SlideShare a Scribd company logo

Ignite 2019

TI Safe
TI Safe

Marcelo Branquinho presented on protecting power distribution systems with zero trust cybersecurity. He discussed how digital transformation brings risks from increased connectivity and attacks on industrial control systems. Network segmentation with a zero trust model using firewalls as the network core was proposed. TI Safe and Palo Alto Networks developed a joint product called TI Safe Cybersecurity for Energy to implement zero trust for energy companies through next generation firewalls, remote access security, and continuous monitoring by TI Safe's industrial control system security operations center.

1 of 45
Download to read offline
Marcelo Branquinho CEO & Founder TI Safe, Brazil Safety First: Protecting the Power Distribution with Zero Trust for ICS
About Marcelo Branquinho • CEO & Founder of TI Safe • Background in electrical engineering and ICS Cybersecurity • Senior Member of ISA • Soccer fanatic, as all Brazilians ☺ Palo Alto Networks Proprietary and Confidential
Agenda Digital transformation and its risks for Power Systems Network Segmentation and the Zero Trust Model What TI Safe and PAN did to help Q&A
Digital transformation and its risks for Power Systems
Generation Transmission Distribution Consumption Electric Power Systems https://electrical-engineering-portal.com/electric-power-systems
Digital Transformation of Electric Power Systems Asset Lifecycle Management Grid Optimization Integrated Customer Services General services, beyond electricity Sources: Accenture research for the Digital Transformation of Industries project & Global Digital Transformation Benefits Report 2019, Schneider Electric Building blocks of digitization Service platforms Smart devices The ‘cloud’ Advanced analytics
IoE – IIoT in Energy Networks (Internet of Energy) • Internet of Energy (IoE) refers to the modernization and automation of electricity infrastructures for energy producers. • This allows energy production to progress more efficiently and cleanly with the least amount of waste. • An example of IoE technology includes the use of intelligent sensors, common among other IoT technology applications, which enable IoE facilitated mechanics such as power monitoring, distributed storage and renewable energy integration.
Smart digital substations • The Digitization of substations has an architecture based on the IEC 61850 standard. • The digitization converts data from primary equipment into the substation - such as current transformers, voltage transformers, circuit breakers, switches and power transformers for digital protections by sample values and GOOSE messages. • All signals are transmitted through fiber optics, eliminating completely the use of metal cables and reducing the risk of fatal accidents caused by electric shocks and open circuits in current transformers, which can reduce infrastructure costs and maintenance at the substation.
Attacks on IEDs via GOOSE protocol Protocol •The IEC 61850 protocol provides a model and rules for organizing data in a consistent manner across all types of IEDs. •The GOOSE (GenericObject Oriented Substation Events) is part of the IEC-61850 protocol and encapsulates logic and analogue data such as the status of disconnectors, shutter control, interlocks, general alarms and the temperature of power transformers that are transmitted in Ethernet packets. Threat •Thus, malware can be created to capture, alter and re-inject GOOSE messages into the network and, exploiting security holes in the GOOSE message protocol, attack the power grid causing service interruption. •The attack uses an Exploit GOOSE via spoofing where an attacker publishes false Layer 2 packets and devices that receive these packets mistakenly believe that they are receiving valid packets sent by a secure and trusted entity. Vulnerability •This attack is possible due to lack of encryption and authentication in GOOSE messages because of latency problems in IED devices (the IEC-61850 protocol specifies a maximum delay of 4ms for GOOSE messages) Transmission Time Attack Event
Cyber attacks may paralyze digital power structures
Electricity is the core of the critical infrastructure Palo Alto Networks Proprietary and Confidential 11
Interconnected systems – Chain Disconnections • Integrated power generation & distribution • Critical paths on a few substations • Vulnerabilities exploitaition can easily lead to blackouts Palo Alto Networks Proprietary and Confidential 12
A falta de segurança no setor elétrico pode se transformar em um desastre! How digital energy networks will respond to the next global attack? Are there ICS cybersecurity experts in the national energy companies? Are the digital networks in the energy sector protected?
Network Segmentation and the Zero Trust Model
Why security solutions fail? One popular solution used in ICS Cybersecurity is to install a firewall between business and control networks. Known as “Bastion Model” since it is based on a single point of security. Example: Chinese Wall
Pathways inside the control network • Protecting only the perimeter of the OT network is not enough. • There are lots of pathways inside the OT network that bypass perimeter security. • It’s necessary to protect the factory floor with modern and in-depth defense technologies where problems in one area are not allowed to migrate to another area. • The Solution is the use of security zones, as defined in ISA-IEC 62443 standard.
ISA/IEC 62443 – The Zones and Conduits Model HMI Zone Parent Zone Conduit Security technologies and policies must be added to enforce communications security between different zones Security ZoneSecurity Zone
Network Segmentation with NGFW and Services • Maximize visibility over OT traffic • Reduce the attack surface – Granular inter-zone policy (L7) – Secure mobile/internet access as allowed • Stop known exploits, malware, C2 traffic • Quickly discover and stop 0-day threatsNGFW as a Security “Conduit” (ISA 62443) Zone 1 Zone 2 Zone 3
Business Case Scenario Palo Alto Networks Proprietary and Confidential 19 Cyberprotect a countrywide automation network of a electric power distribution company Establish zones and conduits Create a security layer over 3rd party links Ensure remote access security
1st Generation Standard Cabling 2nd Generation Peer-to-peer connections Since 1985 3rd Generation Digital Substations HMI Substation Controller Serial Connection Bay Bay Parallel wiring Fault recorder Protection RTU Mimic board Ancient past Parallel wiring 1st generation: Standard cabling RTU Registrador Proteção Control center Local HMI Substation Controller Firewall IEC 61850 GOOSE IEC 61850 MMS Engineering PC Firewall Virtual Private Network (VPN) Trusted Zone 18/5000 Untrusted Zone The customer is digitizing its infrastructure Recorder Protection Parallel Cabling Parallel Cabling
And Segmenting ICS and SCADA is a challenge • Production system runtime • Legacy systems • Cost to implement • Flat networks IntelligentDevice Level 1 Process Level 0 Actuator PLC,RTU,IE D ManufacturingOperations Level 3 Historian Process sys DMZ Level 3.5 Patch Srv Jmp Srv Controls Systems Level 2 HMI Eng. Sta
