David Spinks, profile picture
Uploaded byDavid Spinks
PDF, PPTX1,402 views

Cyber Security Threats to Industrial Control Systems

The document discusses the increasing cybersecurity threats to industrial control systems, particularly SCADA, highlighting a disconnect between IT and ICS cultures. It points to a rise in sophisticated attacks, often discovered by third parties, and emphasizes the importance of monitoring and understanding normal operations to mitigate risks. Insider threats, social engineering, and the need for cross-training among IT and ICS personnel are underscored as critical factors in enhancing cybersecurity measures.

Embed presentation

Download as PDF, PPTX
Cyber Security in Real-Time Systems Threats to SCADA and other real time systems an update from the coal face. David Spinks – Independent Cyber Security Consultant April 2015 CSIRS Cyber Security in Real-Time Systems
CSIRS Cyber Security in Real-Time Systems Why me?
1970/75 – Glaxo Laboratories Cambois Northumberland -Worlds First Large ScaleAutomation
1990 - 2000 Railtrack Safety Critical Software Sizewell B Software Emergency Shut Down code validation UK Government assessment of Embedded SoftwareAviation
CSIRS Cyber Security in Real-Time Systems Industrial Control Systems Current Business Environments & Drivers
“The Grey” Traditional IT Industrial Control Systems ?
ITTools, Methods, Culture ICS Culture,Tools Very different and apparently no middle ground “The Cavalry fast moving and flexible” The Cannons fixed, slow yet effective not changed much for centuries
Scada Hybrid Networks security comparison
CSIRS Cyber Security in Real-Time Systems Little or no action to close the gap?
CSIRS Cyber Security in Real-Time Systems Advanced : Planned ahead of time Executed by individuals who have expertise Intelligence gathered about “target” in advance Adoption of social engineering techniques Covering of entry and exit points Motive not always understood Perpetrated by unknown agencies Multiple points of entry technical and non-technical Complex execution across a period of time may be months or years Use of multiple technologies, tools and techniques Insider threat must be considered a possible entry point Will explore logical and physical security weaknesses May extend to supply chain Changes in education of IT and ICS engineers Changes in culture in large organisations Disclosure & Legislation & Regulation Information exchange Investments in ICS security Changes in ICS vendor culture PossibleActions
CSIRS Cyber Security in Real-Time Systems What do recent statics and surveys show us?
Trends impacting ICS Cyber Security Business demands that data be passed from ICS to IT. Direct and indirect connections. Sophistication of attacks (the ones we know about) is increasing. 75% of breaches are discovered by third parties. Resulting impacts of each attack is growing exponentially.
DocumentedAttacks on ICS from US ICS Cert Report
The majority of incidents were categorized as having an “unknown” access vector. In these instances, the organization was confirmed to be compromised; however, forensic evidence did not point to a method used for intrusion because of a lack of detection and monitoring capabilities within the compromised network
CSIRS Cyber Security in Real-Time Systems Example of poor monitoring of a SCADA system.
Information about the 8 November incident came to light via the blog of Joe Weiss who advises utilities on how to protect hardware against attack. Mr Weiss quoted from a short report by the Illinois Statewide Terrorism and Intelligence Center which said hackers obtained access using stolen login names and passwords. These were taken from a company which writes control software for industrial systems. The net address through which the attack was carried out was traced to Russia, according to Mr Weiss. The report said "glitches" in the remote access system for the pump had been noticed for months before the burn out, said Mr Weiss.
