SlideShare a Scribd company logo

Power Plants Security Webinar Presentation

Certrec
Certrec

Certrec’s Fas Mosleh presents some of the biggest cyber threats currently targeting utilities. This webinar includes examples of attacks on utilities that have happened in recent years and action steps to prevent future breaches. As cyber-attacks from nation-state and domestic threats increase, it is important that power plants meet these threats to avoid costly reputational and equipment damage. For more, visit: https://www.certrec.com/

1 of 50
Download to read offline
Why are Plants so Vulnerable? 1 Fas Mosleh Certrec Alliances, Strategic Marketing - Software, cybersecurity, systems executive - Helped develop HP’s Information security business October 2022 Understanding Cybersecurity Threats within Utilities
Mission: Helping utilities be more reliable and secure for a better, safer grid/BES How: SaaS apps and technology to reduce risk of non-compliance for utilities
3 Key Electric Grid Components Digitization Compliance Cybersec
Agenda • The Security Landscape • Why are Power Plants Vulnerable? • Critical Infrastructure Attacks • Examples of What Went Wrong • Action Steps to Take •Q&A
The Security Landscape
6 1 2 3
Security: Industry Importance 2021 State of the Electric Utility Survey of early 500 utility professionals 7 Utility Dive’s most recent State of the Electric Utility Survey named cyber and physical security the most pressing concerns for utilities, with 72% saying it is either “important” or “very important” today. Figure 2 shows the top five power sector issues. Electric power generation, transmission and distribution are part of the utilities sector (NAICS 22). This sector includes all electric generating facilities powered by fossil fuels, including coal, petroleum, or gas as the power source #1 Concern
Security: Where We Are [IMMINENT THREAT] “Clearly, the threat isn’t on the horizon. It’s already on the doorstep.” Source: Siemens @ WEF 8 Cybersecurity attacks on the energy sector = risk for public safety, economy, business operations and the environment Source: West Monroe survey 67% of utility leaders cited cybersecurity as their top concern of their converged IT and OT network. 1,726 electric utility professionals surveyed WW- gas, solar, wind Source: Siemens
Security: Where We’re Going [INCREASED OCCURRENCES] 9 X5 +70% In 4 years Source: Cisco
10 •Trend No. 1: Attack surface expansion Remote work Public cloud More connected supply chains •Trend No. 2: Identity system defense Misuse of credentials is now a primary method •Trend No. 3: Digital supply chain risk Gartner:by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, X3 in 2021. •Trend No. 4: Vendor consolidation Security products converging. Vendors are consolidating security complexity, cut costs and improve efficiency •Trend No. 5: Cybersecurity mesh Deploy and integrate security to assets, on premises, in data centers or in the cloud. •Trend No. 6: Distributed decisions CISO and centralized role will set policy, with cybersecurity leaders placed in different orgs to decentralize security decisions. •Trend No. 7: Beyond awareness Human error features in most data breaches, Traditional approaches to security awareness training superceded by holistic behavior and culture change programs Security: Where We’re Going [TRENDS]
11 Source PWC 2022 Global Digital Trust Insights Survey
Security Landscape: Who & Why [TOP THREAT ACTORS] 12 Who are They? 1) Nations 2) Cybercriminals Why do They Do it? • Creating Havoc •Aggression Threat-Attack-War • Money • Fame • Fun
13
Security Landscape: How They Do it [MALWARE] 14 Disguised as legitimate code or software. • Trojan Replicates and spreads itself • Worm Needs a human to deploy • Virus Uses your trust as a weapon • Phishing emails [Smishing] Malicious Software
15 Using your trust as a weapon Deeper Dive: Phishing Cyber criminals use your trust to easily gain unauthorized access to your assets
16 Deeper Dive: Phishing Example
17 Do the following to reduce the risk • Do not click on ANY link ….until you review the email carefully, taking note of the sender, and the sender’s domain • Is it real? Check the communication carefully and its source/domain • Ask yourself, “how likely is it that xxxxxxx would have asked me to do this?” • Corroborate via non-email. At the slightest suspicion, contact the sender via phone or text to validate it. Do not reply to the email • Ensure your virus/email scanning programs are up to date. Deeper Dive: Phishing Don’t get caught.
Why are Power Plants Vulnerable? Cybersecurity attacks on the energy sector = a way to attack public safety, the economy, and the environment
19 Merging OT and IT networks Authentication weaknesses [Hackers, Devices] Remote access on the increase Slow installation of security updates Why are Power Plants Vulnerable?: MARS Source: Certrec Market Research
20 MARS: Merging OT and IT Networks IT systems Data-centric computing; OT systems Monitor events, processes and real world devices Analog, isolated, discrete Digital, connected, global OT and IT – Closer than ever
21 MARS: Authentication weaknesses Network-accessible devices with weak or default passwords serve as gateways to more critical systems
22 MARS: Remote access on the increase Entry points for hackers have grown due to IoT devices, remote access via VPNs, and smart phones
23 MARS: Slow installation of security updates Reduced or non-dedicated IT means delayed software security patches and update
24 MARS: Threat Impacts
25 Deeper Dive: Passwords Weak passwords, password-sharing raises the risk of security breaches and damages • Passwords are not to be shared or displayed publicly • No default or weak passwords • If the system has been compromised, change passwords immediately • Use a password policy enforcer
Good Passwords are Long, Complex, Hard to Guess 26 Deeper Dive: Passwords
Critical Infrastructure Examples
