Certrec’s Fas Mosleh presents some of the biggest cyber threats currently targeting utilities. This webinar includes examples of attacks on utilities that have happened in recent years and action steps to prevent future breaches.
As cyber-attacks from nation-state and domestic threats increase, it is important that power plants meet these threats to avoid costly reputational and equipment damage.
For more, visit: https://www.certrec.com/
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...Certrec
A presentation from Certrec showcasing the cybersecurity threats plaguing critical infrastructure in the United States. Includes examples of major cyber attacks within the past few years.
To learn how Certrec's cyber security solutions can help keep your power plant secure from threats, visit: https://www.certrec.com/
Cyber crimes are on the rise and especially prevalent during the global pandemic where hackers leverage the vulnerabilities of organisations for new opportunities through technology.
Hospitals, for instance, are more likely to pay ransoms to restore access to their servers. Similarly, criminals may believe that corporations grappling with economic turmoil or logistical crises will be similarly easy to manipulate.
This primary focus of study was to investigate how cyber risks in ICT infrastructures of supply chains are managed. As its theoretical base, the study used the Adaptive Security Architecture framework that has been employed by most IT security specialists. Five experienced IT experts participated in a semi-structured interview to provide practical insights on the state of cybersecurity in supply chains operations from various industries. Their responses were analyzed based on the four stages of prediction, prevention, detection and response.
This study offers a new framework that suggests cybersecurity requires anticipatory vigilance, profiling malevolence, instantaneous response and uncompromised recovery to dealing with the cyber threats posing disruptions to supply chains.
WoMaster's new White Paper introduces Cyber Security features according to IEC62443 standard and proposes solutions for new cyber risks of industry 4.0.
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
Our presenter discussed and demonstrated best practices to help detect and combat insider threats, including information about implementing the right tools, along with continuous monitoring of systems and networks to aid in mitigation and prevention. Monitoring data can help agencies make informed decisions, safeguard against insider threats, and quickly identify and fix vulnerabilities. He also suggested ideas that we believe will help to enforce good information security habits within your organization to help improve your agency’s security posture.
During this interactive webinar, attendees learned:
How event monitoring, performance monitoring, and log management can be utilized to help detect and prevent threats, and help ensure that devices are operating and being used properly
How configuration management can be leveraged to help prevent errors and reduce vulnerabilities
How the implementation of Security Incident and Event Management (SIEM) tools can better equip agencies to quickly detect and respond to security threats
How to track devices and users on your network, and maintain historic data for forensics
Ideas about building security into your IT community with daily activities and conversations
How an approach styled after a secure development lifecycle can lead to improved security practices
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
In this presentation from their joint webinar, security experts and trainers at CQURE, Greg Tworek and Mike Jankowski-Lorek, help you put on your hacker cap to better identify dangerous vulnerabilities, strengthen your systems, and STOP the data breaches that litter the news sites today. They will also demonstrate how to exploit systems and how (from the hacker perspective) this can be proactively mitigated.
Catch the full on-demand webinar here:
https://www.beyondtrust.com/resources/webinar/hackers-playbook-think-like-cybercriminal-reduce-risk/?access_code=de936e36f25bb91acaae7593959af3c1
European smart grid cyber and scada securityYulia Rotar
European Smart Grid Cyber and SCADA Security Conference by the SMi Group, London, UK, 10-11 March 2014.
Get in touch with us via mmalik@smi-online.co.uk
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...Certrec
A presentation from Certrec showcasing the cybersecurity threats plaguing critical infrastructure in the United States. Includes examples of major cyber attacks within the past few years.
To learn how Certrec's cyber security solutions can help keep your power plant secure from threats, visit: https://www.certrec.com/
Cyber crimes are on the rise and especially prevalent during the global pandemic where hackers leverage the vulnerabilities of organisations for new opportunities through technology.
Hospitals, for instance, are more likely to pay ransoms to restore access to their servers. Similarly, criminals may believe that corporations grappling with economic turmoil or logistical crises will be similarly easy to manipulate.
This primary focus of study was to investigate how cyber risks in ICT infrastructures of supply chains are managed. As its theoretical base, the study used the Adaptive Security Architecture framework that has been employed by most IT security specialists. Five experienced IT experts participated in a semi-structured interview to provide practical insights on the state of cybersecurity in supply chains operations from various industries. Their responses were analyzed based on the four stages of prediction, prevention, detection and response.
This study offers a new framework that suggests cybersecurity requires anticipatory vigilance, profiling malevolence, instantaneous response and uncompromised recovery to dealing with the cyber threats posing disruptions to supply chains.
