SlideShare a Scribd company logo

Smart Grids & Dumb Security => A Guide For Business Managers

Download as PPTX, PDF
Faris Al-Kharusi
Faris Al-Kharusi

A high-level share for non-IT Managerial/Director audience a glimpse into current and emerging business threats at the OFSEC Expo 12-16 Sept in Muscat, Oman. Please feel free to use any content and share original sources were noted.

Technology
1 of 16
Why SCADA, ICS & Embedded Devices continue to be a threat DUMB SECURITY & SMART GRIDSDUMB SECURITY & SMART GRIDSDUMB SECURITY & SMART GRIDS Faris A. Al-Kharusi, MPhil, MSc., GWCBA
AGENDA SCADA, ICS & Embedded Devices • Evolution of theThreat • Industry Standards vs. Residential Realities Specific Contemporary Challenges • The {C}oldWar • Paradigm Shift CybersecurityWorld-View • Weak vs. Strong Implementations • The Real Calculation of Risk (InformationAssurance) Do’s & Don’t of Smart Projects • Data Storage & Security Policy • Knowledge & Competency • BCP & DRP AGENDA
The Story So Far • Hard-Coded Passwords. • Hard-Coded Firmware (Exploits can not be patched!) • Lack of belief that critical infrastructure is internet-facing. • Reconnaissance can be done anonymously with low likelihood of detection. • Lack of skill-sets to conduct forensics minimize reporting on intrusions.
Evolution of theThreat: How We Got Here – Complex interdependencies arose … – The IP/TCP Landscape has opened the doors to ease of setup since the early 80’s ...
Evolution of theThreat: GlobalView – Bacnet (port 47808) – DNP3 (port 20000) – EtherNet/IP (port 44818) – Niagara Fox (ports 1911 ) – IEC-104 (port 2404) – Red Lion (port 789) – Modbus (port 502) – Siemens S7 (port 102)
AndThe Internet ofThings Grows Regionally UPnP - UDP Port 1900 - Mobile Devices - CCTV - Biometric Readers - Energy Generators - Card Readers - Appliances - POS Kiosks - Routers - Printers - And the list goes on …
Industry Standards The “Perfect Landscape” as conveyed in our security centric minds …
Residential Outlook And the current reality …
The {C}oldWar
Paradigm Shift
Real-TimeOperations:Weak Implementations Sifting through Events
Real-TimeOperations: Strong Implementations IntelligentAlarms & Exception Based Surveillance
The Real Calculation of Risk Risk = Threat x Vulnerability x Consequence
Stop fighting yesterday’s war today . . . The Do’s • Understand consequence of your vulnerabilities. • Use Local Clouds – keep ownership of your Data. • Think clearly about your Data Analytics strategy as it pertains guarding your assets. The Don’ts • Stop treating your security decision’s like it is 2005. • Outsource all the knowledge and competency (especially around forensics) to a third-party. • Expect proprietary or complex setups to provide protection.
ThankYou & Feel FreeTo Ask Questions

Recommended

WeatherXM at IoT Boussias Conference 2015
WeatherXM at IoT Boussias Conference 2015WeatherXM at IoT Boussias Conference 2015
WeatherXM at IoT Boussias Conference 2015Manolis Nikiforakis
 
Panpisco Technologies Intelligent CCTV Solutions
Panpisco Technologies Intelligent CCTV SolutionsPanpisco Technologies Intelligent CCTV Solutions
Panpisco Technologies Intelligent CCTV SolutionsPanpisco Technologies
 
Research Topics in IOT
Research Topics in IOTResearch Topics in IOT
Research Topics in IOTTechsparks
 
Sect f43
Sect f43Sect f43
Sect f43SelectedPresentations
 
IoT: Autonomous and Smart- Paul Guermonprez
IoT: Autonomous and Smart- Paul GuermonprezIoT: Autonomous and Smart- Paul Guermonprez
IoT: Autonomous and Smart- Paul GuermonprezWithTheBest
 
"Processor Options for Edge Inference: Options and Trade-offs," a Presentatio...
"Processor Options for Edge Inference: Options and Trade-offs," a Presentatio..."Processor Options for Edge Inference: Options and Trade-offs," a Presentatio...
"Processor Options for Edge Inference: Options and Trade-offs," a Presentatio...Edge AI and Vision Alliance
 
Computing 022612
Computing 022612Computing 022612
Computing 022612Serendipity Seraph
 
Libelium IoT Conference 2018 - Air quality and noise monitoring for Airports 3.0
Libelium IoT Conference 2018 - Air quality and noise monitoring for Airports 3.0Libelium IoT Conference 2018 - Air quality and noise monitoring for Airports 3.0
Libelium IoT Conference 2018 - Air quality and noise monitoring for Airports 3.0Manolis Nikiforakis
 