“I could have straightened it up with just one phone call, and this would all have been defused,” said Jim Mimlitz, founder and owner of Navionics Research, who helped set up the utility’s control system.“They assumed Mimlitz would never ever have been in Russia.They shouldn’t have assumed that.” Mimlitz’s small integrator company helped set up the Supervisory Control and DataAcquisition system (SCADA) used by the Curran Gardner PublicWater District outside of Springfield, Illinois, and provided occasional support to the district. His company specializes in SCADA systems, which are used to control and monitor infrastructure and manufacturing equipment. Mimlitz says last June, he and his family were on vacation in Russia when someone from Curran Gardner called his cell phone seeking advice on a matter and asked Mimlitz to remotely examine some data-history charts stored on the SCADA computer.
CSIRS Cyber Security in Real-Time Systems Common ground might be the Security Operations Centres?
Post Event Investigations: Access to HR Attendance records Door access logs Audit records Phone logs Systems logs
Potential Common Ground Security Operations Centre IT ICS Threats Very few common methods such as NIST & Identity Management Use Cases Mitigation Impacts DO-178C (avionics), ISO 26262 (automotive systems), IEC 62304 (medical devices), CENELEC EN 50128 (railway systems), ISO 27001:2013 Cobit 4.1 ISF ISO 20000 Tools Risks Investigations
Potential Solution: Small team cross trained across IT and ICS Adoption of common language and understanding of impacts Shared understanding ofThreats Devise and plan for integrated tools ICS<>IT Speak to bot camps Common understanding of potential impacts But would require commitment and proper funding
CSIRS Cyber Security in Real-Time Systems Information andWhite Papers
Lots of white papers and solutions are available
CSIRS Cyber Security in Real-Time Systems Highest and Serious Threats
Lessons still to be learnt Insider threats Social engineering Prevent rather than respond Effective intelligence and analysis Planned and tested response to threats
Solution: Understand what is “normal” Monitor for unusual trends Collect and analyse cyber intelligence Investigate Act accordingly Actions
CSIRS Cyber Security in Real-Time Systems Recent media reports of interest
CSIRS Cyber Security in Real-Time Systems Planned ahead of time Executed by individuals who have expertise Intelligence gathered about “target” in advance Adoption of social engineering techniques Covering of entry and exit points Motive not always understood Perpetrated by unknown agencies Rail signal upgrade 'could be hacked to cause crashes' Prof David Stupples told the BBC that plans to replace ageing signal lights with new computers could leave the rail network exposed to cyber-attacks. UK tests of the European RailTraffic Management System are under way. Network Rail, which is in charge of the upgrade, acknowledges the threat. http://www.bbc.co.uk/news/technology-32402481
CSIRS Cyber Security in Real-Time Systems Advanced : Planned ahead of time Executed by individuals who have expertise Intelligence gathered about “target” in advance Adoption of social engineering techniques Covering of entry and exit points Motive not always understood Perpetrated by unknown agencies The debate erupted after cybersecurity expert Chris Roberts, founder of OneWorld Lab in Denver, sent a tweet while he was a passenger on a UnitedAirlines flight suggesting he could hack into the airline’s onboard system to trigger the oxygen masks to drop. When the plane landed in Syracuse, FBI agents were waiting to question him and confiscate his electronic devices, according to a statement from Roberts’ attorneys. UnitedAirlines also was not amused and banned Roberts from flying on the carrier. On the 27th April 2015 ….Yesterday
CSIRS Cyber Security in Real-Time Systems Advanced : Planned ahead of time Executed by individuals who have expertise Intelligence gathered about “target” in advance Adoption of social engineering techniques Covering of entry and exit points Motive not always understood Perpetrated by unknown agencies Persistent : Today - AmericanAirlines planes grounded by iPad app error
CSIRS Cyber Security in Real-Time Systems Linkedin CSIRS : http://www.linkedin.com/groupRegistration?gid=3623430 Dspinks41@gmail.com Questions?

