Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation by Certrec

•Download as PPTX, PDF•

1 like•51 views

A presentation from Certrec showcasing the cybersecurity threats plaguing critical infrastructure in the United States. Includes examples of major cyber attacks within the past few years. To learn how Certrec's cyber security solutions can help keep your power plant secure from threats, visit: https://www.certrec.com/

Technology

Cyber Security:
Critical Infrastructure Threats and Examples
1
Fas Mosleh
October 2022
Certrec
Alliances, Strategic Marketing
Software, cybersecurity, systems executive
Helped develop HP’s Information security business

Agenda
• Types of Threats
• Critical Infrastructure Attack Examples
• Conclusions and Action Steps to Take

Types of Threats
4
• Physical
‒ Physical Access
‒ Physical Damage
• Digital (IT)
‒ Malware
‒ Remote Access
‒ Business Server Compromises
• Digital (T)
‒ Physical Access
‒ Remote Control Access Compromises
‒ Viruses
‒ Business Server Compromises
‒ Release of Sensitive Information

Infrastructure Attacks: Solar Winds
6
1. 18000
2. 100
3. 320,000
4. 499/500
• Hackers compromised SolarWinds' Orion software build via an already-compromised Microsoft Office 365 account.
• Backdoors distributed into user networks once tainted Orion updates were installed.
• Russians compromised ~100 companies inc. Microsoft, Intel and Cisco.
• Plus a dozen government agencies: US Treasury, Justice and Energy departments and the Pentagon.

Infrastructure Attacks: Colonial Pipeline
7
1. 5500
2. 5M
3. 100
Attackers got into the Colonial Pipeline network through an exposed
password for a VPN account, which used the same password for the VPN
in another location (whose password was compromised in a prior breach).

Infrastructure Attacks: Ukraine
8
During the outage, threat actors flooded customer services
phone lines with calls to prevent customers from reporting the
incident.
https://www.bbc.com/news/technology-61085480
On December 23, 2015, the power grid of Ukraine was hacked,
which resulted in power outages for roughly 230,000
consumers in Ukraine for 1-6 hours

Infrastructure Attacks: Ukraine
Sandworm hackers deployed Industroyer2 malware
against high-voltage electrical sub-stations in Ukraine
+ other destructive malware like CaddyWiper.
Which is being spread around Ukraine, deletes data on
infected computer systems.
9

Actions: What did we learn?
11
Trends
Important
Cyberattacks are on the rise
Nation threat actors are capable and motivated
Ransomware is data kidnapping
Basic Cybersecurity practices and being prepared can thwart attackers
It’s not a matter of if but when

Actions: Solutions to Consider
12
Review the cybersecurity risk plan
The first step is to learn and understand what can go wrong, followed by
taking precautionary actions and finally, learning how to respond
effectively to a real operational threat or attack.
Make cybersecurity awareness, prevention, and security best practices
a part of your culture.
PHYSICAL
DATA
OT

Conclusions
13
Prevent damage to your facility, compromise of the bulk
electric system, by reducing the chances of a breach
Be informed and implement/recommend some simple measures
Expect the unexpected and plan aggressively

Actions: Resources
14
• Video: Why Big Tech Wants You To Ditch Your Password
• Why MFA?
• How to address cybersecurity in the energy sector (McKinsey)
• Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)

Certrec®
THANK YOU!
817-738-7661
650-999-1573
support@certrec.com
www.certrec.com
Be a NERC guru with daily compliance updates at www.RegSource.us
Get immediate NERC compliance help, on-demand at www.CertrecSaaS.com
How well is your critical infrastructure doing? Go to NERC CIP Healthcheck

Similar to Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation by Certrec

Webinar - Reducing the Risk of a Cyber Attack on Utilities

WPICPE

Cyber crimes are on the rise and especially prevalent during the global pandemic where hackers leverage the vulnerabilities of organisations for new opportunities through technology. Hospitals, for instance, are more likely to pay ransoms to restore access to their servers. Similarly, criminals may believe that corporations grappling with economic turmoil or logistical crises will be similarly easy to manipulate.

