This document discusses security issues related to industrial automation and critical infrastructure. It begins with an introduction of the speaker and their background working in these environments. Several examples of past security incidents are described, such as the Whatcom Falls Park pipeline rupture caused by a SCADA system failure. Technical attacks against these systems are similar to traditional IT attacks like password guessing or exploits. However, the consequences of failures or attacks can be far more severe given the life-critical systems involved. In conclusion, the history and perspectives of industrial automation security differ significantly from traditional IT/ICT security, and standards exist but must be followed carefully given the risks.
This technical report discusses how climate change threatens ICT infrastructure. It notes that ICT infrastructure has become more interconnected and sensitive over time. Climate change can directly damage wired connections through events like floods and cyclones. It can also indirectly impact wireless signals by increasing rain density or changing atmospheric conditions. The report argues that ICT infrastructure must be made more resilient to these climate threats in order to ensure continuous coverage, especially as many businesses and individuals now rely on constant ICT access. Adaptations are needed like improving mobile phone coverage and data services.
This document summarizes a presentation given by Raoul Chiesa on critical infrastructure attacks. It discusses the evolution of hi-tech crimes in the 21st century, including various types of hackers and their motivations. It then focuses on critical national infrastructures, describing common types and providing examples of security incidents that have impacted systems like SCADA. The presentation highlights issues found in securing these infrastructures and concludes by discussing potential solutions like security training programs.
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseNeelabh Rai
Everything has been said on the Stuxnet worm? Not quite. Someday a “James Bond” or “Mission impossible” film might be based on this case. Should we stop here? Clearly not, such an attack asks numerous questions and must challenge certitudes. We might have to rethink our security paradigms.
Validy - A Paradigm Switch to Ensure Code Integrity.
During the Forum International de la Cybercriminalité,
late march 2010, Mag Securs met with Validy. We already knew this company and had looked at their technology in 2005. Our discussions in may and june have touched on the possibility of ensuring executable code integrity.
For more details, please visit: www.cybercops.in
The document discusses trends and challenges related to critical infrastructure and cyber security. It summarizes GCSEC's involvement in several national and international initiatives in 2013 related to critical infrastructure protection. These initiatives include projects co-funded by the EU on topics like online fraud information sharing, smart grid security, and energy sector cyber threat information sharing. The document also discusses emerging threats to critical infrastructure from trends like greater internet usage and connectivity of devices. Critical infrastructure is defined as those facilities necessary for essential service delivery. The new trend in critical infrastructure protection is to have proper knowledge of perimeter and critical services, prioritize patch management, and conduct regular risk assessments.
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...Global Risk Forum GRFDavos
The document discusses critical infrastructure (CI) analysis and prioritization. It outlines a framework for analyzing CI through three steps: (1) identifying criticality criteria like critical amount, timing and quality, (2) assessing three levels of impact, and (3) developing CI priority lists and protection goals. Key challenges include accounting for interdependencies, cascading effects, and societal needs over time in the case of disruptions.
This technical report discusses how climate change threatens ICT infrastructure. It notes that ICT infrastructure has become more interconnected and sensitive over time. Climate change can directly damage wired connections through events like floods and cyclones. It can also indirectly impact wireless signals by increasing rain density or changing atmospheric conditions. The report argues that ICT infrastructure must be made more resilient to these climate threats in order to ensure continuous coverage, especially as many businesses and individuals now rely on constant ICT access. Adaptations are needed like improving mobile phone coverage and data services.
This document summarizes a presentation given by Raoul Chiesa on critical infrastructure attacks. It discusses the evolution of hi-tech crimes in the 21st century, including various types of hackers and their motivations. It then focuses on critical national infrastructures, describing common types and providing examples of security incidents that have impacted systems like SCADA. The presentation highlights issues found in securing these infrastructures and concludes by discussing potential solutions like security training programs.
Mag-Securs No.29, 2011 - Validy: Learning from the Stuxnet CaseNeelabh Rai
Everything has been said on the Stuxnet worm? Not quite. Someday a “James Bond” or “Mission impossible” film might be based on this case. Should we stop here? Clearly not, such an attack asks numerous questions and must challenge certitudes. We might have to rethink our security paradigms.
Validy - A Paradigm Switch to Ensure Code Integrity.
During the Forum International de la Cybercriminalité,
late march 2010, Mag Securs met with Validy. We already knew this company and had looked at their technology in 2005. Our discussions in may and june have touched on the possibility of ensuring executable code integrity.
For more details, please visit: www.cybercops.in
The document discusses trends and challenges related to critical infrastructure and cyber security. It summarizes GCSEC's involvement in several national and international initiatives in 2013 related to critical infrastructure protection. These initiatives include projects co-funded by the EU on topics like online fraud information sharing, smart grid security, and energy sector cyber threat information sharing. The document also discusses emerging threats to critical infrastructure from trends like greater internet usage and connectivity of devices. Critical infrastructure is defined as those facilities necessary for essential service delivery. The new trend in critical infrastructure protection is to have proper knowledge of perimeter and critical services, prioritize patch management, and conduct regular risk assessments.