More Related Content

PDF
ICS security
byAhmed Shitta
 
PDF
SCADA Security Presentation
byFilip Maertens
 
PPTX
BSidesAugusta ICS SCADA Defense
byChris Sistrunk
 
PPTX
ICS Security 101 by Sandeep Singh
byOWASP Delhi
 
PDF
Industrial Control System Security Overview
bypgmaynard
 
PDF
Guide scada and_industrial_control_systems_security
byDeepakraj Sahu
 
PPTX
Hacker Halted 2016 - How to get into ICS security
byChris Sistrunk
 
PDF
The journey to ICS - Extended
byLarry Vandenaweele
 
ICS security
byAhmed Shitta
 
SCADA Security Presentation
byFilip Maertens
 
BSidesAugusta ICS SCADA Defense
byChris Sistrunk
 
ICS Security 101 by Sandeep Singh
byOWASP Delhi
 
Industrial Control System Security Overview
bypgmaynard
 
Guide scada and_industrial_control_systems_security
byDeepakraj Sahu
 
Hacker Halted 2016 - How to get into ICS security
byChris Sistrunk
 
The journey to ICS - Extended
byLarry Vandenaweele
 

What's hot

PDF
Nozomi Networks Q1_2018 Company Introduction
byNozomi Networks
 
PPTX
SCADA Security in CDIC 2009
byNarinrit Prem-apiwathanokul
 
PPTX
Nozomi Fortinet Accelerate18
byNozomi Networks
 
PDF
[Bucharest] From SCADA to IoT Cyber Security
byOWASP EEE
 
PDF
Cybersecurity in Industrial Control Systems (ICS)
byJoan Figueras Tugas
 
PDF
DEF CON 23 - NSM 101 for ICS
byChris Sistrunk
 
PPTX
SCADA Security: The Five Stages of Cyber Grief
byLancope, Inc.
 
PDF
SCADA deep inside: protocols and security mechanisms
byAleksandr Timorin
 
PPTX
SANS ICS Security Survey Report 2016
byDerek Harp
 
PDF
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
byEran Goldstein
 
PDF
DTS Solution - SCADA Security Solutions
byShah Sheikh
 
PDF
Man in the middle attacks on IEC 60870-5-104
bypgmaynard
 
PDF
Nist 800 82 ICS Security Auditing Framework
byMarcoAfzali
 
PPTX
Blackhat USA 2016 - What's the DFIRence for ICS?
byChris Sistrunk
 
PDF
Improving SCADA Security
byNarinrit Prem-apiwathanokul
 
PDF
Securing SCADA
byJeffrey Wang , P.Eng
 
PDF
Robust Cyber Security for Power Utilities
byNir Cohen
 
PDF
RSAC 2016: How to Get into ICS Security
byChris Sistrunk
 
PDF
S C A D A Security Keynote C K
byNarinrit Prem-apiwathanokul
 
PPTX
Scada security presentation by Stephen Miller
byAVEVA
 
Nozomi Networks Q1_2018 Company Introduction
byNozomi Networks
 
SCADA Security in CDIC 2009
byNarinrit Prem-apiwathanokul
 
Nozomi Fortinet Accelerate18
byNozomi Networks
 
[Bucharest] From SCADA to IoT Cyber Security
byOWASP EEE
 
Cybersecurity in Industrial Control Systems (ICS)
byJoan Figueras Tugas
 
DEF CON 23 - NSM 101 for ICS
byChris Sistrunk
 
SCADA Security: The Five Stages of Cyber Grief
byLancope, Inc.
 
SCADA deep inside: protocols and security mechanisms
byAleksandr Timorin
 
SANS ICS Security Survey Report 2016
byDerek Harp
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
byEran Goldstein
 
