SlideShare a Scribd company logo

Protecting Infrastructure from Cyber Attacks

Download as PPTX, PDF
Maurice Dawson
Maurice Dawson

The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.

Technology
1 of 15
Protecting Infrastructure from Cyber Attacks Dr. Maurice Dawson, Walden University /Alabama A&M University Dr. Jonathan Abramson, Colorado Technical University Dr. Marwan Omar, Colorado Technical University
Abstract • The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.
Topics • Example Scripts • 2012 FISMA Report • Previous Research • Vulnerabilities & Threats • Example Physical Security Threat Scenario • System C&A Processes • Product C&A Processes • Example Unclassified DIACAP Controls • Virtualization as a Tool
Virus in Bash Script #!/bin/bash Echo “Yep We Finally Got You” Rmdir *.bin ##removal of key directories to render system useless Rm filename1 filename2 filename3 filename 4 ##removal of key files to render system useless Note: file must be --7 (executable) and bypass sudo
Example Copy Script in Bash Script #!/bin/bash tar -cZf /var/my-backup.tgz /home/me/ ##key files can be copied anywhere Note: file must be --7 (executable) and bypass sudo
2012 FISMA Report
Previous Research • DoD Cyber Technology Policies to Secure Automated Information Systems – Certification & Accreditation (C&A) evaluation processes – Plan of action and milestones (PO&AM) – DIACAP scorecard – System identification plan (SIP) – DIACAP implementation plan (DIP)
Vulnerabilities & Threats • Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes. • Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems. • Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control heating, ventilation, and air conditioning systems (HVAC), access, and energy consumption.
Vulnerabilities & Threats cont. • Remote access – Root control of system – Ability to map network(s) – Ability to corrupt cloud infrastructure(s) • Virus focused on specific hardware – Over clocking – Redirect of network and data • Covert channel analysis • Lack of qualified personnel • Insider threat • Natural disasters • Inconsistencies of applied processes
Example Physical Security Scenario Decide targets Perform research on target using Google maps, social media, and etc. Capture online maps for building architecture Render items with virtual world(s), and graphics application software(s) Prepare mock up scenario(s) Test run mock up scenario(s) Perform live run
Systems C&A Process - DIACAP
Product C&A Process – Common Criteria
Unclassified DIACAP Controls – MAC III Unclassified [Example]
Virtualization as a Tool Supporting Tasks • Test patches before full deployment • See how OS or system reacts to virus • Use as tool to deploy hardened VMs Example Set Up HARDWARE OS PLATFORM HYPERVISOR WINDOWS RED HAT LINUX UBUNTU LINUX
Any Questions Please feel free to contact me at maurice.dawson@ aamu.edu Wk: 256-372-4801

Recommended

Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSJim Gilsinn
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14James Nesbitt
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 

Recommended

Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSJim Gilsinn
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14James Nesbitt
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingTonex
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsCommunity Protection Forum
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...AVEVA
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009Narinrit Prem-apiwathanokul
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control SystemsEric Andresen
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...Shah Sheikh
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsJames Arlen
 
Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsDavid Spinks
 

More Related Content

What's hot

ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingTonex
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...AVEVA
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control SystemsEric Andresen
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...Shah Sheikh
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 

What's hot (20)

ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control Systems
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 

Viewers also liked

Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsJames Arlen
 
Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsDavid Spinks
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsShah Sheikh
 
Nuclear Power Plants and Terrorism - Some remarks on a sensitive topic
Nuclear Power Plants and Terrorism - Some remarks on a sensitive topicNuclear Power Plants and Terrorism - Some remarks on a sensitive topic
Nuclear Power Plants and Terrorism - Some remarks on a sensitive topicOeko-Institut
 
Nuclear Power in Germany - A short overview
Nuclear Power in Germany - A short overviewNuclear Power in Germany - A short overview
Nuclear Power in Germany - A short overviewOeko-Institut
 