28 1. 18000 2. 100 3. 320,000 4. 499/F 500 •Russians compromised ~100 companies inc. Microsoft, Intel and Cisco; • plus a dozen government agencies: US Treasury, Justice and Energy departments and the Pentagon. •Hackers compromised SolarWinds' Orion software build via an already-compromised Microsoft Office 365 account. •Backdoors distributed into user networks once tainted Orion updates were installed. Infrastructure Attacks: Solar Winds
29 1. 5500 2. 5M 3. 100 Attackers got into the Colonial Pipeline network through an exposed password for a VPN account, which used the same password for the VPN in another location ( whose password was compromised in a prior breach.) Infrastructure Attacks: Colonial Pipeline
30 Infrastructure Attacks: Ukraine On December 23, 2015, the power grid of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours During the outage, threat actors flooded customer services phone lines with calls to prevent reporting https://www.bbc.com/news/technology-61085480
31 Sandworm hackers deployed Industroyer2 malware against high-voltage electrical sub-stations in Ukraine + other destructive malware like CaddyWiper. Which is being spread around Ukraine, deletes data on infected computer systems. Infrastructure Attacks: Ukraine
Examples: What Went Wrong
33 Stuxnet, is a worm that was designed to target the nuclear capabilities of Iran. It overcomes physical barriers because it spreads by USBs, which creators know will get plugged into the power plant environment. What Went Wrong?: Found USB
34 What Went Wrong?: Found USB [SOLUTIONS] •Free – is probably not free •Culture of always be suspicious because hackers are always finding new ways to get inside •Train employees to not bring in foreign items •NO USB drives allowed – implement strong rules/procedures
35 Physical crash What Went Wrong?: Car Crash
36 What Went Wrong?: Car Crash [SOLUTIONS] •Surveillance cameras with AI •Strengthen the perimeter •Perimeter breach alert system • Leverage Multi-Layer Security
37 What Went Wrong?: Disgruntled Employee
38 What Went Wrong?: Disgruntled Employee
39 Improve access control and deploy integrated employee access controls with system authentication – THEIR ACCESS is removed automatically and immediately on resignation/firing Deploy surveillance with (AI) based image recognition warning system Train the management team to recognize internal threats and speak up ! Cyberlock What Went Wrong?: Disgruntled Employee [SOLUTIONS]
Actions Steps to Take
Actions: What did we learn? 41 Cyberattacks are on the rise Nation threat actors are capable and motivated Ransomware is data kidnapping Basic cybersecurity practices like strong passwords and MFA Training and awareness Patch devices and sw constantly Strengthening perimeters Trends Important It’s not a matter of if but when Culture and procedures
Actions: Learning and Take Aways How to protect against attacks 42 • Strong passwords and policy enforcement • Deploy Multi Factor Authentication • Change employee behaviors • Physical security and surveillance • Enhance or augment IT Stop the invaders Address internal inhibitors
Actions: Learning and Takeaways How to protect against attacks 43 • Strong passwords and policy enforcement • Deploy Multi Factor Authentication • Change employee behaviors • Physical security and surveillance • Enhance or augment IT Stop the invaders Address internal inhibitors • Frequent and protected backups • Access control integrated with authentication and authorization • Operational Technology oversight OT/IT linkage points – identify SPOFs • Encryption across networks, servers, clients • Video surveillance with embedded IP video analytics, motion detection • Penetration testing (physical and cyber across OT and IT) Improve proactivity
44 Password policy enforcement solution e.g. Netwrix PPE (Anixis) MFA (e.g. Duo, Okta, Eset, MS, G) SIEM (e.g. Tripwire ) SoC monitoring Training the staff Gap analysis for OT, IT, Physical = address those gaps Actions: Solutions to Consider Make cybersecurity awareness, prevention, and security best practices a part of your culture. PHYSICAL DATA OT Review the cybersecurity risk plan
45 Actions: Solutions to Consider Certrec CIP Healthcheck at https://www.certrec.com/cip-health-check/
Legit companies – don’t request your sensitive information via email – have links that match legitimate URLs (no hidden hyperlinks) – don’t send unsolicited attachments – don’t force you to their website – know how to spell – know grammar and punctuation – have domain emails 46 Is the logo off? Is the grammar or punctuation off? Is the spelling poor? Did they include a link or an attachment? Did they ask for sensitive info? Are the links genuine or come with hidden links Are the emails using a company domain? Anything else? Actions: Phishing - Things to Communicate/ Check
47 Actions: Resources • Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Video: Why Big Tech Wants You To Ditch Your Password - https://youtu.be/faU_d7DqoiY Why MFA? https://www.okta.com/resources/whitepaper-security-built-to-work-outside-the-perimeter-v2 How to address cybersecurity in the energy sector (McKinsey) https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-energy-sector-threat-how-to- address-cybersecurity-vulnerabilities Cyber security for Utilities: https://www.certrec.com/resources/white-papers-presentations/cyber-security- critical-infrastructure-threats-and-examples-white-paper-presentation/ NERC CIP: https://www.certrec.com/resources/white-papers-presentations/white-paper-the-importance- of-critical-infrastructure-protection-in-the-energy-sector/
Conclusions 48 Cyber threats are on the rise Be informed and implement simple measures Expect the unexpected and plan aggressively Prevent damage by reducing the chances of a breach (to facility and BES)
Q & A
Thank you Linkedin Certrec @Certrec Twitter Fas Mosleh MSEE BS Physics ARCS Certrec Corporation Office: 817-738-7661 www.RegSource.us On-demand help at www.CertrecSaaS.com Critical infrastructure checkup at NERC CIP Healthcheck Marketing@Certrec.com to get a copy of the presentation

