Protecting Infrastructure from Cyber AttacksMaurice Dawson
The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.
Cyber & Process Attack Scenarios for ICSJim Gilsinn
Presented at the OPC Foundation's "The Information Revolution 2014" in Redmond, WA August 5-6, 2014
This presentation discusses the modes and methodologies an attacker may use against an industrial control system in order to create a complex process attack. The presentation then discusses some specific examples, both real and hypothetical. The presentation finishes with a description of some common ways in which an organization could defend itself against these types of attacks.
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...Kaspersky
A talk delivered by Vladimir Dashchenko at S4x19 in Miami on the history of Kaspersky Industrial Cybersecurity experience development: from delivering AV to investigation of sophisticated attacks and vulnerabilities in ICS hardware and software to providing the customers with threat intelligence and security awareness services and specific technologies for ICS threats detection and prevention.
This slideshow was presented February 2, 2016 and developed for the Iowa Infragard team and discusses the Importance of Security Cyber-Physical Control systems, Elements of a control system, the manufacturing supply chain and consequences of cyber attacks in industrial environments. Please feel free to reach out with questions or comments.
Protecting Infrastructure from Cyber AttacksMaurice Dawson
The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.
Cyber & Process Attack Scenarios for ICSJim Gilsinn
Presented at the OPC Foundation's "The Information Revolution 2014" in Redmond, WA August 5-6, 2014
This presentation discusses the modes and methodologies an attacker may use against an industrial control system in order to create a complex process attack. The presentation then discusses some specific examples, both real and hypothetical. The presentation finishes with a description of some common ways in which an organization could defend itself against these types of attacks.
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...Kaspersky
A talk delivered by Vladimir Dashchenko at S4x19 in Miami on the history of Kaspersky Industrial Cybersecurity experience development: from delivering AV to investigation of sophisticated attacks and vulnerabilities in ICS hardware and software to providing the customers with threat intelligence and security awareness services and specific technologies for ICS threats detection and prevention.
This slideshow was presented February 2, 2016 and developed for the Iowa Infragard team and discusses the Importance of Security Cyber-Physical Control systems, Elements of a control system, the manufacturing supply chain and consequences of cyber attacks in industrial environments. Please feel free to reach out with questions or comments.
Kevin Wheeler, Founder and Managing Director, InfoDefense
Securing Industrial Control Systems
Our nation’s critical infrastructure is controlled by SCADA and other industrial control technologies. Water utilities, petroleum refineries, oil pipelines, food processors, manufacturers and power companies all use SCADA systems to control and monitor operations. The vast majority of these industrial control systems have been in place for decades with few, if any, enhancements to effectively protect against today’s advanced threats. As a result, industrial control system vulnerabilities are currently a major concern.
Legacy SCADA systems can be secured using many of the same best practices that are used to protect the enterprise. This presentation provides an overview of SCADA threats as well as practical solutions for protecting industrial control systems.
High dependability of the automated systemsAlan Tatourian
This is the second research talk I gave at the Semiconductor Research Corporation (SRC) in September. Here I bring to attention the need to solve problems of SW maintainability and of the self-adaptable but still reliable architectures. State of the art in the industry now is ‘fail-operational’ which is based on redundancy. We can build a better technology which will optimize itself based on some global minimum function and will be able to adapt both to external changes in the environment and internal operating conditions.
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
Learn the five stages of grief that organizations seem to pass through as they come to terms with security risks and how far we’ve come regarding Industrial Control Systems.
Common misperceptions
•Cyber security of industrial networks is not necessary
–The myth remains that an “air gap” separates the ICS from any possible source of digital attack or infection
– wireless diagnostics ports, removable media
• Industrial security is an impossibility
•The average number of days between the time a vulnerability was disclosed publicly and the time the vulnerability was discovered in a control system was 331 days
Attacks
•The most common initial vectors used for industrial systems include spear phishing, watering hole, and database injection methods
Jason Christopher, Dragos Principal Cyber Risk Advisor, joins CyberWire for this podcast that discusses the evolution of ICS/OT ransomware, its impacts on the community, and cybersecurity best practices ICS/OT practitioners can implement to combat it. Listen to the full podcast here: https://dragos.com/resource/ransomware-in-an-industrial-world/
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
Jim Girouard, Sr. Product Development Manager at Worcester Polytechnic Institute, outlines the growing menace of cyber attacks on utility companies and how to educate yourself to reduce risk.