Criticality analysis of Critical Infrastructures (CI) – parameters and criter...Global Risk Forum GRFDavos
The document discusses critical infrastructure (CI) analysis and prioritization. It outlines a framework for analyzing CI through three steps: (1) identifying criticality criteria like critical amount, timing and quality, (2) assessing three levels of impact, and (3) developing CI priority lists and protection goals. Key challenges include accounting for interdependencies, cascading effects, and societal needs over time in the case of disruptions.
This document discusses issues of trust as it relates to technology and society. It covers how trust underlies civilizations and how various technological developments from writing to the internet have both increased and challenged trust over time. It examines specific issues like network security threats, software safety, and privacy of personal data. The document argues that trustworthy systems and practices are important for democratic societies and that European policies need to nurture democratic values in the digital age. It outlines the EU's legal framework around data protection and privacy technology. Finally, it discusses the goals and activities of the RISEPTIS advisory board, which aims to provide guidance on security, privacy, and trustworthiness research and policy challenges.
This document summarizes a presentation about transmission security and failures in large systems. It discusses how the 9/11 Commission identified four kinds of failures that contributed to the 9/11 attacks. It also notes that while security has always been a priority for the electricity sector, it is an even greater priority now. The document warns that the likelihood of hidden failures increases as the number of components in a large system increases.
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET Journal
This document discusses the development of an edge-deployed cyber security hardware architecture to protect critical energy delivery systems from cyber threats. The system uses sensors and machine learning to monitor programmable logic controllers (PLCs) that control infrastructure like pipelines and the electric grid. If a PLC is compromised, the system can take control of the PLC to maintain operations and prevent disruptions to critical sites like hospitals. The hardware solution is designed to integrate with existing infrastructure and provide real-time protection, restoration of control, and resilience against cyberattacks or other incidents affecting energy systems.
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
Lesson on "Security in large, Strategic and Complex Systems" at the "Master di II Livello" in "Homeland Security" -
Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013
This document discusses key concepts related to digital networks and the information economy. It defines an information economy as based on the exchange of knowledge, information, and services rather than physical goods. Information technology is described as including telecommunications, computers, software, and various types of networks. The document also discusses competing theories about technology's impact, different types of goods, network effects, and how information challenges traditional economic models.
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsSVCAVET
WHERE Globalization started:
National Defense University, The Industrial College of the Armed Forces, Washington, DC, 20319
ABSTRACT: The commercial semiconductor industry is characterized by fierce competition, large fluctuations in demand, increasing performance, and falling prices. Defense electronics has become a miniscule part of the semiconductor industry (less than 1%), but is essential to national security. However, U.S. commercial and defense semiconductor production is losing ground. The industry faces a number of challenges, including: rising capital costs, rapidly evolving technology, future workforce shortages, increasing offshore design and production, infringement of intellectual property rights, and ineffective export controls that hinder U.S. global competitiveness.
++ Globalization and the rise of the Asia-Pacific region
CONCLUSIONS:
The semiconductor industry and the defense electronics industry are inextricably linked. Every new weapons system in production will rely on semiconductors as its core component. A healthy, robust, and leading edge semiconductor industry is essential for defense needs and indeed for all elements of national security. Several broad conclusions can be drawn from our study.
• There is growing concern regarding the offshore flight of intellectual capital and semiconductor production facilities. Some argue that the ability of the U.S. to maintain access to cutting-edge technology will be adversely affected. The decline of technical talent among U.S. students contributes to these concerns.
This document provides an overview of critical infrastructure. It discusses what infrastructure is, including national, organizational, and digital infrastructures. It defines critical infrastructure as infrastructure that is essential for society to function. The document notes that infrastructure is vulnerable to faults, decay, accidents, attacks, and natural disasters. It discusses perspectives on critical infrastructure from the UK, EU, and USA. Key points made are that critical infrastructure is complex with many interdependencies, emerges over the long term through social and institutional processes rather than rational design, and vulnerabilities exist at both the system and component level.
Keynote Speaker – "Infrastructure Interdependencies: Connections that Alter Consequences" - Michael J. Collins III, Infrastructure Analyst, Infrastructure Assurance Center, Argonne National Laboratories
Key note presentation for EWB-UK's Going Global conference (http://www.ewb-uk.org/goingglobal). Presentation looked at the what? how? and why? of a global engineer focussing on engineering education.
Cybersecurity nowadays is one of the most important tasks in any corporation or institution. Sometimes, a wrong or weak security can lead to serious problems or even destruction of computer systems. A very good example of it is STUXNET virus regarding to Iranian nuclear manufactures. In this presentation I consider different types of possible cyber attacks, look at modern technologies and analyse their security.