Implementing firewalls in power grids is a critical task • Power grids cannot stop. SCADA servers cannot be restarted. • Communication between control centers and substations will necessarily pass through perimeter firewalls. Any interruption in this communication will cause the control center to operate blindly, even for a short time. This unattended operation time can cause several problems, including power failures (blackouts) • Industrial power protocols should be addressed in the Firewall (DNP-3, IEC 104, and others). Errors in treatment can block critical operations and cause major problems. 22 | © 2018 Palo Alto Networks, Inc. All Rights Reserved.
Zero Trust – Firewall is the new core of the OT Network • Zero Trust, based in the principle of “never trust, always verify,” • As a company focused on ICS Cybersecurity, TI Safe developed a methodology to implement zero trust on critical infrastructures. • The main challenge is to implement the firewall as network core, replacing switches’ routing functionalities on an operational network. Users Control Application control TI Safe ICS-SOC Malware containment Third party network isolation Network visibility
Zero Trust Design Concepts Define business outcomes Design from the inside out Determine who/what needs access Inspect and log all traffic 24 | © 2019, Palo Alto Networks. All Rights Reserved.
5 Steps to implement a Zero Trust Network 1. Define protection surface 2. Map the transaction flows 3. Architect a Zero Trust network 4. Create Zero Trust Policy 25 | © 2019, Palo Alto Networks. All Rights Reserved. 5. Monitor and maintain the network
1. Define protection surface Understand external requirements – Contractual obligations – Laws & regulations (e.g NERC-CIP) Palo Alto Networks Proprietary and Confidential 26 Translate external requirements into cybersecurity requirements
2. Map the transaction flows (zones and conduits) Prior to the project implementation, zones were physically mapped to the firewalls and then logically interconnected on a security rules plan. Sample relationships between zones SCADA OPC SCADA OPC
3. Architect a Zero Trust Network Unknown TCP and UDP protocols, non-standard communication ports, multiple links (i.e. fiber, telecom operator, satellite, etc.) to connect one or more sites, are a few elements that increase the project complexity. Example of physical planning of a firewall IP info IP info IP info IP info IP info IP info IP info Zone description Zone description Zone description Zone description Zone description Zone description SCADAOPC
OCC Control Operator Zone Historic Engineering Zone DMZ between IT and OT zones Antivirus Patch Web Processes Level 0 Level 1 Level 2 Level 3 Level 3,5 Level 4 SCADA Servers Zone PLCs Zone Corporate Zone (IT) Historic Replica PLCs Zone Engineering StationsIHM Remote Access 3. Architect a Zero Trust Network Sample Architecture - Operational Control Center CybersecurityManagement Network TI Safe´s ICS-SOC Cortex Wildfire Development Stations
3. Architect a Zero Trust Network Sample Architecture – Small Hydroelectric Plant SCADA Level 2 SHP Control Nível 3 Dispatch Control SDSC Level 1 Local control room UAC IED CybersecurityManagement Network TI Safe´s ICS-SOC Engineering Cortex Wildfire
Generation Units (Turbines) PLC Engineering Supervisory Historian OT Firewall Zero trust Control Network TI Safe´s ICS-SOC 3. Architect a Zero Trust Network Sample Architecture - Power Generating Units
4. Create Zero Trust Policy ➔ App-ID Palo Alto Networks Proprietary and Confidential 32 Allow all Assess IT and OT protocols (investigate Unknown TCP!) Validate collected protocols Create apps and services (if needed) Lockdown policies
4. Create Zero Trust Policy ➔ User-ID Palo Alto Networks Proprietary and Confidential 33 Understand user identification requirements Configure user database (ex. MS Active Directory) Create user groups based on field roles: operation, engineering, maintenance Configure internal and external VPNs (remote users must use jump servers) Lockdown policies
4. Create Zero Trust Policy ➔ Content-ID Palo Alto Networks Proprietary and Confidential 34 Do not allow direct access to the internet Block all medium to critical threats by default due to legacy systems Implement antimalware to create secure fileshares Restrict access to operational files Lockdown policies
5. Monitor and maintain the zero trust network Only implementing NGFW in the Zero Trust architecture on a power grid does not solve all the problems. It´s necessary to monitor and manage equipments 24x7x365 to respond to cyber attacks without causing a production outage. We did it through our ICS-SOC TI Safe's ICS-SOC integrates cybersecurity functions with industrial processes monitoring to prevent and respond to cyber attacks against critical infrastructures. Palo Alto Networks Proprietary and Confidential 35
5. Monitor and maintain the zero trust network Log sources for ICS-SOC Palo Alto Networks Proprietary and Confidential 36 Active Directory Firewall Industrial Firewalls Network Services such as DNS, DHCP, etc SCADA Industrial IDS Network events from Switches and Firewalls (Physical and virtuals) Netflow and JFlow Layer 7 Packet Analisys Proxy Servers Operating Systems Events (Linux / UNIX / Windows) Physical Security Systems
5. Monitor and maintain the zero trust network Energy SIEM – Event Management for the Electrical Sector • Security intelligence platform with unified architecture to collect, store, analyze and structure data of events (logs), network flows, threats, vulnerabilities and risks of electrical energy environments: generation, transmission and distribution. • Event correlation activities are performed on a single screen, with the possibility of clear incident identification, flow telemetry, risk modeling, and impact analysis. • Modular and scalable structure that allows you to manage the security of environments of all types and sizes. • Platform established in partnership with leading technology of big data and analytics. • Integrated cyber security dashboards and operating information, including information on Modbus, ICCP, DNP-3, IEC 60870-5-104, Siemens S7 protocols, among others specific to power.
What TI Safe and Palo Alto Networks did to help?
A new joint product Energy clients PAN NGFW TI Safe ICS-SOC TI Safe ICS Cybersecurity for Energy
TI Safe Cybersecurity for Energy • Generating Units • Power Substations • Operational Control Centers TI Safe´s ICS-SOC
TI Safe Cybersecurity for Energy Cybersecurity policies Edge Security with Next Generation Firewall Secure Remote Access Secure cloud communication for industry 4.0 Zones and Conduits Segmentation with zero trust Vulnerability Monitoring Malware protection and control Continuous monitoring by TI Safe´s ICS-SOC 4-eyed Auditing and Management
TI Safe Cybersecurity for Energy – Strategic planning and logistics • Industrial execution systems • Batch control • Continuous control • Discrete control Level 4 Level 3 Level 2, 1 Level 0 PA-3220 PA-820 PA-220 PA-220R Cortex Wildfire TI Safe´s ICS-SOC
TI Safe’s ICS-SOC current coverage Energy distribution companies that supply 40 million Brazilians are already protected by TI Safe´s ICS-SOC.
45Palo Alto Networks Proprietary and Confidential Questions? Marcelo Branquinho marcelo@tisafe.com +5521994002290 www.tisafe.com