Recommended

Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...
Certrec
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
IndSightsResearchSG
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
Aparajita Banerjee
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
WoMaster
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
SolarWinds
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
Dale Butler
 
European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada security
Yulia Rotar
 

Recommended

Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...
Certrec
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
IndSightsResearchSG
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
Aparajita Banerjee
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
WoMaster
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
SolarWinds
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
Dale Butler
 
European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada security
Yulia Rotar
 
Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018
aztechcouncil
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
marukanda
 
Subhankar Dutta, Cyber security presentation.pptx
Subhankar Dutta, Cyber security presentation.pptxSubhankar Dutta, Cyber security presentation.pptx
Subhankar Dutta, Cyber security presentation.pptx
Subhankar26
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
Malu704065
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
Daniel Thomas
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
AvinantaTarigan
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
KARANSINGHD
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
Skoda Minotti
 
weyai cybersecurity.pptx
weyai cybersecurity.pptxweyai cybersecurity.pptx
weyai cybersecurity.pptx
Weyai1
 
Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)Nikandrov Maxim
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Skycure
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
sajid mehmood
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
Shah Sheikh
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
CSO_Presentations
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
NISIInstituut
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
Alert Logic
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
Jeewanthi Fernando
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security Trends
Terra Verde
 
DIGITAL EMPOWERMENT ASSIGNMENT.docx
DIGITAL EMPOWERMENT ASSIGNMENT.docxDIGITAL EMPOWERMENT ASSIGNMENT.docx
DIGITAL EMPOWERMENT ASSIGNMENT.docx
HateMe9
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
AlgoSec
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 

More Related Content

Similar to Power Plants Security Webinar Presentation

Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018
aztechcouncil
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
marukanda
 
