![Why risky?...Cause interconnected and asynchronized
*Legacy=cost of support+lost of competitiveness in Industry 4.0
Internet of Things, IoT
• [always] connected [to IT] devices
Operation technology, OT
• ICS components (sensor/field
controller/RTU/PLC/IED/HMI…), connected
[to IT] for operations and maintenance
Information technology, IT
• network, storage, processing, all connected
Years,
then
legacy*
~2
~5
~10
IT IoT: e.g. printers, cameras, assistants
OT IoT: e.g. sensors, controllers, IED
Consumer IoT: e.g. smart watches, medical appliances, drones
2015 in inventory
2018 in inventory
2010 in inventory
It`s already time
…50+
in July 2016 NATO acknowledge
cyberspace as operational domain
2005 term «APT»](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
More Related Content
What's hot
What's hot (19)
Similar to IoT security Q3 2020 overview
Similar to IoT security Q3 2020 overview (20)
More from Anastasiia Konoplova
More from Anastasiia Konoplova (15)
Recently uploaded
Recently uploaded (20)
IoT security Q3 2020 overview
- 1. IoT Q3 2020: let’s look at the risk and update security for Swiss CyberSecurity Community September, 3 2020, online
- 2. Why risky?...Cause interconnected and asynchronized *Legacy=cost of support+lost of competitiveness in Industry 4.0 Internet of Things, IoT • [always] connected [to IT] devices Operation technology, OT • ICS components (sensor/field controller/RTU/PLC/IED/HMI…), connected [to IT] for operations and maintenance Information technology, IT • network, storage, processing, all connected Years, then legacy* ~2 ~5 ~10 IT IoT: e.g. printers, cameras, assistants OT IoT: e.g. sensors, controllers, IED Consumer IoT: e.g. smart watches, medical appliances, drones 2015 in inventory 2018 in inventory 2010 in inventory It`s already time …50+ in July 2016 NATO acknowledge cyberspace as operational domain 2005 term «APT»
- 3. What industrial IoT risk is in environment?...Q3 2020* IoT botnets are massive, your infrastructure can already be part of cybercrime, e.g. Mirai et al. (since 2016)600 000 Lack of segmentation between OT and IT can cause major incident, because of aggressive threat landscape, shifted by pandemic, e.g. Norsk Hydro (2019), Toll Group (2020) Ransom AND data leakage Legacy in integrated OT environment is more critical, cybercrime already developed and well tested tools to automatically exploit it (on data exchange and identification protocols level), e.g. UDP, FTP, Kerberos Default credentials and configs in IoT, OT and IT infrastructure components is bigger problem than ever: it makes organization easy victim, OT is now focus of malicious actors ...GDPR, expensive *go to Sources IoT Devices in botnet Colours - impact to operations
- 4. Mitigations 1. IoT security is common task of IT, OT, Security staff. Understanding of convergence and collaboration are critical. 2. If device is connected, monitoring of connection is needed - requires visibility in OT and implementation of monitoring tools. 3. It`s necessary to address defaults in credentials and configs of connected devices, especially older than 2018 4. It`s good to know, which access have vendors, that support connected devices and OT in functionality of their products, e.g. Zingbox 5. Legacy treatment: patches and updates, where possible; whitelisting, containers, and sound encryption, (or disconnect) where not. 6. Change management: next innovations in operation environment require “monitoring by design”. Defaults should be addressed within any implementation. Legacy should be considered in change planning. ? First results till Q3 2021, or to update risk appetite Constantly, to update processes Easy to say; to realize requires strong executive will, enough resources, and collaborative corporate culture