Kevin Wheeler, Founder and Managing Director, InfoDefense
Securing Industrial Control Systems
Our nation’s critical infrastructure is controlled by SCADA and other industrial control technologies. Water utilities, petroleum refineries, oil pipelines, food processors, manufacturers and power companies all use SCADA systems to control and monitor operations. The vast majority of these industrial control systems have been in place for decades with few, if any, enhancements to effectively protect against today’s advanced threats. As a result, industrial control system vulnerabilities are currently a major concern.
Legacy SCADA systems can be secured using many of the same best practices that are used to protect the enterprise. This presentation provides an overview of SCADA threats as well as practical solutions for protecting industrial control systems.
High dependability of the automated systemsAlan Tatourian
This is the second research talk I gave at the Semiconductor Research Corporation (SRC) in September. Here I bring to attention the need to solve problems of SW maintainability and of the self-adaptable but still reliable architectures. State of the art in the industry now is ‘fail-operational’ which is based on redundancy. We can build a better technology which will optimize itself based on some global minimum function and will be able to adapt both to external changes in the environment and internal operating conditions.
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
Learn the five stages of grief that organizations seem to pass through as they come to terms with security risks and how far we’ve come regarding Industrial Control Systems.
Common misperceptions
•Cyber security of industrial networks is not necessary
–The myth remains that an “air gap” separates the ICS from any possible source of digital attack or infection
– wireless diagnostics ports, removable media
• Industrial security is an impossibility
•The average number of days between the time a vulnerability was disclosed publicly and the time the vulnerability was discovered in a control system was 331 days
Attacks
•The most common initial vectors used for industrial systems include spear phishing, watering hole, and database injection methods
Jason Christopher, Dragos Principal Cyber Risk Advisor, joins CyberWire for this podcast that discusses the evolution of ICS/OT ransomware, its impacts on the community, and cybersecurity best practices ICS/OT practitioners can implement to combat it. Listen to the full podcast here: https://dragos.com/resource/ransomware-in-an-industrial-world/
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
Jim Girouard, Sr. Product Development Manager at Worcester Polytechnic Institute, outlines the growing menace of cyber attacks on utility companies and how to educate yourself to reduce risk.
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...Schneider Electric
Federal agencies are moving their industrial control systems (ICS) from operational business networks to separate, dedicated networks in order to enhance security. However, without a system to test the new equipment and software coming into these separate networks, security risks will persist. This paper explores the impact on security of instituting a sanctioned ICS test lab and recommends best practices for setting up and operating these labs.
Top encryption tools like McAfee are popular among business users. McAfee provides full disk encryption for desktops, laptops, and servers. The algorithm uses Advanced Encryption Standard(AES) with 256-bit keys. McAfee AES is certified by US Federal Information Processing Standard. There is also ready integration of multi-layer authentication.
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
A great deal of attention in medical devices has shifted towards cybersecurity with the ratification of section 524B of the FD&C act. This new law enables the FDA to enforce cybersecurity controls in any medical device that is capable of networked communications or that has software. In this webinar we will recap the process for managing vulnerabilities, identify categories of vulnerabilities and solutions and more.
Cybersecurity threats are also evolving with advances in technology. As technology advances, so do the methods and techniques used by cybercriminals to breach security systems and steal sensitive information.
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
SCADA systems control some of the most vital infrastructure in industrial and energy sectors, from oil and gas pipelines to nuclear facilities to water treatment plants.
Critical infrastructure is defined as the physical and IT assets, networks and services that if disrupted or destroyed would have a serious impact on the health, security, or economic wellbeing of citizens and the efficient functioning of a country’s government.