WoMaster's new White Paper introduces Cyber Security features according to IEC62443 standard and proposes solutions for new cyber risks of industry 4.0.
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
Our presenter discussed and demonstrated best practices to help detect and combat insider threats, including information about implementing the right tools, along with continuous monitoring of systems and networks to aid in mitigation and prevention. Monitoring data can help agencies make informed decisions, safeguard against insider threats, and quickly identify and fix vulnerabilities. He also suggested ideas that we believe will help to enforce good information security habits within your organization to help improve your agency’s security posture.
During this interactive webinar, attendees learned:
How event monitoring, performance monitoring, and log management can be utilized to help detect and prevent threats, and help ensure that devices are operating and being used properly
How configuration management can be leveraged to help prevent errors and reduce vulnerabilities
How the implementation of Security Incident and Event Management (SIEM) tools can better equip agencies to quickly detect and respond to security threats
How to track devices and users on your network, and maintain historic data for forensics
Ideas about building security into your IT community with daily activities and conversations
How an approach styled after a secure development lifecycle can lead to improved security practices
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
In this presentation from their joint webinar, security experts and trainers at CQURE, Greg Tworek and Mike Jankowski-Lorek, help you put on your hacker cap to better identify dangerous vulnerabilities, strengthen your systems, and STOP the data breaches that litter the news sites today. They will also demonstrate how to exploit systems and how (from the hacker perspective) this can be proactively mitigated.
Catch the full on-demand webinar here:
https://www.beyondtrust.com/resources/webinar/hackers-playbook-think-like-cybercriminal-reduce-risk/?access_code=de936e36f25bb91acaae7593959af3c1
European smart grid cyber and scada securityYulia Rotar
European Smart Grid Cyber and SCADA Security Conference by the SMi Group, London, UK, 10-11 March 2014.
Get in touch with us via mmalik@smi-online.co.uk
This slide is a small introduction for cyber security.
What is cyber security?
Why do we need cyber security?
What are the benefits of cybersecurity?
Types of cyber security threats
How to prevent the breaches?
Some real attacks
This presentation discusses the massive increases in cyber threats and the best ways to keep your data safe. Through this presentation, you will learn the best practices for implementing and testing a data security program.
Comprehensive cybersecurity course providing essential knowledge and skills to protect against evolving threats. Covers threat analysis, secure coding, network defense, cryptography, incident response, and risk management. Hands-on labs and real-world case studies enhance practical understanding. Ideal for professionals seeking to fortify digital assets and safeguard sensitive information in today's interconnected world.
join with us www.weyai.org
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Skycure
How can mobile device data be protected? This SANS webcast reviews the current and emerging services and practices designed to help secure and protect the data on these devices, and identifies areas where solutions are needed to fill the remaining gaps and provides recommendations for a holistic approach including mobile threat protection.
Iot Cyber Security & Vulnerabilities Challenges and Opportunities in Security of Internet of Things
Security is the Key
Inherent Security Challenges
Threat Spectrum – Trends
Securing the “Things”
IoT Cybersecurity – Security Triad
Threat Model
Availability threats
Integrity threats
Authenticity threats
Confidentiality threats
Non-repudiation/accountability threats
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
Mohamed Bedewi, Offense Security Division Head and Sr. Penetration Testing Consultant at DTS presented also during one of the security sessions titled - "Your Network in the Eyes of a Hacker – The 0ff3ns!v3 Version" which raised a few eyebrows to say the least. The presentation slides can be found here….
Cybersecurity and continuous intelligenceNISIInstituut
Welcome to the cybersecurity & continuous intelligence knowledge slidedeck of NISI (Nederlands Instituut voor de Software Industrie).
Cybersecurity & Continuous Intelligence is a broad topic, covering rules & regulation, internet, cyberwar, software, machine learning and society & trust.
This slidedeck offers you a more in-depth view of this exciting area.
Please contact us directly for more information via email info@nisi.nl or the contact on form on nisi.nl.
Nederlands Instituut voor de Software Industrie
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers:
• The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS.
• Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections)
• Best practices for how to protect your environment from the latest threats
2015 security trends so far. Information Security is undergoing huge growth and changes. The general public is now more than ever painfully aware of IT Security. Technology is changing at an accelerated rate, threats are evolving almost at the same pace.
Compliance made easy. Pass your audits stress-free.AlgoSec
Don’t fail an audit ever again. Yes, it’s possible.
It doesn’t matter what regulation you are talking about, whether your own internal compliance standard or a common global framework such as PCI DSS, SOX, HIPPA, SWIFT, or even HKMA.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
This slide is a small introduction for cyber security.
