SlideShare a Scribd company logo

Protecting Infrastructure from Cyber Attacks

Download as PPTX, PDF
Maurice Dawson
Maurice Dawson

The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.

1 of 15
Protecting Infrastructure from Cyber Attacks Dr. Maurice Dawson, Walden University /Alabama A&M University Dr. Jonathan Abramson, Colorado Technical University Dr. Marwan Omar, Colorado Technical University
Abstract • The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.
Topics • Example Scripts • 2012 FISMA Report • Previous Research • Vulnerabilities & Threats • Example Physical Security Threat Scenario • System C&A Processes • Product C&A Processes • Example Unclassified DIACAP Controls • Virtualization as a Tool
Virus in Bash Script #!/bin/bash Echo “Yep We Finally Got You” Rmdir *.bin ##removal of key directories to render system useless Rm filename1 filename2 filename3 filename 4 ##removal of key files to render system useless Note: file must be --7 (executable) and bypass sudo
Example Copy Script in Bash Script #!/bin/bash tar -cZf /var/my-backup.tgz /home/me/ ##key files can be copied anywhere Note: file must be --7 (executable) and bypass sudo
2012 FISMA Report
Previous Research • DoD Cyber Technology Policies to Secure Automated Information Systems – Certification & Accreditation (C&A) evaluation processes – Plan of action and milestones (PO&AM) – DIACAP scorecard – System identification plan (SIP) – DIACAP implementation plan (DIP)
Vulnerabilities & Threats • Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes. • Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems. • Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control heating, ventilation, and air conditioning systems (HVAC), access, and energy consumption.
Vulnerabilities & Threats cont. • Remote access – Root control of system – Ability to map network(s) – Ability to corrupt cloud infrastructure(s) • Virus focused on specific hardware – Over clocking – Redirect of network and data • Covert channel analysis • Lack of qualified personnel • Insider threat • Natural disasters • Inconsistencies of applied processes
Example Physical Security Scenario Decide targets Perform research on target using Google maps, social media, and etc. Capture online maps for building architecture Render items with virtual world(s), and graphics application software(s) Prepare mock up scenario(s) Test run mock up scenario(s) Perform live run
Systems C&A Process - DIACAP
Product C&A Process – Common Criteria
Unclassified DIACAP Controls – MAC III Unclassified [Example]
Virtualization as a Tool Supporting Tasks • Test patches before full deployment • See how OS or system reacts to virus • Use as tool to deploy hardened VMs Example Set Up HARDWARE OS PLATFORM HYPERVISOR WINDOWS RED HAT LINUX UBUNTU LINUX
Any Questions Please feel free to contact me at maurice.dawson@ aamu.edu Wk: 256-372-4801

Recommended

Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
Jim Gilsinn
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14James Nesbitt
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
Eran Goldstein
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
Itex Solutions
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
Jeffrey Wang , P.Eng
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
null The Open Security Community
 

Recommended

Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
Jim Gilsinn
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14James Nesbitt
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
Eran Goldstein
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
Itex Solutions
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
Jeffrey Wang , P.Eng
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
null The Open Security Community
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
Tonex
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
Community Protection Forum
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
Derek Harp
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Deepakraj Sahu
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
Digital Bond
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
AVEVA
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009Narinrit Prem-apiwathanokul
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control Systems
Eric Andresen
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
AVEVA
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
Chris Sistrunk
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
pgmaynard
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Jim Gilsinn
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
MarcoAfzali
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
North Texas Chapter of the ISSA
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Community Protection Forum
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
Shah Sheikh
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security Experts
James Arlen
 
Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control Systems
David Spinks
 

More Related Content

What's hot

ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
Tonex
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
Community Protection Forum
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
Derek Harp
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Deepakraj Sahu
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
Digital Bond
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
AVEVA
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control Systems
Eric Andresen
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
AVEVA
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
Chris Sistrunk
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
pgmaynard
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Jim Gilsinn
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
MarcoAfzali
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
North Texas Chapter of the ISSA
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Community Protection Forum
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
Shah Sheikh
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 

What's hot (20)

ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control Systems
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 

Viewers also liked

Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security Experts
James Arlen
 
Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control Systems
David Spinks
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
Chris Sistrunk
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsShah Sheikh
 
