Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© Lockheed Martin
Evolving Security in
Process Control
4th Annual Cyber Security Summit – Energy & Utilities
Abu Dhabi
Mar...
© Lockheed Martin
Not ‘If’ but ‘When’
© Lockheed Martin
Cyber Attack Impacts Whole Value
Chain
Business
Production
Control Systems
Customers
Security
Incident
I...
© Lockheed Martin
Growth in Targeted Attacks
Night Dragon - 2011
Shamoon - 2012
Energetic Bear - 2012
Norwegian
Oil & Gas ...
© Lockheed Martin
Just the Tip of the Iceberg
For every major incident that makes the news,
many more smaller incidents go...
© Lockheed Martin
Rapidly Changing Threat
Landscape
• New vulnerabilities
• Readily available exploit kits
• Hacktivists
•...
© Lockheed Martin
A173984
• Malicious Insider
37%
• Criminal Syndicates
26%
• Nation State Sponsored
19%
Top Threats
Intel...
© Lockheed Martin
• Lost Intellectual Property
– Geoscience data
• Reputation Damage
– Joint Ventures
– Customers
– Govern...
© Lockheed Martin
Internet Accessible Control Systems
241 locations
>52,000 IP addresses
© Lockheed Martin
Prevention is ideal but
detection is a must
However, detection without
response has minimal value
© Lockheed Martin
Would you know if your system was
compromised?
Average time from compromise to detection 14 months
© Lockheed Martin
The Need to Evolve
Engineering
workstation
HMI
Manual
shutdown
F&GESD
Shutdown signal
PI
server
Remote
m...
© Lockheed Martin
The Need to Evolve
Engineering
workstation
HMI
Manual
shutdown
F&GESD
Shutdown signal
PI
server
Remote
m...
© Lockheed Martin
Foundational Security
Technologies
Basic Security
Compliant Security
(Reactive)
Sustainable Security
(Pr...
© Lockheed Martin
End Point Security Network Security
Reactive
Looking inwards at vulnerability and managing
impact to con...
© Lockheed Martin
Intelligence Driven Defense®
Threat Focused
This builds on foundational security. It looks outwards at
t...
© Lockheed Martin
Campaign analysis is used to determine the patterns and
behaviours of the intruders
LM Cyber Kill Chain®...
© Lockheed Martin
• Basic security measures essential
– Reduce attack surface
– Maintain signatures, patches, firewalls,
e...
© Lockheed Martin
Remember…
Security is a journey, not a destination
© Lockheed Martin
© Lockheed Martin
Thank you
Andrew Wadsworth, GICSP
Head of Process Control Security
Lockheed Martin
andrew.wadsworth@civi...
Upcoming SlideShare
Loading in …5
×

Evolving Security in Process Control

Lockheed Martin presentation from 4th Annual Cyber Security Summit, 30th March 2015.