Recommended

Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
TI Safe
 
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...
TI Safe
 
TI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity TrainingTI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity Training
TI Safe
 
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
TI Safe
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
TI Safe
 
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
TI Safe
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
TI Safe
 
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
TI Safe
 

Recommended

Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
TI Safe
 
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...
TI Safe
 
TI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity TrainingTI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity Training
TI Safe
 
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
TI Safe
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
TI Safe
 
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
TI Safe
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
TI Safe
 
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
TI Safe
 
CLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José AntunesCLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José Antunes
TI Safe
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
TI Safe
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
TI Safe
 
CLASS 2016 - Palestra Vitor Eduardo Lace Maganha
CLASS 2016 - Palestra Vitor Eduardo Lace MaganhaCLASS 2016 - Palestra Vitor Eduardo Lace Maganha
CLASS 2016 - Palestra Vitor Eduardo Lace Maganha
TI Safe
 
CLASS 2016 - Palestra Márcio Santos
CLASS 2016 - Palestra Márcio Santos CLASS 2016 - Palestra Márcio Santos
CLASS 2016 - Palestra Márcio Santos
TI Safe
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
Tonex
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14
James Nesbitt
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
Maurice Dawson
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
Community Protection Forum
 
Palestra realizada no S4x17 - Miami - EUA (em Inglês)
Palestra realizada no S4x17 - Miami - EUA (em Inglês)Palestra realizada no S4x17 - Miami - EUA (em Inglês)
Palestra realizada no S4x17 - Miami - EUA (em Inglês)
TI Safe
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
John Kingsley
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
Ivan Carmona
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
Shah Sheikh
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
IJECEIAES
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
Derek Harp
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
Ivan Carmona
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
Digital Bond
 
Marco Armoni AIPSI - SMAU Milano 2017
Marco Armoni AIPSI - SMAU Milano 2017Marco Armoni AIPSI - SMAU Milano 2017
Marco Armoni AIPSI - SMAU Milano 2017
SMAU
 
IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
IEC61850: Use of IEC61850 to telecontrol MV grids (Article)IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
iGrid T&D
 
Unit_3.pptx
Unit_3.pptxUnit_3.pptx
Unit_3.pptx
RAMESHMRA21130030110
 

More Related Content

What's hot

CLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José AntunesCLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José Antunes
TI Safe
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
TI Safe
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
TI Safe
 
CLASS 2016 - Palestra Vitor Eduardo Lace Maganha
CLASS 2016 - Palestra Vitor Eduardo Lace MaganhaCLASS 2016 - Palestra Vitor Eduardo Lace Maganha
CLASS 2016 - Palestra Vitor Eduardo Lace Maganha
TI Safe
 
CLASS 2016 - Palestra Márcio Santos
CLASS 2016 - Palestra Márcio Santos CLASS 2016 - Palestra Márcio Santos
CLASS 2016 - Palestra Márcio Santos
TI Safe
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
Tonex
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14
James Nesbitt
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
Maurice Dawson
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
Community Protection Forum
 
Palestra realizada no S4x17 - Miami - EUA (em Inglês)
Palestra realizada no S4x17 - Miami - EUA (em Inglês)Palestra realizada no S4x17 - Miami - EUA (em Inglês)
Palestra realizada no S4x17 - Miami - EUA (em Inglês)
TI Safe
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
John Kingsley
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
Ivan Carmona
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
Shah Sheikh
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
IJECEIAES
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
Derek Harp
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
Ivan Carmona
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
Digital Bond
 
Marco Armoni AIPSI - SMAU Milano 2017
Marco Armoni AIPSI - SMAU Milano 2017Marco Armoni AIPSI - SMAU Milano 2017
Marco Armoni AIPSI - SMAU Milano 2017
SMAU
 

What's hot (20)

CLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José AntunesCLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José Antunes
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
 
CLASS 2016 - Palestra Vitor Eduardo Lace Maganha
CLASS 2016 - Palestra Vitor Eduardo Lace MaganhaCLASS 2016 - Palestra Vitor Eduardo Lace Maganha
CLASS 2016 - Palestra Vitor Eduardo Lace Maganha
 
CLASS 2016 - Palestra Márcio Santos
CLASS 2016 - Palestra Márcio Santos CLASS 2016 - Palestra Márcio Santos
CLASS 2016 - Palestra Márcio Santos
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
 
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
 
Palestra realizada no S4x17 - Miami - EUA (em Inglês)
Palestra realizada no S4x17 - Miami - EUA (em Inglês)Palestra realizada no S4x17 - Miami - EUA (em Inglês)
Palestra realizada no S4x17 - Miami - EUA (em Inglês)
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
Marco Armoni AIPSI - SMAU Milano 2017
Marco Armoni AIPSI - SMAU Milano 2017Marco Armoni AIPSI - SMAU Milano 2017
Marco Armoni AIPSI - SMAU Milano 2017
 

Similar to Ignite 2019

IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
IEC61850: Use of IEC61850 to telecontrol MV grids (Article)IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
iGrid T&D
 
Unit_3.pptx
Unit_3.pptxUnit_3.pptx
Unit_3.pptx
RAMESHMRA21130030110
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
1.pptx
1.pptx1.pptx
1.pptx
VenkatesanSatheeswar
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
Ivan Carmona
 
A Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsA Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart Substations
IJECEIAES
 
Nokia_Sub-station_Automation_White_Paper_EN
Nokia_Sub-station_Automation_White_Paper_ENNokia_Sub-station_Automation_White_Paper_EN
Nokia_Sub-station_Automation_White_Paper_EN
Juan Boggiano
 
Como abordar los retos de los grandes proyectos de IoT
Como abordar los retos de los grandes proyectos de IoT Como abordar los retos de los grandes proyectos de IoT
Como abordar los retos de los grandes proyectos de IoT
TECNALIA Research & Innovation
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
Byres Security Inc.
 
