SlideShare a Scribd company logo

Abwicmo 130525203917-phpapp02

Download as PPTX, PDF
J
jda1292
TechnologyBusiness
1 of 15
Protecting Infrastructure from Cyber Attacks Dr. Maurice Dawson, Walden University /Alabama A&M University Dr. Jonathan Abramson, Colorado Technical University Dr. Marwan Omar, Colorado Technical University
Abstract • The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.
Topics • Example Scripts • 2012 FISMA Report • Previous Research • Vulnerabilities & Threats • Example Physical Security Threat Scenario • System C&A Processes • Product C&A Processes • Example Unclassified DIACAP Controls • Virtualization as a Tool
Virus in Bash Script #!/bin/bash Echo “Yep We Finally Got You” Rmdir *.bin ##removal of key directories to render system useless Rm filename1 filename2 filename3 filename 4 ##removal of key files to render system useless Note: file must be --7 (executable) and bypass sudo
Example Copy Script in Bash Script #!/bin/bash tar -cZf /var/my-backup.tgz /home/me/ ##key files can be copied anywhere Note: file must be --7 (executable) and bypass sudo
2012 FISMA Report
Previous Research • DoD Cyber Technology Policies to Secure Automated Information Systems – Certification & Accreditation (C&A) evaluation processes – Plan of action and milestones (PO&AM) – DIACAP scorecard – System identification plan (SIP) – DIACAP implementation plan (DIP)
Vulnerabilities & Threats • Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes. • Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems. • Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control heating, ventilation, and air conditioning systems (HVAC), access, and energy consumption.
Vulnerabilities & Threats cont. • Remote access – Root control of system – Ability to map network(s) – Ability to corrupt cloud infrastructure(s) • Virus focused on specific hardware – Over clocking – Redirect of network and data • Covert channel analysis • Lack of qualified personnel • Insider threat • Natural disasters • Inconsistencies of applied processes
Example Physical Security Scenario Decide targets Perform research on target using Google maps, social media, and etc. Capture online maps for building architecture Render items with virtual world(s), and graphics application software(s) Prepare mock up scenario(s) Test run mock up scenario(s) Perform live run
Systems C&A Process - DIACAP
Product C&A Process – Common Criteria
Unclassified DIACAP Controls – MAC III Unclassified [Example]
Virtualization as a Tool Supporting Tasks • Test patches before full deployment • See how OS or system reacts to virus • Use as tool to deploy hardened VMs Example Set Up HARDWARE OS PLATFORM HYPERVISOR WINDOWS RED HAT LINUX UBUNTU LINUX
Any Questions Please feel free to contact me at maurice.dawson@ aamu.edu Wk: 256-372-4801

Recommended

Information systems security(1)
Information systems security(1)Information systems security(1)
Information systems security(1)Sandeep Agarwal
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear FacilitiesOPSWAT
 
Security technologies
Security technologiesSecurity technologies
Security technologiesDhani Ahmad
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul ComerfordPROFIBUS and PROFINET InternationaI - PI UK
 
6 Physical Security
6 Physical Security6 Physical Security
6 Physical SecurityAlfred Ouyang
 
Practical Application of Physical Security Criteria
Practical Application of Physical Security CriteriaPractical Application of Physical Security Criteria
Practical Application of Physical Security CriteriaScott L Weiland PE
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Computing safety
Computing safetyComputing safety
Computing safetytitoferrus
 

Recommended

Information systems security(1)
Information systems security(1)Information systems security(1)
Information systems security(1)Sandeep Agarwal
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear FacilitiesOPSWAT
 
Security technologies
Security technologiesSecurity technologies
Security technologiesDhani Ahmad
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul ComerfordPROFIBUS and PROFINET InternationaI - PI UK
 
6 Physical Security
6 Physical Security6 Physical Security
6 Physical SecurityAlfred Ouyang
 
Practical Application of Physical Security Criteria
Practical Application of Physical Security CriteriaPractical Application of Physical Security Criteria
Practical Application of Physical Security CriteriaScott L Weiland PE
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Computing safety
Computing safetyComputing safety
Computing safetytitoferrus
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Kabul Education University
 
Network security
Network securityNetwork security
Network securityUjjwal 'Shanu'
 
Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...
Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...
Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...Marco Lisi
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallCommonwealth Telecommunications Organisation
 
Online BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techOnline BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techBradford Sims
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14James Nesbitt
 
Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADARichard Umbrino
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-securityAl Balqa Applied University
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCloudIDSummit
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Scada security webinar 2012
Scada security webinar 2012Scada security webinar 2012
Scada security webinar 2012AVEVA
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterpriseQuick Heal Technologies Ltd.
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information SecuritySARJERAO Sarju
 
Wi fipresentationshow-120916014142-phpapp02
Wi fipresentationshow-120916014142-phpapp02Wi fipresentationshow-120916014142-phpapp02
Wi fipresentationshow-120916014142-phpapp02Zameer Abdul Azeez Mulla
 