Subhankar Dutta, Cyber security presentation.pptx
Subhankar Dutta, Cyber security presentation.pptxSubhankar Dutta, Cyber security presentation.pptx
Subhankar Dutta, Cyber security presentation.pptx
Subhankar26
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
Malu704065
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
Daniel Thomas
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
AvinantaTarigan
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
KARANSINGHD
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
Skoda Minotti
 
weyai cybersecurity.pptx
weyai cybersecurity.pptxweyai cybersecurity.pptx
weyai cybersecurity.pptx
Weyai1
 
Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)Nikandrov Maxim
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Skycure
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
sajid mehmood
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
Shah Sheikh
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
CSO_Presentations
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
NISIInstituut
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
Alert Logic
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
Jeewanthi Fernando
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security Trends
Terra Verde
 
DIGITAL EMPOWERMENT ASSIGNMENT.docx
DIGITAL EMPOWERMENT ASSIGNMENT.docxDIGITAL EMPOWERMENT ASSIGNMENT.docx
DIGITAL EMPOWERMENT ASSIGNMENT.docx
HateMe9
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
AlgoSec
 

Similar to Power Plants Security Webinar Presentation (20)

Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Subhankar Dutta, Cyber security presentation.pptx
Subhankar Dutta, Cyber security presentation.pptxSubhankar Dutta, Cyber security presentation.pptx
Subhankar Dutta, Cyber security presentation.pptx
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
 
weyai cybersecurity.pptx
weyai cybersecurity.pptxweyai cybersecurity.pptx
weyai cybersecurity.pptx
 
Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)Cyber Security in Substation Automation (IEC 61850)
Cyber Security in Substation Automation (IEC 61850)
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security Trends
 
DIGITAL EMPOWERMENT ASSIGNMENT.docx
DIGITAL EMPOWERMENT ASSIGNMENT.docxDIGITAL EMPOWERMENT ASSIGNMENT.docx
DIGITAL EMPOWERMENT ASSIGNMENT.docx
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 

Recently uploaded

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 

Recently uploaded (20)