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxRAHUL126667
Bulletin
of the
Atomic
Scientists
IT IS 5 MINUTES TO MIDNIGHT
®
Feature
Eyes wide shut: The growing
threat of cyber attacks on
industrial control systems
Joel F. Brenner
Abstract
When industrial control systems are connected to the Internet, they can be vulnerable to cyber attacks. At risk
are energy sources and electric grids, water and sewer systems, manufacturing, banks, transportation and
communication networks, and other systems that may be targeted by hackers, terrorists, or enemy states
seeking to wreak economic havoc. Despite a series of well-publicized cyber attacks in recent years, few
companies have taken the steps necessary to isolate industrial control systems and sensitive information,
and to limit the damage an attack can inflict. Security is not just a matter of dealing with technical issues, which
are fairly straightforward and tactical. The strategic issue is governance: coordinating the efforts of various
departments to ensure that information technology works together with physical security, legal counsel,
human resources, and operations management.
Keywords
cyber attack, cyber security, denial of service, industrial control systems, Maroochy Shire, RasGas, Saudi
Aramco, Stuxnet
T
hirteen years ago, a disgruntled
sewer system operator in Maroochy
Shire, Australia, filled his car with a
laptop and radio equipment apparently
stolen from his employer and drove
around giving radio commands to the
pumps and valves that controlled the
local sewers. Pumping stations went hay-
wire. Raw sewage poured into local
waterways. Creek water turned black,
fish died, and the stench was appalling
(Brenner, 2011). This was an early warning
of the danger inherent in connecting
industrial control systems to the Internet,
but Maroochy Shire was far away, and
very few people were paying attention.
Nasty things that start on the other
side of the world have a way of ending
up on oneÕs own doorstep, however, and
the vulnerability to electronic mayhem of
control systems that run railway switches,
air traffic control systems, manufacturing,
financial systems, and electric grids is
now an endemic condition. In Brazil, a
cyber attack in 2007 plunged more than
three million people into total darkness
and knocked the worldÕs largest iron
ore producer offline, costing that one
Bulletin of the Atomic Scientists
69(5) 15–20
! The Author(s) 2013
Reprints and permissions:
sagepub.co.uk/journalsPermissions.nav
DOI: 10.1177/0096340213501372
http://thebulletin.sagepub.com
company alone about $7 million (CBS
News, 2009).1
The worldÕs superpower is not invin-
cible either. Today the North American
electric grid is being attacked fer-
ociously and oftenÑsometimes by intru-
ders so skillful that government help is
needed to fend them off. Municipal water
and sewer systems are also vulnerable.
Even the US military recently warned
that it canÕt guarantee its own operations
under a sophisticated cyber attack, and
that US allies are in the same posit ...
This paper discusses steps electric power utilities can take to mitigate cyber threats. It provides an overview of emerging cyber attack vectors targeting energy infrastructure, including reconnaissance, man-in-the-middle, and denial of service attacks. Recent cyber security regulations and standards aiming to improve information sharing and incident response are also summarized. The paper analyzes lessons learned from past attacks like Stuxnet and the 2015 Ukraine power grid attack. It emphasizes the importance of network monitoring tools like intrusion detection systems and security information event management systems to help detect threats and protect critical infrastructure from cyber risks.
Today is a good day for CIGRE Science &
Engineering, as with the February 2018 issue
you are about to start reading, our Journal
celebrates a mini-Jubilee: this is the 10th issue in
its still young but vibrant existence. To make the
numbers round, we should have 10 papers in this
issue, but at the last moment, a very interesting
paper on innovative research work came in from
my alma mater, ETH Zurich, which I could not
resist sharing with you.
But, in compliance with our strict review
procedure, all the other papers are also, of
excellent quality, and I am confident they will
spark your curiosity, as they cover a plethora of
important subjects.
Specifically, and true to our policy of making
this Journal a forum for the best papers from
the many CIGRE events around the globe, you
will find two papers form the 4th International
Colloquium “Transformer Research and Asset
Management” by SC A2 and two papers from the
2017 bi-annual Colloquium of SC D2, both very
successful and well-attended CIGRE meetings.
Jason Christopher, Dragos Principal Cyber Risk Advisor, joins CyberWire for this podcast that discusses the evolution of ICS/OT ransomware, its impacts on the community, and cybersecurity best practices ICS/OT practitioners can implement to combat it. Listen to the full podcast here: https://dragos.com/resource/ransomware-in-an-industrial-world/
Stuxnet was a sophisticated cyber attack targeting Iran's nuclear facilities that changed perceptions of threats to critical infrastructure systems like SCADA. It exploited vulnerabilities in both Windows and Siemens control software to sabotage centrifuges without detection for nearly a year. This highlighted that SCADA/ICS are vulnerable targets due to their use of outdated protocols and legacy systems not originally designed with security in mind. Common security issues with SCADA include lack of access controls, unpatched systems, integration with corporate networks, and human/contractor oversight. Best practices like the NERC standards and updates to protocols like DNP3 can help mitigate risks if properly implemented throughout the SCADA lifecycle.