Cybersecurity

IndSightsResearchSG

The Cyber Security Landscape: An OurCrowd Briefing for Investors

OurCrowd

Symantec and ForeScout Delivering a Unified Cyber Security Solution

DLT Solutions

Scot Secure 2015

Ray Bugg

All Covered is a nationwide provider of IT services and security. This presentation highlights the most essential factors that businesses need to be aware of when implementing their security plan. It shows how any company, regardless of size, is at risk with external, and internal, security threats. Whether you own a small, medium, or large business, IT security should be at the forefront of any discussion. It is better to be proactive and prevent an attack from happening than having to pick up the pieces after the damage has already been done to your business.

Protecting Your Business - All Covered Security Services

All Covered

SAM05_Barber PW (7-9-15)

Norm Barber

Secrets to managing your Duty of Care in an ever- changing world. How well do you know your risks? Are you keeping up with your responsibilities to provide Duty of Care? How well are you prioritising Cybersecurity initiatives? Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives. Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello. The seminar will cover: • Fiduciary responsibility • How to efficiently deal with personal liability and the threat of court action • The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making • How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action

Cybersecurity Roadmap Development for Executives

Krist Davood - Principal - CIO

Opening Keynote - Cybersecurity Summit 2018

aztechcouncil

3 Things to Learn About:  * 1. Ransomware is a particular problem and currently the highest priority for healthcare organizations. Machine learning can use the structure of a malicious email to detect an attack even before the email is opened. * 2. Big data architectures provide the machine-learning models with the volume and variety of data required to achieve complete visibility across the spectrum of IT activity—from packets to logs to alerts.  * 3. Intel and industry partners are currently running one-hour, complimentary, confidential benchmark engagements for HLS organizations that want to see how their security compares with the industry .

Protecting health and life science organizations from breaches and ransomware

Cloudera, Inc.

James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers: • The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS. • Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections) • Best practices for how to protect your environment from the latest threats

Journey to the Cloud: Securing Your AWS Applications - April 2015

Alert Logic

Cyber security event

Tryzens

security in it (data and cyber security)

Rohana K Amarakoon

With cybercrime (like denial of service, malware, phishing, and SQL injection) looming large in our digitized world, penetration testing - and code and application level security testing (SAST and DAST) - are essential for organizations to identify security loopholes in applications and beyond. We provide a guide to the salient standards and techniques for full-spectrum testing to safeguard your data - and reputation.

Application Security: Safeguarding Data, Protecting Reputations

Cognizant

Web Attack Survival Guide

- Mark - Fullbright

CyberSecurity.pdf

Suleiman55

Cyber Security and the National Central Banks

Community Protection Forum

AGC Networks Security Solutions - Cyber-i

Richard (Rich) A. Cassario

Subhankar Dutta, Cyber security presentation.pptx

Subhankar26

ENSA_Module_3.pptx

SkyBlue659156

Similar to Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation by Certrec (20)

Webinar - Reducing the Risk of a Cyber Attack on Utilities

Cybersecurity

The Cyber Security Landscape: An OurCrowd Briefing for Investors

Symantec and ForeScout Delivering a Unified Cyber Security Solution

Scot Secure 2015

Protecting Your Business - All Covered Security Services

SAM05_Barber PW (7-9-15)

Cybersecurity Roadmap Development for Executives

Opening Keynote - Cybersecurity Summit 2018

Protecting health and life science organizations from breaches and ransomware

Journey to the Cloud: Securing Your AWS Applications - April 2015

Cyber security event

security in it (data and cyber security)

Application Security: Safeguarding Data, Protecting Reputations

Web Attack Survival Guide

CyberSecurity.pdf

Cyber Security and the National Central Banks

AGC Networks Security Solutions - Cyber-i

Subhankar Dutta, Cyber security presentation.pptx

ENSA_Module_3.pptx

Recently uploaded

Slack Application Development 101 Slides

praypatel2

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

Explore 'The Codex of Business: Writing Software for Real-World Solutions,' a compelling SlideShare presentation that delves into digital transformation in healthcare. Discover through a detailed case study how Agile methodologies empower healthcare providers to develop, iterate, and refine digital solutions that address real-world challenges. Learn how strategic planning, user feedback, and continuous improvement drive success in deploying technologies that enhance patient care and operational efficiency. Ideal for healthcare professionals, IT specialists, and digital transformation advocates seeking actionable insights and practical examples of technology making a real difference.