BRKIOT-2108.pdf
BRKIOT-2108.pdfBRKIOT-2108.pdf
BRKIOT-2108.pdf
JokaTek
 
Internet of Things - structured approach to the physical plant network - Rock...
Internet of Things - structured approach to the physical plant network - Rock...Internet of Things - structured approach to the physical plant network - Rock...
Internet of Things - structured approach to the physical plant network - Rock...
Carotek
 
Device Connection Systems for Industrial Ethernet
Device Connection Systems for Industrial EthernetDevice Connection Systems for Industrial Ethernet
Device Connection Systems for Industrial Ethernet
METZ CONNECT USA Inc.
 
4g security presentation
4g security presentation4g security presentation
4g security presentation
Kyle Ly
 
COM526_Lecture 1.pdf
COM526_Lecture 1.pdfCOM526_Lecture 1.pdf
COM526_Lecture 1.pdf
SherefHesham
 
Evolution of internet by Ali Kashif
Evolution of internet by Ali KashifEvolution of internet by Ali Kashif
Evolution of internet by Ali Kashif
Ali Kashif Bashir. Ph.D, MIEEE
 
Малоресурсная криптография - Сергей Мартыненко
Малоресурсная криптография - Сергей МартыненкоМалоресурсная криптография - Сергей Мартыненко
Малоресурсная криптография - Сергей Мартыненко
HackIT Ukraine
 
Design & Implementation Of Fault Identification In Underground Cables Using IOT
Design & Implementation Of Fault Identification In Underground Cables Using IOTDesign & Implementation Of Fault Identification In Underground Cables Using IOT
Design & Implementation Of Fault Identification In Underground Cables Using IOT
IRJET Journal
 
Advanced Security Management in Metro Ethernet Networks
Advanced Security Management in Metro Ethernet NetworksAdvanced Security Management in Metro Ethernet Networks
Advanced Security Management in Metro Ethernet Networks
IJNSA Journal
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
Creekside Marketing Group, LLC
 
Nokia_Mission-critical_Utilities_Network_Teleprotection_Application_Note_EN
Nokia_Mission-critical_Utilities_Network_Teleprotection_Application_Note_ENNokia_Mission-critical_Utilities_Network_Teleprotection_Application_Note_EN
Nokia_Mission-critical_Utilities_Network_Teleprotection_Application_Note_EN
Juan Boggiano
 

Similar to Ignite 2019 (20)

IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
IEC61850: Use of IEC61850 to telecontrol MV grids (Article)IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
 
Unit_3.pptx
Unit_3.pptxUnit_3.pptx
Unit_3.pptx
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
1.pptx
1.pptx1.pptx
1.pptx
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
 
A Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsA Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart Substations
 
Nokia_Sub-station_Automation_White_Paper_EN
Nokia_Sub-station_Automation_White_Paper_ENNokia_Sub-station_Automation_White_Paper_EN
Nokia_Sub-station_Automation_White_Paper_EN
 
Como abordar los retos de los grandes proyectos de IoT
Como abordar los retos de los grandes proyectos de IoT Como abordar los retos de los grandes proyectos de IoT
Como abordar los retos de los grandes proyectos de IoT
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
 
BRKIOT-2108.pdf
BRKIOT-2108.pdfBRKIOT-2108.pdf
BRKIOT-2108.pdf
 
Internet of Things - structured approach to the physical plant network - Rock...
Internet of Things - structured approach to the physical plant network - Rock...Internet of Things - structured approach to the physical plant network - Rock...
Internet of Things - structured approach to the physical plant network - Rock...
 
Device Connection Systems for Industrial Ethernet
Device Connection Systems for Industrial EthernetDevice Connection Systems for Industrial Ethernet
Device Connection Systems for Industrial Ethernet
 
4g security presentation
4g security presentation4g security presentation
4g security presentation
 
COM526_Lecture 1.pdf
COM526_Lecture 1.pdfCOM526_Lecture 1.pdf
COM526_Lecture 1.pdf
 
Evolution of internet by Ali Kashif
Evolution of internet by Ali KashifEvolution of internet by Ali Kashif
Evolution of internet by Ali Kashif
 
Малоресурсная криптография - Сергей Мартыненко
Малоресурсная криптография - Сергей МартыненкоМалоресурсная криптография - Сергей Мартыненко
Малоресурсная криптография - Сергей Мартыненко
 
Design & Implementation Of Fault Identification In Underground Cables Using IOT
Design & Implementation Of Fault Identification In Underground Cables Using IOTDesign & Implementation Of Fault Identification In Underground Cables Using IOT
Design & Implementation Of Fault Identification In Underground Cables Using IOT
 
Advanced Security Management in Metro Ethernet Networks
Advanced Security Management in Metro Ethernet NetworksAdvanced Security Management in Metro Ethernet Networks
Advanced Security Management in Metro Ethernet Networks
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
 
