SlideShare a Scribd company logo

Power Grid Communications & Control Systems

Download as PPT, PDF
F
fajjarrehman

Cyber Security for the Power Grid: Cyber Security Issues & Securing Control Systems

Internet
1 of 74
Cyber Security Solutions For <Client Name> Cyber Security for the Power Grid: Cyber Security Issues & Securing Control Systems Andrew Wright CTO, N-Dimension andrew.wright@n-dimension.com ACM CCS Conference Tutorial Nov. 2009
Power Grid Communications & Control Systems borrowed from NIST Smart Grid Twiki Internet Control Systems
Agenda • High-Level – Industrial Control Systems and Cyber Security Issues – Securing Control Systems • Detailed – Security Issues in Industrial Control Systems – Today’s Threats – Securing Control Systems
A Control System Sensor(s) + Actuator(s) + Controller(s)
Types of Industrial Control Systems (ICS) Supervisory Control And Data Acquisition (SCADA) Automation Process Control Systems (PCS) Distributed Control Systems (DCS)
Historical ICS • Proprietary • Complete vertical solutions • Customized • Specialized communications – Wired, fiber, microwave, dialup, serial, etc. – 100s of different protocols – Slow; e.g. 1200 baud • Long service lifetimes: 15–20 years • Not designed with security in mind
Third Party Controllers, Servers, etc. Serial, OPC or Fieldbus Engineering Workplace Device Network Firewall Services Network Third Party Application Server Application Server Historian Server Workplaces Enterprise Optimization Suite Mobile Operator Connectivity Server Control Network Redundant Enterprise Network Serial RS485 Modern ICS Trends IP Internet Enterprise Network
Technology Trends in ICS • COTS (Commercial-Off-The-Shelf) technologies – Operating systems—Windows, WinCE, embedded RTOSes – Applications—Databases, web servers, web browsers, etc. – IT protocols—HTTP, SMTP, FTP, DCOM, XML, SNMP, etc. – Networking equipment—switches, routers, firewalls, etc. • Connectivity of ICS to enterprise LAN – Improved business visibility, business process efficiency – Remote access to control center and field devices • IP Networking – Common in higher level networks, gaining in lower levels – Many legacy protocols wrapped in TCP or UDP – Most new industrial devices have Ethernet ports – Most new ICS architectures are IP-based
New IP-Based Industrial Control Systems • ODVA (Rockwell) • Profinet • Foundation Fieldbus HSE • Telvent • ABB 800xA • Honeywell Experion • Emerson DeltaV • Yokogawa VNET/IP • Invensys Infusion • Survalent • IP to the Control Network or even Device Network • Not all are fully compatible with “ordinary IP”
Security Risks to Modern ICS • COTS + IP + connectivity = many security risks • All of those of Enterprise networks and more Worms and Viruses Legacy OSes and applications DOS and DDOS impairing availability Inability to limit access Unauthorized access Inability to revoke access Unknown access Unexamined system logs Unpatched systems Accidental misconfiguration Little or no use of anti-virus Improperly secured devices Limited use of host-based firewalls Improperly secured wireless Improper use of ICS workstations Unencrypted links to remote sites Unauthorized applications Passwords sent in clear text Unnecessary applications Default passwords Open FTP, Telnet, SNMP, HTML ports Password management problems Fragile control devices Default OS security configurations Network scans by IT staff Unpatched routers / switches
When ICS Security Fails • Loss of production • Penalties • Lawsuits • Loss of public trust • Loss of market value • Physical damage • Environmental damage • Injury • Loss of life • USSR pipeline explosion, 1982 • Bellingham pipeline rupture, 1999 • Queensland sewage release, 2000 • Davis Besse nuclear plant infection, 2003 • Northeast USA blackout, 2003 • Browns Ferry nuclear plant scram, 2006 $$$.$$
ACM CCS Tutorial Nov. 2009 So How Do We Secure Industrial Control Systems?
There is No Silver Bullet! No Silver Bullet!
Defense in Depth • Perimeter Protection – Firewall, IPS, VPN, AV – Host IDS, Host AV – DMZ • Interior Security – Firewall, IDS, VPN, AV – Host IDS, Host AV – IEEE P1711 (AGA 12) – NAC – Scanning • Monitoring • Management IDS Intrusion Detection System IPS Intrusion Prevention System DMZ DeMilitarized Zone VPN Virtual Private Network (cryptographic) AV Anti-Virus (anti-malware) NAC Network Admission Control
Internet Enterprise Network Control Network Field Site Field Site Field Site Partner Site VPN VPN FW FW IPS IDS IT Stuff Scan AV FW IPS P1711 FW AV Host IPS Host AV Proxy Host IDS Host AV IDS Scan NAC NAC 62351 Log Mgmt Event Mgmt Reporting 50000 Foot View IT Stuff VPN
ACM CCS Tutorial Nov. 2009 Security Issues in Industrial Control Systems
Availability, Integrity and Confidentiality • Enterprise networks require C-I-A – Confidentiality of intellectual property matters most • ICS requires A-I-C – Availability and integrity of control matters most – control data has low entropy—little need for confidentiality – Many ICS vendors provide six 9’s of availability • Ensuring availability is hard – Cryptography does not help (directly) – DOS protection, rate limiting, resource management, QoS, redundancy, robust hardware with high MTBF • Security must not reduce availability!
DoS and DDoS Attacks • Denial of Service (DoS) attack overwhelms a system with too many packets/requests – Exhausts TCP stack or application resources – Defenses include connection limits in firewall • Distributed Denial of Service (DDoS) attack coordinates a botnet to overwhelm a target system – No single point of attack – Requires sophisticated, coordinated defenses – Weapon of choice for hackers, hacktivists, cyber-extortionists • DoS, DDoS particularly effective when Availability is critical, i.e. against ICS
Fragile ICS Devices • Many IP stack implementations are fragile – Some devices lockup on ping sweep or NMAP scan – Numerous incidents of ICS shut down by uninformed IT staff running a well-intentioned vulnerability scan • Modern ICS devices are much more complex – Some IEDs include web server for configuration and status – More lines of code leads to more bugs – Modern IEDs require patching just like servers
Unpatched Systems • Many ICS systems are not patched current – Particularly Windows servers – No patches available for older versions of windows • OS and application patches can break ICS – OS patches are tested for enterprise apps • Uncertified patches can invalidate warranty • Patching often requires system reboot • Before installation of a patch: – Vendor certification—typically one week – Lab testing by operator – Staged deployment on less critical systems first – Avoid interrupting any critical process phases
Limited use of Host Anti-Virus • AV operations can cause significant system disruption at inopportune times – 3am is no better than any other time for a full disk scan on a system that operates 24x7x365 • ICS vendors only beginning to support anti-virus – Anti-virus is only as good as the signature set – Signatures may require testing just like patches • AV may be losing ground in enterprise deployments – impact on hosts, endpoint security not getting better – virus writers have learned to test against dominant AV • application whitelisting can be a good alternative – enumerate goodness rather than badness
Poor Authentication and Authorization • Machine-to-machine comms involve no “user” • Many ICS have poor authentication mechanisms and very limited authorization mechanisms • Many protocols use cleartext passwords • Many ICS devices lack crypto support • Sometimes passwords left at vendor default • Device passwords are hard to manage appropriately – Often one password is shared amongst all devices and all users and seldom if ever changed – This is happening AGAIN in Smart Meter deployments!
