SlideShare a Scribd company logo

Taking a closer look at level 0 and level 1 security

M
Matt Loong

Notwithstanding the importance of network monitoring in protecting industrial control systems, it is also important to understand the nuts and bolts of Level 0 and Level 1 devices to defend the system holistically. This presentation provides a brief introduction to process anomaly detection, which complements network anomaly detection.

Engineering
1 of 18
Download to read offline
Taking a Closer Look at Level 0 and Level 1 Security © Matthew Loong
Content 1. Purdue Model 2. Devices in Level 0 & 1 3. Network Anomaly Detection 4. Process Anomaly Detection 5. Evolution to Industry 4.0 4 of 19 © Matthew Loong
1. Purdue Model 5 of 19 Industrial Control System (ICS) © Matthew Loong Source: ICS-CERT
1. Purdue Model – Level 2 to Level 5 Devices: • Servers • Workstations • Switches • Routers • Firewalls Protocol: • Ethernet-based • LAN • IP addressing To level 1 Traditional IT cybersecurity solutions 6 of 19© Matthew Loong
1. Purdue Model – Level 0 and 1 From level 2 Devices: • Level 1  Controllers e.g. PLC • Level 0 - electromechanical  Field devices e.g. actuators  Sensors Protocols: • Fieldbus e.g. Modbus, DNP3, IEC • Current or voltage signals:  Analog (4 to 20mA)  Digital (+/- 24VDC) • HART • Wireless e.g. w-HART, RF, ZigBee Level 1 is like the brain while Level 0 are like the hands and nerves © Matthew Loong
2. Level 0 Device - Actuator Power Supply Loop Signal Loop PCB Card LCD Display 8 of 19Physical security is important © Matthew Loong Source: Rotork
2. Level 0 Device - Sensor Simultaneous transmission of analog data, such as pressure or temperature, as well as digital data, such as sensor status. 9 of 19Physical security is important © Matthew Loong Source: HART
2. Level 1 Device – PLC Main Circuit Breakers (MCB) Power Supply Unit (PSU) Surge Protection Devices (SPD) Central Processing Unit (CPU) Digital or Analog Input / Output (I/O) Modules Terminal Blocks Ground Bus 10 of 19Physical security is important. Packets sent to PLC should be checked © Matthew Loong
3. Network Anomaly Detection - SIEM 11 of 19Asset Monitoring e.g. Claroty, Nozomi SCADAguardian Able to detect devices with IT and ICS protocols © Matthew Loong Source: Claroty
E.g. Deep Inspection of Modbus Traffic Request from Master Response from Slave 13 of 19 3. Network Anomaly Detection – AI Response Interval Slave ID Function Code Data Addressing Payload Checksum Byte Size Behavioural Baselines in: Development in Machine Learning for Advance Threat Prevention © Matthew Loong
Ladder Logic 14 of 19 4. Process Anomaly Detection Input Checking PLC © Matthew Loong
4. Process Anomaly Detection - Out-of-Band 15 of 19Keeping process variable within limits © Matthew Loong
4. Process Anomaly Detection - Rate-of-Change 16 of 19Keeping process variable increase/decrease gradual © Matthew Loong
4. Process Anomaly Filtering - Timer-on-Delay Before After Time(5sscale) Time(5sscale) Current (2mA scale) Current (2mA scale) Red Line – Sensor feedback signal (from device) Blue Line – Actuator output signal (to device) current dip current dip Output signal energized No effect 17 of 19Preventing abnormal spikes or dips from affecting process © Matthew Loong
5. Evolution to Industry 4.0 More level 0 devices connected to cloud. Ethernet-based communication to field © Matthew Loong Source: Analog.com
Conclusion • Need for mindset shift – Availability is priority in ICS • Aim of cyberattack on ICS is to cause: • Max damage – catastrophic failure • Max downtime – component with longest lead time • Security by design and graceful degradation: • Correlate malicious cyber activities with physical impact • Network anomaly detection vs process anomaly detection • Keep process parameters within band • Hence physical security and verification is important 19 of 19© Matthew Loong
Annex - Comparison of Various ICS Programmable Logic Controller (PLC) Distributed Control System (DCS) Supervisory Control And Data Acquisition (SCADA) Localized Localized Geographically dispersed Closed loop communication Closed loop communication Long distance communication e.g. via RTU and leased lines Limited I/Os (<300) Numerous I/Os (>2000) Limited I/Os (<300) Single controller Multiple controllers Not necessarily have controllers Discrete applications Integrated applications Integrated applications E.g. Allen Bradley, Siemens, Mitsubishi, Omron E.g. Emerson Delta V, Yokogawa Centum E.g. Invensys Wonderware, WinCC, Factorytalk Annex A© Matthew Loong
Annex – Serial vs Ethernet Serial Fieldbus Industrial Ethernet Transmitted in series bit by bit Transmitted randomly in packets Via RS-232/422/485 cables, with D-sub connectors e.g. DB-9 Via Ethernet cables e.g. Cat 5e, with RJ45 connector Deterministic Packet switching with latency & collision Not as fast as Ethernet Faster than Serial No encryption or authentication – clear text data, subject to spoofing & replay TLS implemented over TCP layer Limited scope for diversification Network flexibility – Ethernet cable can be used for various data e.g. video, voice © Matthew Loong