Nokia_Mission-critical_Utilities_Network_Teleprotection_Application_Note_EN
Nokia_Mission-critical_Utilities_Network_Teleprotection_Application_Note_ENNokia_Mission-critical_Utilities_Network_Teleprotection_Application_Note_EN
Nokia_Mission-critical_Utilities_Network_Teleprotection_Application_Note_EN
 

More from TI Safe

CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
TI Safe
 
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
TI Safe
 
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor... CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
TI Safe
 
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
TI Safe
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
TI Safe
 
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
TI Safe
 
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
TI Safe
 
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
TI Safe
 
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
TI Safe
 
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
TI Safe
 
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
TI Safe
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
TI Safe
 
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
TI Safe
 
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
TI Safe
 
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
TI Safe
 
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
TI Safe
 
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
TI Safe
 
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
TI Safe
 
Retrospectiva
RetrospectivaRetrospectiva
Retrospectiva
TI Safe
 
Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1
TI Safe
 

More from TI Safe (20)

CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
 
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
 
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor... CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
 
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
 
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
 
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
 
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
 
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
 
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
 
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
 
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
 
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
 
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
 
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
 
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
 
Retrospectiva
RetrospectivaRetrospectiva
Retrospectiva
 
Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1
 

Recently uploaded

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 

Recently uploaded (20)