Poor Audit and Logging • Many ICS have poor or non-existent support for logging security-related actions – Attempted or successful intrusions may go unnoticed • Where IDS logs are kept, they are often not reviewed • Various regulatory requirements are driving some change in this area – NERC—North American Electric Reliability Corporation – FERC—Federal Energy Regulatory Commission – Sarbanes Oxley and PCAOB (Public Company Accounting Oversight Board) – FISMA—Federal Information Security Management Act
Unmanned Field Sites • Many unmanned field sites • Many with dialup access • Some with high-speed connectivity to control center • Most with poor authentication and authorization backdoor to the control center!
Legacy Equipment • Much legacy equipment • Usually impossible to update to add security features • Difficult to protect legacy communications – but see IEEE P1711 for serial encryption • Password protection is weak • Little or no audit and logging
Unauthorized Applications • Unauthorized apps installed on ICS systems can interfere with ICS operation • Many types of unauthorized apps have been found during security audits – Instant messaging – P2P file sharing – DVD and MPEG video players – Games, including Internet-based – Web browsers
Inappropriate Use of ICS Desktops • Web browsing from HMI can infect ICS – Browser vulnerabilities – Downloads – Cross-site scripting – Spyware • Email to/from control servers can infect ICS – Sendmail and outlook vulnerabilities • Disk storage exhaustion can crash OS – Storage of music, videos
Little or No Cyber Security Monitoring • internal monitoring is essential to detect low profile compromises – IDS – port scanning – vulnerability scanning – system audit • without internal monitoring don’t know whether systems have been compromised
Requirement for 3rd Party Access • Firmware updates and PLC, IED programming are sometimes done by vendor – Many ICS have open maintenance ports – Infected vendor laptops can bring down ICS • Partners may require continuous status information – Partner access is often poorly secured – Partner channels can serve as backdoors • 3rd parties may include: – ISO, transmission provider or grid neighbor, equipment vendor, emissions monitoring service or agency, water level monitoring agency, vibration monitoring service, etc.
People Issues • ICS network often managed by “Control Systems Department”, distinct from “IT Department” running enterprise network – ICS personnel are not IT or networking experts – IT personnel are not ICS experts • Majority of control systems workforce is older and nearing retirement – Few young people entering this field – Few academic programs
Harsh Environments • Temperature • Vibration • Dust • Humidity • Electrical Transients
Attack Vectors into Control Systems Includes Infected Laptops and Is Growing Source: 2003–2006 data from Eric Byres, BCIT
Security Assessments on ICS • Various groups perform security assessments and penetration tests on ICS (generally under NDA) – Idaho National Labs – Sandia National Labs – N-Dimension Solutions – Other private organizations • Vulnerability assessments always uncover problems • For penetration tests, we always get in – Not a question of “if”, but “how long”
Other Issues • Unusual physical topologies • Many special purpose, limited function devices • Static network configurations • Multicast • Long service lifetimes
For More Information ... • See Smart Grid Cyber Security Strategy and Requirements, NISTIR 7628, www.nist.gov/smartgrid – particularly Appendices C and D
ACM CCS Tutorial Nov. 2009 Today’s Threats
Hiroshima, 2.0 – Cyberspying of the US Electric Grid (April 09) Cyberspies penetrate electrical grid (April 09) 'Smart Grid' vulnerable to hackers (March 09) CIA: Hackers Have Attacked Foreign Utilities (Jan 2008) President Obama: securing the electric infrastructure is a national security priority (June 09) Smart Grid Security Frenzy: Cyber War Games, Worms and Spies in Smart Grid (June 09) earth2tech.com Intense Media Visibility on the Cyber Security Issue
Limited Information About Incidents • Little information sharing about actual attacks – BCIT incident database has about 30 incidents per year vs. 100s of thousands of incidents per year in CERT database – Few cyber attacks on ICS for which details are public • Little information sharing about actual vulnerabilities – some are not easily or rapidly fixed – assessments are done under NDA • Difficult to estimate risk – Difficult to demonstrate ROI for security spending • But… lots of data about significant financial losses in enterprise and e-commerce – Why would control systems be immune?
Accidents Happen ...
Attacks Can Cause Similar Results INL National Lab Aurora Demonstration, March 2007
Regulators provide Smart Grid Stimulus Funding criteria - cyber security is mandatory (June 09) FERC releases Smart Grid Policy - cyber security mandatory for Utility rate recovery (July 09) Strengthened Cyber Security Standards Approved for North American Utilities (May 09) AMI-SEC working group developed security requirements for AMI AMI-SEC Task Force NIST developing interoperability and security standards for Smart Grid Ontario Green Energy Act Drives Smart Grid With Security (May 09) Cyber Security Regulatory Requirements
ACM CCS Tutorial Nov. 2009 Securing Control Systems
Adversaries • Script kiddies • Hackers • Organized crime • Disgruntled insiders • Competitors • Terrorists • Hactivists • Eco-terrorists • Nation states
How an Attack Proceeds—Step #1 Internet Modem Pool Web Server Email Server Business Workstation Data Historian Engineering Workstation FEP RTU Control System Network Enterprise Network Database Server Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED IED Web Server Management Console HMI
How an Attack Proceeds—Step #2 Internet Modem Pool Web Server Business Workstation Data Historian Engineering Workstation FEP RTU Control System Network Enterprise Network Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED IED Web Server Management Console HMI Email Server Database Server
How an Attack Proceeds—Step #3 Internet Modem Pool Web Server Business Workstation Data Historian Engineering Workstation FEP RTU Control System Network Enterprise Network Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED IED Web Server Management Console HMI Email Server Database Server
How an Attack Proceeds—Step #4 Internet Modem Pool Web Server Web Server Business Workstation Data Historian Management Console HMI Engineering Workstation FEP RTU Control System Network Enterprise Network Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED IED Vendor Web Server Email Server Database Server
How an Attack Proceeds—Step #5 Internet Modem Pool Web Server Web Server Business Workstation Data Historian Management Console HMI Engineering Workstation FEP RTU Control System Network Enterprise Network Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED IED Vendor Web Server Email Server Database Server
How an Attack Proceeds—Step #6 Internet Modem Pool Web Server Web Server Business Workstation Data Historian Management Console HMI Engineering Workstation FEP RTU Control System Network Enterprise Network Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED IED Email Server Database Server
How an Attack Proceeds—Step #7 Internet Modem Pool Web Server Web Server Business Workstation Data Historian Management Console HMI Engineering Workstation FEP RTU Control System Network Enterprise Network Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED Email Server IED Database Server