What is cyber security?
Why do we need cyber security?
What are the benefits of cybersecurity?
Types of cyber security threats
How to prevent the breaches?
Some real attacks
This presentation discusses the massive increases in cyber threats and the best ways to keep your data safe. Through this presentation, you will learn the best practices for implementing and testing a data security program.
Comprehensive cybersecurity course providing essential knowledge and skills to protect against evolving threats. Covers threat analysis, secure coding, network defense, cryptography, incident response, and risk management. Hands-on labs and real-world case studies enhance practical understanding. Ideal for professionals seeking to fortify digital assets and safeguard sensitive information in today's interconnected world.
join with us www.weyai.org
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Skycure
How can mobile device data be protected? This SANS webcast reviews the current and emerging services and practices designed to help secure and protect the data on these devices, and identifies areas where solutions are needed to fill the remaining gaps and provides recommendations for a holistic approach including mobile threat protection.
Iot Cyber Security & Vulnerabilities Challenges and Opportunities in Security of Internet of Things
Security is the Key
Inherent Security Challenges
Threat Spectrum – Trends
Securing the “Things”
IoT Cybersecurity – Security Triad
Threat Model
Availability threats
Integrity threats
Authenticity threats
Confidentiality threats
Non-repudiation/accountability threats
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
Mohamed Bedewi, Offense Security Division Head and Sr. Penetration Testing Consultant at DTS presented also during one of the security sessions titled - "Your Network in the Eyes of a Hacker – The 0ff3ns!v3 Version" which raised a few eyebrows to say the least. The presentation slides can be found here….
Cybersecurity and continuous intelligenceNISIInstituut
Welcome to the cybersecurity & continuous intelligence knowledge slidedeck of NISI (Nederlands Instituut voor de Software Industrie).
Cybersecurity & Continuous Intelligence is a broad topic, covering rules & regulation, internet, cyberwar, software, machine learning and society & trust.
This slidedeck offers you a more in-depth view of this exciting area.
Please contact us directly for more information via email info@nisi.nl or the contact on form on nisi.nl.
Nederlands Instituut voor de Software Industrie
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers:
• The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS.
• Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections)
• Best practices for how to protect your environment from the latest threats
2015 security trends so far. Information Security is undergoing huge growth and changes. The general public is now more than ever painfully aware of IT Security. Technology is changing at an accelerated rate, threats are evolving almost at the same pace.
Compliance made easy. Pass your audits stress-free.AlgoSec
Don’t fail an audit ever again. Yes, it’s possible.
It doesn’t matter what regulation you are talking about, whether your own internal compliance standard or a common global framework such as PCI DSS, SOX, HIPPA, SWIFT, or even HKMA.
Similar to Power Plants Security Webinar Presentation (20)
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4
Power Plants Security Webinar Presentation
1. Why are Plants so Vulnerable?
1
Fas Mosleh
Certrec Alliances, Strategic Marketing
- Software, cybersecurity, systems executive
- Helped develop HP’s Information security business
October 2022
Understanding Cybersecurity Threats within Utilities
2. Mission:
Helping utilities be more reliable and secure for a better, safer grid/BES
How:
SaaS apps and technology to reduce risk of non-compliance for utilities
4. Agenda
• The Security Landscape
• Why are Power Plants Vulnerable?
• Critical Infrastructure Attacks
• Examples of What Went Wrong
• Action Steps to Take
•Q&A
7. Security: Industry Importance
2021 State of the Electric Utility Survey of early 500 utility professionals
7
Utility Dive’s most recent State of the Electric Utility Survey named cyber and physical security the most pressing concerns for utilities, with
72% saying it is either “important” or “very important” today. Figure 2 shows the top five power sector issues.
Electric power generation, transmission and distribution are part of the utilities sector (NAICS 22). This sector includes
all electric generating facilities powered by fossil fuels, including coal, petroleum, or gas as the power source
#1
Concern
8. Security: Where We Are [IMMINENT THREAT]
“Clearly, the threat isn’t on the horizon. It’s
already on the doorstep.” Source: Siemens @ WEF
8
Cybersecurity attacks on the energy sector = risk for public
safety, economy, business operations and the environment
Source: West Monroe survey
67% of utility leaders cited cybersecurity as their top
concern of their converged IT and OT network.
