SlideShare a Scribd company logo

SCADA Exposure Will Short-Circuit US Utilities

FitCEO, Inc. (FCI)
FitCEO, Inc. (FCI)
1 of 2
Download to read offline
Restricting Authenticating Tracking User Access? Time Is Not On Our Side! Page 1 of 2 12100 Sunrise Valley Dr. Suite 290-1 Reston, VA 20191 Supervisory Control And Data Acquisition (SCADA) networks pervade the industry. These small microcontroller systems are used to control large industrial machines and systems. SCADA systems are predominantly used for monitoring industrial systems, often in remote locations. Typically remote terminal units and Programmable Logic Controllers are connected to enterprise networks using a “telemetry” network. Where the telemetry network meets the enterprise computer network, gateways permit two-way communications between the SCADA network and the traditional corporate network. SCADA systems were designed to be highly efficient, but they were not necessarily designed with security in mind. Because security was not the primary consideration, SCADA telemetry networks may be highly vulnerable to exploitation. Because SCADA systems control and provide feedback on industrial processes, exploitation of these systems could seriously disrupt key industrial processes, such as power generation, lift and crane systems, and transportation systems. There are numerous entry points to SCADA telemetry networks: • Compromise of WLAN and/or wireless networks that connect SCADA systems to each other and to control systems • Compromise of gateways from traditional computer networks to the SCADA network • Improper physical access to key control systems • Access to telemetry networks and modification of command-level traffic (typically this traffic is unencrypted) • Application-level vulnerabilities in SCADA control software • SCADA traffic encapsulated in TCP/IP and transmitted over public networks SCADA exposure will short-circuit US utilities! What is it? Where are the vulnerabilities? • What should be considered? SCADA systems were designed to be highly efficient, but they were not necessarily designed with security in mind.
COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWN These vectors are but a limited selection of the entry points for SCADA networks. Because of the traditional use of SCADA networks, encryp- tion of traffic between endpoints is often forgone. The most memorable SCADA attack was STUXNET. STUXNET attacked the centrifuge control SCADA systems in Iran, rendering them useless. Organizations need a structured approach to securing SCADA systems. While firmware manufacturers may be slow to respond to security requirements, organizations must take the following preventive initia- tives: • Implement simple but effective controls that separate SCADA networks from general computer network systems. • Monitor SCADA system activities for abnormal conditions. • Upgrade and assess SCADA firmware on a regular basis. • Where bounds checking has been implemented (for controller move- ment such as stepper-motor controlled systems), the configuration scripts for SCADA devices must cover movement bounds to avoid damaging control hardware. Finally, while there are many technological aspects to controlling SCADA systems, we cannot overlook the human element. Contact VIMRO now to learn more about how to secure SCADA systems, telemetry networks, and gateway systems—and to control the human effect on SCADA systems. (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL Authored by VIMRO’s Cybersecurity Leaders SCADA exposure will short-circuit US utilities! Page 2 of 2 The most memorable SCADA attack was STUXNET!

Recommended

SECURE Out-of-Band Management
SECURE Out-of-Band ManagementSECURE Out-of-Band Management
SECURE Out-of-Band ManagementCommunications Devices Inc.
 
Service providers presentation
Service providers presentationService providers presentation
Service providers presentationCommunications Devices Inc.
 
ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
Cdi federal 2019
Cdi federal 2019Cdi federal 2019
Cdi federal 2019Communications Devices Inc.
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
NetSpi Whitepaper: Hardening Critical Systems At Electrical Utilities
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesNetSpi Whitepaper: Hardening Critical Systems At Electrical Utilities
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesCoreTrace Corporation
 
Hands on robotics in coimbatore
Hands on robotics in coimbatoreHands on robotics in coimbatore
Hands on robotics in coimbatoreHands-On Robotics
 

Recommended

SECURE Out-of-Band Management
SECURE Out-of-Band ManagementSECURE Out-of-Band Management
SECURE Out-of-Band ManagementCommunications Devices Inc.
 
Service providers presentation
Service providers presentationService providers presentation
Service providers presentationCommunications Devices Inc.
 
ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
Cdi federal 2019
Cdi federal 2019Cdi federal 2019
Cdi federal 2019Communications Devices Inc.
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
NetSpi Whitepaper: Hardening Critical Systems At Electrical Utilities
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesNetSpi Whitepaper: Hardening Critical Systems At Electrical Utilities
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesCoreTrace Corporation
 
Hands on robotics in coimbatore
Hands on robotics in coimbatoreHands on robotics in coimbatore
Hands on robotics in coimbatoreHands-On Robotics
 
Guideline for the certification of wind turbine service technicians 2015 july
Guideline for the certification of wind turbine service technicians 2015 julyGuideline for the certification of wind turbine service technicians 2015 july
Guideline for the certification of wind turbine service technicians 2015 julyMichael Mattocks
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsCommunity Protection Forum
 
Hands on robotics in coimbatore
Hands on robotics in coimbatoreHands on robotics in coimbatore
Hands on robotics in coimbatorehandsonroboticsoff
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Priyanka Aash
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4CrispnCrunch
 
Hands on robotics in coimbatore
Hands on robotics in coimbatoreHands on robotics in coimbatore
Hands on robotics in coimbatoreHands-On Robotics
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009Narinrit Prem-apiwathanokul
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control SystemsDHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control SystemsMichael Smith
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammondPROFIBUS and PROFINET InternationaI - PI UK
 
UK 2014
UK 2014UK 2014
UK 2014FertilityEurope
 
Rotary club, dhone may 2013 pml
Rotary club, dhone may 2013 pmlRotary club, dhone may 2013 pml
Rotary club, dhone may 2013 pmlRAFI Mohammad
 
Doe mij recht o God
Doe mij recht o GodDoe mij recht o God
Doe mij recht o GodNoordwolde, Friesland
 
$4.11 and Gametheory - Gray 2016
$4.11 and Gametheory - Gray 2016$4.11 and Gametheory - Gray 2016
$4.11 and Gametheory - Gray 2016Bryan Gray
 

More Related Content

What's hot

Guideline for the certification of wind turbine service technicians 2015 july
Guideline for the certification of wind turbine service technicians 2015 julyGuideline for the certification of wind turbine service technicians 2015 july
Guideline for the certification of wind turbine service technicians 2015 julyMichael Mattocks
 
Hands on robotics in coimbatore
Hands on robotics in coimbatoreHands on robotics in coimbatore
Hands on robotics in coimbatorehandsonroboticsoff
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Priyanka Aash
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4CrispnCrunch
 
Hands on robotics in coimbatore
Hands on robotics in coimbatoreHands on robotics in coimbatore
Hands on robotics in coimbatoreHands-On Robotics
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control SystemsDHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control SystemsMichael Smith
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 

What's hot (18)

Guideline for the certification of wind turbine service technicians 2015 july
Guideline for the certification of wind turbine service technicians 2015 julyGuideline for the certification of wind turbine service technicians 2015 july
Guideline for the certification of wind turbine service technicians 2015 july
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
 
Hands on robotics in coimbatore
Hands on robotics in coimbatoreHands on robotics in coimbatore
Hands on robotics in coimbatore
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4
 
Hands on robotics in coimbatore
Hands on robotics in coimbatoreHands on robotics in coimbatore
Hands on robotics in coimbatore
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control SystemsDHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond
 

Viewers also liked

Rotary club, dhone may 2013 pml
Rotary club, dhone may 2013 pmlRotary club, dhone may 2013 pml
Rotary club, dhone may 2013 pmlRAFI Mohammad
 
$4.11 and Gametheory - Gray 2016
$4.11 and Gametheory - Gray 2016$4.11 and Gametheory - Gray 2016
$4.11 and Gametheory - Gray 2016Bryan Gray
 
Diamond Gateway Women's Organization
Diamond Gateway Women's OrganizationDiamond Gateway Women's Organization
Diamond Gateway Women's OrganizationClariza Viola Suero
 
Comunicación digital...
Comunicación digital...Comunicación digital...
Comunicación digital...jackma0205
 
Malgutasuna
MalgutasunaMalgutasuna
Malgutasunazuga67
 
A redução do parto cesáreo
A redução do parto cesáreoA redução do parto cesáreo
A redução do parto cesáreoadrianomedico
 