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Malak Abu Hammad

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

A Call to Action for Generative AI in 2024

Results

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Histor y of HAM Radio presentation slide

vu2urc

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

Recently uploaded (20)

Slack Application Development 101 Slides

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

The Codex of Business Writing Software for Real-World Solutions 2.pptx

2024: Domino Containers - The Next Step. News from the Domino Container commu...

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

A Call to Action for Generative AI in 2024

Powerful Google developer tools for immediate impact! (2023-24 C)

Histor y of HAM Radio presentation slide

Presentation on how to chat with PDF using ChatGPT code interpreter

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Axa Assurance Maroc - Insurer Innovation Award 2024

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

A Year of the Servo Reboot: Where Are We Now?

Scaling API-first – The story of a global engineering organization

Finology Group – Insurtech Innovation Award 2024

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation by Certrec

1. Cyber Security: Critical Infrastructure Threats and Examples 1 Fas Mosleh October 2022 Certrec Alliances, Strategic Marketing Software, cybersecurity, systems executive Helped develop HP’s Information security business

2. Mission: Helping generators be more reliable and secure for a better, safer grid How: SaaS apps and technology to reduce risk of non-compliance for GO/GOPs

3. Agenda • Types of Threats • Critical Infrastructure Attack Examples • Conclusions and Action Steps to Take

4. Types of Threats 4 • Physical ‒ Physical Access ‒ Physical Damage • Digital (IT) ‒ Malware ‒ Remote Access ‒ Business Server Compromises • Digital (T) ‒ Physical Access ‒ Remote Control Access Compromises ‒ Viruses ‒ Business Server Compromises ‒ Release of Sensitive Information

5. Critical Infrastructure Attack Examples

6. Infrastructure Attacks: Solar Winds 6 1. 18000 2. 100 3. 320,000 4. 499/500 • Hackers compromised SolarWinds' Orion software build via an already-compromised Microsoft Office 365 account. • Backdoors distributed into user networks once tainted Orion updates were installed. • Russians compromised ~100 companies inc. Microsoft, Intel and Cisco. • Plus a dozen government agencies: US Treasury, Justice and Energy departments and the Pentagon.

7. Infrastructure Attacks: Colonial Pipeline 7 1. 5500 2. 5M 3. 100 Attackers got into the Colonial Pipeline network through an exposed password for a VPN account, which used the same password for the VPN in another location (whose password was compromised in a prior breach).

8. Infrastructure Attacks: Ukraine 8 During the outage, threat actors flooded customer services phone lines with calls to prevent customers from reporting the incident. https://www.bbc.com/news/technology-61085480 On December 23, 2015, the power grid of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours

9. Infrastructure Attacks: Ukraine Sandworm hackers deployed Industroyer2 malware against high-voltage electrical sub-stations in Ukraine + other destructive malware like CaddyWiper. Which is being spread around Ukraine, deletes data on infected computer systems. 9

10. Actions Steps to Take

11. Actions: What did we learn? 11 Trends Important Cyberattacks are on the rise Nation threat actors are capable and motivated Ransomware is data kidnapping Basic Cybersecurity practices and being prepared can thwart attackers It’s not a matter of if but when

12. Actions: Solutions to Consider 12 Review the cybersecurity risk plan The first step is to learn and understand what can go wrong, followed by taking precautionary actions and finally, learning how to respond effectively to a real operational threat or attack. Make cybersecurity awareness, prevention, and security best practices a part of your culture. PHYSICAL DATA OT

13. Conclusions 13 Prevent damage to your facility, compromise of the bulk electric system, by reducing the chances of a breach Be informed and implement/recommend some simple measures Expect the unexpected and plan aggressively

14. Actions: Resources 14 • Video: Why Big Tech Wants You To Ditch Your Password • Why MFA? • How to address cybersecurity in the energy sector (McKinsey) • Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)

15. Certrec® THANK YOU! 817-738-7661 650-999-1573 support@certrec.com www.certrec.com Be a NERC guru with daily compliance updates at www.RegSource.us Get immediate NERC compliance help, on-demand at www.CertrecSaaS.com How well is your critical infrastructure doing? Go to NERC CIP Healthcheck

Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation by Certrec

Recommended

Recommended

More Related Content

Similar to Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation by Certrec

Similar to Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation by Certrec (20)

Recently uploaded

Recently uploaded (20)

Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation by Certrec