1,726 electric utility professionals surveyed WW- gas, solar, wind
Source:
Siemens
9. Security: Where We’re Going [INCREASED OCCURRENCES]
9
X5
+70%
In 4 years
Source:
Cisco
10. 10
•Trend No. 1: Attack surface expansion
Remote work
Public cloud
More connected supply chains
•Trend No. 2: Identity system defense
Misuse of credentials is now a primary method
•Trend No. 3: Digital supply chain risk
Gartner:by 2025, 45% of organizations worldwide will have experienced
attacks on their software supply chains, X3 in 2021.
•Trend No. 4: Vendor consolidation
Security products converging. Vendors are consolidating security
complexity, cut costs and improve efficiency
•Trend No. 5: Cybersecurity mesh
Deploy and integrate security to assets, on premises, in data centers or in
the cloud.
•Trend No. 6: Distributed decisions
CISO and centralized role will set policy, with cybersecurity leaders placed
in different orgs to decentralize security decisions.
•Trend No. 7: Beyond awareness
Human error features in most data breaches,
Traditional approaches to security awareness training superceded by
holistic behavior and culture change programs
Security: Where We’re Going [TRENDS]
12. Security Landscape: Who & Why [TOP THREAT ACTORS]
12
Who are They?
1) Nations
2) Cybercriminals
Why do They Do it?
• Creating Havoc
•Aggression
Threat-Attack-War
• Money
• Fame
• Fun
14. Security Landscape: How They Do it [MALWARE]
14
Disguised as
legitimate code
or software.
• Trojan
Replicates and
spreads itself
• Worm
Needs a human
to deploy
• Virus
Uses your trust
as a weapon
• Phishing emails
[Smishing]
Malicious Software
15. 15
Using your trust as a weapon
Deeper Dive: Phishing
Cyber criminals use your trust to easily gain unauthorized
access to your assets
17. 17
Do the following to reduce the risk
• Do not click on ANY link
….until you review the email carefully, taking note of the sender,
and the sender’s domain
• Is it real?
Check the communication carefully and its source/domain
• Ask yourself, “how likely is it that xxxxxxx would have
asked me to do this?”
• Corroborate via non-email.
At the slightest suspicion, contact the sender via phone or text to
validate it. Do not reply to the email
• Ensure your virus/email scanning programs are up to date.
Deeper Dive: Phishing
Don’t get caught.
18. Why are
Power Plants Vulnerable?
Cybersecurity attacks on the energy sector = a way to attack
public safety, the economy, and the environment
19. 19
Merging OT and IT networks
Authentication weaknesses [Hackers, Devices]
Remote access on the increase
Slow installation of security updates
Why are Power Plants Vulnerable?: MARS
Source: Certrec Market Research
20. 20
MARS: Merging OT and IT Networks
IT systems
Data-centric computing;
OT systems
Monitor events, processes
and real world devices
Analog, isolated, discrete
Digital, connected, global
OT and IT – Closer than ever
25. 25
Deeper Dive: Passwords
Weak passwords, password-sharing raises the risk of
security breaches and damages
• Passwords are not to be shared or displayed
publicly
• No default or weak passwords
• If the system has been compromised, change
passwords immediately
• Use a password policy enforcer
26. Good Passwords are Long, Complex, Hard to Guess
26
Deeper Dive: Passwords
28. 28
1. 18000
2. 100
3. 320,000
4. 499/F 500
•Russians compromised ~100 companies inc. Microsoft, Intel and Cisco;
• plus a dozen government agencies: US Treasury, Justice and Energy departments and the Pentagon.
•Hackers compromised SolarWinds' Orion software build via an already-compromised Microsoft
Office 365 account.
•Backdoors distributed into user networks once tainted Orion updates were installed.
Infrastructure Attacks: Solar Winds
29. 29
1. 5500
2. 5M
3. 100
Attackers got into the Colonial Pipeline network through an exposed
password for a VPN account, which used the same password for the VPN
in another location ( whose password was compromised in a prior breach.)
Infrastructure Attacks: Colonial Pipeline
30. 30
Infrastructure Attacks: Ukraine
On December 23, 2015, the power grid of Ukraine was
hacked, which resulted in power outages for roughly
230,000 consumers in Ukraine for 1-6 hours
During the outage, threat actors flooded customer
services phone lines with calls to prevent reporting
https://www.bbc.com/news/technology-61085480
31. 31
Sandworm hackers deployed Industroyer2 malware
against high-voltage electrical sub-stations in Ukraine
+ other destructive malware like CaddyWiper.
Which is being spread around Ukraine, deletes data
on infected computer systems.
Infrastructure Attacks: Ukraine
33. 33
Stuxnet, is a worm that was designed to target the nuclear capabilities of Iran. It overcomes physical barriers
because it spreads by USBs, which creators know will get plugged into the power plant environment.
