A high-level share for non-IT Managerial/Director audience a glimpse into current and emerging business threats at the OFSEC Expo 12-16 Sept in Muscat, Oman.
Please feel free to use any content and share original sources were noted.
Smart Grids & Dumb Security => A Guide For Business Managers
1.
2. Why SCADA, ICS
& Embedded
Devices continue
to be a threat
DUMB SECURITY & SMART GRIDSDUMB SECURITY & SMART GRIDSDUMB SECURITY & SMART GRIDS
Faris A. Al-Kharusi, MPhil, MSc., GWCBA
3. AGENDA
SCADA, ICS & Embedded Devices
• Evolution of theThreat
• Industry Standards vs. Residential Realities
Specific Contemporary Challenges
• The {C}oldWar
• Paradigm Shift
CybersecurityWorld-View
• Weak vs. Strong Implementations
• The Real Calculation of Risk (InformationAssurance)
Do’s & Don’t of Smart Projects
• Data Storage & Security Policy
• Knowledge & Competency
• BCP & DRP
AGENDA
4. The Story So Far
• Hard-Coded Passwords.
• Hard-Coded Firmware (Exploits
can not be patched!)
• Lack of belief that critical
infrastructure is internet-facing.
• Reconnaissance can be done
anonymously with low likelihood
of detection.
• Lack of skill-sets to conduct
forensics minimize reporting on
intrusions.
5. Evolution of theThreat: How We Got Here
– Complex interdependencies
arose …
– The IP/TCP Landscape has
opened the doors to ease of
setup since the early 80’s ...
15. Stop fighting yesterday’s war today . . .
The Do’s
• Understand consequence of your
vulnerabilities.
• Use Local Clouds – keep ownership
of your Data.
• Think clearly about your Data
Analytics strategy as it pertains
guarding your assets.
The Don’ts
• Stop treating your security
decision’s like it is 2005.
• Outsource all the knowledge and
competency (especially around
forensics) to a third-party.
• Expect proprietary or complex
setups to provide protection.