Strategi Gerakan Dakwah Muhammadiyah
Strategi Gerakan Dakwah MuhammadiyahStrategi Gerakan Dakwah Muhammadiyah
Strategi Gerakan Dakwah MuhammadiyahMarlin Dwinastiti
 
04 мебель (32)
04 мебель (32)04 мебель (32)
04 мебель (32)Taygo
 
10) summer camp 2013
10) summer camp 201310) summer camp 2013
10) summer camp 2013Smart Kids
 

Viewers also liked (18)

UK 2014
UK 2014UK 2014
UK 2014
 
Rotary club, dhone may 2013 pml
Rotary club, dhone may 2013 pmlRotary club, dhone may 2013 pml
Rotary club, dhone may 2013 pml
 
Doe mij recht o God
Doe mij recht o GodDoe mij recht o God
Doe mij recht o God
 
$4.11 and Gametheory - Gray 2016
$4.11 and Gametheory - Gray 2016$4.11 and Gametheory - Gray 2016
$4.11 and Gametheory - Gray 2016
 
Diamond Gateway Women's Organization
Diamond Gateway Women's OrganizationDiamond Gateway Women's Organization
Diamond Gateway Women's Organization
 
Comunicación digital...
Comunicación digital...Comunicación digital...
Comunicación digital...
 
Jose Barazarte 20766230
Jose Barazarte 20766230Jose Barazarte 20766230
Jose Barazarte 20766230
 
Malgutasuna
MalgutasunaMalgutasuna
Malgutasuna
 
Diapositivas derecho
Diapositivas derechoDiapositivas derecho
Diapositivas derecho
 
Pp king edward school
Pp king edward schoolPp king edward school
Pp king edward school
 
A redução do parto cesáreo
A redução do parto cesáreoA redução do parto cesáreo
A redução do parto cesáreo
 
Strategi Gerakan Dakwah Muhammadiyah
Strategi Gerakan Dakwah MuhammadiyahStrategi Gerakan Dakwah Muhammadiyah
Strategi Gerakan Dakwah Muhammadiyah
 
Museo del Louvre
Museo del LouvreMuseo del Louvre
Museo del Louvre
 
Slogan and sales aid
Slogan and sales aidSlogan and sales aid
Slogan and sales aid
 
04 мебель (32)
04 мебель (32)04 мебель (32)
04 мебель (32)
 
10 uvped
10 uvped10 uvped
10 uvped
 
7 uvpsi
7 uvpsi7 uvpsi
7 uvpsi
 
10) summer camp 2013
10) summer camp 201310) summer camp 2013
10) summer camp 2013
 

Similar to SCADA Exposure Will Short-Circuit US Utilities

SCADA Systems Vulnerabilities and Blockchain Technology
SCADA Systems Vulnerabilities and Blockchain TechnologySCADA Systems Vulnerabilities and Blockchain Technology
SCADA Systems Vulnerabilities and Blockchain Technologyijtsrd
 
SCADA Systems and its security!
SCADA Systems and its security!SCADA Systems and its security!
SCADA Systems and its security!Shiv Sahni
 
Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems aswanthmrajeev112
 
Scada system architecture, types and applications
Scada system architecture, types and applicationsScada system architecture, types and applications
Scada system architecture, types and applicationsUchi Pou
 
PLC and SCADA Training
PLC and SCADA TrainingPLC and SCADA Training
PLC and SCADA TrainingAEAB Engineer
 
SCADA (Supervisory Control & data Acquisation) PPT
SCADA (Supervisory Control & data Acquisation) PPTSCADA (Supervisory Control & data Acquisation) PPT
SCADA (Supervisory Control & data Acquisation) PPTDeepeshK4
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
 
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02NiMa Bagheriasl
 
Scada presentation (group 10)
Scada presentation (group 10)Scada presentation (group 10)
Scada presentation (group 10)Ritvik Bhatia
 
A presentation on scada system
A presentation on scada systemA presentation on scada system
A presentation on scada systemIIT INDORE
 