Defending ICS • Separate control network from enterprise network – Harden connection to enterprise network – Protect all points of entry with strong authentication – Make reconnaissance difficult from outside • Harden interior of control network – Make reconnaissance difficult from inside – Avoid single points of vulnerability – Frustrate opportunities to expand a compromise • Harden field sites and partner connections – mutual distrust • Monitor both perimeter and inside events • Periodically scan for changes in security posture
Internet Enterprise Network Control Network Field Site Field Site Field Site Partner Site VPN VPN FW FW IPS IDS IT Stuff Scan AV FW IPS P1711 FW AV Host IPS Host AV Proxy Host IDS Host AV IDS Scan NAC NAC 62351 Log Mgmt Event Mgmt Reporting 50000 Foot View IT Stuff VPN
Logical Overlay on SP99 / Purdue Model of Control Site Business Planning and Logistics Network Batch Control Discrete Control Supervisory Control Hybrid Control Supervisory Control Enterprise Network Patch Mgmt Web Services Operations AV Server Application Server Email, Intranet, etc. Production Control Historian Optimizing Control Engineering Station Continuous Control Terminal Services Historian (Mirror) Site Operations and Control Area Supervisory Control Basic Control Process Control Zone Enterprise Zone DMZ Level 5 Level 3 Level 1 Level 0 Level 2 Level 4 HMI HMI
Logical Architecture • Enterprise Zone contains typical business systems – Email, web, office apps, etc. • DMZ provides business connectivity – Contains only non-critical systems that need access to both Control and Enterprise Zones – Enforces separation between Enterprise and Control Zones – Consists of multiple functional sub-zones • Separated by Firewall, IPS, Anti-Virus, etc. • Control Zone demarcates critical control systems – Consists of multiple functional sub-zones • Internally protected by Firewall, IDS, Anti-Virus, etc.
How NOT to connect Control / Enterprise • Dual-homed server • Dual-homed server with Host IPS / AV • Router with packet filter ACLs • Two-port Firewall • Router + Firewall combination • See NISCC Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks, NISCC and BCIT, Feb 2005
Web Services Operations Application Server Historian Mirror DMZ DMZ—Logical View Patch Mgmt AV Proxy Terminal Services No Direct Traffic Emergency Disconnect Emergency Disconnect Multiple Functional Sub-Zones VPN IPS Scan FW AV Host AV Proxy Host IPS IDS IDS
DMZ Design Principles • DMZ contains non-critical systems • Multiple functional security sub-zones • Traffic between sub-zones undergoes firewall (& IPS or IDS) • DMZ is only path in/out of Control Zone • Default deny for all firewall interfaces • No direct traffic across DMZ • No control traffic to outside • Limited outbound traffic from Control Zone • Very limited inbound traffic to Control Zone • No common ports between outside & inside • Emergency disconnect at inside or outside • No network management from outside • Cryptographic VPN and Firewall to all 3rd party connections
DMZ Implementation (1) DMZ LAN 3 DMZ LAN 4 DMZ LAN 2 NAT Routing FW IPS Security Appliance With Multiple Ports DMZ/Control Interconnect WAN/LAN Enterprise LAN Anti-Virus Proxy Host IPS / Anti-virus
DMZ Implementation (2) dot1q trunk DMZ VLAN 3 DMZ VLAN 4 DMZ VLAN 2 NAT Routing FW IPS VLAN Security Appliance VLAN-capable L2 switch DMZ/Control Interconnect WAN/LAN Enterprise LAN Anti-Virus Proxy Host IPS / Anti-virus NOT L3!
DMZ Implementation • Sub-zones implemented by physical LANs or VLANs – Physical LANs require multi-port Security Appliance – VLANs require: • VLAN-capable Security Appliance and Switch • anti-VLAN hopping protections on switch and FW • NO L3 (routing) on switch • FW implements policy between – DMZ LANs, Enterprise Zone, Control Zone • Anti-virus proxy controls outbound HTTP and/or FTP access to enterprise or Internet resources • Host IPS and/or Host Anti-virus protects DMZ servers
Remote Access DMZ AAA Server Certificate Authority Terminal Services DMZ/Control Interconnect WAN/LAN Enterprise LAN Remote Access Pool Remote Access VPN
Remote Access • Security Appliance terminates Host-to-site VPN into remote access pool – IPSEC VPN, SSL VPN, PPTP VPN • Authenticates user via: – AAA server, LDAP, Active Directory, etc. – Can enforce use of multi-factor hardware token • Time-varying password tokens for vendor access • Clients use VNC, Citrix, or Remote Desktop (RDP) to connect to Terminal Server • Then VNC, Citrix, RDP, or Control System Apps to Control System Servers
Control Zone—Logical View Batch Control Discrete Control Supervisory Control Hybrid Control Supervisory Control Production Control Historian Optimizing Control Engineering Station Continuous Control Site Operations and Control Area Supervisory Control Basic Control Process Control Zone Level 3 Level 1 Level 0 Level 2 HMI HMI DMZ
Control Zone Design Principles • Multiple functional security sub-zones • Firewall and IDS between sub-zones • Minimal number of connections to DMZ • Control Zone independent of DMZ, Enterprise – Separate Security Appliance from DMZ – Separate Time Server – Separate AAA – Allows emergency disconnect from DMZ • Cryptographic VPN and Firewall to all offsite IP connections (Field Site or Partner) • IEEE P1711 for all offsite serial ICS connections • Host IDS, Host AV, or app whitelisting where feasible • Management only from management zone
Control Zone Implementation—Hierarchical • Fast routing between VLANs via L3 switch • ACLs between VLANs but no Stateful Firewall Level 1 Level 2 Level 3 Control Zone dot1q Trunks L3 L3 L2 L2 QoS, Shaping, Policing Port Security Gigabit 10/100 DMZ/Control Interconnect WAN/LAN SPAN IDS Scan FW FW Host IDS Host AV
Control Zone Implementation—Ring • Ring reduces wiring for linear sites like power dams • but spanning tree can have problems with large rings Level 1 Level 2 Level 3 Control Zone dot1q Trunks L3 L3 L2 L2 QoS, Shaping, Policing Port Security Gigabit 10/100 DMZ/Control Interconnect WAN/LAN SPAN IDS Scan FW FW Host IDS Host AV
Firewall IDS/IPS Client VPN Proxy Network AV Host IDS/IPS NAC Site-to-site VPN DMZ Perimeter Protection in Utilities
IDS Port Scan Vuln Scan Firewall NAC SCADA VPN Firewall SCADA VPN Port Scan IDS Interior Protection in Utilities
Log Analyze Report Compliance Managed Security Monitor, Log, Analyze, Report
• Planning, processes, procedures, physical security, etc. are also important • NERC CIP Regulatory Requirements provide reasonably good guidance in this area: • CIP-001: Sabotage Reporting • CIP-002: Critical Cyber Asset Identification • CIP-003: Security Management Controls • CIP-004: Personnel & Training • CIP-005: Electronic Security Perimeters • CIP-006: Physical Security • CIP-007: Systems Security Management • CIP-008: Incident Reporting & Response Planning • CIP-009: Recovery Plans for Critical Cyber Assets See www.nerc.com -> Standards -> Reliability Standards -> CIP Beyond Network Security
Summary • Today’s ICS are mix of modern and legacy – vulnerabilities due to both lack of security design in legacy and security issues in newer equipment • Defense in depth is essential – both perimeter (DMZ) and interior security are crucial • Regulation and government action is driving change • Smart Grid must be designed with strong security
ACM CCS Tutorial Nov. 2009 Thanks! andrew.wright@n-dimension.com
Standards Efforts • NERC CIPs • NIST Smart Grid Interoperability Standards Project • NIST SP800-82 • NIST SP800-53 • NIST PCSRF Protection Profiles • AMI-SEC • ISA SP99 • ODVA • IEEE P1711 (AGA 12) -- serial SCADA encryption
A Few References • www.nist.gov/smartgrid • Securing Your SCADA and Industrial Control Systems, Version 1.0, DHS, ISBN 0-16-075115-8 • Guide to SCADA and Industrial Control System Security, NIST SP800-82 • ISA99 Industrial Automation and Control Systems Security, www.isa.org/MSTemplate.cfm?MicrositeID=988&Co mmitteeID=6821 • AGA 12/IEEE P1689 SCADA Encryption Standard, scadasafe.sf.net