DTS Solution - SCADA Security Solutions
byShah Sheikh
 
Man in the middle attacks on IEC 60870-5-104
bypgmaynard
 
Nist 800 82 ICS Security Auditing Framework
byMarcoAfzali
 
Blackhat USA 2016 - What's the DFIRence for ICS?
byChris Sistrunk
 
Improving SCADA Security
byNarinrit Prem-apiwathanokul
 
Securing SCADA
byJeffrey Wang , P.Eng
 
Robust Cyber Security for Power Utilities
byNir Cohen
 
RSAC 2016: How to Get into ICS Security
byChris Sistrunk
 
S C A D A Security Keynote C K
byNarinrit Prem-apiwathanokul
 
Scada security presentation by Stephen Miller
byAVEVA
 

Viewers also liked

PDF
Cybersecurity for modern industrial systems
byItex Solutions
 
PDF
Cyber Security in Manufacturing
byCentraComm
 
PDF
Industrial Control Cyber Security Europe 2015
byJames Nesbitt
 
PDF
IT vs. OT: ICS Cyber Security in TSOs
byCommunity Protection Forum
 
ODP
Scada Security & Penetration Testing
byAhmed Sherif
 
PPTX
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
bySchneider Electric
 
PPTX
Using Assessment Tools on ICS (English)
byDigital Bond
 
PDF
Please, Come and Hack my SCADA System!
byEnergySec
 
PPTX
Scada security
bysommerville-videos
 
PDF
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
byAhmed Al Enizi
 
PDF
BlackHat Europe 2010: SCADA and ICS for Security Experts
byJames Arlen
 
PPTX
Protecting Infrastructure from Cyber Attacks
byMaurice Dawson
 
PDF
Air Gapped SCADA & ICS Threat
byWill Hatcher
 
KEY
Notacon 7 - SCADA and ICS for Security Experts
byJames Arlen
 
Cybersecurity for modern industrial systems
byItex Solutions
 
Cyber Security in Manufacturing
byCentraComm
 
Industrial Control Cyber Security Europe 2015
byJames Nesbitt
 
IT vs. OT: ICS Cyber Security in TSOs
byCommunity Protection Forum
 
Scada Security & Penetration Testing
byAhmed Sherif
 
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
bySchneider Electric
 
Using Assessment Tools on ICS (English)
byDigital Bond
 
Please, Come and Hack my SCADA System!
byEnergySec
 
Scada security
bysommerville-videos
 
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
byAhmed Al Enizi
 
BlackHat Europe 2010: SCADA and ICS for Security Experts
byJames Arlen
 
Protecting Infrastructure from Cyber Attacks
byMaurice Dawson
 
Air Gapped SCADA & ICS Threat
byWill Hatcher
 
Notacon 7 - SCADA and ICS for Security Experts
byJames Arlen
 

Similar to Cyber Security Threats to Industrial Control Systems

PDF
Cyber security colombo meetup
byEguardian Global Services
 
PDF
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
byCourtney Brock Rabon, MBA
 
PPTX
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
byAbhishek Goel
 
PDF
Darktrace white paper_ics_final
byCMR WORLD TECH
 
PPT
Cybersecurity for Control Systems: Current State and Future Vision pt.1
byEnergySec
 
PDF
Industrial Control Security USA Sacramento California Oct 13/14
byJames Nesbitt
 
PPTX
Critical Infrastructure Security by Subodh Belgi
byClubHack
 
PDF
Cyber Security in Railways Systems, Ansaldo STS experience
byCommunity Protection Forum
 
PDF
Cyber war scenario what are the defenses
byA. V. Rajabahadur
 
PDF
Potential Impact of Cyber Attacks on Critical Infrastructure
byUnisys Corporation
 
PDF
ICS_WhitePaper_Darktrace
byAustin Eppstein
 
PDF
David Blanco ISHM 8280-2016
byDavid Blanco
 
PDF
Csirs Trabsport Security September 2011 V 3.6
byDavid Spinks
 
PPTX
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
byDawn Yankeelov
 
PDF
2019 10-22 axio - taking control of cyber risk - grid-seccon
byAxio
 
PDF
Information security management guidance for discrete automation
byjohnnywess
 
PPTX
Cyber threat enterprise leadership required march 2014
byPeter ODell
 
PDF
Cyber Security - Maintaining Operational Control of Critical Services
byDave Reeves
 
PDF
CSIAC_V1N4_FINAL_2
byDaksha Bhasker PEng (CIE), MBA CISM CISSP CCSK
 
PDF
Ansaldo STS at CPExpo 2013: "Risks and Security Management in Logistics and ...
byLeonardo
 
Cyber security colombo meetup
byEguardian Global Services
 
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
byCourtney Brock Rabon, MBA
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
byAbhishek Goel
 
Darktrace white paper_ics_final
byCMR WORLD TECH
 
Cybersecurity for Control Systems: Current State and Future Vision pt.1
byEnergySec
 
Industrial Control Security USA Sacramento California Oct 13/14
byJames Nesbitt
 
Critical Infrastructure Security by Subodh Belgi
byClubHack
 
Cyber Security in Railways Systems, Ansaldo STS experience
byCommunity Protection Forum
 
Cyber war scenario what are the defenses
byA. V. Rajabahadur
 
Potential Impact of Cyber Attacks on Critical Infrastructure
byUnisys Corporation
 
ICS_WhitePaper_Darktrace
byAustin Eppstein
 
David Blanco ISHM 8280-2016
byDavid Blanco
 
Csirs Trabsport Security September 2011 V 3.6
byDavid Spinks
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
byDawn Yankeelov
 
2019 10-22 axio - taking control of cyber risk - grid-seccon
byAxio
 
Information security management guidance for discrete automation
byjohnnywess
 
Cyber threat enterprise leadership required march 2014
byPeter ODell
 
Cyber Security - Maintaining Operational Control of Critical Services
byDave Reeves
 