VM03 - Vertical Markets
Orario 14.30 – 17.30
Sala 3
SPECIAL
E TICKETING & SMART PARKING
In collaborazione con Consorzio Movincom
Con il Patrocinio di CLUB Italia
This document discusses issues of trust as it relates to technology and society. It covers how trust underlies civilizations and how various technological developments from writing to the internet have both increased and challenged trust over time. It examines specific issues like network security threats, software safety, and privacy of personal data. The document argues that trustworthy systems and practices are important for democratic societies and that European policies need to nurture democratic values in the digital age. It outlines the EU's legal framework around data protection and privacy technology. Finally, it discusses the goals and activities of the RISEPTIS advisory board, which aims to provide guidance on security, privacy, and trustworthiness research and policy challenges.
This document summarizes a presentation about transmission security and failures in large systems. It discusses how the 9/11 Commission identified four kinds of failures that contributed to the 9/11 attacks. It also notes that while security has always been a priority for the electricity sector, it is an even greater priority now. The document warns that the likelihood of hidden failures increases as the number of components in a large system increases.
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET Journal
This document discusses the development of an edge-deployed cyber security hardware architecture to protect critical energy delivery systems from cyber threats. The system uses sensors and machine learning to monitor programmable logic controllers (PLCs) that control infrastructure like pipelines and the electric grid. If a PLC is compromised, the system can take control of the PLC to maintain operations and prevent disruptions to critical sites like hospitals. The hardware solution is designed to integrate with existing infrastructure and provide real-time protection, restoration of control, and resilience against cyberattacks or other incidents affecting energy systems.
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
Lesson on "Security in large, Strategic and Complex Systems" at the "Master di II Livello" in "Homeland Security" -
Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013
This document discusses key concepts related to digital networks and the information economy. It defines an information economy as based on the exchange of knowledge, information, and services rather than physical goods. Information technology is described as including telecommunications, computers, software, and various types of networks. The document also discusses competing theories about technology's impact, different types of goods, network effects, and how information challenges traditional economic models.
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsSVCAVET
WHERE Globalization started:
National Defense University, The Industrial College of the Armed Forces, Washington, DC, 20319
ABSTRACT: The commercial semiconductor industry is characterized by fierce competition, large fluctuations in demand, increasing performance, and falling prices. Defense electronics has become a miniscule part of the semiconductor industry (less than 1%), but is essential to national security. However, U.S. commercial and defense semiconductor production is losing ground. The industry faces a number of challenges, including: rising capital costs, rapidly evolving technology, future workforce shortages, increasing offshore design and production, infringement of intellectual property rights, and ineffective export controls that hinder U.S. global competitiveness.
++ Globalization and the rise of the Asia-Pacific region
CONCLUSIONS:
The semiconductor industry and the defense electronics industry are inextricably linked. Every new weapons system in production will rely on semiconductors as its core component. A healthy, robust, and leading edge semiconductor industry is essential for defense needs and indeed for all elements of national security. Several broad conclusions can be drawn from our study.
• There is growing concern regarding the offshore flight of intellectual capital and semiconductor production facilities. Some argue that the ability of the U.S. to maintain access to cutting-edge technology will be adversely affected. The decline of technical talent among U.S. students contributes to these concerns.
This document provides an overview of critical infrastructure. It discusses what infrastructure is, including national, organizational, and digital infrastructures. It defines critical infrastructure as infrastructure that is essential for society to function. The document notes that infrastructure is vulnerable to faults, decay, accidents, attacks, and natural disasters. It discusses perspectives on critical infrastructure from the UK, EU, and USA. Key points made are that critical infrastructure is complex with many interdependencies, emerges over the long term through social and institutional processes rather than rational design, and vulnerabilities exist at both the system and component level.
Keynote Speaker – "Infrastructure Interdependencies: Connections that Alter Consequences" - Michael J. Collins III, Infrastructure Analyst, Infrastructure Assurance Center, Argonne National Laboratories
Key note presentation for EWB-UK's Going Global conference (http://www.ewb-uk.org/goingglobal). Presentation looked at the what? how? and why? of a global engineer focussing on engineering education.
Cybersecurity nowadays is one of the most important tasks in any corporation or institution. Sometimes, a wrong or weak security can lead to serious problems or even destruction of computer systems. A very good example of it is STUXNET virus regarding to Iranian nuclear manufactures. In this presentation I consider different types of possible cyber attacks, look at modern technologies and analyse their security.
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxRAHUL126667
Bulletin
of the
Atomic
Scientists
IT IS 5 MINUTES TO MIDNIGHT
®
Feature
Eyes wide shut: The growing
threat of cyber attacks on
industrial control systems
Joel F. Brenner
Abstract
When industrial control systems are connected to the Internet, they can be vulnerable to cyber attacks. At risk
are energy sources and electric grids, water and sewer systems, manufacturing, banks, transportation and
communication networks, and other systems that may be targeted by hackers, terrorists, or enemy states
seeking to wreak economic havoc. Despite a series of well-publicized cyber attacks in recent years, few
companies have taken the steps necessary to isolate industrial control systems and sensitive information,
and to limit the damage an attack can inflict. Security is not just a matter of dealing with technical issues, which
are fairly straightforward and tactical. The strategic issue is governance: coordinating the efforts of various
departments to ensure that information technology works together with physical security, legal counsel,
human resources, and operations management.