Recommended

640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotST_World
 
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Schneider Electric
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11Waqas Ahmed Nawaz
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)NCC Group
 

Recommended

640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotST_World
 
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Schneider Electric
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11Waqas Ahmed Nawaz
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)NCC Group
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfThangDang53
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5FRSecure
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01EduclentMegasoftel
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romneywoyaoni
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and datagocybersec
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT GatewayLF Events
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Digital Bond
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore developmentgmaran23
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael FirstenbergTI Safe
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
Information systems security(1)
Information systems security(1)Information systems security(1)
Information systems security(1)Sandeep Agarwal
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskInductive Automation
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskInductive Automation
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 

More Related Content

Similar to Power Grid Communications & Control Systems

Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfThangDang53
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5FRSecure
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romneywoyaoni
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and datagocybersec
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT GatewayLF Events
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Digital Bond
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore developmentgmaran23
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael FirstenbergTI Safe
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
Information systems security(1)
Information systems security(1)Information systems security(1)
Information systems security(1)Sandeep Agarwal
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskInductive Automation
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskInductive Automation
 

Similar to Power Grid Communications & Control Systems (20)

Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden Threat
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romney
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrol
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
Information systems security(1)
Information systems security(1)Information systems security(1)
Information systems security(1)
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
 

Recently uploaded

Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 

Recently uploaded (20)

Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 

Power Grid Communications & Control Systems

  • 1. Cyber Security Solutions For <Client Name> Cyber Security for the Power Grid: Cyber Security Issues & Securing Control Systems Andrew Wright CTO, N-Dimension andrew.wright@n-dimension.com ACM CCS Conference Tutorial Nov. 2009
  • 2. Power Grid Communications & Control Systems borrowed from NIST Smart Grid Twiki Internet Control Systems
  • 3. Agenda • High-Level – Industrial Control Systems and Cyber Security Issues – Securing Control Systems • Detailed – Security Issues in Industrial Control Systems – Today’s Threats – Securing Control Systems
  • 4. A Control System Sensor(s) + Actuator(s) + Controller(s)
  • 5. Types of Industrial Control Systems (ICS) Supervisory Control And Data Acquisition (SCADA) Automation Process Control Systems (PCS) Distributed Control Systems (DCS)
  • 6. Historical ICS • Proprietary • Complete vertical solutions • Customized • Specialized communications – Wired, fiber, microwave, dialup, serial, etc. – 100s of different protocols – Slow; e.g. 1200 baud • Long service lifetimes: 15–20 years • Not designed with security in mind
  • 7. Third Party Controllers, Servers, etc. Serial, OPC or Fieldbus Engineering Workplace Device Network Firewall Services Network Third Party Application Server Application Server Historian Server Workplaces Enterprise Optimization Suite Mobile Operator Connectivity Server Control Network Redundant Enterprise Network Serial RS485 Modern ICS Trends IP Internet Enterprise Network
  • 8. Technology Trends in ICS • COTS (Commercial-Off-The-Shelf) technologies – Operating systems—Windows, WinCE, embedded RTOSes – Applications—Databases, web servers, web browsers, etc. – IT protocols—HTTP, SMTP, FTP, DCOM, XML, SNMP, etc. – Networking equipment—switches, routers, firewalls, etc. • Connectivity of ICS to enterprise LAN – Improved business visibility, business process efficiency – Remote access to control center and field devices • IP Networking – Common in higher level networks, gaining in lower levels – Many legacy protocols wrapped in TCP or UDP – Most new industrial devices have Ethernet ports – Most new ICS architectures are IP-based
  • 9. New IP-Based Industrial Control Systems • ODVA (Rockwell) • Profinet • Foundation Fieldbus HSE • Telvent • ABB 800xA • Honeywell Experion • Emerson DeltaV • Yokogawa VNET/IP • Invensys Infusion • Survalent • IP to the Control Network or even Device Network • Not all are fully compatible with “ordinary IP”
  • 10. Security Risks to Modern ICS • COTS + IP + connectivity = many security risks • All of those of Enterprise networks and more Worms and Viruses Legacy OSes and applications DOS and DDOS impairing availability Inability to limit access Unauthorized access Inability to revoke access Unknown access Unexamined system logs Unpatched systems Accidental misconfiguration Little or no use of anti-virus Improperly secured devices Limited use of host-based firewalls Improperly secured wireless Improper use of ICS workstations Unencrypted links to remote sites Unauthorized applications Passwords sent in clear text Unnecessary applications Default passwords Open FTP, Telnet, SNMP, HTML ports Password management problems Fragile control devices Default OS security configurations Network scans by IT staff Unpatched routers / switches
  • 11. When ICS Security Fails • Loss of production • Penalties • Lawsuits • Loss of public trust • Loss of market value • Physical damage • Environmental damage • Injury • Loss of life • USSR pipeline explosion, 1982 • Bellingham pipeline rupture, 1999 • Queensland sewage release, 2000 • Davis Besse nuclear plant infection, 2003 • Northeast USA blackout, 2003 • Browns Ferry nuclear plant scram, 2006 $$$.$$
  • 12. ACM CCS Tutorial Nov. 2009 So How Do We Secure Industrial Control Systems?
  • 13. There is No Silver Bullet! No Silver Bullet!
  • 14. Defense in Depth • Perimeter Protection – Firewall, IPS, VPN, AV – Host IDS, Host AV – DMZ • Interior Security – Firewall, IDS, VPN, AV – Host IDS, Host AV – IEEE P1711 (AGA 12) – NAC – Scanning • Monitoring • Management IDS Intrusion Detection System IPS Intrusion Prevention System DMZ DeMilitarized Zone VPN Virtual Private Network (cryptographic) AV Anti-Virus (anti-malware) NAC Network Admission Control
  • 15. Internet Enterprise Network Control Network Field Site Field Site Field Site Partner Site VPN VPN FW FW IPS IDS IT Stuff Scan AV FW IPS P1711 FW AV Host IPS Host AV Proxy Host IDS Host AV IDS Scan NAC NAC 62351 Log Mgmt Event Mgmt Reporting 50000 Foot View IT Stuff VPN
  • 16. ACM CCS Tutorial Nov. 2009 Security Issues in Industrial Control Systems
  • 17. Availability, Integrity and Confidentiality • Enterprise networks require C-I-A – Confidentiality of intellectual property matters most • ICS requires A-I-C – Availability and integrity of control matters most – control data has low entropy—little need for confidentiality – Many ICS vendors provide six 9’s of availability • Ensuring availability is hard – Cryptography does not help (directly) – DOS protection, rate limiting, resource management, QoS, redundancy, robust hardware with high MTBF • Security must not reduce availability!
  • 18. DoS and DDoS Attacks • Denial of Service (DoS) attack overwhelms a system with too many packets/requests – Exhausts TCP stack or application resources – Defenses include connection limits in firewall • Distributed Denial of Service (DDoS) attack coordinates a botnet to overwhelm a target system – No single point of attack – Requires sophisticated, coordinated defenses – Weapon of choice for hackers, hacktivists, cyber-extortionists • DoS, DDoS particularly effective when Availability is critical, i.e. against ICS
  • 19. Fragile ICS Devices • Many IP stack implementations are fragile – Some devices lockup on ping sweep or NMAP scan – Numerous incidents of ICS shut down by uninformed IT staff running a well-intentioned vulnerability scan • Modern ICS devices are much more complex – Some IEDs include web server for configuration and status – More lines of code leads to more bugs – Modern IEDs require patching just like servers
  • 20. Unpatched Systems • Many ICS systems are not patched current – Particularly Windows servers – No patches available for older versions of windows • OS and application patches can break ICS – OS patches are tested for enterprise apps • Uncertified patches can invalidate warranty • Patching often requires system reboot • Before installation of a patch: – Vendor certification—typically one week – Lab testing by operator – Staged deployment on less critical systems first – Avoid interrupting any critical process phases
  • 21. Limited use of Host Anti-Virus • AV operations can cause significant system disruption at inopportune times – 3am is no better than any other time for a full disk scan on a system that operates 24x7x365 • ICS vendors only beginning to support anti-virus – Anti-virus is only as good as the signature set – Signatures may require testing just like patches • AV may be losing ground in enterprise deployments – impact on hosts, endpoint security not getting better – virus writers have learned to test against dominant AV • application whitelisting can be a good alternative – enumerate goodness rather than badness
  • 22. Poor Authentication and Authorization • Machine-to-machine comms involve no “user” • Many ICS have poor authentication mechanisms and very limited authorization mechanisms • Many protocols use cleartext passwords • Many ICS devices lack crypto support • Sometimes passwords left at vendor default • Device passwords are hard to manage appropriately – Often one password is shared amongst all devices and all users and seldom if ever changed – This is happening AGAIN in Smart Meter deployments!
