This document provides an overview of SCADA (Supervisory Control and Data Acquisition) security challenges and strategies. It describes common SCADA system components and functionality. It then discusses increasing cyber threats to SCADA systems from sources like hostile governments and employees. The document outlines various physical and cyber vulnerabilities in SCADA systems and components. It recommends security standards from organizations like NIST, ISA, and NERC to help mitigate risks. The document also provides guidelines on physical asset security and cybersecurity strategies.
Presented at ISACA's EuroCACS 2015 (Copenhaguen).
Understand the impact of Industrial Control Systems (ICS) on the security ecosystem.
Expand the knowledge on SCADA systems and how cyberattacks can have physical consequences, bridging the cyber and physical worlds.
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
Senior Director of Business Development, Matt Cowell's, S4x20 presentation details how to build an effective OT security operations center and the tools and skills needed.
Presented at ISACA's EuroCACS 2015 (Copenhaguen).
Understand the impact of Industrial Control Systems (ICS) on the security ecosystem.
Expand the knowledge on SCADA systems and how cyberattacks can have physical consequences, bridging the cyber and physical worlds.
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
Senior Director of Business Development, Matt Cowell's, S4x20 presentation details how to build an effective OT security operations center and the tools and skills needed.
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
This template is useful in presenting cybersecurity plan to higher authority. Cybersecurity officer will present it to top level management. It will help in determining the roles and responsibilities of senior management and executives who are responsible in handling risks. Firm will also optimize its cybersecurity risk framework. Firm will assess the current concerns that are impeding cybersecurity in terms of increase in cybercrimes, data breach and exposure and amount spent on settlements. It will also analyze firm its current cybersecurity framework. Firm will categorize various risk and will assess them on parameters such as risk likelihood and severity. The IT department will also improve their incident handling mechanism. Cybersecurity contingency plan will be initiated by firm. In this plan, firm will build an alternate site for backup maintenance. Backup site selection will be done by keeping certain parameters into consideration such as cost for implementation, duration, location, etc. The other plan essentials include business impact assessment, vital record maintenance, recovery task list maintenance, etc. The template also includes information regarding the role of personnel in terms of role and responsibilities of line managers, senior managers and executives in risk management. It also includes information related to the role of top management in ensuring effective information security governance. The information regarding the budget required for the cybersecurity plan implementation is also provided with staff training cost. https://bit.ly/3iSww5L
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Derek Milroy, IS Security Architect at U.S. Cellular Corporation, defined “vulnerability management” and how it affects today’s organizations during his presentation at the 2014 Chief Information Security Officer (CISO) Leadership Forum in Chicago on Nov. 19. In his presentation, “Enterprise Vulnerability Management/Security Incident Response,” Milroy noted vulnerability management has different meanings to different organizations, but an organization that utilizes vulnerability management processes can effectively safeguard its data.
According to Milroy, an organization should develop its own vulnerability management baselines to monitor its security levels. By doing so, Milroy said an organization can launch and control vulnerability management systems successfully. In addition, Milroy pointed out that vulnerability management problems occasionally will arise, but a well-prepared organization will be equipped to handle such issues: “Problems are going to happen … You have to work with your people. This can translate to any tool that you’re putting in place. Make sure your people have plans for what happens when it goes wrong, because it’s going to [happen] every single time.”
Milroy also noted that having actionable vulnerability management data is important for organizations of all sizes. If an organization evaluates its vulnerability management processes regularly, Milroy said, it can collect data and use this information to improve its security: “The simplest rule of thumb for vulnerability management, click the report, hand the report to someone. Don’t ever do that. There is no such thing as a report from a tool that you can just click and hand to someone until you first tune it and pare it down.”
- See more at: http://www.argylejournal.com/chief-information-security-officer/enterprise-vulnerability-managementsecurity-incident-response-derek-milroy-is-security-architect-u-s-cellular-corporation/#sthash.Buh6CzLS.dpuf
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
Enterprise Vulnerability Management: Back to BasicsDamon Small
Vulnerability Management is the lifecycle of identifying and remediating vulnerabilities in an organization's enterprise. A number of companies are starting to do this well, but in some cases, focus on advanced and emerging threats has had the unintended consequence of leaving Vulnerability Management unattended. Defense is actually hard work and people aren't doing it as well as they should! Considered in the context of asymmetric warfare, Blue Teaming is more difficult than Red Teaming. Coupled with the fact that most vulnerabilities do not actually suffer from advanced attacks and 0-days, Vulnerability Management must be the cornerstone of any Information Assurance Program.
