SlideShare a Scribd company logo

Demystifying Cyber Attacks on ICS-.pdf

S
sipteck

Demystifying Cyber Attacks on ICS: How They Work and How to Use Engineered and Cyber Layer of Protections Put title Here

Engineering
1 of 20
Download to read offline
Standards Certification Education & Training Publishing Conferences & Exhibits Demystifying Cyber Attacks on ICS: How They Work and How to Use Engineered and Cyber Layer of Protections Put title Here 2016 ISA Water / Wastewater and Automatic Controls Symposium August 2-4, 2016 – Orlando, Florida, USA Speaker: Bryan L Singer, CISSP, CAP
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 2 Presenter About the Presenter Bryan L Singer, CISSP, CAP • Bryan Singer is a Principal Investigator with Kenexis Security Corporation, specializing primarily in Industrial Control Systems and SCADA Security. He began his professional career with the US Army as a paratrooper and Intelligence Analyst. Since the military, Mr. Singer has designed, developed, and implemented large scale industrial networks, cyber security architectures, and conducted penetration tests and cyber security assessments worldwide across various critical infrastructure fields including power, oil and gas, food and beverage, nuclear, automotive, chemical, and pharmaceutical operations. In 2002, Mr. Singer became the founding chairman of the ISA-99 / 62443 standard, which he lead up until 2012. His areas of technical expertise are in software development, reverse engineering, forensics, network design, penetration testing, and conducting cyber security vulnerability assessments.
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 3 Why all the Fuss? • “Vulnerabilities” are being released with increased prevalence against ICS • Most of these allow common IT type exploits against endpoint ICS devices • Engineering and operations don’t take many of these seriously as they rely on engineered safeguards to protect a process rather than IT integrity • Actual attack analysis shows that successful ICS attackers possess: – Knowledge of cyber security – Knowledge of ICS devices and their operations – Knowledge of the specific industrial process and its operation Fundamentally most ICS processes today are insufficiently hardened against true ICS cyber attack
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 4 Mechanical Integrity • “Mechanical Integrity means the process of ensuring that process equipment is fabricated from the proper materials of construction and is properly installed, maintained, and replaced to prevent failures and accidental releases.” 19 CFR 2735.3 • Governed by OSHA 1910.119(j) – By designing to meet or exceed standards – By fabricating with proper materials, using proper construction and installation techniques and confirming equipment suitability with tests – By ensuring that the equipment remains fit for service.
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 5 Mechanical Integrity (Cont) • Mechanical Integrity (MI) can be defined as the management of critical process equipment to ensure it is designed and installed correctly, and that it operates properly
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 6 Achieving Mechanical Integrity in Ethernet • Predictable Failure (Probability of Failure on Demand) • Equipment regular serviced and in good order • Properly documented • No mechanical deficiencies • Can provide assured control over inputs and outputs
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 7 Analysis of ICS for Cyber Security • Assessment: Analyze the process to understand safety, reliability, and security threats – Attack Modeling: Think like an Attacker – Engineering Analysis: Understand the safeguards and control systems – and how to bypass them – Cyber Security Analysis: Understand how to gain access to, and pwn the ICS • Network Security Monitoring – What alarms and signals should be watched? • Forensics – If all goes wrong, where’s the data?
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 8 Mechanical Integrity Versus Cyber- Physical Integrity • Mechanical Integrity: The sum total of the parts will operate as expected, despite predicable and foreknown failure of one or more components • Cyber-Mechanical Integrity: The system is resilient to fault against unpredictable and known or unknown failure of any single component
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 9 Achieving Cyber Physical Integrity • Traditional ICS Security controls are insufficient: – Firewalls can control the point of origination of a message and the type of network traffic, but not the message itself – Access control can prevent unauthorized change but non-repudiation in ICS is nearly impossible – Message integrity and encryption can help assure message integrity – Input validation can be violated by changing logic or firmware, or masking signals • Layer of Protection Analysis with cyber (Cyber LOPA): – Determine mechanical safeguards to prevent compromise of cyber- mechanical integrity – Even where traditional safety calculations say SIS or additional engineered layers of protection are insufficient, cyber LOPA will likely demonstrate otherwise
