Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CSIRS ICS BCS 2.2

265 views

Published on

  • Be the first to comment

  • Be the first to like this

CSIRS ICS BCS 2.2

  1. 1. Cyber Security in Real-Time Systems Threats to SCADA and other real time systems an update from the coal face. David Spinks – Independent Cyber Security Consultant April 2015 CSIRS Cyber Security in Real-Time Systems
  2. 2. CSIRS Cyber Security in Real-Time Systems Why me?
  3. 3. 1970/75 – Glaxo Laboratories Cambois Northumberland -Worlds First Large ScaleAutomation
  4. 4. 1990 - 2000 Railtrack Safety Critical Software Sizewell B Software Emergency Shut Down code validation UK Government assessment of Embedded SoftwareAviation
  5. 5. CSIRS Cyber Security in Real-Time Systems Industrial Control Systems Current Business Environments & Drivers
  6. 6. “The Grey” Traditional IT Industrial Control Systems ?
  7. 7. ITTools, Methods, Culture ICS Culture,Tools Very different and apparently no middle ground “The Cavalry fast moving and flexible” The Cannons fixed, slow yet effective not changed much for centuries
  8. 8. Scada Hybrid Networks security comparison
  9. 9. CSIRS Cyber Security in Real-Time Systems Little or no action to close the gap?
  10. 10. CSIRS Cyber Security in Real-Time Systems Advanced : Planned ahead of time Executed by individuals who have expertise Intelligence gathered about “target” in advance Adoption of social engineering techniques Covering of entry and exit points Motive not always understood Perpetrated by unknown agencies Multiple points of entry technical and non-technical Complex execution across a period of time may be months or years Use of multiple technologies, tools and techniques Insider threat must be considered a possible entry point Will explore logical and physical security weaknesses May extend to supply chain Changes in education of IT and ICS engineers Changes in culture in large organisations Disclosure & Legislation & Regulation Information exchange Investments in ICS security Changes in ICS vendor culture PossibleActions
  11. 11. CSIRS Cyber Security in Real-Time Systems What do recent statics and surveys show us?
  12. 12. Trends impacting ICS Cyber Security Business demands that data be passed from ICS to IT. Direct and indirect connections. Sophistication of attacks (the ones we know about) is increasing. 75% of breaches are discovered by third parties. Resulting impacts of each attack is growing exponentially.
  13. 13. DocumentedAttacks on ICS from US ICS Cert Report
  14. 14. The majority of incidents were categorized as having an “unknown” access vector. In these instances, the organization was confirmed to be compromised; however, forensic evidence did not point to a method used for intrusion because of a lack of detection and monitoring capabilities within the compromised network
  15. 15. CSIRS Cyber Security in Real-Time Systems Example of poor monitoring of a SCADA system.
  16. 16. Information about the 8 November incident came to light via the blog of Joe Weiss who advises utilities on how to protect hardware against attack. Mr Weiss quoted from a short report by the Illinois Statewide Terrorism and Intelligence Center which said hackers obtained access using stolen login names and passwords. These were taken from a company which writes control software for industrial systems. The net address through which the attack was carried out was traced to Russia, according to Mr Weiss. The report said "glitches" in the remote access system for the pump had been noticed for months before the burn out, said Mr Weiss.
  17. 17. “I could have straightened it up with just one phone call, and this would all have been defused,” said Jim Mimlitz, founder and owner of Navionics Research, who helped set up the utility’s control system.“They assumed Mimlitz would never ever have been in Russia.They shouldn’t have assumed that.” Mimlitz’s small integrator company helped set up the Supervisory Control and DataAcquisition system (SCADA) used by the Curran Gardner PublicWater District outside of Springfield, Illinois, and provided occasional support to the district. His company specializes in SCADA systems, which are used to control and monitor infrastructure and manufacturing equipment. Mimlitz says last June, he and his family were on vacation in Russia when someone from Curran Gardner called his cell phone seeking advice on a matter and asked Mimlitz to remotely examine some data-history charts stored on the SCADA computer.
  18. 18. CSIRS Cyber Security in Real-Time Systems Common ground might be the Security Operations Centres?
  19. 19. Post Event Investigations: Access to HR Attendance records Door access logs Audit records Phone logs Systems logs
  20. 20. Potential Common Ground Security Operations Centre IT ICS Threats Very few common methods such as NIST & Identity Management Use Cases Mitigation Impacts DO-178C (avionics), ISO 26262 (automotive systems), IEC 62304 (medical devices), CENELEC EN 50128 (railway systems), ISO 27001:2013 Cobit 4.1 ISF ISO 20000 Tools Risks Investigations
  21. 21. Potential Solution: Small team cross trained across IT and ICS Adoption of common language and understanding of impacts Shared understanding ofThreats Devise and plan for integrated tools ICS<>IT Speak to bot camps Common understanding of potential impacts But would require commitment and proper funding
  22. 22. CSIRS Cyber Security in Real-Time Systems Information andWhite Papers
  23. 23. Lots of white papers and solutions are available
  24. 24. CSIRS Cyber Security in Real-Time Systems Highest and Serious Threats
  25. 25. Lessons still to be learnt Insider threats Social engineering Prevent rather than respond Effective intelligence and analysis Planned and tested response to threats
  26. 26. Solution: Understand what is “normal” Monitor for unusual trends Collect and analyse cyber intelligence Investigate Act accordingly Actions
  27. 27. CSIRS Cyber Security in Real-Time Systems Recent media reports of interest
  28. 28. CSIRS Cyber Security in Real-Time Systems Planned ahead of time Executed by individuals who have expertise Intelligence gathered about “target” in advance Adoption of social engineering techniques Covering of entry and exit points Motive not always understood Perpetrated by unknown agencies Rail signal upgrade 'could be hacked to cause crashes' Prof David Stupples told the BBC that plans to replace ageing signal lights with new computers could leave the rail network exposed to cyber-attacks. UK tests of the European RailTraffic Management System are under way. Network Rail, which is in charge of the upgrade, acknowledges the threat. http://www.bbc.co.uk/news/technology-32402481
  29. 29. CSIRS Cyber Security in Real-Time Systems Advanced : Planned ahead of time Executed by individuals who have expertise Intelligence gathered about “target” in advance Adoption of social engineering techniques Covering of entry and exit points Motive not always understood Perpetrated by unknown agencies The debate erupted after cybersecurity expert Chris Roberts, founder of OneWorld Lab in Denver, sent a tweet while he was a passenger on a UnitedAirlines flight suggesting he could hack into the airline’s onboard system to trigger the oxygen masks to drop. When the plane landed in Syracuse, FBI agents were waiting to question him and confiscate his electronic devices, according to a statement from Roberts’ attorneys. UnitedAirlines also was not amused and banned Roberts from flying on the carrier. On the 27th April 2015 ….Yesterday
  30. 30. CSIRS Cyber Security in Real-Time Systems Advanced : Planned ahead of time Executed by individuals who have expertise Intelligence gathered about “target” in advance Adoption of social engineering techniques Covering of entry and exit points Motive not always understood Perpetrated by unknown agencies Persistent : Today - AmericanAirlines planes grounded by iPad app error
  31. 31. CSIRS Cyber Security in Real-Time Systems Linkedin CSIRS : http://www.linkedin.com/groupRegistration?gid=3623430 Dspinks41@gmail.com Questions?

×