What Went Wrong?: Found USB
34. 34
What Went Wrong?: Found USB
[SOLUTIONS]
•Free – is probably not free
•Culture of always be suspicious because hackers
are always finding new ways to get inside
•Train employees to not bring in foreign items
•NO USB drives allowed – implement strong
rules/procedures
36. 36
What Went Wrong?: Car Crash
[SOLUTIONS]
•Surveillance cameras with AI
•Strengthen the perimeter
•Perimeter breach alert system
• Leverage Multi-Layer Security
39. 39
Improve access control and deploy integrated employee access controls with system authentication –
THEIR ACCESS is removed automatically and immediately on resignation/firing
Deploy surveillance with (AI) based image recognition warning system
Train the management team to recognize internal threats and speak up !
Cyberlock
What Went Wrong?: Disgruntled Employee
[SOLUTIONS]
41. Actions: What did we learn?
41
Cyberattacks are on the rise
Nation threat actors are capable and motivated
Ransomware is data kidnapping
Basic cybersecurity practices like strong passwords and MFA
Training and awareness
Patch devices and sw constantly
Strengthening perimeters
Trends
Important
It’s not a matter of if but when
Culture and procedures
42. Actions: Learning and Take Aways
How to protect against attacks
42
• Strong passwords and policy enforcement
• Deploy Multi Factor Authentication
• Change employee behaviors
• Physical security and surveillance
• Enhance or augment IT
Stop the invaders
Address internal inhibitors
43. Actions: Learning and Takeaways
How to protect against attacks
43
• Strong passwords and policy enforcement
• Deploy Multi Factor Authentication
• Change employee behaviors
• Physical security and surveillance
• Enhance or augment IT
Stop the invaders
Address internal inhibitors
• Frequent and protected backups
• Access control integrated with authentication and authorization
• Operational Technology oversight OT/IT linkage points – identify SPOFs
• Encryption across networks, servers, clients
• Video surveillance with embedded IP video analytics, motion detection
• Penetration testing (physical and cyber across OT and IT)
Improve proactivity
44. 44
Password policy enforcement solution e.g. Netwrix PPE (Anixis)
MFA (e.g. Duo, Okta, Eset, MS, G)
SIEM (e.g. Tripwire )
SoC monitoring
Training the staff
Gap analysis for OT, IT, Physical = address those gaps
Actions: Solutions to Consider
Make cybersecurity awareness, prevention, and security best practices a part of your culture.
PHYSICAL
DATA
OT
Review the cybersecurity risk plan
45. 45
Actions: Solutions to Consider
Certrec CIP Healthcheck at https://www.certrec.com/cip-health-check/
46. Legit companies
– don’t request your sensitive information via email
– have links that match legitimate URLs (no hidden hyperlinks)
– don’t send unsolicited attachments
– don’t force you to their website
– know how to spell
– know grammar and punctuation
– have domain emails
46
Is the logo off?
Is the grammar or punctuation off?
Is the spelling poor?
Did they include a link or an attachment?
Did they ask for sensitive info?
Are the links genuine or come with hidden links
Are the emails using a company domain?
Anything else?
Actions: Phishing - Things to Communicate/ Check
47. 47
Actions: Resources
• Industrial Control Systems Cyber Emergency
Response Team (ICS-CERT)
Video: Why Big Tech Wants You To Ditch Your Password - https://youtu.be/faU_d7DqoiY
Why MFA? https://www.okta.com/resources/whitepaper-security-built-to-work-outside-the-perimeter-v2
How to address cybersecurity in the energy sector (McKinsey)
https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-energy-sector-threat-how-to-
address-cybersecurity-vulnerabilities
Cyber security for Utilities: https://www.certrec.com/resources/white-papers-presentations/cyber-security-
critical-infrastructure-threats-and-examples-white-paper-presentation/
NERC CIP: https://www.certrec.com/resources/white-papers-presentations/white-paper-the-importance-
of-critical-infrastructure-protection-in-the-energy-sector/
48. Conclusions
48
Cyber threats are on the rise
Be informed and implement simple measures
Expect the unexpected and plan aggressively
Prevent damage by reducing the chances of a breach
(to facility and BES)
50. Thank you
Linkedin Certrec
@Certrec Twitter
Fas Mosleh MSEE BS Physics ARCS
Certrec Corporation
Office: 817-738-7661
www.RegSource.us
On-demand help at www.CertrecSaaS.com
Critical infrastructure checkup at NERC CIP Healthcheck
Marketing@Certrec.com to get a copy of the presentation