Nuclear Power Plants and Terrorism - Some remarks on a sensitive topic
Nuclear Power Plants and Terrorism - Some remarks on a sensitive topicNuclear Power Plants and Terrorism - Some remarks on a sensitive topic
Nuclear Power Plants and Terrorism - Some remarks on a sensitive topic
Oeko-Institut
 
Nuclear Power in Germany - A short overview
Nuclear Power in Germany - A short overviewNuclear Power in Germany - A short overview
Nuclear Power in Germany - A short overview
Oeko-Institut
 
BlackHat Europe 2010: SCADA and ICS for Security Experts
BlackHat Europe 2010: SCADA and ICS for Security ExpertsBlackHat Europe 2010: SCADA and ICS for Security Experts
BlackHat Europe 2010: SCADA and ICS for Security Experts
James Arlen
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
Larry Vandenaweele
 
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Ahmed Al Enizi
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)
Digital Bond
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA Security
Narinrit Prem-apiwathanokul
 
Scada Security & Penetration Testing
Scada Security & Penetration TestingScada Security & Penetration Testing
Scada Security & Penetration Testing
Ahmed Sherif
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
Digital Bond
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
Digital Bond
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
Digital Bond
 
Control Systems Basics
Control Systems BasicsControl Systems Basics
Control Systems Basics
John Todora
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 

Viewers also liked (19)

Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security Experts
 
Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control Systems
 
ICS security
ICS securityICS security
ICS security
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
 
Nuclear Power Plants and Terrorism - Some remarks on a sensitive topic
Nuclear Power Plants and Terrorism - Some remarks on a sensitive topicNuclear Power Plants and Terrorism - Some remarks on a sensitive topic
Nuclear Power Plants and Terrorism - Some remarks on a sensitive topic
 
Nuclear Power in Germany - A short overview
Nuclear Power in Germany - A short overviewNuclear Power in Germany - A short overview
Nuclear Power in Germany - A short overview
 
BlackHat Europe 2010: SCADA and ICS for Security Experts
BlackHat Europe 2010: SCADA and ICS for Security ExpertsBlackHat Europe 2010: SCADA and ICS for Security Experts
BlackHat Europe 2010: SCADA and ICS for Security Experts
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
 
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA Security
 
Scada Security & Penetration Testing
Scada Security & Penetration TestingScada Security & Penetration Testing
Scada Security & Penetration Testing
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
Control Systems Basics
Control Systems BasicsControl Systems Basics
Control Systems Basics
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrol
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 

Similar to Protecting Infrastructure from Cyber Attacks

Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADARichard Umbrino
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
DelforChacnCornejo
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Commit Software Sh.p.k.
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Abhishek Goel
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
iQHub
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
iQHub
 
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTIII SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
RAJESHWARI M
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
International Journal of Engineering Inventions www.ijeijournal.com
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
EnergySec
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA Networks
IJRES Journal
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
George Wainblat
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
PROFIBUS and PROFINET InternationaI - PI UK
 
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMINTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEM
IRJET Journal
 
Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander
EC-Council
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat ManagementLokesh Sharma
 
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
Ahmed Al Enizi
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1
nicfs
 

Similar to Protecting Infrastructure from Cyber Attacks (20)

Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADA
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
 
Unit_3.pptx
Unit_3.pptxUnit_3.pptx
Unit_3.pptx
 
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTIII SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA Networks
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
 
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMINTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEM
 
Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
 
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
Protecting Industrial Control Systems V1.2, Ahmad Alanazy, 2012
 
cscnapd.ppt
cscnapd.pptcscnapd.ppt
cscnapd.ppt
 
Network security
Network securityNetwork security
Network security
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1
 

More from Maurice Dawson

Understanding the Challenge of Cybersecurity in Critical Infrastructure Sectors
Understanding the Challenge of Cybersecurity in Critical Infrastructure SectorsUnderstanding the Challenge of Cybersecurity in Critical Infrastructure Sectors
Understanding the Challenge of Cybersecurity in Critical Infrastructure Sectors
Maurice Dawson
 
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Maurice Dawson
 
Security Solutions for Hyperconnectivity in the Internet of Things
Security Solutions for Hyperconnectivity in the Internet of ThingsSecurity Solutions for Hyperconnectivity in the Internet of Things
Security Solutions for Hyperconnectivity in the Internet of Things
Maurice Dawson
 
Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Maurice Dawson
 
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Maurice Dawson
 
CTRL, Search, Exploit, and Destroy
CTRL, Search, Exploit, and DestroyCTRL, Search, Exploit, and Destroy
CTRL, Search, Exploit, and Destroy
Maurice Dawson
 
MWAIS Fall 2017 Newsletter
MWAIS Fall 2017 NewsletterMWAIS Fall 2017 Newsletter
MWAIS Fall 2017 Newsletter
Maurice Dawson
 
MWAIS Fall 2018 Newsletter
MWAIS Fall 2018 NewsletterMWAIS Fall 2018 Newsletter
MWAIS Fall 2018 Newsletter
Maurice Dawson
 
Information Technology Use in West African Agriculture – challenges and oppor...
Information Technology Use in West African Agriculture – challenges and oppor...Information Technology Use in West African Agriculture – challenges and oppor...
Information Technology Use in West African Agriculture – challenges and oppor...
Maurice Dawson
 
The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...
The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...
The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...
Maurice Dawson
 
Schedule for the 13th Annual Conference of the Midwest AIS
Schedule for the 13th Annual Conference of the Midwest AIS Schedule for the 13th Annual Conference of the Midwest AIS
Schedule for the 13th Annual Conference of the Midwest AIS
Maurice Dawson
 
UMSL IS | Farmer 2 Farmer Program
UMSL IS | Farmer 2 Farmer ProgramUMSL IS | Farmer 2 Farmer Program
UMSL IS | Farmer 2 Farmer Program
Maurice Dawson
 
Midwest Association for Information Systems - MWAIS2018
Midwest Association for Information Systems - MWAIS2018Midwest Association for Information Systems - MWAIS2018
Midwest Association for Information Systems - MWAIS2018
Maurice Dawson
 
MWAIS 2018 - 13th Annual Conference
MWAIS 2018 - 13th Annual ConferenceMWAIS 2018 - 13th Annual Conference
MWAIS 2018 - 13th Annual Conference
Maurice Dawson
 
MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...
MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...
MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...
Maurice Dawson
 
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Maurice Dawson
 
Hacking, Privacy and Security in a Hyperconnected Society
Hacking, Privacy and Security in a Hyperconnected SocietyHacking, Privacy and Security in a Hyperconnected Society
Hacking, Privacy and Security in a Hyperconnected Society
Maurice Dawson
 
University of Missouri - Saint Louis Cyber Security
University of Missouri - Saint Louis Cyber SecurityUniversity of Missouri - Saint Louis Cyber Security
University of Missouri - Saint Louis Cyber Security
Maurice Dawson
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
Maurice Dawson
 
Security Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsSecurity Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of Things
Maurice Dawson
 

More from Maurice Dawson (20)

Understanding the Challenge of Cybersecurity in Critical Infrastructure Sectors
Understanding the Challenge of Cybersecurity in Critical Infrastructure SectorsUnderstanding the Challenge of Cybersecurity in Critical Infrastructure Sectors
Understanding the Challenge of Cybersecurity in Critical Infrastructure Sectors
 
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
 
Security Solutions for Hyperconnectivity in the Internet of Things
Security Solutions for Hyperconnectivity in the Internet of ThingsSecurity Solutions for Hyperconnectivity in the Internet of Things
Security Solutions for Hyperconnectivity in the Internet of Things
 
Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...Framework for the Development of Virtual Labs for Industrial Internet of Thin...
Framework for the Development of Virtual Labs for Industrial Internet of Thin...
 
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
 
CTRL, Search, Exploit, and Destroy
CTRL, Search, Exploit, and DestroyCTRL, Search, Exploit, and Destroy
CTRL, Search, Exploit, and Destroy
 
MWAIS Fall 2017 Newsletter
MWAIS Fall 2017 NewsletterMWAIS Fall 2017 Newsletter
MWAIS Fall 2017 Newsletter
 
MWAIS Fall 2018 Newsletter
MWAIS Fall 2018 NewsletterMWAIS Fall 2018 Newsletter
MWAIS Fall 2018 Newsletter
 
Information Technology Use in West African Agriculture – challenges and oppor...
Information Technology Use in West African Agriculture – challenges and oppor...Information Technology Use in West African Agriculture – challenges and oppor...
Information Technology Use in West African Agriculture – challenges and oppor...
 