BlackHat Europe 2010: SCADA and ICS for Security Experts
BlackHat Europe 2010: SCADA and ICS for Security ExpertsBlackHat Europe 2010: SCADA and ICS for Security Experts
BlackHat Europe 2010: SCADA and ICS for Security ExpertsJames Arlen
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Ahmed Al Enizi
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
Scada Security & Penetration Testing
Scada Security & Penetration TestingScada Security & Penetration Testing
Scada Security & Penetration TestingAhmed Sherif
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Control Systems Basics
Control Systems BasicsControl Systems Basics
Control Systems BasicsJohn Todora
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 

Viewers also liked (19)

Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security Experts
 
Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control Systems
 
ICS security
ICS securityICS security
ICS security
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
 
Nuclear Power Plants and Terrorism - Some remarks on a sensitive topic
Nuclear Power Plants and Terrorism - Some remarks on a sensitive topicNuclear Power Plants and Terrorism - Some remarks on a sensitive topic
Nuclear Power Plants and Terrorism - Some remarks on a sensitive topic
 
Nuclear Power in Germany - A short overview
Nuclear Power in Germany - A short overviewNuclear Power in Germany - A short overview
Nuclear Power in Germany - A short overview
 
BlackHat Europe 2010: SCADA and ICS for Security Experts
BlackHat Europe 2010: SCADA and ICS for Security ExpertsBlackHat Europe 2010: SCADA and ICS for Security Experts
BlackHat Europe 2010: SCADA and ICS for Security Experts
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
 
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA Security
 
Scada Security & Penetration Testing
Scada Security & Penetration TestingScada Security & Penetration Testing
Scada Security & Penetration Testing
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
Control Systems Basics
Control Systems BasicsControl Systems Basics
Control Systems Basics
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrol
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 

Similar to Protecting Infrastructure from Cyber Attacks

Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADARichard Umbrino
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptDelforChacnCornejo
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSiQHub
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSiQHub
 
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTIII SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTRAJESHWARI M
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA NetworksIJRES Journal
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
 
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMINTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMIRJET Journal
 
Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander EC-Council
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat ManagementLokesh Sharma
 
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012Ahmed Al Enizi
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1nicfs
 

Similar to Protecting Infrastructure from Cyber Attacks (20)

Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADA
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
 
Unit_3.pptx
Unit_3.pptxUnit_3.pptx
Unit_3.pptx
 
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTIII SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA Networks
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
 
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMINTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEM
 
Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
 
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
 
cscnapd.ppt
cscnapd.pptcscnapd.ppt
cscnapd.ppt
 
Network security
Network securityNetwork security
Network security
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1
 

More from Maurice Dawson

Understanding the Challenge of Cybersecurity in Critical Infrastructure Sectors
Understanding the Challenge of Cybersecurity in Critical Infrastructure SectorsUnderstanding the Challenge of Cybersecurity in Critical Infrastructure Sectors
Understanding the Challenge of Cybersecurity in Critical Infrastructure SectorsMaurice Dawson
 
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Maurice Dawson
 
Security Solutions for Hyperconnectivity in the Internet of Things
Security Solutions for Hyperconnectivity in the Internet of ThingsSecurity Solutions for Hyperconnectivity in the Internet of Things
Security Solutions for Hyperconnectivity in the Internet of ThingsMaurice Dawson
 
Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...Maurice Dawson
 
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...Maurice Dawson
 
CTRL, Search, Exploit, and Destroy
CTRL, Search, Exploit, and DestroyCTRL, Search, Exploit, and Destroy
CTRL, Search, Exploit, and DestroyMaurice Dawson
 
MWAIS Fall 2017 Newsletter
MWAIS Fall 2017 NewsletterMWAIS Fall 2017 Newsletter
MWAIS Fall 2017 NewsletterMaurice Dawson
 