The speakers, Kevin Dunn and Damon Small, will describe the key elements of a mature Vulnerability Management Program (VMP) and the pitfalls encountered by many organizations as they try to implement it. Dunn and Small will include detailed examples of why purchasing the scanner should be one of the last decisions made in this process, and what the attendee must do to ensure the successful defense of company assets and data. This session will cover:
- Vulnerability Management: What is it good for?
- What is it not good for?
- How do I make a real difference?
According to Cisco’s 2018 Cyber security automation Study, organizations overwhelmingly favor specialized tools to get the most robust capabilities across their environment. The more disparate technology a SOC uses, the greater the need for security orchestration and automation platform to help tie everything together.
Visit - https://www.siemplify.co/
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
This webinar will help you get more informed on PenTesting in SCADA and also best practices and methods used on risk assessment. Learning about the criticality in industry, makes you more flexible to boost the skills.
Main points covered:
• The SCADA ICS function in critical infrastructure industry
• Risk exposure of IT vs. SCADA ICS from Cyber Security Perspective
• Do's and don’ts of Vulnerability Assessment and Penetration Testing in SCADA ICS Environment
Presenter:
This webinar was presented by Pedro Putu Wirya, an IT and ICS Security Consultant with an extensive experience in ISMS, and PECB Certified Trainer.
Link of the recorded session published on YouTube: https://youtu.be/icq-RTwusZ8
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
This presentation explained the security controls and evolving threats that pertain in the market
at the moment through giving descriptive elaboration on today's security landscape. The
presentation further envelopes the key reasons why Cyber Security is imperative for
organizations today.
Happiest Minds Cyber Security Services:
http://www.happiestminds.com/cyber-security-services/
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
• Why An Industrial Cybersecurity Standard
• What Is IEC 62443 About
• How It Impacts On You - The Security Lifecycle
• IEC 62443 Certificates
• Reference: Some Ongoing Projects
• Summary
Presented: September 21, 2017
At: CS2AI, Washington, DC
A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.
Find out the SOC Cyber Security at Steppa. Our SOC contains several capabilities like process and break down any PC translated information, assess and distinguish suspicious and maicious web and system activities, visualize and monitor all threats in real time.
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
This template is useful in presenting cybersecurity plan to higher authority. Cybersecurity officer will present it to top level management. It will help in determining the roles and responsibilities of senior management and executives who are responsible in handling risks. Firm will also optimize its cybersecurity risk framework. Firm will assess the current concerns that are impeding cybersecurity in terms of increase in cybercrimes, data breach and exposure and amount spent on settlements. It will also analyze firm its current cybersecurity framework. Firm will categorize various risk and will assess them on parameters such as risk likelihood and severity. The IT department will also improve their incident handling mechanism. Cybersecurity contingency plan will be initiated by firm. In this plan, firm will build an alternate site for backup maintenance. Backup site selection will be done by keeping certain parameters into consideration such as cost for implementation, duration, location, etc. The other plan essentials include business impact assessment, vital record maintenance, recovery task list maintenance, etc. The template also includes information regarding the role of personnel in terms of role and responsibilities of line managers, senior managers and executives in risk management. It also includes information related to the role of top management in ensuring effective information security governance. The information regarding the budget required for the cybersecurity plan implementation is also provided with staff training cost. https://bit.ly/3iSww5L
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Derek Milroy, IS Security Architect at U.S. Cellular Corporation, defined “vulnerability management” and how it affects today’s organizations during his presentation at the 2014 Chief Information Security Officer (CISO) Leadership Forum in Chicago on Nov. 19. In his presentation, “Enterprise Vulnerability Management/Security Incident Response,” Milroy noted vulnerability management has different meanings to different organizations, but an organization that utilizes vulnerability management processes can effectively safeguard its data.
According to Milroy, an organization should develop its own vulnerability management baselines to monitor its security levels. By doing so, Milroy said an organization can launch and control vulnerability management systems successfully. In addition, Milroy pointed out that vulnerability management problems occasionally will arise, but a well-prepared organization will be equipped to handle such issues: “Problems are going to happen … You have to work with your people. This can translate to any tool that you’re putting in place. Make sure your people have plans for what happens when it goes wrong, because it’s going to [happen] every single time.”
Milroy also noted that having actionable vulnerability management data is important for organizations of all sizes. If an organization evaluates its vulnerability management processes regularly, Milroy said, it can collect data and use this information to improve its security: “The simplest rule of thumb for vulnerability management, click the report, hand the report to someone. Don’t ever do that. There is no such thing as a report from a tool that you can just click and hand to someone until you first tune it and pare it down.”