Keywords
cyber attack, cyber security, denial of service, industrial control systems, Maroochy Shire, RasGas, Saudi
Aramco, Stuxnet
T
hirteen years ago, a disgruntled
sewer system operator in Maroochy
Shire, Australia, filled his car with a
laptop and radio equipment apparently
stolen from his employer and drove
around giving radio commands to the
pumps and valves that controlled the
local sewers. Pumping stations went hay-
wire. Raw sewage poured into local
waterways. Creek water turned black,
fish died, and the stench was appalling
(Brenner, 2011). This was an early warning
of the danger inherent in connecting
industrial control systems to the Internet,
but Maroochy Shire was far away, and
very few people were paying attention.
Nasty things that start on the other
side of the world have a way of ending
up on oneÕs own doorstep, however, and
the vulnerability to electronic mayhem of
control systems that run railway switches,
air traffic control systems, manufacturing,
financial systems, and electric grids is
now an endemic condition. In Brazil, a
cyber attack in 2007 plunged more than
three million people into total darkness
and knocked the worldÕs largest iron
ore producer offline, costing that one
Bulletin of the Atomic Scientists
69(5) 15–20
! The Author(s) 2013
Reprints and permissions:
sagepub.co.uk/journalsPermissions.nav
DOI: 10.1177/0096340213501372
http://thebulletin.sagepub.com
company alone about $7 million (CBS
News, 2009).1
The worldÕs superpower is not invin-
cible either. Today the North American
electric grid is being attacked fer-
ociously and oftenÑsometimes by intru-
ders so skillful that government help is
needed to fend them off. Municipal water
and sewer systems are also vulnerable.
Even the US military recently warned
that it canÕt guarantee its own operations
under a sophisticated cyber attack, and
that US allies are in the same posit ...
This paper discusses steps electric power utilities can take to mitigate cyber threats. It provides an overview of emerging cyber attack vectors targeting energy infrastructure, including reconnaissance, man-in-the-middle, and denial of service attacks. Recent cyber security regulations and standards aiming to improve information sharing and incident response are also summarized. The paper analyzes lessons learned from past attacks like Stuxnet and the 2015 Ukraine power grid attack. It emphasizes the importance of network monitoring tools like intrusion detection systems and security information event management systems to help detect threats and protect critical infrastructure from cyber risks.
Today is a good day for CIGRE Science &
Engineering, as with the February 2018 issue
you are about to start reading, our Journal
celebrates a mini-Jubilee: this is the 10th issue in
its still young but vibrant existence. To make the
numbers round, we should have 10 papers in this
issue, but at the last moment, a very interesting
paper on innovative research work came in from
my alma mater, ETH Zurich, which I could not
resist sharing with you.
But, in compliance with our strict review
procedure, all the other papers are also, of
excellent quality, and I am confident they will
spark your curiosity, as they cover a plethora of
important subjects.
Specifically, and true to our policy of making
this Journal a forum for the best papers from
the many CIGRE events around the globe, you
will find two papers form the 4th International
Colloquium “Transformer Research and Asset
Management” by SC A2 and two papers from the
2017 bi-annual Colloquium of SC D2, both very
successful and well-attended CIGRE meetings.
Jason Christopher, Dragos Principal Cyber Risk Advisor, joins CyberWire for this podcast that discusses the evolution of ICS/OT ransomware, its impacts on the community, and cybersecurity best practices ICS/OT practitioners can implement to combat it. Listen to the full podcast here: https://dragos.com/resource/ransomware-in-an-industrial-world/
Stuxnet was a sophisticated cyber attack targeting Iran's nuclear facilities that changed perceptions of threats to critical infrastructure systems like SCADA. It exploited vulnerabilities in both Windows and Siemens control software to sabotage centrifuges without detection for nearly a year. This highlighted that SCADA/ICS are vulnerable targets due to their use of outdated protocols and legacy systems not originally designed with security in mind. Common security issues with SCADA include lack of access controls, unpatched systems, integration with corporate networks, and human/contractor oversight. Best practices like the NERC standards and updates to protocols like DNP3 can help mitigate risks if properly implemented throughout the SCADA lifecycle.
Similar to Raoul Chiesa Hacking A Impianti Industriali (20)
VM03 - Vertical Markets
Orario 14.30 – 17.30
Sala 3
SPECIAL
E TICKETING & SMART PARKING
In collaborazione con Consorzio Movincom
Con il Patrocinio di CLUB Italia
This document summarizes a presentation about the ImaGeo project. The project aims to (1) simplify the organization and sharing of photos and travel information on mobile devices, (2) provide instant location-based information based on photos captured, and (3) make it easy to embed and share generated travel content online. The proposed solution utilizes an open architecture and user-centered design approach. It will allow users to retrieve information about objects in their photos and share experiences to promote tourism. A consortium of universities and companies will collaborate on the project.