Slides&Flips
Slides&FlipsSlides&Flips
Slides&FlipsMrs. Moore
 

More Related Content

What's hot

Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...
Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...
Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...Marco Lisi
 
Online BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techOnline BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techBradford Sims
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14James Nesbitt
 
Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADARichard Umbrino
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCloudIDSummit
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Scada security webinar 2012
Scada security webinar 2012Scada security webinar 2012
Scada security webinar 2012AVEVA
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information SecuritySARJERAO Sarju
 

What's hot (20)

Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
 
Network security
Network securityNetwork security
Network security
 
Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...
Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...
Security in Large, Strategic and Complex Systems: Challenges and Solutions_Li...
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wall
 
Online BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techOnline BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol tech
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14
 
Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADA
 
8. operations security
8. operations security8. operations security
8. operations security
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control Convergence
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
 
Scada security webinar 2012
Scada security webinar 2012Scada security webinar 2012
Scada security webinar 2012
 
06. security concept
06. security concept06. security concept
06. security concept
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
 

Viewers also liked

Wi fipresentationshow-120916014142-phpapp02
Wi fipresentationshow-120916014142-phpapp02Wi fipresentationshow-120916014142-phpapp02
Wi fipresentationshow-120916014142-phpapp02Zameer Abdul Azeez Mulla
 
Becoming A Killer
Becoming A KillerBecoming A Killer
Becoming A KillerG. S.
 
рэа мва корп инф менеджмент
рэа мва корп инф менеджментрэа мва корп инф менеджмент
рэа мва корп инф менеджментFedOSFI
 
ABC Scavenger Hunt
ABC Scavenger HuntABC Scavenger Hunt
ABC Scavenger HuntMrs. Moore
 
Indusrty Strategy For Action
Indusrty Strategy For ActionIndusrty Strategy For Action
Indusrty Strategy For ActionBarry Greene
 
Mayans History Final Alex
Mayans History Final AlexMayans History Final Alex
Mayans History Final Alexalexphan
 
ICT Word Search (Key)
ICT Word Search (Key)ICT Word Search (Key)
ICT Word Search (Key)Chiew Pang
 
Unit 9 Hall Elizabeth Investigation Essay
Unit 9 Hall Elizabeth Investigation EssayUnit 9 Hall Elizabeth Investigation Essay
Unit 9 Hall Elizabeth Investigation EssayElizabeth Hall
 
2010-2011 School Year
2010-2011 School Year2010-2011 School Year
2010-2011 School Yearhanks1mr
 
Persistence there is no substitute
Persistence there is no substitutePersistence there is no substitute
Persistence there is no substituteSpoerlein
 
2010 03 05 Sistemas Operacionais Aula2
2010 03 05 Sistemas Operacionais Aula22010 03 05 Sistemas Operacionais Aula2
2010 03 05 Sistemas Operacionais Aula2Universal.org.mx
 
Paperless book knapik
Paperless book knapikPaperless book knapik
Paperless book knapikMrs. Moore
 
PEShare.co.uk Shared Resource
PEShare.co.uk Shared ResourcePEShare.co.uk Shared Resource
PEShare.co.uk Shared Resourcepeshare.co.uk
 

Viewers also liked (20)

Wi fipresentationshow-120916014142-phpapp02
Wi fipresentationshow-120916014142-phpapp02Wi fipresentationshow-120916014142-phpapp02
Wi fipresentationshow-120916014142-phpapp02
 
Slides&Flips
Slides&FlipsSlides&Flips
Slides&Flips
 
Becoming A Killer
Becoming A KillerBecoming A Killer
Becoming A Killer
 
рэа мва корп инф менеджмент
рэа мва корп инф менеджментрэа мва корп инф менеджмент
рэа мва корп инф менеджмент
 
ABC Scavenger Hunt
ABC Scavenger HuntABC Scavenger Hunt
ABC Scavenger Hunt
 
Indusrty Strategy For Action
Indusrty Strategy For ActionIndusrty Strategy For Action
Indusrty Strategy For Action
 
Crime Found
Crime FoundCrime Found
Crime Found
 
Mayans History Final Alex
Mayans History Final AlexMayans History Final Alex
Mayans History Final Alex
 
ICT Word Search (Key)
ICT Word Search (Key)ICT Word Search (Key)
ICT Word Search (Key)
 
Practica La Lucha De Lla Vida
Practica La Lucha De Lla VidaPractica La Lucha De Lla Vida
Practica La Lucha De Lla Vida
 
Unit 9 Hall Elizabeth Investigation Essay
Unit 9 Hall Elizabeth Investigation EssayUnit 9 Hall Elizabeth Investigation Essay
Unit 9 Hall Elizabeth Investigation Essay
 
2010-2011 School Year
2010-2011 School Year2010-2011 School Year
2010-2011 School Year
 
Persistence there is no substitute
Persistence there is no substitutePersistence there is no substitute
Persistence there is no substitute
 
