (DCE/RPC and PNIO-CM) ◼ ~ 70 000 test cases per bus coupler ◼ Szenario A: without PLC ◼ Szenario B: with PLC Seite 35 ISuTest DUT Switch Process PLC Anne Borcherding – Industrial Security
  • 36. © Fraunhofer IOSB Bus Coupler Study Seite 36 Source: Steffen Pfrang, Anne Borcherding: Security-Testing für industrielle Automatisierungskomponenten: Ein Framework, sein Einsatz und Ergebnisse am Beispiel von Profinet-Buskopplern,16. Deutscher IT-Sicherheitskongress des BSI, 2019 Anne Borcherding – Industrial Security All bus couplers are vulnerable Similarity of stacks is visible
  • 37. © Fraunhofer IOSB Summary ◼ Transformation of industrial networks ◼ Recent attacks, vulnerabilities, and threats ◼ Web Application Scanners ◼ Fuzzing Seite 37 Anne Borcherding – Industrial Security