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 

Ignite 2019

  • 1. Marcelo Branquinho CEO & Founder TI Safe, Brazil Safety First: Protecting the Power Distribution with Zero Trust for ICS
  • 2. About Marcelo Branquinho • CEO & Founder of TI Safe • Background in electrical engineering and ICS Cybersecurity • Senior Member of ISA • Soccer fanatic, as all Brazilians ☺ Palo Alto Networks Proprietary and Confidential
  • 3. Agenda Digital transformation and its risks for Power Systems Network Segmentation and the Zero Trust Model What TI Safe and PAN did to help Q&A
  • 4. Digital transformation and its risks for Power Systems
  • 5. Generation Transmission Distribution Consumption Electric Power Systems https://electrical-engineering-portal.com/electric-power-systems
  • 6. Digital Transformation of Electric Power Systems Asset Lifecycle Management Grid Optimization Integrated Customer Services General services, beyond electricity Sources: Accenture research for the Digital Transformation of Industries project & Global Digital Transformation Benefits Report 2019, Schneider Electric Building blocks of digitization Service platforms Smart devices The ‘cloud’ Advanced analytics
  • 7. IoE – IIoT in Energy Networks (Internet of Energy) • Internet of Energy (IoE) refers to the modernization and automation of electricity infrastructures for energy producers. • This allows energy production to progress more efficiently and cleanly with the least amount of waste. • An example of IoE technology includes the use of intelligent sensors, common among other IoT technology applications, which enable IoE facilitated mechanics such as power monitoring, distributed storage and renewable energy integration.
  • 8. Smart digital substations • The Digitization of substations has an architecture based on the IEC 61850 standard. • The digitization converts data from primary equipment into the substation - such as current transformers, voltage transformers, circuit breakers, switches and power transformers for digital protections by sample values and GOOSE messages. • All signals are transmitted through fiber optics, eliminating completely the use of metal cables and reducing the risk of fatal accidents caused by electric shocks and open circuits in current transformers, which can reduce infrastructure costs and maintenance at the substation.
  • 9. Attacks on IEDs via GOOSE protocol Protocol •The IEC 61850 protocol provides a model and rules for organizing data in a consistent manner across all types of IEDs. •The GOOSE (GenericObject Oriented Substation Events) is part of the IEC-61850 protocol and encapsulates logic and analogue data such as the status of disconnectors, shutter control, interlocks, general alarms and the temperature of power transformers that are transmitted in Ethernet packets. Threat •Thus, malware can be created to capture, alter and re-inject GOOSE messages into the network and, exploiting security holes in the GOOSE message protocol, attack the power grid causing service interruption. •The attack uses an Exploit GOOSE via spoofing where an attacker publishes false Layer 2 packets and devices that receive these packets mistakenly believe that they are receiving valid packets sent by a secure and trusted entity. Vulnerability •This attack is possible due to lack of encryption and authentication in GOOSE messages because of latency problems in IED devices (the IEC-61850 protocol specifies a maximum delay of 4ms for GOOSE messages) Transmission Time Attack Event
  • 10. Cyber attacks may paralyze digital power structures
  • 11. Electricity is the core of the critical infrastructure Palo Alto Networks Proprietary and Confidential 11
  • 12. Interconnected systems – Chain Disconnections • Integrated power generation & distribution • Critical paths on a few substations • Vulnerabilities exploitaition can easily lead to blackouts Palo Alto Networks Proprietary and Confidential 12
  • 13. A falta de segurança no setor elétrico pode se transformar em um desastre! How digital energy networks will respond to the next global attack? Are there ICS cybersecurity experts in the national energy companies? Are the digital networks in the energy sector protected?
  • 14. Network Segmentation and the Zero Trust Model
  • 15. Why security solutions fail? One popular solution used in ICS Cybersecurity is to install a firewall between business and control networks. Known as “Bastion Model” since it is based on a single point of security. Example: Chinese Wall
  • 16. Pathways inside the control network • Protecting only the perimeter of the OT network is not enough. • There are lots of pathways inside the OT network that bypass perimeter security. • It’s necessary to protect the factory floor with modern and in-depth defense technologies where problems in one area are not allowed to migrate to another area. • The Solution is the use of security zones, as defined in ISA-IEC 62443 standard.