Recommended

WeatherXM at IoT Boussias Conference 2015
WeatherXM at IoT Boussias Conference 2015WeatherXM at IoT Boussias Conference 2015
WeatherXM at IoT Boussias Conference 2015Manolis Nikiforakis
 
Panpisco Technologies Intelligent CCTV Solutions
Panpisco Technologies Intelligent CCTV SolutionsPanpisco Technologies Intelligent CCTV Solutions
Panpisco Technologies Intelligent CCTV SolutionsPanpisco Technologies
 
Research Topics in IOT
Research Topics in IOTResearch Topics in IOT
Research Topics in IOTTechsparks
 
Sect f43
Sect f43Sect f43
Sect f43SelectedPresentations
 
IoT: Autonomous and Smart- Paul Guermonprez
IoT: Autonomous and Smart- Paul GuermonprezIoT: Autonomous and Smart- Paul Guermonprez
IoT: Autonomous and Smart- Paul GuermonprezWithTheBest
 
"Processor Options for Edge Inference: Options and Trade-offs," a Presentatio...
"Processor Options for Edge Inference: Options and Trade-offs," a Presentatio..."Processor Options for Edge Inference: Options and Trade-offs," a Presentatio...
"Processor Options for Edge Inference: Options and Trade-offs," a Presentatio...Edge AI and Vision Alliance
 
Computing 022612
Computing 022612Computing 022612
Computing 022612Serendipity Seraph
 
Libelium IoT Conference 2018 - Air quality and noise monitoring for Airports 3.0
Libelium IoT Conference 2018 - Air quality and noise monitoring for Airports 3.0Libelium IoT Conference 2018 - Air quality and noise monitoring for Airports 3.0
Libelium IoT Conference 2018 - Air quality and noise monitoring for Airports 3.0Manolis Nikiforakis
 
Cloaking is the new perimeter
Cloaking is the new perimeterCloaking is the new perimeter
Cloaking is the new perimeterTempered
 
The design and implementation of intelligent campus security tracking system ...
The design and implementation of intelligent campus security tracking system ...The design and implementation of intelligent campus security tracking system ...
The design and implementation of intelligent campus security tracking system ...impulsetechembedded12
 
UMC FTSG Software
UMC FTSG SoftwareUMC FTSG Software
UMC FTSG Softwarekphodel
 
Airport as a Smartcity - Naftemporiki IoT 2016
Airport as a Smartcity - Naftemporiki IoT 2016Airport as a Smartcity - Naftemporiki IoT 2016
Airport as a Smartcity - Naftemporiki IoT 2016Manolis Nikiforakis
 
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...Nabil Bouzerna
 
Towards Better Availability and Accountability for IoT Updates by means of a ...
Towards Better Availability and Accountability for IoT Updates by means of a ...Towards Better Availability and Accountability for IoT Updates by means of a ...
Towards Better Availability and Accountability for IoT Updates by means of a ...Nabil Bouzerna
 
Microcontrollers disruption v9.0
Microcontrollers disruption v9.0Microcontrollers disruption v9.0
Microcontrollers disruption v9.0Jim Nicholas
 
Stories from the Trainyard!
Stories from the Trainyard!Stories from the Trainyard!
Stories from the Trainyard!Patrick Kelley
 
Encryption in industrial control systems; Is the juice worth the squeeze?
Encryption in industrial control systems; Is the juice worth the squeeze?Encryption in industrial control systems; Is the juice worth the squeeze?
Encryption in industrial control systems; Is the juice worth the squeeze?Brian Proctor - GICSP, CISSP, CRISC
 
2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation2012 02 14 Afcom Presentation
2012 02 14 Afcom PresentationEric Gallant
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteGus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteWork-Bench
 
Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7Filip Maertens
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos, Inc.
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Big Data for Big Power: How smart is the grid if the infrastructure is stupid?
Big Data for Big Power: How smart is the grid if the infrastructure is stupid?Big Data for Big Power: How smart is the grid if the infrastructure is stupid?
Big Data for Big Power: How smart is the grid if the infrastructure is stupid?OReillyStrata
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaAngeloluca Barba
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...TI Safe
 
CCTV in the CLOUD
CCTV in the CLOUDCCTV in the CLOUD
CCTV in the CLOUDRiccardo Mazzurco
 
Background scenario drivers and critical issues with a focus on technology ...
Background scenario drivers and critical issues with a focus on technology ...Background scenario drivers and critical issues with a focus on technology ...
Background scenario drivers and critical issues with a focus on technology ...bdemchak
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUMohit Rampal
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...Dataconomy Media
 
CSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityCSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityPhil Agcaoili
 

More Related Content

What's hot

Cloaking is the new perimeter
Cloaking is the new perimeterCloaking is the new perimeter
Cloaking is the new perimeterTempered
 