W002 - World Visions
Orario 14.30 – 18.00
Sala 4
SPECIAL
GALILEO/EGNOS & GNSS
News and latest activities from the worldwide satellite navigation systems
The document discusses EGNOS, Galileo, and Telespazio's developments related to satellite navigation. It covers topics such as GNSS signals and systems, added value navigation services, innovative projects like INAV, and the EGNOS Data Access Service. It also addresses issues like performance, security, and enabling applications through integrated solutions.
The document discusses using user-centered design to improve the travel experience for passengers of Trenitalia, Italy's national railway company. It describes researching passengers, developing scenarios of potential travel situations, and prototyping innovative interactions between passengers and Trenitalia's services. The goal is to enhance communication and provide better information to passengers throughout their journey, from planning to traveling to coping with delays.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
1. Hacking ad impianti industriali:
cronache recenti ed incidenti,
noti e non noti
noti.
Raoul Chiesa, OPST, OPSA
Board of Directors: CLUSIT, ISECOM, TSTF.net, OWASP Italy
M2M Building Automation
& Industrial Security
7 Aprile 2009
3. I relatori – Raoul Chiesa aka Nobody
Director of Communications at ISECOM
OSSTMM Key Contributor, Project Manager di HPP
Contributor
• Open Source Security Testing Methodology Manual
• Rilasciato nel gennaio 2001
• Più di 3 milioni di d
ili i downloads
ld
Direttore Tecnico presso @ Mediaservice.net Srl
Docente di IT Security presso varie Università e Master di IS
Speaker ad eventi di sicurezza nazionali ed internazionali
Membro dei Comitati Direttivi CLUSIT, ISECOM, Telecom Security Task Force
(TSTF.net), OWASP Italian Chapter
Consulente per le Nazioni Unite sul cybercrime presso l’UNICRI.
3
4. Le problematiche di sicurezza in
ambienti critici
bi ti iti i
Ho operato in questi ambienti nel corso degli ultimi
due anni, in Italia ed all’estero.
Mi sono principalmente occupato di:
Sicurezza organizzativa (standard, policy, …)
Verifiche di Sicurezza (Penetration Test, Security Audit)
Hardening (questo sconosciuto)
Quanto emerso è a dir poco sconvolgente.
E lo dice anche il NIST, lo US Cyber Defense, lo
US Homeland Security, la Commissione Europea…
4
5. Perché parlare di questi
argomenti ?
ti
Nel corso del 2008 insieme ad Alessio Pennasilico ho
2008,
compiuto azioni di “evangelism” in Italia ed all’estero.
I contesti erano i più diversi: dalle conferenze hacker
(IT Undeground, HITB, CONfidence, CCC, etc…) alle
Università ed agli eventi “classici” (BBF, IWCE, etc..)
classici
In tutti i casi, enorme è stato l’interesse dimostrato dal
pubblico.
pubblico
…ad onor del vero, il nostro talk era un mix di “sano
terrorismo
terrorismo” ed una “basic overview” di questi mondi
basic overview mondi…
Volevamo fare riflettere, ma senza entrare troppo nel
dettaglio.
dettaglio Nel mentre ci siamo formati Sul campo.
mentre, formati. campo
5
6. Infrastrutture critiche nazionali
Le NCIs hanno forti legami con i mondi SCADA
e di Industrial Automation
Nelle prossime tre slide ho cercato di
p
riassumere – secondo gli standard e le logiche
ad oggi esistenti, p
gg , primi tra tutti lo US Homeland
Security Department – le principali infrastrutture
critiche nazionali, organizzate per settori.
,g p
Il brutto è che, per ognuno di questi settori,
attacchi ed intrusioni sono già avvenuti con
avvenuti,
successo…
6
7. Infrastrutture critiche nazionali / 1
SECTOR Sample Target sub-sectors
Energy and Utilities Electrical power (generation,
transmission,
transmission nuclear)
Natural Gas
Oil production and tranmission systems
Communications and Information
C i ti dI f ti Telecommunications ( h
Tl i ti (phone, ffax, cable,
bl
Technology wireless & WiMax, satellite)
Broadcasting systems
Software
Hardware
Networks (Internet)
Finance Banking
Securities
Investment
Health Care Hospitals
Health-care facilities
Blood-supply facilities
Pharmaceuticals
7
8. Infrastrutture critiche nazionali / 2
SECTOR Sample Target sub-sectors
Food Food safety
Agriculture and Food Industry
Food distribution
Water Drinking Water
Wastewater management
Wt t t
Transportation Air
Rail
Marine
Surface
Safety
y Chemical, biological, radiological, and
, g , g ,
nuclear safety
Hazardous materials
Search and rescue
Emergency services (police, fire,
ambulance and others)
Dams
8
9. Infrastrutture critiche nazionali / 3
SECTOR Sample Target sub-sectors
Government Government facilities
Government services (i.e.,
meteorological services)
Government I f
G t Information N t
ti Networksk
Government Assets
Key national symbols (cultural
institutions,
instit tions national sites mon ments)
sites, monuments)
Manufacturing Chemical Industry
Defence industrial base
9
10. Esempi reali…
Un paio di “real examples”, per toccare con
real examples
mano ciò di cui stiamo parlando.