In the new world of connected healthcare, medical device manufacturers are challenged with cybersecurity issues to comply with the new FDA regulations. We examine the 5 domain areas of cybersecurity which apply to IoT HealthCare Vendors/ Providers.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
7. Damaging Impact in Four Steps
To develop protective measures against Stuxnet-like attacks, a basic
understanding of the worm’s activities is essential. It unfolds its damaging impact
in four steps on different layers:
1. Infection of Windows PCs: Stuxnet utilizes a total of four zero-day exploits of
previously unknown vulnerabilities
2. Abuse and Manipulation of Automation Software: Stuxnet abuses and
manipulates any found WinCC databases and STEP 7 project files. It also
renames (s7otbxdx.dll) to (s7otbxdsx.dll) and replaces it with a DLL of its
own.
3. Injection of Malicious Code into Controllers: This manipulated DLL enables
Stuxnet to infiltrate malicious code into the projected PLCs. The malicious
code is combining denial-of-control and denial-of-view techniques.
4. Communication with Command & Control Servers on the Internet: Infected
computers will contact C&C servers to upload collected information from the
target and its environment to those servers as well as new instructions and
updates to the worm can be received and executed.
7
9. Industrial Malware Mitigations
Secure Enclaves
Logically group networks, assets, the operations that they perform, and even
the users who are responsible for those operations.
Perimeter defenses like firewalls, Network IDS, and IPS, Router Access Control
Lists can be configured to isolate the defined members of an enclave.
Enclaves protect the internal systems from insider attacks/or an attack that
somehow circumvents the established perimeter defenses (USB Flash drives)
9
10. Industrial Malware Mitigations - Cont
Patch Management
Establish a patch management enclave, to provide an additional
barrier between online patch management and the systems requiring
upgrades
The patch management methodology:
Download required vendor/applications patches
Verify the integrity of these patches and scan them for viruses
Archive the validated files to a read-only media
Install patches on test systems to verify the ramifications of
the update
Install on production systems
10
13. Industrial Malware Mitigations - Cont
Blacklisting
A “blacklist” solution compares the monitored object to a list of
what is known to be bad. Traditional HIDs, Antivirus, IPS depend
on blacklisting
Two Issues with blacklisting:
A blacklist must be continuously updated as new threats are
discovered
There is no way to detect or block certain attack such as zero-
days (Stuxnet)
13
14. Industrial Malware Mitigations - Cont
Application Whitelisting (AWL)
Creates a list of what is known to be good and applies very
simple logic: if it is not on the list block it
No signatures or virus definitions (Stuxnet lived for a year before
it was detected by AV vendors)
AWL can block zero-day industrial malware like Stuxnet
14
16. Industrial Malware Mitigations
Firewalls
• Block access to Internet from workstations which configure
and control PLCs (This prevent any interaction with C&C
servers)
• Block access to Internet hosts with bad reputation (Threat
Intelligence feed and IP Blacklists)
• Block IP addresses which generate abnormal network traffic
until you investigate the incident (External/Internal)
• Block connections to un-used protocol or service
• Implement SCADA-aware firewalls to control traffic
16
18. Standards Organizations
North American Reliability Corporation (NERC)
The North American Reliability Corporation is tasked by the Federal Energy Regulatory
Commission (FERC) to ensure the reliability of the bulk power system in North
America. NERC enforces several reliability standards, including the reliability standard
for Critical Infrastructure Protection (NERC CIP). In addition to these standards, NERC
publishes information, assessments and trends concerning bulk power reliability,
including research of reliability events as they occur. The NERC CIP standards are
comprised of nine standards documents, all of which are available from NERC’s
website at:
http://www.nerc.com/page.php?cid=2|20
18
19. Standards Organizations - Cont
The United States Nuclear Regulatory
Commission (NRC)
The United States Nuclear Regulatory Commission is responsible for the safe use of
radioactive materials, including nuclear power generation and medical applications of
radiation. The NRC publishes standards and guidelines for Information Security, as well
as general information and resources about nuclear materials and products, nuclear
waste materials, and other concerns.