MWAIS Fall 2018 Newsletter
MWAIS Fall 2018 NewsletterMWAIS Fall 2018 Newsletter
MWAIS Fall 2018 NewsletterMaurice Dawson
 
Information Technology Use in West African Agriculture – challenges and oppor...
Information Technology Use in West African Agriculture – challenges and oppor...Information Technology Use in West African Agriculture – challenges and oppor...
Information Technology Use in West African Agriculture – challenges and oppor...Maurice Dawson
 
The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...
The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...
The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...Maurice Dawson
 
Schedule for the 13th Annual Conference of the Midwest AIS
Schedule for the 13th Annual Conference of the Midwest AIS Schedule for the 13th Annual Conference of the Midwest AIS
Schedule for the 13th Annual Conference of the Midwest AIS Maurice Dawson
 
UMSL IS | Farmer 2 Farmer Program
UMSL IS | Farmer 2 Farmer ProgramUMSL IS | Farmer 2 Farmer Program
UMSL IS | Farmer 2 Farmer ProgramMaurice Dawson
 
Midwest Association for Information Systems - MWAIS2018
Midwest Association for Information Systems - MWAIS2018Midwest Association for Information Systems - MWAIS2018
Midwest Association for Information Systems - MWAIS2018Maurice Dawson
 
MWAIS 2018 - 13th Annual Conference
MWAIS 2018 - 13th Annual ConferenceMWAIS 2018 - 13th Annual Conference
MWAIS 2018 - 13th Annual ConferenceMaurice Dawson
 
MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...
MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...
MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...Maurice Dawson
 
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Maurice Dawson
 
Hacking, Privacy and Security in a Hyperconnected Society
Hacking, Privacy and Security in a Hyperconnected SocietyHacking, Privacy and Security in a Hyperconnected Society
Hacking, Privacy and Security in a Hyperconnected SocietyMaurice Dawson
 
University of Missouri - Saint Louis Cyber Security
University of Missouri - Saint Louis Cyber SecurityUniversity of Missouri - Saint Louis Cyber Security
University of Missouri - Saint Louis Cyber SecurityMaurice Dawson
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
Security Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsSecurity Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsMaurice Dawson
 

More from Maurice Dawson (20)

Understanding the Challenge of Cybersecurity in Critical Infrastructure Sectors
Understanding the Challenge of Cybersecurity in Critical Infrastructure SectorsUnderstanding the Challenge of Cybersecurity in Critical Infrastructure Sectors
Understanding the Challenge of Cybersecurity in Critical Infrastructure Sectors
 
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
 
Security Solutions for Hyperconnectivity in the Internet of Things
Security Solutions for Hyperconnectivity in the Internet of ThingsSecurity Solutions for Hyperconnectivity in the Internet of Things
Security Solutions for Hyperconnectivity in the Internet of Things
 
Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...
 
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
 
CTRL, Search, Exploit, and Destroy
CTRL, Search, Exploit, and DestroyCTRL, Search, Exploit, and Destroy
CTRL, Search, Exploit, and Destroy
 
MWAIS Fall 2017 Newsletter
MWAIS Fall 2017 NewsletterMWAIS Fall 2017 Newsletter
MWAIS Fall 2017 Newsletter
 
MWAIS Fall 2018 Newsletter
MWAIS Fall 2018 NewsletterMWAIS Fall 2018 Newsletter
MWAIS Fall 2018 Newsletter
 
Information Technology Use in West African Agriculture – challenges and oppor...
Information Technology Use in West African Agriculture – challenges and oppor...Information Technology Use in West African Agriculture – challenges and oppor...
Information Technology Use in West African Agriculture – challenges and oppor...
 
The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...
The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...
The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...
 
