New technologies are being integrated into existing infrastructures, but this brings new cybersecurity threats. Systems with more interaction points and unmanaged components are harder to monitor and control. Even outdated systems remain vulnerable if not properly isolated. When introducing new technologies, all possible interaction channels must be inspected for security issues and leaks. A bottom-up and top-down approach is needed to understand threats, including analyzing technical means and consulting security experts. Strict access policies and awareness of emerging attacks can help mitigate risks from expanded interaction points between humans, machines, and the physical world.

1. New Technologies in existing Infrastructures.
Renovated Threats by the very same Attacks
2014-04-09 Brussels COLPOFER Cybersecurity Working Group
Alexey Kachalin, COO
Advanced Monitoring JSC

2. Security
Consulting
& Audit
Software/Code
analysis
SDL Practices
R’n’D
Advanced Monitoring
• Security analysis: OpSec, AppSec, NetSec
• Implementing SDL
• Incident Response Service
• Research and Development
– Threats analysis
– Technology adoption threats
• Training

3. Attacks - Usual Suspects are there
DoS
Privilege
Escalation
Data
StealCorruption
Of Data
Theft of
Resources

4. Cyber threats to Real World – not new
• Pure IT threats causing RW consequences
– Downtime
– Data leaks
– Financial losses
• Interaction and Intervention
– RW to IT – physical access
– IT to RW
• Limited to
controllers and sensors capabilities
• Induction and Inquest?
– Get facts from outside
– Get emanated data
What if new
interaction channels
would be added?

5. Battery would be charged
2:15 am.
It is normal.
See you tomorrow?

6. Controlled? CAN is not connected to *
2013-11: TESLA cars patched to
change road clearance. Patch
delivered via 3g

7. Add more Tech: Vehicle+4g+app.store
• On-line (4G)
• Appstore for Cars
• Became-standard-vehicle-cyber-threats
– Multimedia network threats
– Road infrastructure network threats
– Access Drive-by-Wire?/CAN BUS
• «The apps know if you are driving»
• «Apps tapping information from many
cars could alert drivers to accidents»

8. What’s that?

9. New functions bring new Threats
• Manage by Smart-app iOS/android
• Keys distribution
• Access by WiFi
• Unlock by Bluetooth and NFC
• Remote Lock/Unlock
• Revoke keys
• Key usage logs
• Video camera logs access attempts

10. New Interactions channels and types
Process
Controller
IT Infrastructure
App

11. Can’t stop Upgrade & Integration
OLD CONTROLLERS
NEW SEGMENT
Effort to add new
functions and security
controls
• New interaction
mechanisms
• New entry points
• Strict network
segmentation is no
longer an option
• Access to “dumb”
devices with smart
mechanisms

12. Unobservable & Unmanaged
Process
Controller
IT Infrastructure
App

13. Observing low-level: Smart-meter
• Utilities To monitor electricity usage and load; to
determine bills
• Landlords To verify lease compliance
• Electricity usage advisory companies To promote energy
conservation and awareness
• Insurance companies To determine health care premiums
based on unusual behaviors that might indicate illness
• Civil litigators To identify property boundaries and
activities on premises
• Private investigators To monitor specific events
• Law enforcers To identify suspicious or illegal activity*
• Marketers To profile customers for targeted
advertisements
• The press To get information about famous people
• Creditors To determine creditworthiness
• Criminals To identify the best times for a burglary or to
identify high-priced appliances to steal

14. News: Controlled. Not by you
• Over 85000 printers found to be publically
accessible on the network
• Smart WebCams are registering on vendor site
vulnerable to unauthorized access
• Botnet grows 100000 hosts with unmanaged
devices – printers and routers
• Printer vulnerability leads
to excessive heating

15. Internet
What should be included in the System?
Process
Controller
IT Infrastructure
App
Employee
Client
Social Network
Partly/
unobservable

16. Boosting Social Engineering attack to 99%
1. Company domain
1. Enumerate e-mails
2. Verify company position
2. Get other accounts
1. Social network
1. Get interests
2. Get friends and communities
2. Physical attributes
1. Office phone
2. Cell phones
3. Street address
3. Expand
1. Get info on special occasion
2. Break into job interview
3. Send targeted malware

17. Real picture: Interactions alterations

18.  1. Augmenting Humans With Technology
 2. Machines Replacing Humans
 3. Humans and Machines Working Alongside Each Other
 4. Machines Better Understanding Humans and the Environment
http://vint.sogeti.com/wp-
content/uploads/2013/08/hy
pecycle-2013-600x375.png
Expect Technology to come

19. Summary: Threats to Consider
• Unobserved components and interactions
– Inspect all interaction alternatives
– Scout leaks and interactions outside of the system
• Outdated technologies are not immune to cyber threats
– Consider isolating or replacing unintelligent components
• Introducing new systems and components
– Should be profiled for security issues
– Analyzed for possible interactions with other components
• Bottom up – technical means
• Upside down – analysts
• Enforce Deny Except policy for components and service on
enhancing components functions
– Checklist – necessary but unsufficient
– Attacks will happen: Awareness, Loss mitigation

20. Stay Ignorant [y/N]?
 Security consulting and audit
 IT Infrastructure Security
 Application security
 SDL
 Research and Development
 Security tools
 Threat trends
 Training
 Simulation and RedTeams exercises
 Awareness
Alexey Kachalin
Kachalin@advancedmonitoring.ru
@kchln