- 5. What`s next?...Industry 4.0 en route Trends 2025-2040: disruptive technologies and socio-economic trends from AGSC https://tci.agcs.allianz.com/ WEF IoT & AI resources 2020 Cybersecurity act assurance, incl.OT 2025 CMMC military supply chain best practices Currentlyavailable governancetools
- 6. Sources for IoT risk analysis Q3 2020 ICS CERT, last vulnerabilities, almost daily update •ICSA-20-245-01 : Mitsubishi Electric Multiple Products •ICSA-20-240-01 : Red Lion N-Tron 702-W, 702M12-W •ICSMA-20-184-01 : OpenClinic GA (Update A) •ICSA-20-238-01 : Advantech iView •ICSA-20-238-02 : Emerson OpenEnterprise •ICSA-20-238-03 : WECON LeviStudioU •ICSMA-20-233-01Philips SureSigns VS4 •ICSA-20-168-01Treck TCP/IP Stack (Update G) •ICSA-20-224-01Yokogawa CENTUM •ICSA-20-224-02Schneider Electric APC Easy UPS On- Line •ICSA-20-224-03Tridium Niagara •ICSA-20-224-04Siemens SCALANCE, RUGGEDCOM •ICSA-20-224-05Siemens SIMATIC, SIMOTICS •ICSA-20-224-06Siemens Desigo CC •ICSA-20-224-07Siemens Automation License Manager •ICSA-20-224-08Siemens SICAM A8000 RTUs •ICSA-20-196-05Siemens UMC Stack (Update A) MITRE ATT&CK for ICS, existent malware tools for advanced persistent threats •ACAD/Medre.A •Havex •Backdoor.Oldrea •Bad Rabbit •Diskcoder.D •BlackEnergy 3 •Conficker •Downadup •Kido •Duqu •Flamer •Flame •sKyWIper Current cyberrisk environment • FBI (on words): in 1H 2020 cybersecurity complaints multiplied 3-4 times https://thehill.com/policy/cybersecurity/493198-fbi-sees-spike- in-cyber-crime-reports-during-coronavirus-pandemic • Palo Alto Unit 42 IoT threat (on big data of 2018-2019): Enterprises Sit on a Time Bomb; aged OT protocols, unencrypted IoT traffic, lack of segmentation • https://www.paloaltonetworks.com/content/dam/pan/en_US/as sets/pdf/reports/Unit_42/2020-unit-42-IoT-threat-report.pdf • Nosomi OT/IoT Security Report 2020 (analytics on news 2020 and reports on data of 2018-2020): IoT botnets working and updating, COVID-themed, ransomware https://www.nozominetworks.com/downloads/US/Nozomi- Networks-OT-IoT-Security-Report-2020-1H.pdf • Data Breach Investigation Report 2020 (on good checked data 2019): started to track OT, up to (on industry) 20% of breaches are for espionage, other financial; attackers prefer short paths (1-2 steps) https://enterprise.verizon.com/resources/reports/dbir/ • Checkpoint data 1H 2020: Cyber Warfare against critical infrastructure; double extortion: stole data before ciphering, publish, if no ransom; threats for EMEA: cryptominers(18%), mobile(15%), botnet(17%), infostealer(11%), banking(10%), ransomware(4%) https://app.hushly.com/runtime/content/QTfse1Y1qhStWrSr •CRASHOVERRIDE •Industroyer •KillDisk •LockerGoga •NotPetya •PLC-Blaster •Ryuk •Stuxnet •Triton •TRISIS •HatMan •VPNFilter •WannaCry +experience, +community
- 7. Summary about industrial cybersec Q3 2020 Break of operations due to cybersec still comes from IT. Sound segmentation can significantly reduce risk. Sound BCP additionally will let you get benefits from incident. OT are vulnerable, every year more, but we still have some time to prepare, before OT exploits will be massive. [~to reassess in Q1 2021, Q3 2021] The more IoT (IT IoT), the more possibility, that industrial infrastructure is part of cybercrime infrastructure. Evaluating [cyber] risks, is necessary to take in account YOUR environment, time, and Industry 4.0 competitiveness. Anastasiia Konoplova, CISA, CISA Trainer, LLC UAG, ISACA Kyiv Chapter More about professional activity: Profile: https://www.linkedin.com/in/anastasiia-konoplova-9342b57b/ Public activity: https://www.slideshare.net/AnastasiiaKonoplova Social network activity: https://www.facebook.com/Kyiv.ISACA/ Reputation: https://twitter.com/SCmagazineUK/status/1194597710281748482 Risks are high, but GOOD NEWS are, that there are TOOLS to ensure our goals, and we have some TIME to implement them, if we START NOW.