- See more at: http://www.argylejournal.com/chief-information-security-officer/enterprise-vulnerability-managementsecurity-incident-response-derek-milroy-is-security-architect-u-s-cellular-corporation/#sthash.Buh6CzLS.dpuf
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
Enterprise Vulnerability Management: Back to BasicsDamon Small
Vulnerability Management is the lifecycle of identifying and remediating vulnerabilities in an organization's enterprise. A number of companies are starting to do this well, but in some cases, focus on advanced and emerging threats has had the unintended consequence of leaving Vulnerability Management unattended. Defense is actually hard work and people aren't doing it as well as they should! Considered in the context of asymmetric warfare, Blue Teaming is more difficult than Red Teaming. Coupled with the fact that most vulnerabilities do not actually suffer from advanced attacks and 0-days, Vulnerability Management must be the cornerstone of any Information Assurance Program.
The speakers, Kevin Dunn and Damon Small, will describe the key elements of a mature Vulnerability Management Program (VMP) and the pitfalls encountered by many organizations as they try to implement it. Dunn and Small will include detailed examples of why purchasing the scanner should be one of the last decisions made in this process, and what the attendee must do to ensure the successful defense of company assets and data. This session will cover:
- Vulnerability Management: What is it good for?
- What is it not good for?
- How do I make a real difference?
According to Cisco’s 2018 Cyber security automation Study, organizations overwhelmingly favor specialized tools to get the most robust capabilities across their environment. The more disparate technology a SOC uses, the greater the need for security orchestration and automation platform to help tie everything together.
Visit - https://www.siemplify.co/
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
This webinar will help you get more informed on PenTesting in SCADA and also best practices and methods used on risk assessment. Learning about the criticality in industry, makes you more flexible to boost the skills.
Main points covered:
• The SCADA ICS function in critical infrastructure industry
• Risk exposure of IT vs. SCADA ICS from Cyber Security Perspective
• Do's and don’ts of Vulnerability Assessment and Penetration Testing in SCADA ICS Environment
Presenter:
This webinar was presented by Pedro Putu Wirya, an IT and ICS Security Consultant with an extensive experience in ISMS, and PECB Certified Trainer.
Link of the recorded session published on YouTube: https://youtu.be/icq-RTwusZ8
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
This presentation explained the security controls and evolving threats that pertain in the market
at the moment through giving descriptive elaboration on today's security landscape. The
presentation further envelopes the key reasons why Cyber Security is imperative for
organizations today.
Happiest Minds Cyber Security Services:
http://www.happiestminds.com/cyber-security-services/
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
• Why An Industrial Cybersecurity Standard
• What Is IEC 62443 About
• How It Impacts On You - The Security Lifecycle
• IEC 62443 Certificates
• Reference: Some Ongoing Projects
• Summary
Presented: September 21, 2017
At: CS2AI, Washington, DC
A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.
Find out the SOC Cyber Security at Steppa. Our SOC contains several capabilities like process and break down any PC translated information, assess and distinguish suspicious and maicious web and system activities, visualize and monitor all threats in real time.
Tão tradicional quanto a festa da Feijoada do Cacau, que ocorre no Sábado de Carnaval, é o Caderno Aconteceu do DC, que faz um resumo de tudo o que aconteceu na festa, mostrando todas as presenças ilustres que prestigiaram o evento.
É uma ótima oportunidade para a exposição de sua marca, com possibilidades de aproveitamento no impresso e digital!
Iot Cyber Security & Vulnerabilities Challenges and Opportunities in Security of Internet of Things
Security is the Key
Inherent Security Challenges
Threat Spectrum – Trends
Securing the “Things”
IoT Cybersecurity – Security Triad
Threat Model
Availability threats
Integrity threats
Authenticity threats
Confidentiality threats
Non-repudiation/accountability threats
Robust Cyber Security for Power UtilitiesNir Cohen
The security of critical networks is at the center of attention of industry and government regulators alike. Check Point and RAD offer a joint end-to-end cyber security solution that protects any utility operational technology (OT) network by eliminating RTU and SCADA equipment vulnerabilities, as well as defends against cyber-attacks on the network’s control and data planes. This solution brief explains how the joint solution enables compliance with NERC-CIP directives, provides deep visibility and control of ICS/SCADA communications, and allows secure remote access into OT networks.
The session with highlight Intel’s vision for IoT Security and the fundamental building blocks and capabilities Intel and the ecosystem are providing to organizations to build security in from design through deployment and maintenance.
Wireless data hacking, a form of hacking that can remotely gain control of a server via RF by planting spy chips or unauthorized devices directly to the server.
WDSS is able to detect and defend against all RF attacks in real-time scans the entire frequency every second for anomalies.
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
SCADA systems control some of the most vital infrastructure in industrial and energy sectors, from oil and gas pipelines to nuclear facilities to water treatment plants.