Recommended

Dmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a TelecomDmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a TelecomPositive Hack Days
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsShah Sheikh
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
Mission Impact Assessment for Industrial Control Systems
Mission Impact Assessment for Industrial Control SystemsMission Impact Assessment for Industrial Control Systems
Mission Impact Assessment for Industrial Control SystemsMarina Krotofil
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
Ics presentation
Ics presentationIcs presentation
Ics presentation🖥 Chad Hunter
 

Recommended

Dmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a TelecomDmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a TelecomPositive Hack Days
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsShah Sheikh
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
Mission Impact Assessment for Industrial Control Systems
Mission Impact Assessment for Industrial Control SystemsMission Impact Assessment for Industrial Control Systems
Mission Impact Assessment for Industrial Control SystemsMarina Krotofil
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
Ics presentation
Ics presentationIcs presentation
Ics presentation🖥 Chad Hunter
 
ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA PresentationEric Favetta
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentestersPositive Hack Days
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsAleksandr Timorin
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101Wavestone
 
Practical DNP3 and Modern SCADA Systems
Practical DNP3 and Modern SCADA SystemsPractical DNP3 and Modern SCADA Systems
Practical DNP3 and Modern SCADA SystemsLiving Online
 
Automation presentation
Automation presentationAutomation presentation
Automation presentationAKANSHA GURELE
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
From SCADA to IoT
From SCADA to IoTFrom SCADA to IoT
From SCADA to IoTRich Hunzinger
 
SCADA Security
SCADA SecuritySCADA Security
SCADA Securityamiable_indian
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
Security testing in critical systems
Security testing in critical systemsSecurity testing in critical systems
Security testing in critical systemsPeter Wood
 
Wireless Communciation and Automation
Wireless Communciation and AutomationWireless Communciation and Automation
Wireless Communciation and Automationirfanhyd
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
Scada
ScadaScada
Scadahamada13
 
Scada security
Scada securityScada security
Scada securitysommerville-videos
 
Practical Distribution and Substation Automation (incl. communications) for E...
Practical Distribution and Substation Automation (incl. communications) for E...Practical Distribution and Substation Automation (incl. communications) for E...
Practical Distribution and Substation Automation (incl. communications) for E...Living Online
 
Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Manuel Santander
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02NiMa Bagheriasl
 

More Related Content

What's hot

SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA PresentationEric Favetta
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentestersPositive Hack Days
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsAleksandr Timorin
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101Wavestone
 
Practical DNP3 and Modern SCADA Systems
Practical DNP3 and Modern SCADA SystemsPractical DNP3 and Modern SCADA Systems
Practical DNP3 and Modern SCADA SystemsLiving Online
 
Automation presentation
Automation presentationAutomation presentation
Automation presentationAKANSHA GURELE
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
Security testing in critical systems
Security testing in critical systemsSecurity testing in critical systems
Security testing in critical systemsPeter Wood
 
Wireless Communciation and Automation
Wireless Communciation and AutomationWireless Communciation and Automation
Wireless Communciation and Automationirfanhyd
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
Practical Distribution and Substation Automation (incl. communications) for E...
Practical Distribution and Substation Automation (incl. communications) for E...Practical Distribution and Substation Automation (incl. communications) for E...
Practical Distribution and Substation Automation (incl. communications) for E...Living Online
 
Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Manuel Santander
 

What's hot (20)

ICS security
ICS securityICS security
ICS security
 
SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA Presentation
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentesters
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanisms
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
 
BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101
 
Practical DNP3 and Modern SCADA Systems
Practical DNP3 and Modern SCADA SystemsPractical DNP3 and Modern SCADA Systems
Practical DNP3 and Modern SCADA Systems
 
Automation presentation
Automation presentationAutomation presentation
Automation presentation
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security Presentation
 
From SCADA to IoT
From SCADA to IoTFrom SCADA to IoT
From SCADA to IoT
 
SCADA Security
SCADA SecuritySCADA Security
SCADA Security
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
 
Security testing in critical systems
Security testing in critical systemsSecurity testing in critical systems
Security testing in critical systems
 
Wireless Communciation and Automation
Wireless Communciation and AutomationWireless Communciation and Automation
Wireless Communciation and Automation
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentation
 
Scada
ScadaScada
Scada
 
Scada security
Scada securityScada security
Scada security
 
Practical Distribution and Substation Automation (incl. communications) for E...
Practical Distribution and Substation Automation (incl. communications) for E...Practical Distribution and Substation Automation (incl. communications) for E...
Practical Distribution and Substation Automation (incl. communications) for E...
 
Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...
 

Similar to Taking a closer look at level 0 and level 1 security

Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02NiMa Bagheriasl
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019TI Safe
 
Security system using Arduino
Security system using ArduinoSecurity system using Arduino
Security system using ArduinoApoorv Anand
 
Wireless SCADA Data Communications
Wireless SCADA Data CommunicationsWireless SCADA Data Communications
Wireless SCADA Data CommunicationsDaniel Ehrenreich
 
Ls catalog thiet bi tu dong master rtu e_dienhathe.vn
Ls catalog thiet bi tu dong master rtu e_dienhathe.vnLs catalog thiet bi tu dong master rtu e_dienhathe.vn
Ls catalog thiet bi tu dong master rtu e_dienhathe.vnDien Ha The
 
Training manual on scada
Training manual on scadaTraining manual on scada
Training manual on scadabhavuksharma10
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance LabJim Gilsinn
 
2015 02 antaira quarterly webinar optimizing a robust automation network
2015 02 antaira quarterly webinar optimizing a robust automation network2015 02 antaira quarterly webinar optimizing a robust automation network
2015 02 antaira quarterly webinar optimizing a robust automation networkJose Juan Santiago Gomez
 
CONCEPT OF SCADA System EMERSON EDUARDO RODRIGUES
CONCEPT OF SCADA System EMERSON EDUARDO RODRIGUESCONCEPT OF SCADA System EMERSON EDUARDO RODRIGUES
CONCEPT OF SCADA System EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
Scada, a PLC's story
Scada, a PLC's storyScada, a PLC's story
Scada, a PLC's storyPaolo Stagno
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cCharles Li
 
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...TI Safe
 
PLC and SCADA communication
PLC and SCADA communicationPLC and SCADA communication
PLC and SCADA communicationTalha Shaikh
 
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...sequi_inc
 

Similar to Taking a closer look at level 0 and level 1 security (20)

CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019
 
Security system using Arduino
Security system using ArduinoSecurity system using Arduino
Security system using Arduino
 
Wireless SCADA Data Communications
Wireless SCADA Data CommunicationsWireless SCADA Data Communications
Wireless SCADA Data Communications
 
Ls catalog thiet bi tu dong master rtu e_dienhathe.vn
Ls catalog thiet bi tu dong master rtu e_dienhathe.vnLs catalog thiet bi tu dong master rtu e_dienhathe.vn
Ls catalog thiet bi tu dong master rtu e_dienhathe.vn
 
Training manual on scada
Training manual on scadaTraining manual on scada
Training manual on scada
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance Lab
 
2015 02 antaira quarterly webinar optimizing a robust automation network
2015 02 antaira quarterly webinar optimizing a robust automation network2015 02 antaira quarterly webinar optimizing a robust automation network
2015 02 antaira quarterly webinar optimizing a robust automation network
 
SCADA PPT.pdf
SCADA PPT.pdfSCADA PPT.pdf
SCADA PPT.pdf
 
CONCEPT OF SCADA.pdf
CONCEPT OF SCADA.pdfCONCEPT OF SCADA.pdf
CONCEPT OF SCADA.pdf
 
CONCEPT OF SCADA System EMERSON EDUARDO RODRIGUES
CONCEPT OF SCADA System EMERSON EDUARDO RODRIGUESCONCEPT OF SCADA System EMERSON EDUARDO RODRIGUES
CONCEPT OF SCADA System EMERSON EDUARDO RODRIGUES
 
Scada, a PLC's story
Scada, a PLC's storyScada, a PLC's story
Scada, a PLC's story
 
Scada slide
Scada slideScada slide
Scada slide
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
 
PLC and SCADA communication
PLC and SCADA communicationPLC and SCADA communication
PLC and SCADA communication
 
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
 

Recently uploaded

Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2RajaP95
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and usesDevarapalliHaritha
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 

Recently uploaded (20)

Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and uses
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 