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 

Power Plants Security Webinar Presentation

  • 1. Why are Plants so Vulnerable? 1 Fas Mosleh Certrec Alliances, Strategic Marketing - Software, cybersecurity, systems executive - Helped develop HP’s Information security business October 2022 Understanding Cybersecurity Threats within Utilities
  • 2. Mission: Helping utilities be more reliable and secure for a better, safer grid/BES How: SaaS apps and technology to reduce risk of non-compliance for utilities
  • 3. 3 Key Electric Grid Components Digitization Compliance Cybersec
  • 4. Agenda • The Security Landscape • Why are Power Plants Vulnerable? • Critical Infrastructure Attacks • Examples of What Went Wrong • Action Steps to Take •Q&A
  • 7. Security: Industry Importance 2021 State of the Electric Utility Survey of early 500 utility professionals 7 Utility Dive’s most recent State of the Electric Utility Survey named cyber and physical security the most pressing concerns for utilities, with 72% saying it is either “important” or “very important” today. Figure 2 shows the top five power sector issues. Electric power generation, transmission and distribution are part of the utilities sector (NAICS 22). This sector includes all electric generating facilities powered by fossil fuels, including coal, petroleum, or gas as the power source #1 Concern
  • 8. Security: Where We Are [IMMINENT THREAT] “Clearly, the threat isn’t on the horizon. It’s already on the doorstep.” Source: Siemens @ WEF 8 Cybersecurity attacks on the energy sector = risk for public safety, economy, business operations and the environment Source: West Monroe survey 67% of utility leaders cited cybersecurity as their top concern of their converged IT and OT network. 1,726 electric utility professionals surveyed WW- gas, solar, wind Source: Siemens
  • 9. Security: Where We’re Going [INCREASED OCCURRENCES] 9 X5 +70% In 4 years Source: Cisco
  • 10. 10 •Trend No. 1: Attack surface expansion Remote work Public cloud More connected supply chains •Trend No. 2: Identity system defense Misuse of credentials is now a primary method •Trend No. 3: Digital supply chain risk Gartner:by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, X3 in 2021. •Trend No. 4: Vendor consolidation Security products converging. Vendors are consolidating security complexity, cut costs and improve efficiency •Trend No. 5: Cybersecurity mesh Deploy and integrate security to assets, on premises, in data centers or in the cloud. •Trend No. 6: Distributed decisions CISO and centralized role will set policy, with cybersecurity leaders placed in different orgs to decentralize security decisions. •Trend No. 7: Beyond awareness Human error features in most data breaches, Traditional approaches to security awareness training superceded by holistic behavior and culture change programs Security: Where We’re Going [TRENDS]
  • 11. 11 Source PWC 2022 Global Digital Trust Insights Survey
  • 12. Security Landscape: Who & Why [TOP THREAT ACTORS] 12 Who are They? 1) Nations 2) Cybercriminals Why do They Do it? • Creating Havoc •Aggression Threat-Attack-War • Money • Fame • Fun
  • 13. 13
  • 14. Security Landscape: How They Do it [MALWARE] 14 Disguised as legitimate code or software. • Trojan Replicates and spreads itself • Worm Needs a human to deploy • Virus Uses your trust as a weapon • Phishing emails [Smishing] Malicious Software
  • 15. 15 Using your trust as a weapon Deeper Dive: Phishing Cyber criminals use your trust to easily gain unauthorized access to your assets
  • 17. 17 Do the following to reduce the risk • Do not click on ANY link ….until you review the email carefully, taking note of the sender, and the sender’s domain • Is it real? Check the communication carefully and its source/domain • Ask yourself, “how likely is it that xxxxxxx would have asked me to do this?” • Corroborate via non-email. At the slightest suspicion, contact the sender via phone or text to validate it. Do not reply to the email • Ensure your virus/email scanning programs are up to date. Deeper Dive: Phishing Don’t get caught.
  • 18. Why are Power Plants Vulnerable? Cybersecurity attacks on the energy sector = a way to attack public safety, the economy, and the environment
  • 19. 19 Merging OT and IT networks Authentication weaknesses [Hackers, Devices] Remote access on the increase Slow installation of security updates Why are Power Plants Vulnerable?: MARS Source: Certrec Market Research
  • 20. 20 MARS: Merging OT and IT Networks IT systems Data-centric computing; OT systems Monitor events, processes and real world devices Analog, isolated, discrete Digital, connected, global OT and IT – Closer than ever
  • 21. 21 MARS: Authentication weaknesses Network-accessible devices with weak or default passwords serve as gateways to more critical systems
  • 22. 22 MARS: Remote access on the increase Entry points for hackers have grown due to IoT devices, remote access via VPNs, and smart phones
  • 23. 23 MARS: Slow installation of security updates Reduced or non-dedicated IT means delayed software security patches and update
  • 25. 25 Deeper Dive: Passwords Weak passwords, password-sharing raises the risk of security breaches and damages • Passwords are not to be shared or displayed publicly • No default or weak passwords • If the system has been compromised, change passwords immediately • Use a password policy enforcer
  • 26. Good Passwords are Long, Complex, Hard to Guess 26 Deeper Dive: Passwords
  • 28. 28 1. 18000 2. 100 3. 320,000 4. 499/F 500 •Russians compromised ~100 companies inc. Microsoft, Intel and Cisco; • plus a dozen government agencies: US Treasury, Justice and Energy departments and the Pentagon. •Hackers compromised SolarWinds' Orion software build via an already-compromised Microsoft Office 365 account. •Backdoors distributed into user networks once tainted Orion updates were installed. Infrastructure Attacks: Solar Winds