Critical infrastructure is defined as the physical and IT assets, networks and services that if disrupted or destroyed would have a serious impact on the health, security, or economic wellbeing of citizens and the efficient functioning of a country’s government.
Supervisory control and data acquisition (SCADA) are applications that collect data from a system in order to automate the monitoring and controlling of its activities. Several industrial fields such as, electric utilities, water supplies and buildings' facilities have already adopted SCADA systems to increase the efficiency and reduce cost. However, the IT community is concerned about the level of security that any applied SCADA system provides. This paper concentrates on the major security threats encountered in SCADA systems. In addition, it discusses a new proposed methodology in order to increase the system security with minimal impact on efficiency. The proposed scheme provides several security services which are mutual authentication, confidentiality, data integrity and accountability.
Nozomi Networks is the leader of industrial cybersecurity, delivering real-time visibility to manage cyber risk & improve resilience for industrial operations. With one solution, customers gain advanced cybersecurity, improved operational reliability & easy IT/OT integration. Innovating the use of artificial intelligence, the company helps the largest industrial sites around the world See and Secure™ their critical industrial control networks. Today Nozomi Networks supports over a quarter of a million devices in the critical infrastructure, energy, manufacturing, mining, transportation & utility sectors, making it possible to tackle the escalating cyber risks to operational networks (OT).
Vaccine management system project report documentation..pdfKamal Acharya
The Division of Vaccine and Immunization is facing increasing difficulty monitoring vaccines and other commodities distribution once they have been distributed from the national stores. With the introduction of new vaccines, more challenges have been anticipated with this additions posing serious threat to the already over strained vaccine supply chain system in Kenya.
Automobile Management System Project Report.pdfKamal Acharya
The proposed project is developed to manage the automobile in the automobile dealer company. The main module in this project is login, automobile management, customer management, sales, complaints and reports. The first module is the login. The automobile showroom owner should login to the project for usage. The username and password are verified and if it is correct, next form opens. If the username and password are not correct, it shows the error message.
When a customer search for a automobile, if the automobile is available, they will be taken to a page that shows the details of the automobile including automobile name, automobile ID, quantity, price etc. “Automobile Management System” is useful for maintaining automobiles, customers effectively and hence helps for establishing good relation between customer and automobile organization. It contains various customized modules for effectively maintaining automobiles and stock information accurately and safely.
When the automobile is sold to the customer, stock will be reduced automatically. When a new purchase is made, stock will be increased automatically. While selecting automobiles for sale, the proposed software will automatically check for total number of available stock of that particular item, if the total stock of that particular item is less than 5, software will notify the user to purchase the particular item.
Also when the user tries to sale items which are not in stock, the system will prompt the user that the stock is not enough. Customers of this system can search for a automobile; can purchase a automobile easily by selecting fast. On the other hand the stock of automobiles can be maintained perfectly by the automobile shop manager overcoming the drawbacks of existing system.
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
1. 3/10/2016
1
SCADA Security
Challenges & Strategies
Jeffrey Wang, P. Eng.
2016, Oshawa
Acronym
ICS: Industrial Control System
DCS: Distributed Control System
SCADA: Supervisory Control and Data Acquisition
PLC: Programmable Logic Controller
RTU: Remote Terminal Unit
HMI: Human Machine Interface
TCP/IP: Transmission Control Protocol/Internet Protocol
IDS: Intrusion Detection System
COTS: Commercial off-the-shelf
ACL: Access Control List
DMZ: Demilitarized Zone
WAN: Wide Area Network
LAN: Local Area Network
Page 2 Securing SCADA prepared by Jeffrey Wang
2. 3/10/2016
2
Content
Overview
Cyber Threats and Vulnerabilities
Security Challenges
Mitigation Strategies
References
Page 3 Securing SCADA prepared by Jeffrey Wang
Overview
SCADA system
Overview
SCADA System Components
SCADA System Functionality
Page 4 Securing SCADA prepared by Jeffrey Wang
3. 3/10/2016
3
SCADA System - Overview
SCADA is an acronym for Supervisory Control and Data Acquisition.
SCADA is an Industrial control system (ICS).