Cartaz.4
Cartaz.4Cartaz.4
Cartaz.4
 
Nacionalismo en un Mundo Descentrado
Nacionalismo en un Mundo DescentradoNacionalismo en un Mundo Descentrado
Nacionalismo en un Mundo Descentrado
 
2010 03 05 Sistemas Operacionais Aula2
2010 03 05 Sistemas Operacionais Aula22010 03 05 Sistemas Operacionais Aula2
2010 03 05 Sistemas Operacionais Aula2
 
Paperless book knapik
Paperless book knapikPaperless book knapik
Paperless book knapik
 
Malwares
MalwaresMalwares
Malwares
 
PEShare.co.uk Shared Resource
PEShare.co.uk Shared ResourcePEShare.co.uk Shared Resource
PEShare.co.uk Shared Resource
 
La Hipotesis
La HipotesisLa Hipotesis
La Hipotesis
 

Similar to Abwicmo 130525203917-phpapp02

Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptDelforChacnCornejo
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSiQHub
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSiQHub
 
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTIII SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTRAJESHWARI M
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA NetworksIJRES Journal
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
 
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMINTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMIRJET Journal
 
Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander EC-Council
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat ManagementLokesh Sharma
 
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012Ahmed Al Enizi
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1nicfs
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkNathan Wallace, PhD, PE
 
SCADA forensic tools open source. What are they What they doSo.pdf
SCADA forensic tools open source. What are they What they doSo.pdfSCADA forensic tools open source. What are they What they doSo.pdf
SCADA forensic tools open source. What are they What they doSo.pdfebrahimbadushata00
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...IAEME Publication
 

Similar to Abwicmo 130525203917-phpapp02 (20)

Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
 
Unit_3.pptx
Unit_3.pptxUnit_3.pptx
Unit_3.pptx
 
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTIII SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA Networks
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
 
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMINTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEM
 
Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
 
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
 
cscnapd.ppt
cscnapd.pptcscnapd.ppt
cscnapd.ppt
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel Talk
 
SCADA forensic tools open source. What are they What they doSo.pdf
SCADA forensic tools open source. What are they What they doSo.pdfSCADA forensic tools open source. What are they What they doSo.pdf
SCADA forensic tools open source. What are they What they doSo.pdf
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Recently uploaded (20)

Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

Abwicmo 130525203917-phpapp02

  • 1. Protecting Infrastructure from Cyber Attacks Dr. Maurice Dawson, Walden University /Alabama A&M University Dr. Jonathan Abramson, Colorado Technical University Dr. Marwan Omar, Colorado Technical University
  • 2. Abstract • The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.
  • 3. Topics • Example Scripts • 2012 FISMA Report • Previous Research • Vulnerabilities & Threats • Example Physical Security Threat Scenario • System C&A Processes • Product C&A Processes • Example Unclassified DIACAP Controls • Virtualization as a Tool
  • 4. Virus in Bash Script #!/bin/bash Echo “Yep We Finally Got You” Rmdir *.bin ##removal of key directories to render system useless Rm filename1 filename2 filename3 filename 4 ##removal of key files to render system useless Note: file must be --7 (executable) and bypass sudo
  • 5. Example Copy Script in Bash Script #!/bin/bash tar -cZf /var/my-backup.tgz /home/me/ ##key files can be copied anywhere Note: file must be --7 (executable) and bypass sudo
  • 7. Previous Research • DoD Cyber Technology Policies to Secure Automated Information Systems – Certification & Accreditation (C&A) evaluation processes – Plan of action and milestones (PO&AM) – DIACAP scorecard – System identification plan (SIP) – DIACAP implementation plan (DIP)
  • 8. Vulnerabilities & Threats • Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes. • Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems. • Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control heating, ventilation, and air conditioning systems (HVAC), access, and energy consumption.
  • 9. Vulnerabilities & Threats cont. • Remote access – Root control of system – Ability to map network(s) – Ability to corrupt cloud infrastructure(s) • Virus focused on specific hardware – Over clocking – Redirect of network and data • Covert channel analysis • Lack of qualified personnel • Insider threat • Natural disasters • Inconsistencies of applied processes
  • 10. Example Physical Security Scenario Decide targets Perform research on target using Google maps, social media, and etc. Capture online maps for building architecture Render items with virtual world(s), and graphics application software(s) Prepare mock up scenario(s) Test run mock up scenario(s) Perform live run
  • 12. Product C&A Process – Common Criteria
  • 13. Unclassified DIACAP Controls – MAC III Unclassified [Example]
  • 14. Virtualization as a Tool Supporting Tasks • Test patches before full deployment • See how OS or system reacts to virus • Use as tool to deploy hardened VMs Example Set Up HARDWARE OS PLATFORM HYPERVISOR WINDOWS RED HAT LINUX UBUNTU LINUX
  • 15. Any Questions Please feel free to contact me at maurice.dawson@ aamu.edu Wk: 256-372-4801