  • 23. Poor Audit and Logging • Many ICS have poor or non-existent support for logging security-related actions – Attempted or successful intrusions may go unnoticed • Where IDS logs are kept, they are often not reviewed • Various regulatory requirements are driving some change in this area – NERC—North American Electric Reliability Corporation – FERC—Federal Energy Regulatory Commission – Sarbanes Oxley and PCAOB (Public Company Accounting Oversight Board) – FISMA—Federal Information Security Management Act
  • 24. Unmanned Field Sites • Many unmanned field sites • Many with dialup access • Some with high-speed connectivity to control center • Most with poor authentication and authorization backdoor to the control center!
  • 25. Legacy Equipment • Much legacy equipment • Usually impossible to update to add security features • Difficult to protect legacy communications – but see IEEE P1711 for serial encryption • Password protection is weak • Little or no audit and logging
  • 26. Unauthorized Applications • Unauthorized apps installed on ICS systems can interfere with ICS operation • Many types of unauthorized apps have been found during security audits – Instant messaging – P2P file sharing – DVD and MPEG video players – Games, including Internet-based – Web browsers
  • 27. Inappropriate Use of ICS Desktops • Web browsing from HMI can infect ICS – Browser vulnerabilities – Downloads – Cross-site scripting – Spyware • Email to/from control servers can infect ICS – Sendmail and outlook vulnerabilities • Disk storage exhaustion can crash OS – Storage of music, videos
  • 28. Little or No Cyber Security Monitoring • internal monitoring is essential to detect low profile compromises – IDS – port scanning – vulnerability scanning – system audit • without internal monitoring don’t know whether systems have been compromised
  • 29. Requirement for 3rd Party Access • Firmware updates and PLC, IED programming are sometimes done by vendor – Many ICS have open maintenance ports – Infected vendor laptops can bring down ICS • Partners may require continuous status information – Partner access is often poorly secured – Partner channels can serve as backdoors • 3rd parties may include: – ISO, transmission provider or grid neighbor, equipment vendor, emissions monitoring service or agency, water level monitoring agency, vibration monitoring service, etc.
  • 30. People Issues • ICS network often managed by “Control Systems Department”, distinct from “IT Department” running enterprise network – ICS personnel are not IT or networking experts – IT personnel are not ICS experts • Majority of control systems workforce is older and nearing retirement – Few young people entering this field – Few academic programs
  • 31. Harsh Environments • Temperature • Vibration • Dust • Humidity • Electrical Transients
  • 32. Attack Vectors into Control Systems Includes Infected Laptops and Is Growing Source: 2003–2006 data from Eric Byres, BCIT
  • 33. Security Assessments on ICS • Various groups perform security assessments and penetration tests on ICS (generally under NDA) – Idaho National Labs – Sandia National Labs – N-Dimension Solutions – Other private organizations • Vulnerability assessments always uncover problems • For penetration tests, we always get in – Not a question of “if”, but “how long”
  • 34. Other Issues • Unusual physical topologies • Many special purpose, limited function devices • Static network configurations • Multicast • Long service lifetimes
  • 35. For More Information ... • See Smart Grid Cyber Security Strategy and Requirements, NISTIR 7628, www.nist.gov/smartgrid – particularly Appendices C and D
  • 36. ACM CCS Tutorial Nov. 2009 Today’s Threats
  • 37. Hiroshima, 2.0 – Cyberspying of the US Electric Grid (April 09) Cyberspies penetrate electrical grid (April 09) 'Smart Grid' vulnerable to hackers (March 09) CIA: Hackers Have Attacked Foreign Utilities (Jan 2008) President Obama: securing the electric infrastructure is a national security priority (June 09) Smart Grid Security Frenzy: Cyber War Games, Worms and Spies in Smart Grid (June 09) earth2tech.com Intense Media Visibility on the Cyber Security Issue
  • 38. Limited Information About Incidents • Little information sharing about actual attacks – BCIT incident database has about 30 incidents per year vs. 100s of thousands of incidents per year in CERT database – Few cyber attacks on ICS for which details are public • Little information sharing about actual vulnerabilities – some are not easily or rapidly fixed – assessments are done under NDA • Difficult to estimate risk – Difficult to demonstrate ROI for security spending • But… lots of data about significant financial losses in enterprise and e-commerce – Why would control systems be immune?
  • 40. Attacks Can Cause Similar Results INL National Lab Aurora Demonstration, March 2007
  • 41. Regulators provide Smart Grid Stimulus Funding criteria - cyber security is mandatory (June 09) FERC releases Smart Grid Policy - cyber security mandatory for Utility rate recovery (July 09) Strengthened Cyber Security Standards Approved for North American Utilities (May 09) AMI-SEC working group developed security requirements for AMI AMI-SEC Task Force NIST developing interoperability and security standards for Smart Grid Ontario Green Energy Act Drives Smart Grid With Security (May 09) Cyber Security Regulatory Requirements
  • 42. ACM CCS Tutorial Nov. 2009 Securing Control Systems
  • 43. Adversaries • Script kiddies • Hackers • Organized crime • Disgruntled insiders • Competitors • Terrorists • Hactivists • Eco-terrorists • Nation states
  • 44. How an Attack Proceeds—Step #1 Internet Modem Pool Web Server Email Server Business Workstation Data Historian Engineering Workstation FEP RTU Control System Network Enterprise Network Database Server Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED IED Web Server Management Console HMI
  • 45. How an Attack Proceeds—Step #2 Internet Modem Pool Web Server Business Workstation Data Historian Engineering Workstation FEP RTU Control System Network Enterprise Network Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED IED Web Server Management Console HMI Email Server Database Server
  • 46. How an Attack Proceeds—Step #3 Internet Modem Pool Web Server Business Workstation Data Historian Engineering Workstation FEP RTU Control System Network Enterprise Network Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED IED Web Server Management Console HMI Email Server Database Server
  • 47. How an Attack Proceeds—Step #4 Internet Modem Pool Web Server Web Server Business Workstation Data Historian Management Console HMI Engineering Workstation FEP RTU Control System Network Enterprise Network Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED IED Vendor Web Server Email Server Database Server
  • 48. How an Attack Proceeds—Step #5 Internet Modem Pool Web Server Web Server Business Workstation Data Historian Management Console HMI Engineering Workstation FEP RTU Control System Network Enterprise Network Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED IED Vendor Web Server Email Server Database Server
  • 49. How an Attack Proceeds—Step #6 Internet Modem Pool Web Server Web Server Business Workstation Data Historian Management Console HMI Engineering Workstation FEP RTU Control System Network Enterprise Network Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED IED Email Server Database Server