Page 5 Securing SCADA prepared by Jeffrey Wang
SCADA System - Components
Typically SCADA system include the following components:
RTU (Remote Terminal Unit)
PLC (Programmable Logic Controller)
HMI (Human Machine Interface)
Field devices (Actuators and Sensors)
WAN(Wide Area Network): Wireless/RF communication devices
LAN (Local Area Network): Router and Switches
Centralized Server
Database Server (Data Historian)
Page 6 Securing SCADA prepared by Jeffrey Wang
4. 3/10/2016
4
SCADA System - Functionality
Major functions of SCADA system including:
Field devices control via local or remote working mode
Collect field data and transmit to central control server via WAN network
Monitor processing and/or control field devices via HMI
Manage database for tracking and management analysis
Page 7 Securing SCADA prepared by Jeffrey Wang
SCADA System - Critical infrastructure
SCADA systems are critical national infrastructures
Canadian Critical infrastructure within the 10 sectors listed below:
• Energy and utilities
• Finance
• Food
• Transportation
• Government
• Information and communication technology
• Health
• Water
• Safety
• Manufacturing
Page 8 Securing SCADA prepared by Jeffrey Wang
5. 3/10/2016
5
SCADA System - Tasks
SCADA system simply performs four tasks:
Data Acquisition
Data Communication
Data Monitor and Control
Data Historian
Page 9 Securing SCADA prepared by Jeffrey Wang
Data
Communication
Data
Acquisition
Data
Monitor & Control
Why securing SCADA system ?
Why?
IP-based technologies
Internet of Thing (IoT)
Cloud computing
Mobile computing
Threats growing (Cyber threats source refers to From Homeland Security ICS-CERT)
Hostile governments
Terrorist groups
Disgruntled employees
Malicious intruders.
GAO Threat Table (Source: GAO-Government Accountability Office)
Vulnerabilities increasing
Alerts (From ICS-CERT for control system/Government /Home & Business)
Alerts provide timely notification to critical infrastructure owners and
operators concerning threats to critical infrastructure networks.
Be proactive for potential cyber- attack to SCADA system
Page 10 Securing SCADA prepared by Jeffrey Wang
6. 3/10/2016
6
Vulnerabilities
Physical Vulnerabilities
Cyber Vulnerabilities
Page 11 Securing SCADA prepared by Jeffrey Wang
Vulnerabilities –ICS-CERT Alerts
Industrial Control Systems Cyber Emergency Response Team(ICS-CERT )
Publish cyber security alerts to three categories:
• Control System Users
• Government Users
• Home and Business
Examples:
ICS-ALERT-15-225-02A : Rockwell Automation 1766-L32 Series Vulnerability (Update A)
ICS-ALERT-11-204-01B : Siemens S7-300_S7-400 Hardcoded Credentials (Update B)
ICS-ALERT-12-097-02A : 3S CoDeSys Improper Access Control (Update A)
ICS-ALERT-11-256-06 : Beckhoff TwinCAT Vulnerability
ICS-ALERT-12-020-07A : WAGO IO 750 Vulnerabilities (Update A)
ICS-ALERT-12-136-01 : Wonderware SuiteLink Unallocated Unicode String
ICS-ALERT-12-020-02A : Rockwell Automation ControlLogix PLC Vulnerabilities (Update A)
ICS-ALERT-11-332-02A : Siemens SIMATIC WinCC Flexible (Update A)
ICS-ALERT-11-256-05A : Rockwell Automation RSLogix Overflow Vulnerability (UPDATE A)
Source: ICS-CERT Alerts: https://ics-cert.us-cert.gov/alerts
Page 12 Securing SCADA prepared by Jeffrey Wang
7. 3/10/2016
7
Physical Vulnerabilities
Common Physical Vulnerabilities:
Inadequate policies, procedures, and culture governing control system security
Inadequately designed networks with insufficient defense-in-depth
Remote access without appropriate access control
Separate auditable administration mechanisms
Inadequately secured wireless communication
Use of a non-dedicated communications channel for command and control
Lack of easy tools to detect/report anomalous activity
Installation of inappropriate applications on critical host computers
Inadequately scrutinized control system software
Unauthenticated command and control data.
Page 13 Securing SCADA prepared by Jeffrey Wang
Cyber Vulnerabilities
Common Cyber Vulnerabilities including:
Operating System Vulnerabilities
Interconnections
Open Source / Public Information
Authentication
Remote access
Monitoring and Defenses
Wireless access
SCADA/SQL/PLC Software
Page 14 Securing SCADA prepared by Jeffrey Wang
8. 3/10/2016
8
Cyber Vulnerabilities
Cyber Vulnerabilities in details:
Un-patched published vulnerabilities
Web-based HMI vulnerabilities
Improper authentication
Improper access control (authorization)
Buffer overflow in SCADA services
SCADA data and command message manipulation and injection
SQL injection
insecure protocols
unprotected transport of SCADA application credentials
Standard IT protocols with pain-text authentication
Page 15 Securing SCADA prepared by Jeffrey Wang
Vulnerabilities – Allen-Bradly/Rockwell PLC
Web-based access with default user ID and password
AB SLC505
AB Micrologix PLC
AB CompactLogix
Page 16 Securing SCADA prepared by Jeffrey Wang
9. 3/10/2016
9
Vulnerabilities – Unprotected Authentication
MicroLogix 1400, It is easy to access with administrator and default password
Page 17 Securing SCADA prepared by Jeffrey Wang
Vulnerabilities – Access with Default ID & Password
Intruder can change access permission once granted access control.