Schedule for the 13th Annual Conference of the Midwest AIS
Schedule for the 13th Annual Conference of the Midwest AIS Schedule for the 13th Annual Conference of the Midwest AIS
Schedule for the 13th Annual Conference of the Midwest AIS
 
UMSL IS | Farmer 2 Farmer Program
UMSL IS | Farmer 2 Farmer ProgramUMSL IS | Farmer 2 Farmer Program
UMSL IS | Farmer 2 Farmer Program
 
Midwest Association for Information Systems - MWAIS2018
Midwest Association for Information Systems - MWAIS2018Midwest Association for Information Systems - MWAIS2018
Midwest Association for Information Systems - MWAIS2018
 
MWAIS 2018 - 13th Annual Conference
MWAIS 2018 - 13th Annual ConferenceMWAIS 2018 - 13th Annual Conference
MWAIS 2018 - 13th Annual Conference
 
MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...
MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...
MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...
 
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
 
Hacking, Privacy and Security in a Hyperconnected Society
Hacking, Privacy and Security in a Hyperconnected SocietyHacking, Privacy and Security in a Hyperconnected Society
Hacking, Privacy and Security in a Hyperconnected Society
 
University of Missouri - Saint Louis Cyber Security
University of Missouri - Saint Louis Cyber SecurityUniversity of Missouri - Saint Louis Cyber Security
University of Missouri - Saint Louis Cyber Security
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
 
Security Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsSecurity Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of Things
 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Protecting Infrastructure from Cyber Attacks

  • 1. Protecting Infrastructure from Cyber Attacks Dr. Maurice Dawson, Walden University /Alabama A&M University Dr. Jonathan Abramson, Colorado Technical University Dr. Marwan Omar, Colorado Technical University
  • 2. Abstract • The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.
  • 3. Topics • Example Scripts • 2012 FISMA Report • Previous Research • Vulnerabilities & Threats • Example Physical Security Threat Scenario • System C&A Processes • Product C&A Processes • Example Unclassified DIACAP Controls • Virtualization as a Tool
  • 4. Virus in Bash Script #!/bin/bash Echo “Yep We Finally Got You” Rmdir *.bin ##removal of key directories to render system useless Rm filename1 filename2 filename3 filename 4 ##removal of key files to render system useless Note: file must be --7 (executable) and bypass sudo
  • 5. Example Copy Script in Bash Script #!/bin/bash tar -cZf /var/my-backup.tgz /home/me/ ##key files can be copied anywhere Note: file must be --7 (executable) and bypass sudo
  • 7. Previous Research • DoD Cyber Technology Policies to Secure Automated Information Systems – Certification & Accreditation (C&A) evaluation processes – Plan of action and milestones (PO&AM) – DIACAP scorecard – System identification plan (SIP) – DIACAP implementation plan (DIP)
  • 8. Vulnerabilities & Threats • Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes. • Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems. • Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control heating, ventilation, and air conditioning systems (HVAC), access, and energy consumption.
  • 9. Vulnerabilities & Threats cont. • Remote access – Root control of system – Ability to map network(s) – Ability to corrupt cloud infrastructure(s) • Virus focused on specific hardware – Over clocking – Redirect of network and data • Covert channel analysis • Lack of qualified personnel • Insider threat • Natural disasters • Inconsistencies of applied processes
  • 10. Example Physical Security Scenario Decide targets Perform research on target using Google maps, social media, and etc. Capture online maps for building architecture Render items with virtual world(s), and graphics application software(s) Prepare mock up scenario(s) Test run mock up scenario(s) Perform live run
  • 12. Product C&A Process – Common Criteria
  • 13. Unclassified DIACAP Controls – MAC III Unclassified [Example]
  • 14. Virtualization as a Tool Supporting Tasks • Test patches before full deployment • See how OS or system reacts to virus • Use as tool to deploy hardened VMs Example Set Up HARDWARE OS PLATFORM HYPERVISOR WINDOWS RED HAT LINUX UBUNTU LINUX
  • 15. Any Questions Please feel free to contact me at maurice.dawson@ aamu.edu Wk: 256-372-4801