The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...
The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...
The Case for IT Training within Guinea’s Ministry of Agriculture: Evaluating ...
 
Schedule for the 13th Annual Conference of the Midwest AIS
Schedule for the 13th Annual Conference of the Midwest AIS Schedule for the 13th Annual Conference of the Midwest AIS
Schedule for the 13th Annual Conference of the Midwest AIS
 
UMSL IS | Farmer 2 Farmer Program
UMSL IS | Farmer 2 Farmer ProgramUMSL IS | Farmer 2 Farmer Program
UMSL IS | Farmer 2 Farmer Program
 
Midwest Association for Information Systems - MWAIS2018
Midwest Association for Information Systems - MWAIS2018Midwest Association for Information Systems - MWAIS2018
Midwest Association for Information Systems - MWAIS2018
 
MWAIS 2018 - 13th Annual Conference
MWAIS 2018 - 13th Annual ConferenceMWAIS 2018 - 13th Annual Conference
MWAIS 2018 - 13th Annual Conference
 
MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...
MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...
MWAIS 2018 : 13th Annual Conference of the Midwest Association for Informatio...
 
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
Technological Advancements for Intelligence Collection, Analysis, and Dissemi...
 
Hacking, Privacy and Security in a Hyperconnected Society
Hacking, Privacy and Security in a Hyperconnected SocietyHacking, Privacy and Security in a Hyperconnected Society
Hacking, Privacy and Security in a Hyperconnected Society
 
University of Missouri - Saint Louis Cyber Security
University of Missouri - Saint Louis Cyber SecurityUniversity of Missouri - Saint Louis Cyber Security
University of Missouri - Saint Louis Cyber Security
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
 
Security Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsSecurity Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of Things
 

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 

Protecting Infrastructure from Cyber Attacks

  • 1. Protecting Infrastructure from Cyber Attacks Dr. Maurice Dawson, Walden University /Alabama A&M University Dr. Jonathan Abramson, Colorado Technical University Dr. Marwan Omar, Colorado Technical University
  • 2. Abstract • The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.
  • 3. Topics • Example Scripts • 2012 FISMA Report • Previous Research • Vulnerabilities & Threats • Example Physical Security Threat Scenario • System C&A Processes • Product C&A Processes • Example Unclassified DIACAP Controls • Virtualization as a Tool
  • 4. Virus in Bash Script #!/bin/bash Echo “Yep We Finally Got You” Rmdir *.bin ##removal of key directories to render system useless Rm filename1 filename2 filename3 filename 4 ##removal of key files to render system useless Note: file must be --7 (executable) and bypass sudo
  • 5. Example Copy Script in Bash Script #!/bin/bash tar -cZf /var/my-backup.tgz /home/me/ ##key files can be copied anywhere Note: file must be --7 (executable) and bypass sudo
  • 7. Previous Research • DoD Cyber Technology Policies to Secure Automated Information Systems – Certification & Accreditation (C&A) evaluation processes – Plan of action and milestones (PO&AM) – DIACAP scorecard – System identification plan (SIP) – DIACAP implementation plan (DIP)
  • 8. Vulnerabilities & Threats • Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes. • Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems. • Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control heating, ventilation, and air conditioning systems (HVAC), access, and energy consumption.
  • 9. Vulnerabilities & Threats cont. • Remote access – Root control of system – Ability to map network(s) – Ability to corrupt cloud infrastructure(s) • Virus focused on specific hardware – Over clocking – Redirect of network and data • Covert channel analysis • Lack of qualified personnel • Insider threat • Natural disasters • Inconsistencies of applied processes
  • 10. Example Physical Security Scenario Decide targets Perform research on target using Google maps, social media, and etc. Capture online maps for building architecture Render items with virtual world(s), and graphics application software(s) Prepare mock up scenario(s) Test run mock up scenario(s) Perform live run
  • 12. Product C&A Process – Common Criteria
  • 13. Unclassified DIACAP Controls – MAC III Unclassified [Example]
  • 14. Virtualization as a Tool Supporting Tasks • Test patches before full deployment • See how OS or system reacts to virus • Use as tool to deploy hardened VMs Example Set Up HARDWARE OS PLATFORM HYPERVISOR WINDOWS RED HAT LINUX UBUNTU LINUX
  • 15. Any Questions Please feel free to contact me at maurice.dawson@ aamu.edu Wk: 256-372-4801