CSIAC_V1N4_FINAL_2
byDaksha Bhasker PEng (CIE), MBA CISM CISSP CCSK
 
Ansaldo STS at CPExpo 2013: "Risks and Security Management in Logistics and ...
byLeonardo
 

More from David Spinks

PPT
Legal And Regulatory Issues Cloud Computing...V2.0
byDavid Spinks
 
PDF
CSIRS ICS BCS 2.2
byDavid Spinks
 
PDF
Cyber response to insider threats 3.1
byDavid Spinks
 
PDF
Cyber response to insider threats 3.1
byDavid Spinks
 
PPTX
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
byDavid Spinks
 
PPT
Operational Risk V2.1
byDavid Spinks
 
Legal And Regulatory Issues Cloud Computing...V2.0
byDavid Spinks
 
CSIRS ICS BCS 2.2
byDavid Spinks
 
Cyber response to insider threats 3.1
byDavid Spinks
 
Cyber response to insider threats 3.1
byDavid Spinks
 
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
byDavid Spinks
 
Operational Risk V2.1
byDavid Spinks
 

Recently uploaded

PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
API-First Architecture in Financial Systems
bycyy111112
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 

Cyber Security Threats to Industrial Control Systems

  • 1.
    Cyber Security inReal-Time Systems Threats to SCADA and other real time systems an update from the coal face. David Spinks – Independent Cyber Security Consultant April 2015 CSIRS Cyber Security in Real-Time Systems
  • 2.
    CSIRS Cyber Security inReal-Time Systems Why me?
  • 3.
    1970/75 – GlaxoLaboratories Cambois Northumberland -Worlds First Large ScaleAutomation
  • 4.
    1990 - 2000 RailtrackSafety Critical Software Sizewell B Software Emergency Shut Down code validation UK Government assessment of Embedded SoftwareAviation
  • 5.
    CSIRS Cyber Security inReal-Time Systems Industrial Control Systems Current Business Environments & Drivers
  • 6.
  • 7.
    ITTools, Methods, CultureICS Culture,Tools Very different and apparently no middle ground “The Cavalry fast moving and flexible” The Cannons fixed, slow yet effective not changed much for centuries
  • 8.
    Scada Hybrid Networkssecurity comparison
  • 9.
    CSIRS Cyber Security inReal-Time Systems Little or no action to close the gap?
  • 10.
    CSIRS Cyber Security inReal-Time Systems Advanced : Planned ahead of time Executed by individuals who have expertise Intelligence gathered about “target” in advance Adoption of social engineering techniques Covering of entry and exit points Motive not always understood Perpetrated by unknown agencies Multiple points of entry technical and non-technical Complex execution across a period of time may be months or years Use of multiple technologies, tools and techniques Insider threat must be considered a possible entry point Will explore logical and physical security weaknesses May extend to supply chain Changes in education of IT and ICS engineers Changes in culture in large organisations Disclosure & Legislation & Regulation Information exchange Investments in ICS security Changes in ICS vendor culture PossibleActions
  • 11.
    CSIRS Cyber Security inReal-Time Systems What do recent statics and surveys show us?
  • 12.
    Trends impacting ICSCyber Security Business demands that data be passed from ICS to IT. Direct and indirect connections. Sophistication of attacks (the ones we know about) is increasing. 75% of breaches are discovered by third parties. Resulting impacts of each attack is growing exponentially.
  • 13.
    DocumentedAttacks on ICSfrom US ICS Cert Report
  • 14.
    The majority ofincidents were categorized as having an “unknown” access vector. In these instances, the organization was confirmed to be compromised; however, forensic evidence did not point to a method used for intrusion because of a lack of detection and monitoring capabilities within the compromised network
  • 16.
    CSIRS Cyber Security inReal-Time Systems Example of poor monitoring of a SCADA system.
  • 17.
    Information about the8 November incident came to light via the blog of Joe Weiss who advises utilities on how to protect hardware against attack. Mr Weiss quoted from a short report by the Illinois Statewide Terrorism and Intelligence Center which said hackers obtained access using stolen login names and passwords. These were taken from a company which writes control software for industrial systems. The net address through which the attack was carried out was traced to Russia, according to Mr Weiss. The report said "glitches" in the remote access system for the pump had been noticed for months before the burn out, said Mr Weiss.
  • 18.