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 10 Cold Water DISTILLATE REFLUX Steam BOTTOM S T Distillation Column Reboiler Reboile r L F T L T Flare P P Distillatio n Column Natural Gas Gasoline Kerosene, Jet Fuel Diesel Lubricants, Motor Oil Fuel Oil Asphalt T Condenser T Reflux Accumulator FEED F BOTTOMS LIQUID VAPOR OFFGAS OFFGAS Putting it all Together, Cyber- Physical Attacks 10% Ethanol / Water Mix >40L / Min
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 11 • Part 1 – Surveillance – Social Engineering, OSINT, Integrators • Part 2 – System Mapping – Modbus or vendor tag searches • Part 3 – Initial Infections and Compromise • Part 4 – Information Exfiltration • Part 5 – The Final Attack – Alarm Suppression – Operator Misdirection – MITM HMI / deploy RDP – TCP Read / Replay Sample: Distillation Column Attack There is a crossover point in which cyber security attacks must yield to process attacks
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 12 IT versus OT Countermeasures Then Why are Firewalls are IT Counter Measures Our Go To Solution? • Firewall • IDS • Data Diodes • SIEM • Antivirus These effective at keeping attacks off the network and containing attacks, but not at stopping compromise at the PLC
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 13 SPR Process – Identifying Cyber – Physical Safeguards 13
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 14 Assessing Cyber-Mechanical Integrity (SAMSEN) • Signal Manipulation – Modification of set points, logic, firmware, radio signals, or others • Access Control Violation – Credential loss, modification, or other compromise • Mechanical Manipulation – Changes to physical machine behavior, fail energized, fail closed, frequency modifications, introductions of RF interference, jamming, or other electrical noise (EMP) – Modifying behavior of physical components • Social Engineering, Extortion, and Collusion – Forcing operators to do your bidding • Environmental Manipulation – Forcing hazardous releases or conditions, modifications to HVAC • Network Interruption on Modification – MITM, replay attacks, sidejacking, hijacking
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 15 Discussion – Turbine Gas Generator • Objective: Close Suction and Discharge Valves to create surge condition • S – Change firmware to report false valve state • A – Access safety builder to modify firmware • M – Force valve states, what if physical required? Spoof alarms • S - Collusion to bypass Over Speed Protection • E – None needed • N – Possible MITM? • Possible Additional Layers of Protection – Condition Based Monitoring – Hardwired light panels – Mechanical Machine overspeed
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 16 Discussion – Distillation Column Cold Water DISTILLATE REFLUX Steam BOTT OMS T Distillation Column Reboiler Reb oiler L F T L T Flare P P Distill ation Colum n Natur al Gas Gasoli ne Keros ene, Jet Fuel Diesel Lubricants, Motor Oil Fuel Oil Asphalt T Condens er T Reflux Accumul ator FEED F BOTTOMS LIQUID VAPOR OFFGAS OFFGAS 10% Ethanol / Water Mix >40L / Min Physical Blow-up, Not possible due to Emergency Relief Valve (properly sized) What would be alternate motivation? Financial Impact S – False report of valve state and burner A – Hijack HMI M – Take advantage of improper ERV S - Extort process information E – Set process alarms to misdirect operators N – Spoof / MITM HMI Additional Layers of Protection Properly sized ERV
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 17 Drinking Water: Disinfection Technologies • Disinfection using Chemical Dosing • Most Common: Chlorine(Gas, Sodium Hypochlorite) • Ultraviolet / Ozonation systems • Used as primary disinfectant , but also maintained residual levels in distribution system • Threats: • Chemical dosing may be pace on Flow and Residual Levels monitored by analyzers. • Override of Flow/analyzer values • Show lower flow rate, Less Dosing • Override Residual CL2 level out plant output to show high level. • Override directly PLC that controls UV and Ozone • The system will under chlorinate allowing harmful micro- organisms to enter drinking water system • Lab testing will catch this , but will it be too late?? • Water Notice to be sent to all customers
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 18 Safeguards Inherently Cyber-Safe • Pressure Relief Valves • Mechanical Overspeed Trips • Non-Return Check Valves • Motor Overload Relays • Motor Current Monitor Relays • Generalized Control Loop Current Monitor Relays • Bypass or manipulation of these *may* be possible, but would require physical intervention, making attack far less likely than a connected system
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 19 Conclusions • Process plant loss of containment can result in extreme consequences • These consequence are protected against by a variety of safeguards, some of which are inherently safe against cyber-attack • Use of a PHA Cyber-Check can ensure that these safeguards are deployed in the proper locations, making the plant inherently safe against cyber attack
2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 20 Thank You, and Stay Safe! Bryan L Singer, CISSP, CAP Principal Investigator Bryan.singer@Kenexis.com