SCADA_SYSTEM in industrial automation .pptx
SCADA_SYSTEM in industrial automation .pptxSCADA_SYSTEM in industrial automation .pptx
SCADA_SYSTEM in industrial automation .pptxViju Jigajinni
 
SCADA_SYSTEM in Industrial Autiomation.pptx
SCADA_SYSTEM in Industrial Autiomation.pptxSCADA_SYSTEM in Industrial Autiomation.pptx
SCADA_SYSTEM in Industrial Autiomation.pptxViju Jigajinni
 
scada-130512133852-phpapp01.pptx
scada-130512133852-phpapp01.pptxscada-130512133852-phpapp01.pptx
scada-130512133852-phpapp01.pptxsurangagw
 
SCADA Assignment.pptx
SCADA Assignment.pptxSCADA Assignment.pptx
SCADA Assignment.pptxssuser1831ba
 
Hands on robotics in coimbatore
Hands on robotics in coimbatoreHands on robotics in coimbatore
Hands on robotics in coimbatoreHands-On Robotics
 

Similar to SCADA Exposure Will Short-Circuit US Utilities (20)

SCADA Systems Vulnerabilities and Blockchain Technology
SCADA Systems Vulnerabilities and Blockchain TechnologySCADA Systems Vulnerabilities and Blockchain Technology
SCADA Systems Vulnerabilities and Blockchain Technology
 
SCADA Systems and its security!
SCADA Systems and its security!SCADA Systems and its security!
SCADA Systems and its security!
 
Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems Security Issues in SCADA based Industrial Control Systems
Security Issues in SCADA based Industrial Control Systems
 
Scada system architecture, types and applications
Scada system architecture, types and applicationsScada system architecture, types and applications
Scada system architecture, types and applications
 
Scada slide
Scada slideScada slide
Scada slide
 
B43050518
B43050518B43050518
B43050518
 
PLC and SCADA Training
PLC and SCADA TrainingPLC and SCADA Training
PLC and SCADA Training
 
SCADA (Supervisory Control & data Acquisation) PPT
SCADA (Supervisory Control & data Acquisation) PPTSCADA (Supervisory Control & data Acquisation) PPT
SCADA (Supervisory Control & data Acquisation) PPT
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
 
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
Penetrationtestingascadaindustrialcontrolsystems 141229233134-conversion-gate02
 
Scada presentation (group 10)
Scada presentation (group 10)Scada presentation (group 10)
Scada presentation (group 10)
 
A presentation on scada system
A presentation on scada systemA presentation on scada system
A presentation on scada system
 
Scada
ScadaScada
Scada
 
SCADA_SYSTEM in industrial automation .pptx
SCADA_SYSTEM in industrial automation .pptxSCADA_SYSTEM in industrial automation .pptx
SCADA_SYSTEM in industrial automation .pptx
 
SCADA_SYSTEM in Industrial Autiomation.pptx
SCADA_SYSTEM in Industrial Autiomation.pptxSCADA_SYSTEM in Industrial Autiomation.pptx
SCADA_SYSTEM in Industrial Autiomation.pptx
 
scada-130512133852-phpapp01.pptx
scada-130512133852-phpapp01.pptxscada-130512133852-phpapp01.pptx
scada-130512133852-phpapp01.pptx
 
SCADA Assignment.pptx
SCADA Assignment.pptxSCADA Assignment.pptx
SCADA Assignment.pptx
 
The Best Measure of SCADA Success
The Best Measure of SCADA SuccessThe Best Measure of SCADA Success
The Best Measure of SCADA Success
 
Dcs vs scada
Dcs vs scadaDcs vs scada
Dcs vs scada
 
Hands on robotics in coimbatore
Hands on robotics in coimbatoreHands on robotics in coimbatore
Hands on robotics in coimbatore
 

More from FitCEO, Inc. (FCI)

The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzThe Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzFitCEO, Inc. (FCI)
 
Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!FitCEO, Inc. (FCI)
 
HIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance GuideHIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance GuideFitCEO, Inc. (FCI)
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016FitCEO, Inc. (FCI)
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016FitCEO, Inc. (FCI)
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15FitCEO, Inc. (FCI)
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016FitCEO, Inc. (FCI)
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
VIMRO Cyber Security Methodology
VIMRO Cyber Security MethodologyVIMRO Cyber Security Methodology
VIMRO Cyber Security MethodologyFitCEO, Inc. (FCI)
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
 