  • 17. ISA/IEC 62443 – The Zones and Conduits Model HMI Zone Parent Zone Conduit Security technologies and policies must be added to enforce communications security between different zones Security ZoneSecurity Zone
  • 18. Network Segmentation with NGFW and Services • Maximize visibility over OT traffic • Reduce the attack surface – Granular inter-zone policy (L7) – Secure mobile/internet access as allowed • Stop known exploits, malware, C2 traffic • Quickly discover and stop 0-day threatsNGFW as a Security “Conduit” (ISA 62443) Zone 1 Zone 2 Zone 3
  • 19. Business Case Scenario Palo Alto Networks Proprietary and Confidential 19 Cyberprotect a countrywide automation network of a electric power distribution company Establish zones and conduits Create a security layer over 3rd party links Ensure remote access security
  • 20. 1st Generation Standard Cabling 2nd Generation Peer-to-peer connections Since 1985 3rd Generation Digital Substations HMI Substation Controller Serial Connection Bay Bay Parallel wiring Fault recorder Protection RTU Mimic board Ancient past Parallel wiring 1st generation: Standard cabling RTU Registrador Proteção Control center Local HMI Substation Controller Firewall IEC 61850 GOOSE IEC 61850 MMS Engineering PC Firewall Virtual Private Network (VPN) Trusted Zone 18/5000 Untrusted Zone The customer is digitizing its infrastructure Recorder Protection Parallel Cabling Parallel Cabling
  • 21. And Segmenting ICS and SCADA is a challenge • Production system runtime • Legacy systems • Cost to implement • Flat networks IntelligentDevice Level 1 Process Level 0 Actuator PLC,RTU,IE D ManufacturingOperations Level 3 Historian Process sys DMZ Level 3.5 Patch Srv Jmp Srv Controls Systems Level 2 HMI Eng. Sta
  • 22. Implementing firewalls in power grids is a critical task • Power grids cannot stop. SCADA servers cannot be restarted. • Communication between control centers and substations will necessarily pass through perimeter firewalls. Any interruption in this communication will cause the control center to operate blindly, even for a short time. This unattended operation time can cause several problems, including power failures (blackouts) • Industrial power protocols should be addressed in the Firewall (DNP-3, IEC 104, and others). Errors in treatment can block critical operations and cause major problems. 22 | © 2018 Palo Alto Networks, Inc. All Rights Reserved.
  • 23. Zero Trust – Firewall is the new core of the OT Network • Zero Trust, based in the principle of “never trust, always verify,” • As a company focused on ICS Cybersecurity, TI Safe developed a methodology to implement zero trust on critical infrastructures. • The main challenge is to implement the firewall as network core, replacing switches’ routing functionalities on an operational network. Users Control Application control TI Safe ICS-SOC Malware containment Third party network isolation Network visibility
  • 24. Zero Trust Design Concepts Define business outcomes Design from the inside out Determine who/what needs access Inspect and log all traffic 24 | © 2019, Palo Alto Networks. All Rights Reserved.
  • 25. 5 Steps to implement a Zero Trust Network 1. Define protection surface 2. Map the transaction flows 3. Architect a Zero Trust network 4. Create Zero Trust Policy 25 | © 2019, Palo Alto Networks. All Rights Reserved. 5. Monitor and maintain the network
  • 26. 1. Define protection surface Understand external requirements – Contractual obligations – Laws & regulations (e.g NERC-CIP) Palo Alto Networks Proprietary and Confidential 26 Translate external requirements into cybersecurity requirements
  • 27. 2. Map the transaction flows (zones and conduits) Prior to the project implementation, zones were physically mapped to the firewalls and then logically interconnected on a security rules plan. Sample relationships between zones SCADA OPC SCADA OPC
  • 28. 3. Architect a Zero Trust Network Unknown TCP and UDP protocols, non-standard communication ports, multiple links (i.e. fiber, telecom operator, satellite, etc.) to connect one or more sites, are a few elements that increase the project complexity. Example of physical planning of a firewall IP info IP info IP info IP info IP info IP info IP info Zone description Zone description Zone description Zone description Zone description Zone description SCADAOPC