Recommended

Looking for Trouble on OT Networks.pdf
Looking for Trouble on OT Networks.pdfLooking for Trouble on OT Networks.pdf
Looking for Trouble on OT Networks.pdfsipteck
 
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management ToolsFederal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management ToolsSolarWinds
 
Past and future of integrity based attacks in ics environments
Past and future of integrity based attacks in ics environmentsPast and future of integrity based attacks in ics environments
Past and future of integrity based attacks in ics environmentsJoe Slowik
 
IEC62443.pptx
IEC62443.pptxIEC62443.pptx
IEC62443.pptx233076
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4CrispnCrunch
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009Narinrit Prem-apiwathanokul
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADAJeffrey Wang , P.Eng
 

Recommended

Looking for Trouble on OT Networks.pdf
Looking for Trouble on OT Networks.pdfLooking for Trouble on OT Networks.pdf
Looking for Trouble on OT Networks.pdfsipteck
 
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management ToolsFederal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management ToolsSolarWinds
 
Past and future of integrity based attacks in ics environments
Past and future of integrity based attacks in ics environmentsPast and future of integrity based attacks in ics environments
Past and future of integrity based attacks in ics environmentsJoe Slowik
 
IEC62443.pptx
IEC62443.pptxIEC62443.pptx
IEC62443.pptx233076
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4CrispnCrunch
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009Narinrit Prem-apiwathanokul
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADAJeffrey Wang , P.Eng
 
RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™CPaschal
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...TheAnfieldGroup
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWindsFederal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWindsSolarWinds
 
Application of Combustion Analyzers in Safety Instrumented Systems
Application of Combustion Analyzers in Safety Instrumented SystemsApplication of Combustion Analyzers in Safety Instrumented Systems
Application of Combustion Analyzers in Safety Instrumented SystemsBelilove Company-Engineers
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammondPROFIBUS and PROFINET InternationaI - PI UK
 
POWID_2016_AMN_R3
POWID_2016_AMN_R3POWID_2016_AMN_R3
POWID_2016_AMN_R3Andy Nack
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTIoT613
 
The art of securing microgrid control systems
The art of securing microgrid control systemsThe art of securing microgrid control systems
The art of securing microgrid control systemsJim Dodenhoff
 
Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security SolarWinds
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerSplunk
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp
 
1 gary burgess part 11 ai ch ec
1 gary burgess part 11 ai ch ec1 gary burgess part 11 ai ch ec
1 gary burgess part 11 ai ch ecGary Burgess - PE
 
Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityAbdul Jaleel
 
Cyber security colombo meetup
Cyber security colombo meetupCyber security colombo meetup
Cyber security colombo meetupEguardian Global Services
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 

More Related Content

Similar to Demystifying Cyber Attacks on ICS-.pdf

RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™CPaschal
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...TheAnfieldGroup
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWindsFederal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWindsSolarWinds
 