Default IDs( administrator, and default passwords
Page 18 Securing SCADA prepared by Jeffrey Wang
10. 3/10/2016
10
Vulnerabilities – Supervisory Control
Supervisory control: Write/Read memory block or disable the device
Page 19 Securing SCADA prepared by Jeffrey Wang
Cyber Attack - STUXNET
STUXNET: the most famous cyber attack by United States and Israel.
STUXNET worm was at first identified by a Belarus company VirusBlokAda in mid-
June 2010.
Physical Impact:
Sabotaging 1000 centrifuges at Iran’s Natanz nuclear plant
Stuxnet worm – now every hacker in the world knows about PLCs, HMIs
and the opportunities to attack them.
The Windows operating system
Siemens SIMATIC Step 7 and WinCC
Siemens S7 – 300/400 PLCs
S7-315-2/S7-417
USB flash memory
Zero-Day via Windows OS
DB memory block in PLC
Page 20 Securing SCADA prepared by Jeffrey Wang
11. 3/10/2016
11
Cyber Attack - Insider
Insider hacks into sewage treatment plant
Queensland, Australia (2000) Disgruntled employee Vitek Boden hacks into
sewage system via WiFi from the company’s Parking lot and releases over a
million liters of raw sewage into the coastal waters.
Physical Impact”
Intruder controlled about 150 pump stations near three months
Released about 1 million litre of raw sewage into nearby rivers and parks.
Tools: Laptop, radio and wireless access
Page 21 Securing SCADA prepared by Jeffrey Wang
Security Challenges
Page 23 Securing SCADA prepared by Jeffrey Wang
12. 3/10/2016
12
SCADA Security Challenges
Vulnerable operating system (OS) and applications in SCADA system are from
commercial off-the –shelf (COTS) including Linux, Mac OS, Windows and
embedded PLC OS (VxWorks);
Most industrial control network connected to corporation network with Internet
access. Especially IP-based technologies. Such as Wireless, IoT (Internet of
Things), Cloud computing, Mobile computing and smart metering;
Unsecure legacy system and devices are still widely used in SCADA system. No
updated firmware available , no patching. They are transparent to control
professional;
Open source communication protocols (Modbus, DNP3, IEC 61850,Ethernet/IP)
were not designed with security in mind and lack basic authorization features;
There are numerous unpatched and unpatchable systems;
Lack of remote access authentication, weak or default password;
Lack of physical security protection
.
Page 23 Securing SCADA prepared by Jeffrey Wang
Security Standards
• Security Standards
• Cyber Security Objective
Page 25 Securing SCADA prepared by Jeffrey Wang
13. 3/10/2016
13
Industrial Control System Security Standards
Good News! There are many security standards….
NIST SP-800-82 : Guide to Industrial Control Systems Security
National Institute of Standards and Technology(NIST)
ISA/IEC-62443 (formal ANSI/ISA99) : Security for Industrial Automation and
Control Systems Security
The International Society of Automation (ISA)
The International Electrotechnical Commission(IEC)
NERC CIP- 006 : Physical Security of Critical Cyber Assets
North American Reliability Corporation(NERC)
Critical Infrastructure Protection(CIP)
TR12-002 : Industrial Control System (ICS) Cyber Security: Recommended Best
Practices (combined with NIST and ISA99 standards)
• Canadian Cyber Incident Response Centre (CCIRC)
Page 25 Securing SCADA prepared by Jeffrey Wang
Cyber Security Objective- I.T. Security Perspective
Three fundamental goals per NIST SP800-82 standard
Confidentiality
Any important information you have — such as employee, client
or financial records — should be kept confidential. This
information should only be accessed by people (or systems)
that you have given permission to do so.
Integrity
You need to make sure to maintain the integrity of this
information and other assets (such as software) in order to keep
everything complete, intact and uncorrupted.
Availability
You should maintain the availability of systems (such as
networks), services and information when required by the
business or its clients.