NRC Title 10 CFR 73.54
NRC Title 10 of the Code of Federal Regulations, Part 73.54 regulates the “Protection
of digital computer and communication systems and networks” used in member
Nuclear Facilities. More information on CFR 73.54 is available from NRC’s website at:
http://www.nrc.gov/reading-rm/doc-collections/cfr/part073/part073-0054.html
19
20. Standards Organizations - Cont
The United States Nuclear Regulatory
Commission (NRC)
NRC RG 5.71
The United States Nuclear Regulatory Commission’s Regulatory Guide 5.71 offers
guidance on how to protect digital computer and communication systems and
networks. RG 5.71 is not a regulatory standard but rather guidance on how to comply
with the standard, which is Title 10 of the Code of Federal Regulations, Part 73.54.
Information on RG 5.71 is available from NRC’s website at:
http://nrc-stp.ornl.gov/slo/regguide571.pdf
20
21. Standards Organizations - Cont
United States Department of Homeland Security (DHS)
The Department of Homeland Security’s (NHS) mission is to protect the United States
from a variety of threats including (but not limited to) counter-terrorism and cyber
security. One area where cyber security concerns and anti-terrorism overlap is in the
protection of chemical facilities, which are regulated under the Chemical Facilities
Anti-Terrorism Standards (CFATSs). CFATS includes a wide range of security controls,
which can be measured against a set of Risk-Based Performance Standards (RBPSs).
Chemical Facilities Anti-Terrorism Standard
The Chemical Facility Anti-Terrorism Standards (CFATSs) are published by the United
States Department of Homeland Security, and they encompass many areas of chemical
manufacturing, distribution and use including cyber security concerns. More
information on CFATS can be found on the DHS’s website at:
http://www.dhs.gov/files/laws/gc_1166796969417.shtm
21
22. Standards Organizations - Cont
United States Department of Homeland
Security (DHS)
CFATS Risk-Based Performance Standards
The United States Department of Homeland Security also publishes recommendations
in the form of Risk-Based Performance Standards (RBPSs) for CFATS. These standards
provide guidance for the compliance to the Chemical Facility Anti-Terrorism Standards.
More information on the CFATS RBPS can be found on the DHS’s website at:
http://www.dhs.gov/xlibrary/assets/chemsec_cfats_riskbased_performance_standard
s.pdf
22
23. Standards Organizations - Cont
International Standards Association (ISA)
The International Standards Association (ISA) and the American National Standards
Institute (ANSI) have published three documents concerning industrial network
security under the umbrella of ISA-99. These documents are: ANSI/ISA-99.02.01-2009,
“Security for Industrial Automation and Control Systems: Establishing an Industrial
Automation and Control Systems Security Program”; ANSI/ISA-99.00.01-2007,
“Security for Industrial Automation and Control Systems: Concepts, Terminology and
Models”; and ANSI/ISA-TR99.00.01-2007, “Security Technologies for Manufacturing
and Control Systems.”
These documents, as well as additional information and resources relevant to ISA-99
are available at the ISA website, at:
http://www.isa.org/MSTemplate.cfm?MicrositeID=988&CommitteeID=6821
23
24. Standards Organizations - Cont
The International Standards Organization (ISO)
and International Electrotechnical Commission
(IEC)
The International Standards Organization (ISO) and the International Electrotechnical
Commission (IEC) produced the ISO/IEC 27002:2005 standard for “Information
technology—Security techniques—Code of practice for information security
management.” While ISO/IEC 27002:2005 does not apply exclusively to SCADA or
industrial process control networks, it provides a useful basis for implementing
security in industrial networks, and is also heavily referenced by a variety of
international standards and guidelines. More information on the ISO/IEC 27002:2005
can be found on the ISO website at:
http://www.iso.org/iso/catalogue_detail?csnumber=50297
24
25. Conclusions
Security through obscurity no longer works
with SCADA
The belief that PLCs are not vulnerable
because they are not connected to the
Internet is not true
SCADA security standards and industrial
security solutions can decrease attacks
Stuxnet cyberweapon looks to be one on a
production line
25