Application of Combustion Analyzers in Safety Instrumented Systems
Application of Combustion Analyzers in Safety Instrumented SystemsApplication of Combustion Analyzers in Safety Instrumented Systems
Application of Combustion Analyzers in Safety Instrumented SystemsBelilove Company-Engineers
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
 
POWID_2016_AMN_R3
POWID_2016_AMN_R3POWID_2016_AMN_R3
POWID_2016_AMN_R3Andy Nack
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTIoT613
 
The art of securing microgrid control systems
The art of securing microgrid control systemsThe art of securing microgrid control systems
The art of securing microgrid control systemsJim Dodenhoff
 
Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security SolarWinds
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerSplunk
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp
 
1 gary burgess part 11 ai ch ec
1 gary burgess part 11 ai ch ec1 gary burgess part 11 ai ch ec
1 gary burgess part 11 ai ch ecGary Burgess - PE
 
Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityAbdul Jaleel
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 

Similar to Demystifying Cyber Attacks on ICS-.pdf (20)

RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security Presentation
 
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWindsFederal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
 
Application of Combustion Analyzers in Safety Instrumented Systems
Application of Combustion Analyzers in Safety Instrumented SystemsApplication of Combustion Analyzers in Safety Instrumented Systems
Application of Combustion Analyzers in Safety Instrumented Systems
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond
 
POWID_2016_AMN_R3
POWID_2016_AMN_R3POWID_2016_AMN_R3
POWID_2016_AMN_R3
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
 
The art of securing microgrid control systems
The art of securing microgrid control systemsThe art of securing microgrid control systems
The art of securing microgrid control systems
 
Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security Air Force Webinar: Using a SIEM to Improve Your IT Security
Air Force Webinar: Using a SIEM to Improve Your IT Security
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - Manager
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
 
1 gary burgess part 11 ai ch ec
1 gary burgess part 11 ai ch ec1 gary burgess part 11 ai ch ec
1 gary burgess part 11 ai ch ec
 
Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application Security
 
Cyber security colombo meetup
Cyber security colombo meetupCyber security colombo meetup
Cyber security colombo meetup
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
 

Recently uploaded

FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...tanu pandey
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
Intro To Electric Vehicles PDF Notes.pdf
Intro To Electric Vehicles PDF Notes.pdfIntro To Electric Vehicles PDF Notes.pdf
Intro To Electric Vehicles PDF Notes.pdfrs7054576148
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01KreezheaRecto
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptMsecMca
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfKamal Acharya
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringmulugeta48
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 

Recently uploaded (20)

FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Intro To Electric Vehicles PDF Notes.pdf
Intro To Electric Vehicles PDF Notes.pdfIntro To Electric Vehicles PDF Notes.pdf
Intro To Electric Vehicles PDF Notes.pdf
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 