  • 29. 29 1. 5500 2. 5M 3. 100 Attackers got into the Colonial Pipeline network through an exposed password for a VPN account, which used the same password for the VPN in another location ( whose password was compromised in a prior breach.) Infrastructure Attacks: Colonial Pipeline
  • 30. 30 Infrastructure Attacks: Ukraine On December 23, 2015, the power grid of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours During the outage, threat actors flooded customer services phone lines with calls to prevent reporting https://www.bbc.com/news/technology-61085480
  • 31. 31 Sandworm hackers deployed Industroyer2 malware against high-voltage electrical sub-stations in Ukraine + other destructive malware like CaddyWiper. Which is being spread around Ukraine, deletes data on infected computer systems. Infrastructure Attacks: Ukraine
  • 33. 33 Stuxnet, is a worm that was designed to target the nuclear capabilities of Iran. It overcomes physical barriers because it spreads by USBs, which creators know will get plugged into the power plant environment. What Went Wrong?: Found USB
  • 34. 34 What Went Wrong?: Found USB [SOLUTIONS] •Free – is probably not free •Culture of always be suspicious because hackers are always finding new ways to get inside •Train employees to not bring in foreign items •NO USB drives allowed – implement strong rules/procedures
  • 35. 35 Physical crash What Went Wrong?: Car Crash
  • 36. 36 What Went Wrong?: Car Crash [SOLUTIONS] •Surveillance cameras with AI •Strengthen the perimeter •Perimeter breach alert system • Leverage Multi-Layer Security
  • 37. 37 What Went Wrong?: Disgruntled Employee
  • 38. 38 What Went Wrong?: Disgruntled Employee
  • 39. 39 Improve access control and deploy integrated employee access controls with system authentication – THEIR ACCESS is removed automatically and immediately on resignation/firing Deploy surveillance with (AI) based image recognition warning system Train the management team to recognize internal threats and speak up ! Cyberlock What Went Wrong?: Disgruntled Employee [SOLUTIONS]
  • 41. Actions: What did we learn? 41 Cyberattacks are on the rise Nation threat actors are capable and motivated Ransomware is data kidnapping Basic cybersecurity practices like strong passwords and MFA Training and awareness Patch devices and sw constantly Strengthening perimeters Trends Important It’s not a matter of if but when Culture and procedures
  • 42. Actions: Learning and Take Aways How to protect against attacks 42 • Strong passwords and policy enforcement • Deploy Multi Factor Authentication • Change employee behaviors • Physical security and surveillance • Enhance or augment IT Stop the invaders Address internal inhibitors
  • 43. Actions: Learning and Takeaways How to protect against attacks 43 • Strong passwords and policy enforcement • Deploy Multi Factor Authentication • Change employee behaviors • Physical security and surveillance • Enhance or augment IT Stop the invaders Address internal inhibitors • Frequent and protected backups • Access control integrated with authentication and authorization • Operational Technology oversight OT/IT linkage points – identify SPOFs • Encryption across networks, servers, clients • Video surveillance with embedded IP video analytics, motion detection • Penetration testing (physical and cyber across OT and IT) Improve proactivity
  • 44. 44 Password policy enforcement solution e.g. Netwrix PPE (Anixis) MFA (e.g. Duo, Okta, Eset, MS, G) SIEM (e.g. Tripwire ) SoC monitoring Training the staff Gap analysis for OT, IT, Physical = address those gaps Actions: Solutions to Consider Make cybersecurity awareness, prevention, and security best practices a part of your culture. PHYSICAL DATA OT Review the cybersecurity risk plan
  • 45. 45 Actions: Solutions to Consider Certrec CIP Healthcheck at https://www.certrec.com/cip-health-check/
  • 46. Legit companies – don’t request your sensitive information via email – have links that match legitimate URLs (no hidden hyperlinks) – don’t send unsolicited attachments – don’t force you to their website – know how to spell – know grammar and punctuation – have domain emails 46 Is the logo off? Is the grammar or punctuation off? Is the spelling poor? Did they include a link or an attachment? Did they ask for sensitive info? Are the links genuine or come with hidden links Are the emails using a company domain? Anything else? Actions: Phishing - Things to Communicate/ Check
  • 47. 47 Actions: Resources • Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Video: Why Big Tech Wants You To Ditch Your Password - https://youtu.be/faU_d7DqoiY Why MFA? https://www.okta.com/resources/whitepaper-security-built-to-work-outside-the-perimeter-v2 How to address cybersecurity in the energy sector (McKinsey) https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-energy-sector-threat-how-to- address-cybersecurity-vulnerabilities Cyber security for Utilities: https://www.certrec.com/resources/white-papers-presentations/cyber-security- critical-infrastructure-threats-and-examples-white-paper-presentation/ NERC CIP: https://www.certrec.com/resources/white-papers-presentations/white-paper-the-importance- of-critical-infrastructure-protection-in-the-energy-sector/
  • 48. Conclusions 48 Cyber threats are on the rise Be informed and implement simple measures Expect the unexpected and plan aggressively Prevent damage by reducing the chances of a breach (to facility and BES)
  • 49. Q & A
  • 50. Thank you Linkedin Certrec @Certrec Twitter Fas Mosleh MSEE BS Physics ARCS Certrec Corporation Office: 817-738-7661 www.RegSource.us On-demand help at www.CertrecSaaS.com Critical infrastructure checkup at NERC CIP Healthcheck Marketing@Certrec.com to get a copy of the presentation