Taking a closer look at level 0 and level 1 security

  • 1. Taking a Closer Look at Level 0 and Level 1 Security © Matthew Loong
  • 2. Content 1. Purdue Model 2. Devices in Level 0 & 1 3. Network Anomaly Detection 4. Process Anomaly Detection 5. Evolution to Industry 4.0 4 of 19 © Matthew Loong
  • 3. 1. Purdue Model 5 of 19 Industrial Control System (ICS) © Matthew Loong Source: ICS-CERT
  • 4. 1. Purdue Model – Level 2 to Level 5 Devices: • Servers • Workstations • Switches • Routers • Firewalls Protocol: • Ethernet-based • LAN • IP addressing To level 1 Traditional IT cybersecurity solutions 6 of 19© Matthew Loong
  • 5. 1. Purdue Model – Level 0 and 1 From level 2 Devices: • Level 1  Controllers e.g. PLC • Level 0 - electromechanical  Field devices e.g. actuators  Sensors Protocols: • Fieldbus e.g. Modbus, DNP3, IEC • Current or voltage signals:  Analog (4 to 20mA)  Digital (+/- 24VDC) • HART • Wireless e.g. w-HART, RF, ZigBee Level 1 is like the brain while Level 0 are like the hands and nerves © Matthew Loong
  • 6. 2. Level 0 Device - Actuator Power Supply Loop Signal Loop PCB Card LCD Display 8 of 19Physical security is important © Matthew Loong Source: Rotork
  • 7. 2. Level 0 Device - Sensor Simultaneous transmission of analog data, such as pressure or temperature, as well as digital data, such as sensor status. 9 of 19Physical security is important © Matthew Loong Source: HART
  • 8. 2. Level 1 Device – PLC Main Circuit Breakers (MCB) Power Supply Unit (PSU) Surge Protection Devices (SPD) Central Processing Unit (CPU) Digital or Analog Input / Output (I/O) Modules Terminal Blocks Ground Bus 10 of 19Physical security is important. Packets sent to PLC should be checked © Matthew Loong
  • 9. 3. Network Anomaly Detection - SIEM 11 of 19Asset Monitoring e.g. Claroty, Nozomi SCADAguardian Able to detect devices with IT and ICS protocols © Matthew Loong Source: Claroty
  • 10. E.g. Deep Inspection of Modbus Traffic Request from Master Response from Slave 13 of 19 3. Network Anomaly Detection – AI Response Interval Slave ID Function Code Data Addressing Payload Checksum Byte Size Behavioural Baselines in: Development in Machine Learning for Advance Threat Prevention © Matthew Loong
  • 11. Ladder Logic 14 of 19 4. Process Anomaly Detection Input Checking PLC © Matthew Loong
  • 12. 4. Process Anomaly Detection - Out-of-Band 15 of 19Keeping process variable within limits © Matthew Loong
  • 13. 4. Process Anomaly Detection - Rate-of-Change 16 of 19Keeping process variable increase/decrease gradual © Matthew Loong
  • 14. 4. Process Anomaly Filtering - Timer-on-Delay Before After Time(5sscale) Time(5sscale) Current (2mA scale) Current (2mA scale) Red Line – Sensor feedback signal (from device) Blue Line – Actuator output signal (to device) current dip current dip Output signal energized No effect 17 of 19Preventing abnormal spikes or dips from affecting process © Matthew Loong
  • 15. 5. Evolution to Industry 4.0 More level 0 devices connected to cloud. Ethernet-based communication to field © Matthew Loong Source: Analog.com
  • 16. Conclusion • Need for mindset shift – Availability is priority in ICS • Aim of cyberattack on ICS is to cause: • Max damage – catastrophic failure • Max downtime – component with longest lead time • Security by design and graceful degradation: • Correlate malicious cyber activities with physical impact • Network anomaly detection vs process anomaly detection • Keep process parameters within band • Hence physical security and verification is important 19 of 19© Matthew Loong
  • 17. Annex - Comparison of Various ICS Programmable Logic Controller (PLC) Distributed Control System (DCS) Supervisory Control And Data Acquisition (SCADA) Localized Localized Geographically dispersed Closed loop communication Closed loop communication Long distance communication e.g. via RTU and leased lines Limited I/Os (<300) Numerous I/Os (>2000) Limited I/Os (<300) Single controller Multiple controllers Not necessarily have controllers Discrete applications Integrated applications Integrated applications E.g. Allen Bradley, Siemens, Mitsubishi, Omron E.g. Emerson Delta V, Yokogawa Centum E.g. Invensys Wonderware, WinCC, Factorytalk Annex A© Matthew Loong
  • 18. Annex – Serial vs Ethernet Serial Fieldbus Industrial Ethernet Transmitted in series bit by bit Transmitted randomly in packets Via RS-232/422/485 cables, with D-sub connectors e.g. DB-9 Via Ethernet cables e.g. Cat 5e, with RJ45 connector Deterministic Packet switching with latency & collision Not as fast as Ethernet Faster than Serial No encryption or authentication – clear text data, subject to spoofing & replay TLS implemented over TCP layer Limited scope for diversification Network flexibility – Ethernet cable can be used for various data e.g. video, voice © Matthew Loong