The design and implementation of intelligent campus security tracking system ...
The design and implementation of intelligent campus security tracking system ...The design and implementation of intelligent campus security tracking system ...
The design and implementation of intelligent campus security tracking system ...impulsetechembedded12
 
UMC FTSG Software
UMC FTSG SoftwareUMC FTSG Software
UMC FTSG Softwarekphodel
 
Airport as a Smartcity - Naftemporiki IoT 2016
Airport as a Smartcity - Naftemporiki IoT 2016Airport as a Smartcity - Naftemporiki IoT 2016
Airport as a Smartcity - Naftemporiki IoT 2016Manolis Nikiforakis
 
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...Nabil Bouzerna
 
Towards Better Availability and Accountability for IoT Updates by means of a ...
Towards Better Availability and Accountability for IoT Updates by means of a ...Towards Better Availability and Accountability for IoT Updates by means of a ...
Towards Better Availability and Accountability for IoT Updates by means of a ...Nabil Bouzerna
 
Microcontrollers disruption v9.0
Microcontrollers disruption v9.0Microcontrollers disruption v9.0
Microcontrollers disruption v9.0Jim Nicholas
 

What's hot (7)

Cloaking is the new perimeter
Cloaking is the new perimeterCloaking is the new perimeter
Cloaking is the new perimeter
 
The design and implementation of intelligent campus security tracking system ...
The design and implementation of intelligent campus security tracking system ...The design and implementation of intelligent campus security tracking system ...
The design and implementation of intelligent campus security tracking system ...
 
UMC FTSG Software
UMC FTSG SoftwareUMC FTSG Software
UMC FTSG Software
 
Airport as a Smartcity - Naftemporiki IoT 2016
Airport as a Smartcity - Naftemporiki IoT 2016Airport as a Smartcity - Naftemporiki IoT 2016
Airport as a Smartcity - Naftemporiki IoT 2016
 
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection Sy...
 
Towards Better Availability and Accountability for IoT Updates by means of a ...
Towards Better Availability and Accountability for IoT Updates by means of a ...Towards Better Availability and Accountability for IoT Updates by means of a ...
Towards Better Availability and Accountability for IoT Updates by means of a ...
 
Microcontrollers disruption v9.0
Microcontrollers disruption v9.0Microcontrollers disruption v9.0
Microcontrollers disruption v9.0
 

Similar to Smart Grids & Dumb Security => A Guide For Business Managers

Stories from the Trainyard!
Stories from the Trainyard!Stories from the Trainyard!
Stories from the Trainyard!Patrick Kelley
 
Encryption in industrial control systems; Is the juice worth the squeeze?
Encryption in industrial control systems; Is the juice worth the squeeze?Encryption in industrial control systems; Is the juice worth the squeeze?
Encryption in industrial control systems; Is the juice worth the squeeze?Brian Proctor - GICSP, CISSP, CRISC
 
2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation2012 02 14 Afcom Presentation
2012 02 14 Afcom PresentationEric Gallant
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteGus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteWork-Bench
 
Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7Filip Maertens
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos, Inc.
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Big Data for Big Power: How smart is the grid if the infrastructure is stupid?
Big Data for Big Power: How smart is the grid if the infrastructure is stupid?Big Data for Big Power: How smart is the grid if the infrastructure is stupid?
Big Data for Big Power: How smart is the grid if the infrastructure is stupid?OReillyStrata
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaAngeloluca Barba
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...TI Safe
 
Background scenario drivers and critical issues with a focus on technology ...
Background scenario drivers and critical issues with a focus on technology ...Background scenario drivers and critical issues with a focus on technology ...
Background scenario drivers and critical issues with a focus on technology ...bdemchak
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUMohit Rampal
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...Dataconomy Media
 
CSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityCSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityPhil Agcaoili
 
DataBeers Malaga #20 especial datos y ciberseguridad- Fundamentals of Data Se...
DataBeers Malaga #20 especial datos y ciberseguridad- Fundamentals of Data Se...DataBeers Malaga #20 especial datos y ciberseguridad- Fundamentals of Data Se...
DataBeers Malaga #20 especial datos y ciberseguridad- Fundamentals of Data Se...Databeers Malaga
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
2012 Reenergize the Americas 3B: Angel Avila
2012 Reenergize the Americas 3B: Angel Avila2012 Reenergize the Americas 3B: Angel Avila
2012 Reenergize the Americas 3B: Angel AvilaReenergize
 
Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018Jiunn-Jer Sun
 
Big data, security, and the cloud
Big data, security, and the cloudBig data, security, and the cloud
Big data, security, and the cloudPano Xinos
 

Similar to Smart Grids & Dumb Security => A Guide For Business Managers (20)

Stories from the Trainyard!
Stories from the Trainyard!Stories from the Trainyard!
Stories from the Trainyard!
 