  • 50. How an Attack Proceeds—Step #7 Internet Modem Pool Web Server Web Server Business Workstation Data Historian Management Console HMI Engineering Workstation FEP RTU Control System Network Enterprise Network Domain Name Server (DNS) enterprise Firewall ICS Firewall Attacker IED Email Server IED Database Server
  • 51. Defending ICS • Separate control network from enterprise network – Harden connection to enterprise network – Protect all points of entry with strong authentication – Make reconnaissance difficult from outside • Harden interior of control network – Make reconnaissance difficult from inside – Avoid single points of vulnerability – Frustrate opportunities to expand a compromise • Harden field sites and partner connections – mutual distrust • Monitor both perimeter and inside events • Periodically scan for changes in security posture
  • 52. Internet Enterprise Network Control Network Field Site Field Site Field Site Partner Site VPN VPN FW FW IPS IDS IT Stuff Scan AV FW IPS P1711 FW AV Host IPS Host AV Proxy Host IDS Host AV IDS Scan NAC NAC 62351 Log Mgmt Event Mgmt Reporting 50000 Foot View IT Stuff VPN
  • 53. Logical Overlay on SP99 / Purdue Model of Control Site Business Planning and Logistics Network Batch Control Discrete Control Supervisory Control Hybrid Control Supervisory Control Enterprise Network Patch Mgmt Web Services Operations AV Server Application Server Email, Intranet, etc. Production Control Historian Optimizing Control Engineering Station Continuous Control Terminal Services Historian (Mirror) Site Operations and Control Area Supervisory Control Basic Control Process Control Zone Enterprise Zone DMZ Level 5 Level 3 Level 1 Level 0 Level 2 Level 4 HMI HMI
  • 54. Logical Architecture • Enterprise Zone contains typical business systems – Email, web, office apps, etc. • DMZ provides business connectivity – Contains only non-critical systems that need access to both Control and Enterprise Zones – Enforces separation between Enterprise and Control Zones – Consists of multiple functional sub-zones • Separated by Firewall, IPS, Anti-Virus, etc. • Control Zone demarcates critical control systems – Consists of multiple functional sub-zones • Internally protected by Firewall, IDS, Anti-Virus, etc.
  • 55. How NOT to connect Control / Enterprise • Dual-homed server • Dual-homed server with Host IPS / AV • Router with packet filter ACLs • Two-port Firewall • Router + Firewall combination • See NISCC Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks, NISCC and BCIT, Feb 2005
  • 57. DMZ Design Principles • DMZ contains non-critical systems • Multiple functional security sub-zones • Traffic between sub-zones undergoes firewall (& IPS or IDS) • DMZ is only path in/out of Control Zone • Default deny for all firewall interfaces • No direct traffic across DMZ • No control traffic to outside • Limited outbound traffic from Control Zone • Very limited inbound traffic to Control Zone • No common ports between outside & inside • Emergency disconnect at inside or outside • No network management from outside • Cryptographic VPN and Firewall to all 3rd party connections
  • 58. DMZ Implementation (1) DMZ LAN 3 DMZ LAN 4 DMZ LAN 2 NAT Routing FW IPS Security Appliance With Multiple Ports DMZ/Control Interconnect WAN/LAN Enterprise LAN Anti-Virus Proxy Host IPS / Anti-virus
  • 59. DMZ Implementation (2) dot1q trunk DMZ VLAN 3 DMZ VLAN 4 DMZ VLAN 2 NAT Routing FW IPS VLAN Security Appliance VLAN-capable L2 switch DMZ/Control Interconnect WAN/LAN Enterprise LAN Anti-Virus Proxy Host IPS / Anti-virus NOT L3!
  • 60. DMZ Implementation • Sub-zones implemented by physical LANs or VLANs – Physical LANs require multi-port Security Appliance – VLANs require: • VLAN-capable Security Appliance and Switch • anti-VLAN hopping protections on switch and FW • NO L3 (routing) on switch • FW implements policy between – DMZ LANs, Enterprise Zone, Control Zone • Anti-virus proxy controls outbound HTTP and/or FTP access to enterprise or Internet resources • Host IPS and/or Host Anti-virus protects DMZ servers
  • 62. Remote Access • Security Appliance terminates Host-to-site VPN into remote access pool – IPSEC VPN, SSL VPN, PPTP VPN • Authenticates user via: – AAA server, LDAP, Active Directory, etc. – Can enforce use of multi-factor hardware token • Time-varying password tokens for vendor access • Clients use VNC, Citrix, or Remote Desktop (RDP) to connect to Terminal Server • Then VNC, Citrix, RDP, or Control System Apps to Control System Servers
  • 64. Control Zone Design Principles • Multiple functional security sub-zones • Firewall and IDS between sub-zones • Minimal number of connections to DMZ • Control Zone independent of DMZ, Enterprise – Separate Security Appliance from DMZ – Separate Time Server – Separate AAA – Allows emergency disconnect from DMZ • Cryptographic VPN and Firewall to all offsite IP connections (Field Site or Partner) • IEEE P1711 for all offsite serial ICS connections • Host IDS, Host AV, or app whitelisting where feasible • Management only from management zone
  • 65. Control Zone Implementation—Hierarchical • Fast routing between VLANs via L3 switch • ACLs between VLANs but no Stateful Firewall Level 1 Level 2 Level 3 Control Zone dot1q Trunks L3 L3 L2 L2 QoS, Shaping, Policing Port Security Gigabit 10/100 DMZ/Control Interconnect WAN/LAN SPAN IDS Scan FW FW Host IDS Host AV
  • 66. Control Zone Implementation—Ring • Ring reduces wiring for linear sites like power dams • but spanning tree can have problems with large rings Level 1 Level 2 Level 3 Control Zone dot1q Trunks L3 L3 L2 L2 QoS, Shaping, Policing Port Security Gigabit 10/100 DMZ/Control Interconnect WAN/LAN SPAN IDS Scan FW FW Host IDS Host AV
  • 67. Firewall IDS/IPS Client VPN Proxy Network AV Host IDS/IPS NAC Site-to-site VPN DMZ Perimeter Protection in Utilities
  • 68. IDS Port Scan Vuln Scan Firewall NAC SCADA VPN Firewall SCADA VPN Port Scan IDS Interior Protection in Utilities
  • 70. • Planning, processes, procedures, physical security, etc. are also important • NERC CIP Regulatory Requirements provide reasonably good guidance in this area: • CIP-001: Sabotage Reporting • CIP-002: Critical Cyber Asset Identification • CIP-003: Security Management Controls • CIP-004: Personnel & Training • CIP-005: Electronic Security Perimeters • CIP-006: Physical Security • CIP-007: Systems Security Management • CIP-008: Incident Reporting & Response Planning • CIP-009: Recovery Plans for Critical Cyber Assets See www.nerc.com -> Standards -> Reliability Standards -> CIP Beyond Network Security
  • 71. Summary • Today’s ICS are mix of modern and legacy – vulnerabilities due to both lack of security design in legacy and security issues in newer equipment • Defense in depth is essential – both perimeter (DMZ) and interior security are crucial • Regulation and government action is driving change • Smart Grid must be designed with strong security
  • 72. ACM CCS Tutorial Nov. 2009 Thanks! andrew.wright@n-dimension.com
  • 73. Standards Efforts • NERC CIPs • NIST Smart Grid Interoperability Standards Project • NIST SP800-82 • NIST SP800-53 • NIST PCSRF Protection Profiles • AMI-SEC • ISA SP99 • ODVA • IEEE P1711 (AGA 12) -- serial SCADA encryption
  • 74. A Few References • www.nist.gov/smartgrid • Securing Your SCADA and Industrial Control Systems, Version 1.0, DHS, ISBN 0-16-075115-8 • Guide to SCADA and Industrial Control System Security, NIST SP800-82 • ISA99 Industrial Automation and Control Systems Security, www.isa.org/MSTemplate.cfm?MicrositeID=988&Co mmitteeID=6821 • AGA 12/IEEE P1689 SCADA Encryption Standard, scadasafe.sf.net