    “I could havestraightened it up with just one phone call, and this would all have been defused,” said Jim Mimlitz, founder and owner of Navionics Research, who helped set up the utility’s control system.“They assumed Mimlitz would never ever have been in Russia.They shouldn’t have assumed that.” Mimlitz’s small integrator company helped set up the Supervisory Control and DataAcquisition system (SCADA) used by the Curran Gardner PublicWater District outside of Springfield, Illinois, and provided occasional support to the district. His company specializes in SCADA systems, which are used to control and monitor infrastructure and manufacturing equipment. Mimlitz says last June, he and his family were on vacation in Russia when someone from Curran Gardner called his cell phone seeking advice on a matter and asked Mimlitz to remotely examine some data-history charts stored on the SCADA computer.
  • 19.
    CSIRS Cyber Security inReal-Time Systems Common ground might be the Security Operations Centres?
  • 20.
    Post Event Investigations: Accessto HR Attendance records Door access logs Audit records Phone logs Systems logs
  • 21.
    Potential Common Ground Security OperationsCentre IT ICS Threats Very few common methods such as NIST & Identity Management Use Cases Mitigation Impacts DO-178C (avionics), ISO 26262 (automotive systems), IEC 62304 (medical devices), CENELEC EN 50128 (railway systems), ISO 27001:2013 Cobit 4.1 ISF ISO 20000 Tools Risks Investigations
  • 22.
    Potential Solution: Small teamcross trained across IT and ICS Adoption of common language and understanding of impacts Shared understanding ofThreats Devise and plan for integrated tools ICS<>IT Speak to bot camps Common understanding of potential impacts But would require commitment and proper funding
  • 23.
    CSIRS Cyber Security inReal-Time Systems Information andWhite Papers
  • 24.
    Lots of whitepapers and solutions are available
  • 26.
    CSIRS Cyber Security inReal-Time Systems Highest and Serious Threats
  • 27.
    Lessons still tobe learnt Insider threats Social engineering Prevent rather than respond Effective intelligence and analysis Planned and tested response to threats
  • 28.
    Solution: Understand what is“normal” Monitor for unusual trends Collect and analyse cyber intelligence Investigate Act accordingly Actions
  • 29.
    CSIRS Cyber Security inReal-Time Systems Recent media reports of interest
  • 30.
    CSIRS Cyber Security inReal-Time Systems Planned ahead of time Executed by individuals who have expertise Intelligence gathered about “target” in advance Adoption of social engineering techniques Covering of entry and exit points Motive not always understood Perpetrated by unknown agencies Rail signal upgrade 'could be hacked to cause crashes' Prof David Stupples told the BBC that plans to replace ageing signal lights with new computers could leave the rail network exposed to cyber-attacks. UK tests of the European RailTraffic Management System are under way. Network Rail, which is in charge of the upgrade, acknowledges the threat. http://www.bbc.co.uk/news/technology-32402481
  • 31.
    CSIRS Cyber Security inReal-Time Systems Advanced : Planned ahead of time Executed by individuals who have expertise Intelligence gathered about “target” in advance Adoption of social engineering techniques Covering of entry and exit points Motive not always understood Perpetrated by unknown agencies The debate erupted after cybersecurity expert Chris Roberts, founder of OneWorld Lab in Denver, sent a tweet while he was a passenger on a UnitedAirlines flight suggesting he could hack into the airline’s onboard system to trigger the oxygen masks to drop. When the plane landed in Syracuse, FBI agents were waiting to question him and confiscate his electronic devices, according to a statement from Roberts’ attorneys. UnitedAirlines also was not amused and banned Roberts from flying on the carrier. On the 27th April 2015 ….Yesterday
  • 32.
    CSIRS Cyber Security inReal-Time Systems Advanced : Planned ahead of time Executed by individuals who have expertise Intelligence gathered about “target” in advance Adoption of social engineering techniques Covering of entry and exit points Motive not always understood Perpetrated by unknown agencies Persistent : Today - AmericanAirlines planes grounded by iPad app error
  • 33.
    CSIRS Cyber Security inReal-Time Systems Linkedin CSIRS : http://www.linkedin.com/groupRegistration?gid=3623430 Dspinks41@gmail.com Questions?