Encryption in industrial control systems; Is the juice worth the squeeze?
Encryption in industrial control systems; Is the juice worth the squeeze?Encryption in industrial control systems; Is the juice worth the squeeze?
Encryption in industrial control systems; Is the juice worth the squeeze?
 
2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteGus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
 
Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Big Data for Big Power: How smart is the grid if the infrastructure is stupid?
Big Data for Big Power: How smart is the grid if the infrastructure is stupid?Big Data for Big Power: How smart is the grid if the infrastructure is stupid?
Big Data for Big Power: How smart is the grid if the infrastructure is stupid?
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
 
CCTV in the CLOUD
CCTV in the CLOUDCCTV in the CLOUD
CCTV in the CLOUD
 
Background scenario drivers and critical issues with a focus on technology ...
Background scenario drivers and critical issues with a focus on technology ...Background scenario drivers and critical issues with a focus on technology ...
Background scenario drivers and critical issues with a focus on technology ...
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
 
CSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityCSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber Security
 
DataBeers Malaga #20 especial datos y ciberseguridad- Fundamentals of Data Se...
DataBeers Malaga #20 especial datos y ciberseguridad- Fundamentals of Data Se...DataBeers Malaga #20 especial datos y ciberseguridad- Fundamentals of Data Se...
DataBeers Malaga #20 especial datos y ciberseguridad- Fundamentals of Data Se...
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles
 
2012 Reenergize the Americas 3B: Angel Avila
2012 Reenergize the Americas 3B: Angel Avila2012 Reenergize the Americas 3B: Angel Avila
2012 Reenergize the Americas 3B: Angel Avila
 
Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018Transformation From Today To Tomorrow - Market and Product Strategy 2018
Transformation From Today To Tomorrow - Market and Product Strategy 2018
 
Big data, security, and the cloud
Big data, security, and the cloudBig data, security, and the cloud
Big data, security, and the cloud
 

Recently uploaded

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 

Recently uploaded (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 

Smart Grids & Dumb Security => A Guide For Business Managers

  • 1.
  • 2. Why SCADA, ICS & Embedded Devices continue to be a threat DUMB SECURITY & SMART GRIDSDUMB SECURITY & SMART GRIDSDUMB SECURITY & SMART GRIDS Faris A. Al-Kharusi, MPhil, MSc., GWCBA
  • 3. AGENDA SCADA, ICS & Embedded Devices • Evolution of theThreat • Industry Standards vs. Residential Realities Specific Contemporary Challenges • The {C}oldWar • Paradigm Shift CybersecurityWorld-View • Weak vs. Strong Implementations • The Real Calculation of Risk (InformationAssurance) Do’s & Don’t of Smart Projects • Data Storage & Security Policy • Knowledge & Competency • BCP & DRP AGENDA
  • 4. The Story So Far • Hard-Coded Passwords. • Hard-Coded Firmware (Exploits can not be patched!) • Lack of belief that critical infrastructure is internet-facing. • Reconnaissance can be done anonymously with low likelihood of detection. • Lack of skill-sets to conduct forensics minimize reporting on intrusions.
  • 5. Evolution of theThreat: How We Got Here – Complex interdependencies arose … – The IP/TCP Landscape has opened the doors to ease of setup since the early 80’s ...
  • 6. Evolution of theThreat: GlobalView – Bacnet (port 47808) – DNP3 (port 20000) – EtherNet/IP (port 44818) – Niagara Fox (ports 1911 ) – IEC-104 (port 2404) – Red Lion (port 789) – Modbus (port 502) – Siemens S7 (port 102)
  • 7. AndThe Internet ofThings Grows Regionally UPnP - UDP Port 1900 - Mobile Devices - CCTV - Biometric Readers - Energy Generators - Card Readers - Appliances - POS Kiosks - Routers - Printers - And the list goes on …
  • 8. Industry Standards The “Perfect Landscape” as conveyed in our security centric minds …
  • 9. Residential Outlook And the current reality …
  • 14. The Real Calculation of Risk Risk = Threat x Vulnerability x Consequence
  • 15. Stop fighting yesterday’s war today . . . The Do’s • Understand consequence of your vulnerabilities. • Use Local Clouds – keep ownership of your Data. • Think clearly about your Data Analytics strategy as it pertains guarding your assets. The Don’ts • Stop treating your security decision’s like it is 2005. • Outsource all the knowledge and competency (especially around forensics) to a third-party. • Expect proprietary or complex setups to provide protection.

Editor's Notes

  1. Courtesy Threat Toons
  2. Courtesy Threat Toons
  3. Image courtesy of Mark Fabro
  4. Image courtesy of SHODAN 2014
  5. Courtesy of SHODAN 2015
  6. Image courtesy of ATOS Origin
  7. Courtesy of Norton (2013)
  8. Courtesy of Google Images
  9. Courtesy of PlanX
  10. Courtesy of Mark Fabro