Editor's Notes

  1. These are functional groupings, not ownership groupings Internet (blue) has touch points with many power grid systems, but there are still significant communications and networks that are not the Internet I will look at various types of Industrial Control Systems (red) used in Generation, Transmission, and Distribution ...
  2. Supervisory Control and Data Acquisition (SCADA) Large distances, supervisory control, non-real-time (minutes) Used in power (transmission and distribution), gas, oil, water, wastewater, rail, etc. Process Control Systems (PCS) Closed loop, central control, near real-time (seconds) Used in refining, chemical, food, pharmaceutical, etc. Distributed Control Systems (DCS) Similar to PCS but multiple controllers physically close to processes Used in generation, manufacturing, refining, chemical, food, pharmaceutical, etc. Automation aka Discrete Control Similar to DCS, real-time (milliseconds)
  3. the slogan “tomorrow’s technology today” of high-tech industries is turned around in the control systems world to “yesterday’s technology tomorrow”. “security” in power usually means reliability of the grid there is a big difference between “robust to accidental events” and “robust to intentional engineered attacks”
  4. at the bottom, IEDs are usually connected to sensors and controllers by automation networks such as HART, Fieldbus, Profibus, or increasingly by Ethernet although one process control vendor already offering IPV6 wireless on battery-powered sensors next level of network consists of ICS master and systems used for operating and managing the ICS next level of network provides advanced applications, such as optimization and gateways to the enterprise network Adoption of COTS (Commercial-Off-The-Shelf) technologies Operating systems—Windows, WinCE, various embedded RTOSes Applications—Databases, web servers, web browsers, etc. IT protocols—HTTP, SMTP, FTP, DCOM, XML, SNMP, etc. COTS software and systems have more capabilities and are cheaper than proprietary systems, and do not leave vendors stranded on out-of-date technology Connectivity of ICS to enterprise LAN Improved business visibility, business process efficiency: eg. supply chain management, production scheduling, order tracking, and fault monitoring (optimize part and supply sourcing, schedule production to better meet business requirements and avoid contract penalties) Remote access to control center and field devices: eg. remote diagnosis and repair, reduction of personnel at remote sites Adoption of IP Networking Common in higher level networks, gaining in lower levels Many legacy protocols wrapped in TCP or UDP Most new industrial devices have Ethernet ports IP penetrating into lower levels of ICS networks due to greater performance, lower cost, more capabilities than proprietary networks Ease of connectivity to other systems Greater performance Lower cost Interoperability Future proofing rate at which these trends are progressing varies between ICS and process control and between control center, communications, and field devices
  5. trends relevant to networking and security rate at which these trends are progressing varies between ICS and process control and between control center, communications, and field devices connectivity improves business efficiency by better supply chain management, just-in-time production, order tracking, fault monitoring, etc. in addition to direct optimization of process itself IP networking: Ease of connectivity to other systems Greater performance Lower cost Interoperability Future proofing
  6. trojan code inserted by CIA into pipeline control software stolen by USSR caused largest non-nuclear explosion ever observed from space 16” gasoline pipeline ruptured and ignited due to combination of backhoe and non-responsive ICS system, causing fires for 1.5 miles along a creek, 3 deaths, $45M, water treatment plant seriously contaminated disgruntled employee used ICS to release 250,000 gals. sewage slammer worm infected David Besse nuclear plant via contractor’s T1 line, disabled safety systems, fortunately plant was offline blaster worm not primary cause but partly contributed to northeast blackout, economic cost $7-10 Billion, note 2% of US generation has blackstart capability Browns Ferry: root cause of the event was the malfunction of the VFD controller because of broadcast storm on the plant ICS network, possibly due to a malfunctioning, broadcasting PLC Browns Ferry: corrective actions included developing a network firewall device that limits the connections and traffic to any potentially susceptible devices on the plant ICS network
  7. There is no silver bullet! not crunchy on the outside, soft and chewy on the inside Scanning – port scanning, vulnerability scanning, arp scanning, wifi scanning
  8. importance of availability and integrity impacts security of ICS in a number of ways that we will look at shortly six 9’s means 99.9999% available Cisco IP telephony is five 9’s Bellingham security must not reduce availability – expiry of VPN tunnel certificates, forgotten password, etc.
  9. botnet is a collection of computers with backdoor, installed by virus or worm, that can be remotely and anonymously controlled botnets may consist of home PCs without proper firewall and antivirus, but many have also been found within the enterprise networks of large corporations explain e-commerce website extortion attack
  10. Browns Ferry
  11. No patches available for windows NT, 98, ME Windows 2000 supported only until 2010 Cisco and other released a patch for TCP support Sept 2009 (DOS prevention)
  12. Queensland extreme example: password limited to 3 uppercase characters
  13. SoX passed in response to scandals like Enron, relates to financial accounting, and the PCAOB auditing standard #2 states “IT Controls should be tested, including controls over relevant assertions related to all significant accounts and disclosures in the financial statements”
  14. especially browsing the seedier parts of the web
  15. Davis Besse
  16. IT department may not want ICS department to have a firewall as this will impede their visibility into and management of ICS network ICS personnel are not IT or networking experts not familiar with advanced networking issues IT personnel are not ICS experts not familiar with different requirements of ICS may not understand why enterprise security policies cannot be applied to ICS
  17. motor activated breaker that is not meant to be used when a line is energized, but was opened under a 100 amp load for this experiment. Normally this line carries 2000 amps.
  18. extreme environments: heat, cold, dust, vibration, moisture, explosive or flammable gas physical topologies: not building, but star, mesh, bus, and particularly ring, eg. hydro dam special purpose devices (IEDs) cannot run antivirus, NAC clients, etc. multicast is not one to many, but many to a few each long service lifetimes: SEL 10 year warranty
  19. <START> Media visibility on this issue started a couple of years ago with CNN coverage of a Homeland Security demonstration showing how easy it is to hack into the grid and destroy a generating plant. Since then the media has been increasing the visibility of the issue … First article described how a smart meter network can be easily hacked into (with $500 of equipment) to turn off power in entire communities and cities.
  20. BCIT database (British Columbia Institute of Technology, Eric Byres) requires contribution in order to obtain access business losses to cyber events number in the Billions of dollars annually financials estimate that 2% of incidents that occur are actually reported due to concern for reputation and stock price, and this is likely also true for ICS
  21. accidents happen and can have pretty severe consequences fault in a capacitor bank in a residential substation, protection relay fails to trip, overloads a transformer, which vents superheated and vaporized cooling oil, which ignites ...
  22. Cooper power systems makes a REID relay that prevents this specific attack
  23. <START> Based on: the report of the black-out of 2003 national security concerns recognition that today’s existing electric grid is vulnerable (1980’s level security) There have been extensive cyber security regulatory and standards development initiatives which are driving business opportunity for N-Dimension 1st point: We have just completed assisting Utilities in the US with their stimulus applications and for us this represented a total of $4M of product quotations N-Dimension is on the committees that is driving the standards for the industry (last 4 points)
  24. where were we (in the talk), where are we going questions
  25. ICS have been compromised by script kiddies and used to store digital music and movies - most likely the kiddies either did not realize or did not care what type of system they were into talks and hacking demonstrations of ICS are beginning to show up at conferences like Black Hat, Defcon organized crime has created a thriving market for zero-day vulnerabilities and botnets disgruntled insiders, whether fired or on strike, know best how to damage the ICS and have the necessary access competitors could use ICS information to manipulate spot markets - anybody remember ENRON? information about ICS systems found on Al Queda computers seized in Afghanistan renewed calls from Al-Queda for specific attacks on oil infrastructure to reduce oil flow to US industries that frequently attract the ire of eco-terrorists tend to be heavy users of ICS other nations have been mapping US infrastructure for over 10 years, and most nations, including the US, now have a cyberwar capability
  26. no security thru obscurity
  27. this is just one attack scenario of many possible
  28. DMZ is somewhat similar to enterprise DMZ but has rather different security properties purpose of DMZ is to provide STRONG separation between enterprise and control zones DMZ contains only non-critical systems that provide enterprise visibility and connectivity fully switched network
  29. this slide is in your packet
  30. firewall is still logical view NO direct traffic permitted between enterprise and control zone all inbound and outbound traffic must stop at a server in DMZ operations like patch installation must be two-stage process remote administration must go thru a terminal or application server different colored networks are different sub-zones traffic permitted between enterprise, DMZ, and control zones and between different sub-zones only as needed multiple functional sub-zones help contain spread of a worm infection, limit sniffing and scanning by attackers, and aid in management of firewall rules
  31. no direct traffic + no common ports stops worms like slammer sub-zones and limited communication slows infection spread and makes network mapping by attackers more difficult control, DMZ independence requires domain servers, AAA, etc. in both zones guest NAC since enterprise zone may not do NAC DMZ independent of Enterprise and Control Zones to allow remediation while disconnected
  32. Cisco ASA 5520 or 5540 with Advanced Inspection Module (IPS) Signatures for DNP3, Modbus, ICCP Sub-zones implemented by VLANs All inter-VLAN routing done by ASA L2 switch must be Cisco switch and properly configured to prevent VLAN hopping ACLs on ASA implement policy between DMZ VLANs, Enterprise Zone, Control Zone Cisco Security Agent (CSA) on DMZ servers Signature-less host-based IPS Optional active-standby redundancy DMZ servers can use dual NICs with teaming drivers Optional separate hardware firewall, IOS-based for different implementation, could be managed by IT
  33. Cisco ASA 5520 or 5540 with Advanced Inspection Module (IPS) Signatures for DNP3, Modbus, ICCP Sub-zones implemented by VLANs All inter-VLAN routing done by ASA L2 switch must be Cisco switch and properly configured to prevent VLAN hopping ACLs on ASA implement policy between DMZ VLANs, Enterprise Zone, Control Zone Cisco Security Agent (CSA) on DMZ servers Signature-less host-based IPS Optional active-standby redundancy DMZ servers can use dual NICs with teaming drivers Optional separate hardware firewall, IOS-based for different implementation, could be managed by IT
  34. implementing sub-zones with physically separate ports may require more expensive ASA and/or more L2 switches L2 switch must be Cisco switch to prevent VLAN hopping teaming drivers with dual DMZ switches for redundancy separate firewall defends against ASA misconfiguration, overload, vulnerabilities ASA 5520 or 5540 with AIM and at least 4 VLANs, one for management, 3 for DMZ sub-zones, or 6+ ports optional separate, different implementation firewall defends against ASA compromise or misconfiguration this slide is in your packet
  35. this slide is in your packet
  36. user-based ACLs to enforce RBAC on user
  37. this slide is in your packet
  38. multiple sub-zones, like in DMZ, grouping systems with related functionality optional firewall and IDS between sub-zones if used, IDS, not IPS, to ensure that false positives do not block critical control traffic security management (CSM) and security correlation (MARS) in control zone (these security-critical functions should be given maximum protection and thus NOT placed in DMZ)
  39. independence necessary to allow disconnection sub-zones and limited communication slows infection spread and makes network mapping more difficult control zone independence requires domain servers, AAA, etc. in zone port security prevents someone with physical access from connecting a rogue device QoS, traffic policing mitigate impact of worm or misbehaving control system device this slide is in your packet
  40. VLAN ACLs restrict traffic between different sub-zones to only that needed good for a small number of vlans as with too many the number of ACLs becomes large
  41. VLAN ACLs restrict traffic between different sub-zones to only that needed good for a small number of vlans as with too many the number of ACLs becomes large
  42. where we are, where we are going
  43. ISA - The Instrumentation, Systems, and Automation Society