Demystifying Cyber Attacks on ICS-.pdf

  • 1. Standards Certification Education & Training Publishing Conferences & Exhibits Demystifying Cyber Attacks on ICS: How They Work and How to Use Engineered and Cyber Layer of Protections Put title Here 2016 ISA Water / Wastewater and Automatic Controls Symposium August 2-4, 2016 – Orlando, Florida, USA Speaker: Bryan L Singer, CISSP, CAP
  • 2. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 2 Presenter About the Presenter Bryan L Singer, CISSP, CAP • Bryan Singer is a Principal Investigator with Kenexis Security Corporation, specializing primarily in Industrial Control Systems and SCADA Security. He began his professional career with the US Army as a paratrooper and Intelligence Analyst. Since the military, Mr. Singer has designed, developed, and implemented large scale industrial networks, cyber security architectures, and conducted penetration tests and cyber security assessments worldwide across various critical infrastructure fields including power, oil and gas, food and beverage, nuclear, automotive, chemical, and pharmaceutical operations. In 2002, Mr. Singer became the founding chairman of the ISA-99 / 62443 standard, which he lead up until 2012. His areas of technical expertise are in software development, reverse engineering, forensics, network design, penetration testing, and conducting cyber security vulnerability assessments.
  • 3. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 3 Why all the Fuss? • “Vulnerabilities” are being released with increased prevalence against ICS • Most of these allow common IT type exploits against endpoint ICS devices • Engineering and operations don’t take many of these seriously as they rely on engineered safeguards to protect a process rather than IT integrity • Actual attack analysis shows that successful ICS attackers possess: – Knowledge of cyber security – Knowledge of ICS devices and their operations – Knowledge of the specific industrial process and its operation Fundamentally most ICS processes today are insufficiently hardened against true ICS cyber attack
  • 4. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 4 Mechanical Integrity • “Mechanical Integrity means the process of ensuring that process equipment is fabricated from the proper materials of construction and is properly installed, maintained, and replaced to prevent failures and accidental releases.” 19 CFR 2735.3 • Governed by OSHA 1910.119(j) – By designing to meet or exceed standards – By fabricating with proper materials, using proper construction and installation techniques and confirming equipment suitability with tests – By ensuring that the equipment remains fit for service.
  • 5. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 5 Mechanical Integrity (Cont) • Mechanical Integrity (MI) can be defined as the management of critical process equipment to ensure it is designed and installed correctly, and that it operates properly
  • 6. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 6 Achieving Mechanical Integrity in Ethernet • Predictable Failure (Probability of Failure on Demand) • Equipment regular serviced and in good order • Properly documented • No mechanical deficiencies • Can provide assured control over inputs and outputs
  • 7. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 7 Analysis of ICS for Cyber Security • Assessment: Analyze the process to understand safety, reliability, and security threats – Attack Modeling: Think like an Attacker – Engineering Analysis: Understand the safeguards and control systems – and how to bypass them – Cyber Security Analysis: Understand how to gain access to, and pwn the ICS • Network Security Monitoring – What alarms and signals should be watched? • Forensics – If all goes wrong, where’s the data?
  • 8. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 8 Mechanical Integrity Versus Cyber- Physical Integrity • Mechanical Integrity: The sum total of the parts will operate as expected, despite predicable and foreknown failure of one or more components • Cyber-Mechanical Integrity: The system is resilient to fault against unpredictable and known or unknown failure of any single component
  • 9. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 9 Achieving Cyber Physical Integrity • Traditional ICS Security controls are insufficient: – Firewalls can control the point of origination of a message and the type of network traffic, but not the message itself – Access control can prevent unauthorized change but non-repudiation in ICS is nearly impossible – Message integrity and encryption can help assure message integrity – Input validation can be violated by changing logic or firmware, or masking signals • Layer of Protection Analysis with cyber (Cyber LOPA): – Determine mechanical safeguards to prevent compromise of cyber- mechanical integrity – Even where traditional safety calculations say SIS or additional engineered layers of protection are insufficient, cyber LOPA will likely demonstrate otherwise