Page 26 Securing SCADA prepared by Jeffrey Wang
15. 3/10/2016
15
Mitigation Strategies - Recommendations
My recommendation:
Physical Assets Security
NERC CIP-006 standard is intended to ensure the implementation of a
physical security program for the protection of Critical Cyber Assets
Cyber Security
NIST SP800-82 standard is cybersecurity guidance for Industrial Control
Systems (ICS) Security
ISA/IEC-62443 (ISA99) standard
Canadian Cyber Incident Response Centre(CCIRC)
TR12-002 :Industrial Control System (ICS) Cyber Security: Recommended
Best Practices
Page 29 Securing SCADA prepared by Jeffrey Wang
Mitigation Strategies - Risk Assessment
Sources of threats
External
Internal
Accidental
Vulnerabilities
Risks = Threats x Vulnerabilities x Impact
Page 30 Securing SCADA prepared by Jeffrey Wang
16. 3/10/2016
16
Physical Assets Security
Page 32 Securing SCADA prepared by Jeffrey Wang
Mitigation Strategies - NERC CIP Standards
NERC CIP standards Include 9 standards and 45 requirements:
CIP-002-1: Critical Cyber Asset Identification
CIP-003-1: Security Management Controls
CIP-004-1: Personnel and Training
CIP-005-1: Electronic Security Perimeters
CIP-006-1: Physical Security of Critical Cyber Assets
CIP-007-1: Systems Security Management
CIP-008-1: Incident Reporting and Response Planning
CIP-009-1: Recovery Plans for Critical Cyber Assets
NERC: North American Electric Reliability Corporation
CIP: Critical Infrastructure Protection
Page 32 Securing SCADA prepared by Jeffrey Wang
17. 3/10/2016
17
Mitigation Strategies - Physical Protection Guideline
Physical Access Controls
The Responsible Entity shall document and implement the operational and
procedural controls to manage physical access at all access points to the
Physical Security Perimeter(s) twenty-four hours a day, seven days a week.
Monitoring Physical Access
The Responsible Entity shall document and implement the technical and
procedural controls for monitoring physical access at all access points to the
Physical Security Perimeter(s) twenty-four hours a day, seven days a week.
Unauthorized access attempts shall be reviewed immediately and handled in
accordance with the procedures specified in Requirement CIP-008.
Logging Physical Access
• Logging shall record sufficient information to uniquely identify individuals and the
time of access twenty-four hours a day, seven days a week. The Responsible
Entity shall implement and document the technical and procedural mechanisms
for logging physical entry at all access points to the Physical Security
Perimeter(s).
Page 33 Securing SCADA prepared by Jeffrey Wang
Mitigation Strategies - Physical Security
Physical Security Purpose:
To assist you detect and identify threats and restrict access to sensitive area (server
room and important field equipment)
Detect
Be alerted to unauthorized entries or attempts
Be alerted to mechanical/electrical failures
Be alerted to remote site entry requests
Identify
Remotely view facility, people, equipment
View recorded information and events
Restrict and allow entry to facility
Create physical facility access logs
Prosecute offenders
Restrict
Keep the bad guys out
Page 34 Securing SCADA prepared by Jeffrey Wang
18. 3/10/2016
18
Cyber Security
Mitigation Strategies - NIST SP 800-82 Standards
NIST SP 800-82 : Guide to Industrial Control Systems Security
Provide guidance for establishing secure ICS, including implementation
guidance for SP 800-53 controls
Content
Overview of ICS
ICS Characteristics, Threats and Vulnerabilities
ICS Security Program Development and Deployment
Network Architecture
ICS Security Controls
Appendixes
Current Activities in Industrial Control Systems Security
Emerging Security Capabilities
NIST: National Institute of Standards and Technology
SP: Special Publication
Page 36 Securing SCADA prepared by Jeffrey Wang
19. 3/10/2016
19
Mitigation Strategies - Cyber Security Objective
Restricting logical access to the SCADA network and network activity
This includes using a demilitarized zone (DMZ) network architecture with
firewalls to prevent network traffic from passing directly between the corporate
and SCADA networks, and having separate authentication mechanisms and
credentials for users of the corporate and SCADA networks. The ICS should also
use a network topology that has multiple layers, with the most critical
communications occurring in the most secure and reliable layer.
Restricting physical access to the SCADA network and devices
Unauthorized physical access to components could cause serious disruption of
the SCADA’s functionality. A combination of physical access controls should be
used, such as locks, card readers, and/or guards.
Page 37 Securing SCADA prepared by Jeffrey Wang
Mitigation Strategies - Cyber Security Objective
Protecting individual SCADA components from exploitation
This includes deploying security patches in as expeditious a manner as possible,
after testing them under field conditions; disabling all unused ports and services;
restricting SCADA user privileges to only those that are required for each
person’s role; tracking and monitoring audit trails; and using security controls
such as antivirus software and file integrity checking software where technically
feasible to prevent, deter, detect, and mitigate malware.
Maintaining functionality during adverse conditions
This involves designing the SCADA so that each critical component has a
redundant counterpart. Additionally, if a component fails, it should fail in a manner
that does not generate unnecessary traffic on the SCADA or other networks, or
does not cause another problem elsewhere, such as a cascading event.