“Managing p mps” (USA MN)
pumps” (USA,
The Gulf (Mexico)
10
17. Ergonomia / 4
Ora lavoriamo
In modo diverso.
http://www.ihcsystems.com/section_n/images/efficientdredgingnewsapril2005_Page_09_Image_0002.jpg
17
18. Blockbuster
“Il sistema di gestione della centrale elettrica non
g
rispondeva. L’operatore stava guardando un
DVD sul computer di gestione”
g
CSO di una utility di distribuzione energia elettrica
18
19. Le tecniche di attacco
Le tecniche di attacco verso queste realtà non
differiscono di molto da quelle classiche del mondo
IT:
Old school hacking (password guessing, …)
Port scanning
Eavesdropping, ricostruzione dei flussi
Exploiting
E l iti
DoS
Web applications hacking
19
21. Incidenti del passato
Al contrario di quanto si potrebbe normalmente
pensare, diversi sono gli incidenti avvenuti in
questo mondo, partendo dai lontani anni ‘80 sino a
80
casi decisamente recenti.
21
22. Whatcom Falls Park
“About 3:28 p.m., Pacific daylight time, on June 10, 1999, a
p, yg , , ,
16-inch-diameter steel pipeline owned by Olympic Pipe Line
Company ruptured and released about 237,000 gallons of
gasoline i t a creek that flowed th
li into k th t fl d through Wh t
h Whatcom F ll
Falls
Park in Bellingham, Washington. About 1.5 hours after the
rupture, the gasoline ignited and burned approximately 1.5
miles along the creek. Two 10-year-old boys and an 18-
year-old young man died as a result of the accident. Eight
additional injuries were d
ddi i li j i documented. A single-family
d i l f il
residence and the city of Bellinghamís water treatment
plant were severely damaged. As of January 2002
damaged 2002,
Olympic estimated that total property damages were at
least $45 million.”
22
24. Technical details
“The Olympic Pipeline SCADA system consisted
The
of Teledyne Brown Engineering20 SCADA Vector
software, version 3.6.1., running on two Digital
, , g g
Equipment Corporation (DEC) VAX Model 4000-
300 computers with VMS operating system
p p gy
Version 7.1. In addition to the two main SCADA
computers (OLY01 and 02), a similarly configured
DEC Alpha 300 computer running Alpha/VMS was
used as a host for the separate Modisette
Associates, Inc., pipeline leak detection system
software package.”
24
25. SCADA can save lives
“5. If the supervisory control and data acquisition
(SCADA) system computers had remained
responsive to the commands of the Olympic
controllers, the controller operating the accident
pipeline probably would have been able to
initiate actions that would have prevented the
pressure increase that ruptured the pipeline.”
http://www.cob.org/press/pipeline/whatcomcreek.htm
25
26. Worms
“In August 2003 Slammer infected a private
computer network at the idled Davis-Besse
nuclear power plant in Oak Harbor, Ohio,
disabling a safety monitoring system for nearly
five hours.”
NIST, Guide to SCADA
26
27. nmap
“While a ping sweep was being performed on an
active SCADA network that controlled 9-foot
robotic arms, it was noticed that one arm
became active and swung around 180 degrees.
The controller for the arm was in standby mode
before the ping sweep was initiated.”
NIST, Guide to SCADA
27
28. Disgruntled employee
Vitek Boden, in 2000, was arrested, convicted
and jailed because he released millions of liters
of untreated sewage using his wireless laptop. It
happened in Maroochy Shire, Queensland, may
be as a revenge against his last former
employer.
http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/
28
29. Sabotaggio
Thomas C Reed, Ronald Regan’s S
C. Secretary, described in his
book “At the abyss” how the U.S. arranged for the Soviets to
receive intentionally flawed SCADA software to manage their
natural gas pipelines. quot;The pipeline software that was to run
the pumps, turbines, and values was programmed to go
haywire, after a d
h i ft decent i t
t interval, t reset pump speeds and
l to t d d
valve settings to produce pressures far beyond those
acceptable to p p
p pipeline jjoints and welds.quot; A 3 kiloton
explosion was the result, in 1982 in Siberia.
http://www.themoscowtimes.ru/stories/2004/03/18/014.html
29
30. Gazprom
“Russian authorities revealed this week that
Gazprom, a state-run gas utility, came under the
control of malicious hackers last year. […]The
report said hackers used a Trojan horse
program, which stashes lines of harmful
computer code in a benign-looking program.”
http://findarticles.com/p/articles/mi_qa3739/is_200403/ai_n9360106
30
31. Incidenti recenti (2008/2009)
Texas: warning, zombies ahead
Transportation officials in Texas are
scrambling to prevent hackers from
bli t th k f
changing messages on digital road signs
after one sign in Austin was altered to read,
quot;Zombies Ahead.quot;
Chris Lippincott, director of media relations for
the Texas Department of Transportation
Transportation,
confirmed that a portable traffic sign at Lamar
Boulevard and West 15th Street, near the
University of Texas at Austin, was hacked into
Austin
during the early hours of Jan. 19.
quot;It was clever, kind of cute, but not what it was
intended for,quot; said Lippincott, who saw the sign
during his morning commute. quot;Those signs are
deployed for a reason — to improve traffic
py p
conditions, let folks know there's a road closure.quot;
31
32. Incidenti recenti (2008/2009)
Final Super Bowl Moments
Interrupted By Porn
Yesterday’s television broadcast of the Super Bowl in
Tucson, Arizona, was interrupted for some viewers by
about 10 seconds of pornographic material.
