Industrial Cybersecurity and Critical Infrastructure Protection in Europe
•Download as PPTX, PDF•
3 likes•1,940 views
This document provides an overview of critical infrastructure protection in Europe presented by Ignacio Paredes of the Industrial Cybersecurity Center. It discusses the convergence of physical and cyber worlds and how industrial control systems have become interconnected over TCP/IP and use general purpose operating systems. This has introduced cybersecurity challenges to operational technology environments. The document reviews cyber attacks on critical infrastructure like Stuxnet and Shamoon and regulations around critical infrastructure protection in the US and EU. It argues that identifying and prioritizing critical infrastructure is important but questions who will pay for protection and whether regulations have led to minimum compliance over real protection.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Similar to Industrial Cybersecurity and Critical Infrastructure Protection in Europe (20)
More from Positive Hack Days
More from Positive Hack Days (20)
Recently uploaded
Recently uploaded (20)
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
- 1. Critical Infrastructure Protection in Europe Ignacio Paredes (@iparedes) Industrial Cybersecurity Center www.cci-es.org
- 2. www.cci-es.org 2 Nacho Paredes • Head of studies and research at Industrial Cybersecurity Center • ENISA expert in Information Security and CIIP • M.S. In computer science • >15 years in cybersecurity and IT consultancy • Expert in the design and deployment of cybersecurity technical and administrative solutions, including (application security, secure network design, critical infrastructure protection, ethical hacking or business continuity) • GICSP, CISSP, CISM, CISA, CeH, PMP, GSNA, GAWN, BS7799 Lead Auditor I am… e-mail: ignacio.paredes@cci-es.org Twitter: @iparedes , @info_cci Blog: http://blog.cci-es.org Web: http://www.cci-es.org Tel: +34 647723708
- 6. www.cci-es.org ¿Cyber Security? Industrial Safety Physical Security Environmental Safety SECURITY
- 7. www.cci-es.org Plant vs IT vs Security Plant / IT Conflict: –“Watertight” environments. “Don’t get into my lot, and I won’t into yours” –Attention is not paid to communication interfaces between both worlds –Connection interfaces are no man’s land, and many times, unknown (others WWW… Wild Wild West )
- 8. www.cci-es.org Physical & Cyber Worlds Convergence 8 Consequences: Intangible Web Portal unavailable No email Consequences: Tangible, Concrete Production Losses Environmental Damages Public Health Lower Company Valuation
- 10. www.cci-es.org IT in the Industrial World Industrial devices have inherited all problems from IT Industrial Control Systems are NOT isolated anymore. They have moved from using dedicated serial lines to Ethernet or WiFi Now, most of industrial protocols are running over TCP/IP Industrial Control Systems use general purpose operating systems
- 11. www.cci-es.org IT vs OT 11 Information Technology Operations Technology Component lifetime 3-5 years Component lifetime: 10-20 years Maturity and knowledge on cybersecurity First steps on cybersecurity. Lack of awareness Standard methodologies and architectures Legacy systems Loss of data Loss of life Recover by reboot Fault tolerance essential High throughput demanded. High delay accepted Modest throughtput acceptable. High delay serious concern Straightforward upgrades and automated changes Patching is a pain. Changes only through vendors
- 12. www.cci-es.org IT vs OT 12 Cybersecurity Dimensions in IT Cybersecurity Dimensions in OT Confidentiality 50% Availability 60% Integrity 30% Integrity 35% Availability 20% Confidentiality 5%
- 13. www.cci-es.org ICS Vulnerability Disclosure Evolution 0 20 40 60 80 100 120 2010 2011 2012 2013 # ICS-CERT disclosures 13Alerts + Advisories. https://ics-cert.us-cert.gov/ics-archive
- 14. www.cci-es.org Aramco Cyber Attack 14 • Biggest oil producer in the world • > 50,000 employees • Revenue > 300 US$ billion • In August 2012 had a cybersecurity incident • Computers directly tied to oil production were compromised (Shamoon virus) • 30,000 workstations were affected • The company spent one week to restore services • After the incident Aramco tightened its security policies • Not only in the corp. side, but in the industrial systems
- 17. www.cci-es.org Shodan (www.shodanhq.com) • Internet search engine that indexes internet- connected services response (FTP, SSH, Telnet, HTTP, HTTPS, SNMP, uPNP, SMB…) • Provide access to millions of Internet- connected devices
- 23. www.cci-es.org Internet-facing Industrial Systems+2.000.000 Located in United States30% ISP’s Dynamic Addresses80% Project SHINE SHodan INtelligence Extraction
- 25. www.cci-es.org Regulation Timeline in US & EU 25 1995 1998 2001 2004 2005 2006 2008 2009 2011 20132003 COM(2004) 702 Critical Infrastructure Protection in the fight against terrorism COM(2005) 576 Green paper on a European programme for critical infrastructure protection COM(2006) 768 EPCIP (European Programme for Critical Infrastructure Protection) COM(2009) 149 CIP: Protecting Europe from large scale cyber-attacks and disruptions: enhancing COM(2011) 163 CIP: Achievements and next steps: towards global cyber-security 2014
- 26. www.cci-es.org Critical Infrastructure Protection • Government guided process – Identification (mostly secret) – Priorization (different levels of criticity) – Protection (countermeasures deployment) • The question is: 26 Who is gonna pay for this?
- 27. www.cci-es.org Critical Infrastructure Protection 27 • Industry pressure against regulation • Leads to: Minimum Requirements • Implementation towards compliance – Infrastructure protection into the background – False sense of protection
- 28. www.cci-es.org
- 31. www.cci-es.org The Smart Grid • The CI that lies beneath • Focus of many CIP initiatives • Smart grid means – Efficiency – Resiliency – Integration of technologies – User Interaction – Prosumers – New services – Electric Vehicles • Very tight interconnection 31
- 32. www.cci-es.org The Smart Grid • Security is paramount • And brings an additional component 32
- 33. www.cci-es.org Who’s got the interest? 33
- 35. www.cci-es.org Who? • The US National Security Agency is one of the most prolific tool makers for APTing. • Its ANT (Access Network Technology) division has compromised the security architecture of every major player in the IT industry. • Multiple secret backdoors allow the NSA to compromise virtually every organization in the world. • Software and hardware tools. • Attacks against protocols, operating systems, electromagnetic spectrum… 35
- 36. www.cci-es.org Who? 36 • Political, strategical, and financial interests are involved in decisions made by governments and corporations • PLA Unit 61398 • AKA People’s Liberation Army Persistent Threat Unit
- 37. www.cci-es.org There are more that we can see
- 39. www.cci-es.org • High interaction honeypot • Emulating a water treatment plant • Just recording • Targetted attacks • With the intention of modification or destruction Kyle Wilhoit (Trendmicro)
- 41. www.cci-es.org TIC Society ICT Industrial Industrial Orgs. Critical Infrastructures Consultancies Integrators Engineering EPC ICT & Cybersecurity Vendors Industrial Vendors Services & Products CIP & IC Government Requirements & Regulations
- 42. www.cci-es.org R “C3R: Collaboration, Coordination and Commitment based Relationships” Collaboration CoordinationCommitment
- 43. www.cci-es.org большое спасибо Ignacio Paredes - @iparedes - ignacio.paredes@cci-es.org