  • 29. OCC Control Operator Zone Historic Engineering Zone DMZ between IT and OT zones Antivirus Patch Web Processes Level 0 Level 1 Level 2 Level 3 Level 3,5 Level 4 SCADA Servers Zone PLCs Zone Corporate Zone (IT) Historic Replica PLCs Zone Engineering StationsIHM Remote Access 3. Architect a Zero Trust Network Sample Architecture - Operational Control Center CybersecurityManagement Network TI Safe´s ICS-SOC Cortex Wildfire Development Stations
  • 30. 3. Architect a Zero Trust Network Sample Architecture – Small Hydroelectric Plant SCADA Level 2 SHP Control Nível 3 Dispatch Control SDSC Level 1 Local control room UAC IED CybersecurityManagement Network TI Safe´s ICS-SOC Engineering Cortex Wildfire
  • 31. Generation Units (Turbines) PLC Engineering Supervisory Historian OT Firewall Zero trust Control Network TI Safe´s ICS-SOC 3. Architect a Zero Trust Network Sample Architecture - Power Generating Units
  • 32. 4. Create Zero Trust Policy ➔ App-ID Palo Alto Networks Proprietary and Confidential 32 Allow all Assess IT and OT protocols (investigate Unknown TCP!) Validate collected protocols Create apps and services (if needed) Lockdown policies
  • 33. 4. Create Zero Trust Policy ➔ User-ID Palo Alto Networks Proprietary and Confidential 33 Understand user identification requirements Configure user database (ex. MS Active Directory) Create user groups based on field roles: operation, engineering, maintenance Configure internal and external VPNs (remote users must use jump servers) Lockdown policies
  • 34. 4. Create Zero Trust Policy ➔ Content-ID Palo Alto Networks Proprietary and Confidential 34 Do not allow direct access to the internet Block all medium to critical threats by default due to legacy systems Implement antimalware to create secure fileshares Restrict access to operational files Lockdown policies
  • 35. 5. Monitor and maintain the zero trust network Only implementing NGFW in the Zero Trust architecture on a power grid does not solve all the problems. It´s necessary to monitor and manage equipments 24x7x365 to respond to cyber attacks without causing a production outage. We did it through our ICS-SOC TI Safe's ICS-SOC integrates cybersecurity functions with industrial processes monitoring to prevent and respond to cyber attacks against critical infrastructures. Palo Alto Networks Proprietary and Confidential 35
  • 36. 5. Monitor and maintain the zero trust network Log sources for ICS-SOC Palo Alto Networks Proprietary and Confidential 36 Active Directory Firewall Industrial Firewalls Network Services such as DNS, DHCP, etc SCADA Industrial IDS Network events from Switches and Firewalls (Physical and virtuals) Netflow and JFlow Layer 7 Packet Analisys Proxy Servers Operating Systems Events (Linux / UNIX / Windows) Physical Security Systems
  • 37. 5. Monitor and maintain the zero trust network Energy SIEM – Event Management for the Electrical Sector • Security intelligence platform with unified architecture to collect, store, analyze and structure data of events (logs), network flows, threats, vulnerabilities and risks of electrical energy environments: generation, transmission and distribution. • Event correlation activities are performed on a single screen, with the possibility of clear incident identification, flow telemetry, risk modeling, and impact analysis. • Modular and scalable structure that allows you to manage the security of environments of all types and sizes. • Platform established in partnership with leading technology of big data and analytics. • Integrated cyber security dashboards and operating information, including information on Modbus, ICCP, DNP-3, IEC 60870-5-104, Siemens S7 protocols, among others specific to power.
  • 38. What TI Safe and Palo Alto Networks did to help?
  • 39. A new joint product Energy clients PAN NGFW TI Safe ICS-SOC TI Safe ICS Cybersecurity for Energy
  • 40.
  • 41. TI Safe Cybersecurity for Energy • Generating Units • Power Substations • Operational Control Centers TI Safe´s ICS-SOC
  • 42. TI Safe Cybersecurity for Energy Cybersecurity policies Edge Security with Next Generation Firewall Secure Remote Access Secure cloud communication for industry 4.0 Zones and Conduits Segmentation with zero trust Vulnerability Monitoring Malware protection and control Continuous monitoring by TI Safe´s ICS-SOC 4-eyed Auditing and Management
  • 43. TI Safe Cybersecurity for Energy – Strategic planning and logistics • Industrial execution systems • Batch control • Continuous control • Discrete control Level 4 Level 3 Level 2, 1 Level 0 PA-3220 PA-820 PA-220 PA-220R Cortex Wildfire TI Safe´s ICS-SOC
  • 44. TI Safe’s ICS-SOC current coverage Energy distribution companies that supply 40 million Brazilians are already protected by TI Safe´s ICS-SOC.
  • 45. 45Palo Alto Networks Proprietary and Confidential Questions? Marcelo Branquinho marcelo@tisafe.com +5521994002290 www.tisafe.com