  • Be the first to comment

  • Be the first to like this

Evolving Security in Process Control

  1. 1. © Lockheed Martin Evolving Security in Process Control 4th Annual Cyber Security Summit – Energy & Utilities Abu Dhabi March 30, 2015
  2. 2. © Lockheed Martin Not ‘If’ but ‘When’
  3. 3. © Lockheed Martin Cyber Attack Impacts Whole Value Chain Business Production Control Systems Customers Security Incident Impact
  4. 4. © Lockheed Martin Growth in Targeted Attacks Night Dragon - 2011 Shamoon - 2012 Energetic Bear - 2012 Norwegian Oil & Gas - 2014 German steel works - 2014
  5. 5. © Lockheed Martin Just the Tip of the Iceberg For every major incident that makes the news, many more smaller incidents go unreported
  6. 6. © Lockheed Martin Rapidly Changing Threat Landscape • New vulnerabilities • Readily available exploit kits • Hacktivists • State sponsored activities • BYOD • Mobile devices • Cloud access from anywhere • Growth in social media • Internet of Things • Advanced Persistent Threats (APT’s)
  7. 7. © Lockheed Martin A173984 • Malicious Insider 37% • Criminal Syndicates 26% • Nation State Sponsored 19% Top Threats Intelligence Driven Cyber Defence, Ponemon Institute LLC, February 2015
  8. 8. © Lockheed Martin • Lost Intellectual Property – Geoscience data • Reputation Damage – Joint Ventures – Customers – Government • Business Disruption – Lost production – Incident investigation • Damage to Critical Infrastructure – HSE – Cost of repair Top Impacts Intelligence Driven Cyber Defence, Ponemon Institute LLC, February 2015
  9. 9. © Lockheed Martin Internet Accessible Control Systems 241 locations >52,000 IP addresses
  10. 10. © Lockheed Martin Prevention is ideal but detection is a must However, detection without response has minimal value
  11. 11. © Lockheed Martin Would you know if your system was compromised? Average time from compromise to detection 14 months
  12. 12. © Lockheed Martin The Need to Evolve Engineering workstation HMI Manual shutdown F&GESD Shutdown signal PI server Remote monitoring PI server File server Antivirus server Patch server Remote access server Offline Malware Analysis Privilege Access Management & Session Recording SIEM/ID server “We have a firewall and anti-virus software. We’re safe.”
  13. 13. © Lockheed Martin The Need to Evolve Engineering workstation HMI Manual shutdown F&GESD Shutdown signal PI server Remote monitoring PI server File server Antivirus server Patch server Remote access server Offline Malware Analysis Privilege Access Management & Session Recording SIEM/ID server “We have a firewall and anti-virus software. We’re safe.” NO! YOU ARE NOT SAFE The insider is already the wrong side of your firewall – with your approval
  14. 14. © Lockheed Martin Foundational Security Technologies Basic Security Compliant Security (Reactive) Sustainable Security (Proactive) Intelligence Driven Defense® (Predictive) Procedures and Documentation Automation and Efficient IT/OT Process Integration Cyber Intelligence integrated in Operations Compliance driven (ISO27001), COTS products, “set it and forget it” Add good security practices, use SIEM to monitor & respond to alerts Integrate IT & OT security, use available intelligence See what’s coming at you, anticipate, generate & share intelligence 80%20%Security Evolution
  15. 15. © Lockheed Martin End Point Security Network Security Reactive Looking inwards at vulnerability and managing impact to confidentiality, integrity and availability. This typically results in reactive actions after an intrusion has taken place. Address 80% Threat Foundational Security
  16. 16. © Lockheed Martin Intelligence Driven Defense® Threat Focused This builds on foundational security. It looks outwards at the specific adversaries attacking your enterprise and intimately understanding/analysing their tactics, techniques and procedures. This allows you to proactively take a defensive course of action. Proactively address 20% and 80% Threat
  17. 17. © Lockheed Martin Campaign analysis is used to determine the patterns and behaviours of the intruders LM Cyber Kill Chain® Campaign Heat Map • Group intrusions together into “Campaigns” • Prioritize and measure against each campaign Understand the Threat Landscape
  18. 18. © Lockheed Martin • Basic security measures essential – Reduce attack surface – Maintain signatures, patches, firewalls, etc. • People – End users are part of your defences – train & test them – Your adversaries are people. You need people who understand their tactics, techniques & procedures (TTP) – train & test them • Governance – Management focus on security – Ensure response capability is in place (you will need it) – train & test them – Measure success Critical Success Factors
  19. 19. © Lockheed Martin Remember… Security is a journey, not a destination
  20. 20. © Lockheed Martin
  21. 21. © Lockheed Martin Thank you Andrew Wadsworth, GICSP Head of Process Control Security Lockheed Martin andrew.wadsworth@civil.lmco.com Johnstone House 52-54 Rose Street Aberdeen AB10 1UD United Kingdom Office +44 1224 611040 Mobile +44 7914 356962 Scott Keenon Business Development Manager Lockheed Martin scott.keenon@civil.lmco.com Johnstone House 52-54 Rose Street Aberdeen AB10 1UD United Kingdom Office +44 1224 611052 Mobile +44 7968 793353

×