According to a statement from KVOA TV in Tucson,
the only viewers who saw the material were those who
receive the channel through Comcast cable. Officials
g
UPDATED (2
at Comcast said they had “no idea” at the time it
febbraio 2009):
happened how the porn may have gotten into its feed.
Comcast offers $10
$
credit to Tucson
Apparently, the SD signal was hacked and a ten-
second porn clip was inserted into the feed. The customers who saw
station received hoards of complaints from families
Super B l porn
S Bowl
who were watching the game and saw the clip, which
showed a woman unzipping a man's pants, followed
by a graphic act between the two.
ygp
32
33. Previews… 1
ASCE – American Society of Civil Engineers e la loro Report Card:
2009 Report Card for America's Infrastructure
Category 2009 2005 Changed? Better or worse?
Aviation D D+ Yes; worse
Bridges C C
Dams D D
Drinking Water D- D-
Energy D+ D Yes; better
Hazardous Waste D D
Inland Waterways D
D- D
D-
Levees D- NA Yes; worse
Public Parks & Recreation C- C-
Rail C- C-
Roads D- D Yes; worse
School D D
Security NA I Removed
Solid Waste C+ C+
A = Exceptional
Transit D D+ Yes; worse
B = Good
Wastewater D- D- C = Mediocre
Overall GPA grade D D D = Poor
Cost $2.2T $1.6T
$2 2 $1 6 F = Failing
33
34. Previews… 2
World's power grids infested with (more) SCADA bugs
Areva Inc. - a Paris-based company that serves nuclear, wind, and fossil-
fuel power companies - is warning customers to upgrade a key piece of
energy management software following the discovery of security bugs that
leaves it vulnerable to hijacking.
The vulnerabilities affect multiple versions of Areva's e-terrahabitat
package, which allows operators in power plants to monitor gas and
electric levels, adjust transmission and distribution devices, and automate
,j ,
other core functions. Areva markets itself as one of the top three global
players in the transmission and distribution of energy.
http://www.theregister.co.uk/2009/02/05/areva_scada_security_bugs/
http://www.kb.cert.org/vuls/id/337569
p g
34
36. Conclusioni
La storia, le ottiche ed il background della sicurezza IT ed
ICT sono assolutamente differenti nel mondo
dell’automazione industriale e delle infrastrutture critiche.
Gli standard ci sono: bisogna rispettarli Con cognizione di
rispettarli.
causa e buon senso.
Manca una metodologia per l’esecuzione di Verifiche di
l esecuzione
Sicurezza, al fine di prevenire quanto già oggi potrebbe
accadere.
E’ necessario l’impegno ed il supporto di tutti, dai vendor agli
utilizzatori finali, passando ovviamente per il mondo della
sicurezza logica.
36
37. web-o-grafia
http://csrc.nist.gov/publications/drafts/800-82/Draft-SP800-82.pdf
h // i / bli i /d f /800 82/D f SP800 82 df
https://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-
Maynor-Graham-up.pdf
y pp
http://cansecwest.com/slides06/csw06-byres.pdf
http://www.mayhem.hk/docs/scada_univr.pdf
http://darkwing.uoregon.edu/~joe/scada/
http://www.physorg.com/news94025004.html
http://ethernet.industrial-
http://ethernet industrial
networking.com/articles/articledisplay.asp?id=206
http://www.apogeonline.com/libri/88-503-1042-0/ebook/libro
http://www.sans.org/reading_room/whitepapers/warfare/1644.php
http://www.digitalbond.com/SCADA_Blog/SCADA_blog.htm
37
38. web-o-grafia
http://www.securityfocus.com/news/11402
http://www.ea.doe.gov/pdfs/21stepsbooklet.pdf
http://www.visionautomation.it/modules/AMS/article.php?
storyid=32
http://www.cob.org/press/pipeline/whatcomcreek.htm
htt // b / / i li / h t k ht
http://www.securityfocus.com/news/6767
http://www.iscom.istsupcti.it/index.php?option=com_cont
h // i i i i /i d h? i
ent&task=view&id=16&Itemid=1
http://books.google.it/books?id=xL3Ye3ZORbgC
htt //b k l it/b k ?id L3Y 3ZORb C
38
39. Contatti
Per ulteriori informazioni, per aderire al CLUSIT e
partecipare alle sue attività:
http://www.clusit.it
http://www clusit it
Raoul Chiesa
rchiesa@clusit.it
Grazie per l’attenzione!
39