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...FitCEO, Inc. (FCI)
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.FitCEO, Inc. (FCI)
 
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzDark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzFitCEO, Inc. (FCI)
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2FitCEO, Inc. (FCI)
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to knowFitCEO, Inc. (FCI)
 
PCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROPCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROFitCEO, Inc. (FCI)
 

More from FitCEO, Inc. (FCI) (20)

The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzThe Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
 
Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!
 
HIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance GuideHIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance Guide
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
 
VIMRO Cyber Security Methodology
VIMRO Cyber Security MethodologyVIMRO Cyber Security Methodology
VIMRO Cyber Security Methodology
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
 
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.
 
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzDark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to know
 
PCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROPCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMRO
 
IPV6 a tale of two protocols
IPV6 a tale of two protocolsIPV6 a tale of two protocols
IPV6 a tale of two protocols
 
CODE INSPECTION VIMRO 2015 MHF
CODE INSPECTION VIMRO 2015 MHFCODE INSPECTION VIMRO 2015 MHF
CODE INSPECTION VIMRO 2015 MHF
 

SCADA Exposure Will Short-Circuit US Utilities

  • 1. Restricting Authenticating Tracking User Access? Time Is Not On Our Side! Page 1 of 2 12100 Sunrise Valley Dr. Suite 290-1 Reston, VA 20191 Supervisory Control And Data Acquisition (SCADA) networks pervade the industry. These small microcontroller systems are used to control large industrial machines and systems. SCADA systems are predominantly used for monitoring industrial systems, often in remote locations. Typically remote terminal units and Programmable Logic Controllers are connected to enterprise networks using a “telemetry” network. Where the telemetry network meets the enterprise computer network, gateways permit two-way communications between the SCADA network and the traditional corporate network. SCADA systems were designed to be highly efficient, but they were not necessarily designed with security in mind. Because security was not the primary consideration, SCADA telemetry networks may be highly vulnerable to exploitation. Because SCADA systems control and provide feedback on industrial processes, exploitation of these systems could seriously disrupt key industrial processes, such as power generation, lift and crane systems, and transportation systems. There are numerous entry points to SCADA telemetry networks: • Compromise of WLAN and/or wireless networks that connect SCADA systems to each other and to control systems • Compromise of gateways from traditional computer networks to the SCADA network • Improper physical access to key control systems • Access to telemetry networks and modification of command-level traffic (typically this traffic is unencrypted) • Application-level vulnerabilities in SCADA control software • SCADA traffic encapsulated in TCP/IP and transmitted over public networks SCADA exposure will short-circuit US utilities! What is it? Where are the vulnerabilities? • What should be considered? SCADA systems were designed to be highly efficient, but they were not necessarily designed with security in mind.
  • 2. COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWN These vectors are but a limited selection of the entry points for SCADA networks. Because of the traditional use of SCADA networks, encryp- tion of traffic between endpoints is often forgone. The most memorable SCADA attack was STUXNET. STUXNET attacked the centrifuge control SCADA systems in Iran, rendering them useless. Organizations need a structured approach to securing SCADA systems. While firmware manufacturers may be slow to respond to security requirements, organizations must take the following preventive initia- tives: • Implement simple but effective controls that separate SCADA networks from general computer network systems. • Monitor SCADA system activities for abnormal conditions. • Upgrade and assess SCADA firmware on a regular basis. • Where bounds checking has been implemented (for controller move- ment such as stepper-motor controlled systems), the configuration scripts for SCADA devices must cover movement bounds to avoid damaging control hardware. Finally, while there are many technological aspects to controlling SCADA systems, we cannot overlook the human element. Contact VIMRO now to learn more about how to secure SCADA systems, telemetry networks, and gateway systems—and to control the human effect on SCADA systems. (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL Authored by VIMRO’s Cybersecurity Leaders SCADA exposure will short-circuit US utilities! Page 2 of 2 The most memorable SCADA attack was STUXNET!