Page 38 Securing SCADA prepared by Jeffrey Wang
20. 3/10/2016
20
Mitigation Strategies – ANSI/ISA99 Standard
Module 1: Defining Industrial Cybersecurity
Covers the concepts of physical, operational, and electronic security; and defines
Cybersecurity as it relates to industrial automation and control systems
Module 2: Risk Assessment
Covers the concept of risk and how safety plays a part in assessing possible
consequences from a cyberattack
Module 3: Threats and Vulnerabilities
Covers "social engineering" and how outsiders gather information to enable attacks
and to physically enter your secured areas
Module 4: Security Policies, Programs, and Procedures
Covers the creation and deployment of policies, standards, and procedures and how
they are a critical aspect of a security program
Page 39 Securing SCADA prepared by Jeffrey Wang
Mitigation Strategies – ANSI/ISA99 Standard
Module 5: Understanding TCP/IP, Hackers, and Malware
Covers the basics of the IP networking architecture and how computers are
addressed and how IP delivers information to computers and TCP/UDP to
complete the delivery to specified applications using port numbers
Module 6: Technical Countermeasures
Covers the technical countermeasures and technology that can be employed to
protect your systems, detect and remove malware, and block hacking attempts;
and explains the technologies such as firewalls, proxy servers, VPN, and
VLAN and how they relate to industrial automation systems
Module 7: Architectural & Operational Strategies
Covers ways to segment and isolate your process automation systems in order to
increase their reliability and Cyber security
Page 40 Securing SCADA prepared by Jeffrey Wang
21. 3/10/2016
21
Mitigation Strategies -TR12-002 Recommendation
TR12-002 :Industrial Control System (ICS) Cyber Security: Recommended Best
Practices, by Canadian Cyber Incident Response Centre
1. Network Segmentation
2. Remote Access
3. Wireless Communications
4. Patch Management
5. Access Policies and Controls
6. Secure the Host (System Hardening)
7. Intrusion Detection
8. Physical and Environmental Security
9. Malware Protection and Detection
10. Awareness
11. Periodic Assessments and Audits
12. Change Control and Configuration Management
13. Incident Planning and Response
Page 41 Securing SCADA prepared by Jeffrey Wang
Useful software
Solarwinds Inc. URL: http://www.solarwinds.com/
Develops enterprise information technology (IT) infrastructure management
software for IT professionals.
Kaspersky - URL: http://www.kaspersky.com
Kaspersky Lab is an international software security group operating in almost
200 countries and territories worldwide.
Bitdefender- URL: http://www.bitdefender.com
Bitdefender products feature anti-virus and anti-spyware capabilities against
internet security threats such as viruses, Trojans, rootkits, rogues, aggressive
adware, spam and others.
McAFee - URL: http://www.mcafee.com
Intel Security Group (previously McAfee, Inc.) is an American global
computer security software
Symantec - URL: Http://www.symantec.com
Security, Antivirus and Backup Solutions provider
Page 42 Securing SCADA prepared by Jeffrey Wang
22. 3/10/2016
22
References
NIST SP-800-82 Guide to Industrial Control Systems Security
http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf
ICS-CERT, ICS-TIP-12-146-01A—Targeted Cyber Intrusion Detection and Mitigation Strategies
http://www.us-cert.gov/control_systems/pdf/ICS-TIP-12-146-01A.pdf
CCIRC, TR11-002 Mitigation Guidelines for Advanced Persistent Threats
http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2011/tr11-002-eng.aspx
ICS-CERT, Incident Response Summary Report 2009 – 2011
http://www.us-cert.gov/control_systems/pdf/ICS-
CERT_Incident_Response_Summary_Report_09_11.pdf
US-CERT, Control Systems Security Program (CSSP)
http://www.us-cert.gov/control_systems/
US-CERT, Recommended Practice: Improving Industrial Control Systems Cybersecurity with
Defense-In-Depth Strategies
http://www.us-cert.gov/control_systems/practices/documents/Defense_in_Depth_Oct09.pdf
CPNI, CPNI Viewpoint: Securing the move to IP-based SCADA/PLC networks
http://www.cpni.gov.uk/Documents/Publications/2011/2011034-scada-
securing_the_move_to_ipbased_scada_plc_networks_gpg.pdf
International Society of Automation (ISA), ISA99, Industrial Automation and Control Systems
Security
http://www.isa.org/MSTemplate.cfm?MicrositeID=988&CommitteeID=6821
Page 43 Securing SCADA prepared by Jeffrey Wang
THANK YOU
Page 44 Securing SCADA prepared by Jeffrey Wang