  • 10. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 10 Cold Water DISTILLATE REFLUX Steam BOTTOM S T Distillation Column Reboiler Reboile r L F T L T Flare P P Distillatio n Column Natural Gas Gasoline Kerosene, Jet Fuel Diesel Lubricants, Motor Oil Fuel Oil Asphalt T Condenser T Reflux Accumulator FEED F BOTTOMS LIQUID VAPOR OFFGAS OFFGAS Putting it all Together, Cyber- Physical Attacks 10% Ethanol / Water Mix >40L / Min
  • 11. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 11 • Part 1 – Surveillance – Social Engineering, OSINT, Integrators • Part 2 – System Mapping – Modbus or vendor tag searches • Part 3 – Initial Infections and Compromise • Part 4 – Information Exfiltration • Part 5 – The Final Attack – Alarm Suppression – Operator Misdirection – MITM HMI / deploy RDP – TCP Read / Replay Sample: Distillation Column Attack There is a crossover point in which cyber security attacks must yield to process attacks
  • 12. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 12 IT versus OT Countermeasures Then Why are Firewalls are IT Counter Measures Our Go To Solution? • Firewall • IDS • Data Diodes • SIEM • Antivirus These effective at keeping attacks off the network and containing attacks, but not at stopping compromise at the PLC
  • 13. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 13 SPR Process – Identifying Cyber – Physical Safeguards 13
  • 14. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 14 Assessing Cyber-Mechanical Integrity (SAMSEN) • Signal Manipulation – Modification of set points, logic, firmware, radio signals, or others • Access Control Violation – Credential loss, modification, or other compromise • Mechanical Manipulation – Changes to physical machine behavior, fail energized, fail closed, frequency modifications, introductions of RF interference, jamming, or other electrical noise (EMP) – Modifying behavior of physical components • Social Engineering, Extortion, and Collusion – Forcing operators to do your bidding • Environmental Manipulation – Forcing hazardous releases or conditions, modifications to HVAC • Network Interruption on Modification – MITM, replay attacks, sidejacking, hijacking
  • 15. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 15 Discussion – Turbine Gas Generator • Objective: Close Suction and Discharge Valves to create surge condition • S – Change firmware to report false valve state • A – Access safety builder to modify firmware • M – Force valve states, what if physical required? Spoof alarms • S - Collusion to bypass Over Speed Protection • E – None needed • N – Possible MITM? • Possible Additional Layers of Protection – Condition Based Monitoring – Hardwired light panels – Mechanical Machine overspeed
  • 16. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 16 Discussion – Distillation Column Cold Water DISTILLATE REFLUX Steam BOTT OMS T Distillation Column Reboiler Reb oiler L F T L T Flare P P Distill ation Colum n Natur al Gas Gasoli ne Keros ene, Jet Fuel Diesel Lubricants, Motor Oil Fuel Oil Asphalt T Condens er T Reflux Accumul ator FEED F BOTTOMS LIQUID VAPOR OFFGAS OFFGAS 10% Ethanol / Water Mix >40L / Min Physical Blow-up, Not possible due to Emergency Relief Valve (properly sized) What would be alternate motivation? Financial Impact S – False report of valve state and burner A – Hijack HMI M – Take advantage of improper ERV S - Extort process information E – Set process alarms to misdirect operators N – Spoof / MITM HMI Additional Layers of Protection Properly sized ERV
  • 17. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 17 Drinking Water: Disinfection Technologies • Disinfection using Chemical Dosing • Most Common: Chlorine(Gas, Sodium Hypochlorite) • Ultraviolet / Ozonation systems • Used as primary disinfectant , but also maintained residual levels in distribution system • Threats: • Chemical dosing may be pace on Flow and Residual Levels monitored by analyzers. • Override of Flow/analyzer values • Show lower flow rate, Less Dosing • Override Residual CL2 level out plant output to show high level. • Override directly PLC that controls UV and Ozone • The system will under chlorinate allowing harmful micro- organisms to enter drinking water system • Lab testing will catch this , but will it be too late?? • Water Notice to be sent to all customers
  • 18. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 18 Safeguards Inherently Cyber-Safe • Pressure Relief Valves • Mechanical Overspeed Trips • Non-Return Check Valves • Motor Overload Relays • Motor Current Monitor Relays • Generalized Control Loop Current Monitor Relays • Bypass or manipulation of these *may* be possible, but would require physical intervention, making attack far less likely than a connected system
  • 19. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 19 Conclusions • Process plant loss of containment can result in extreme consequences • These consequence are protected against by a variety of safeguards, some of which are inherently safe against cyber-attack • Use of a PHA Cyber-Check can ensure that these safeguards are deployed in the proper locations, making the plant inherently safe against cyber attack
  • 20. 2016 ISA WWAC Symposium Aug 2-4, 2016 – Orlando, Florida, USA 20 Thank You, and Stay Safe! Bryan L Singer, CISSP, CAP Principal Investigator Bryan.singer@Kenexis.com