This document discusses cybersecurity risks and strategies for the energy sector. It begins by outlining the current cyber threat landscape, including risks from ransomware, industrial control systems, IoT devices, and attacks on critical infrastructure. It then discusses challenges securing industrial control systems and scenarios where cyber attacks could impact physical systems. The document concludes by recommending steps for energy companies, including implementing standards like NERC CIP and ISO 27001, conducting security assessments and architecture reviews, employee training, cyber drills to test incident response, and working in a regulated environment with independent audits.

1. © ACinfotec 2017Version 2.0 / 09.08.2017
แนวโน้มและการสร้างความเชื่อมั่นด้าน
Cybersecurity สำหรับกลุ่มธุรกิจพลังงาน
The Future of Cybersecurity in Energy Sector
การประชุมระดมความคิดเห็น
เพื่อวิเคราะห์ปัจจัยที่ส่งผลกระทบต่ออนาคตพลังงานไทย
กระทรวงพลังงาน
ศาศวัต มาลัยวงศ์, ACinfotec

2. ACinfotec is Thailand’s leading expert provider of services,
solutions and consultation for IT governance, risk and
compliance management based on various well-known
international standards, best practices and regulations.
Our expertise and client base spans all major industries. We
regularly provide services to leading organization across the
financial, technology, telecommunication, healthcare, insurance,
energy, and manufacturing sectors.
“Driving Business Excellence”

3. Agenda
© ACinfotec 2017 3
! ภัยคุกคามทางไซเบอร์ในปัจจุบันและอนาคต (Security Landscape of 2017 and Beyond)
! ความเสี่ยงทางไซเบอร์ต่อกลุ่มธุรกิจพลังงาน
! แนวทางการรักษาความมั่นคงปลอดภัยไซเบอร์และสร้างความเชื่อมั่น

4. 2017 is the Year of Ransomware (and Compliance)
© ACinfotec 2017 4

5. 2017 is the Year of Ransomware
© ACinfotec 2017 5
Wannacry…

6. 2017 is the Year of Ransomware
© ACinfotec 2017 6
Petya…

7. 2017 is the Year of Ransomware (and Compliance)
© ACinfotec 2017 7

8. 2017 is the Year of Ransomware (and Compliance)
© ACinfotec 2017 8

9. How Many of the Fortune 500 are Hacked?
© ACinfotec 2017 9
Source: http://uk.businessinsider.com/security-mikko-hypponen-all-fortune-500-companies-hacked-2015-10

10. WEFORUM: Global Risk Landscape 2017
© ACinfotec 2017 10
Source: The Global Risk Landscape 2017,
World Economic Forum
Cyber attacks are among Top 10 Risks

11. We are No.5
© ACinfotec 2017 11

12. 7,659 Vulnerable Targets !!
What Went Wrong?

13. I don’t have
time for
security
What Went Wrong?

14. Security cost
is not worth it
TCO
85%
Hidden Cost
15%
Visible Cost
What Went Wrong?

15. I Need NextGen
Security Solutions
That’s All
APT
DLP
MDM
NextGen FW
Etc.
Honeypot
Web Intelligence
What Went Wrong?

16. Agenda
© ACinfotec 2017 16
! ภัยคุกคามทางไซเบอร์ในปัจจุบันและอนาคต (Security Landscape of 2017 and Beyond)
! ความเสี่ยงทางไซเบอร์ต่อกลุ่มธุรกิจพลังงาน
! แนวทางการรักษาความมั่นคงปลอดภัยไซเบอร์และสร้างความเชื่อมั่น

17. IoT Makes Energy Smarter
© ACinfotec 2017 17
It has efficient/smart appliances and systems,
digital retail innovations, smart network upgrades.

18. IoT Market Growth in Renewable Energy
© ACinfotec 2017 18
Source: Totaro & Associates

19. IoT Platform Capability Enablement
© ACinfotec 2017 19
Source: Totaro & Associates

20. © ACinfotec 2017 20
IoT Security Risks and Challenges

21. Current Cyber Security Landscape
• Convergence of Physical & Cyber Security Operations
• “Cyber” migrates from IT Dept to the Board: C-Suite
• Global Real-Time Targeted Cyber Attacks – 24/7
• Transition from 20thC Tools (Firewalls & Anti-virus) to
“Smart” 21stC Tools (AI & Machine Learning)
• Emergence of Enterprise “Internet of Things”
• Evolution of Smart Devices, Cities, Economy & Society
• Dramatic increase in Cyber Crime & Cyber Terrorism
© ACinfotec 2017 21

22. Cyber-Physical Threat Scenarios
• Physical “Penetration”: Operations Perimeter penetrated to allow
theft or corruption of Cyber Information / IT Databases and
Confidential Plans
• Cyber “Hack”: Malicious changes to Cyber Access Controls & IT
Databases to allow Criminals/Terrorists to enter Target Facilities
(such as Military Bases, Banking HQ, Telco/Mobile Network
Operations)
• Convergent Threats – Criminals/Terrorists will attack at the weakest
links which in the 21stC will be BOTH Cyber Network and Physical
Premise
© ACinfotec 2017 22
.......Cyber Attacks are now fully industrialized with Malicious
Code “Kits” & Botnets for sale “by the hour” on the DARKNET

23. Special Report from RSA 2017
© ACinfotec 2017 23
Photo: Mathew Schwartz

24. Hacking the Physical World
© ACinfotec 2017 24

25. DIY Ransomware
© ACinfotec 2017 25

26. © ACinfotec 2017 26
What Went Wrong?
Critical Infrastructure
(Un)protected

27. Most Famous Case: Stuxnet
© ACinfotec 2017 27

28. Everybody says it is insecure
ICS/SCADA in the old days,
Photo: http://www.gizmodo.com.au/2012/10/the-awesome-control-rooms-that-run-the-world/

29. SCADA in the old days
but ICS/SCADA is now
“DIGITALLY CONNECTED”
All rights reserved by Christie Digital

30. And It’s moving to…
I can find PLC.

31. Windows Environment
All rights reserved by alfonsozt /Flickr

32. also web-accessible
I can find PLC.
Photo: http://dailypayne.com.s60471.gridserver.com/wp-content/uploads/2010/01/day-9-i-see-you.jpg

33. Document Manual
Security is disabled by default. To log in, enter any name; you do not need a password
or domain name
S5-LAN-LINK has a special protocol for communication with the PC. For this
communication you need a DLL. In this document this DLL will be written down.
There is no security of this protocol.
The option of configuring user passwords with special characters is supported in
WINCC flexible 2007 or higher. Passwords which contain special characters are not
supported in previous version of WinCC Flexible.
A password which contains special characters is reset to the default value “100” if you
convert a project as of WinCC flexible 2007 or higher into a previous version. Define a
new password without special characters after having completed the conversion.

34. Mobile App

35. SCADA VS Exploitation Framework

36. What if your ICS/SCADA system is online?
“It took only 18
hours to find the
first signs of attack
on one of the
honeypots. “
Who’s Really Attacking
Your ICS Equipment?
Percentage of attacks per country

37. Hunting for ICS/SCADA
All rights reserved by Skye Perry/Flickr

38. World War Map

39. Attacking Smart Meter: Simply Ping Flood

40. Mirai Botnet Pwns in 60 Seconds
© ACinfotec 2017 40
Demonstration of Mirai honeypot via Intel Security's Chris Young. (All photos: Mathew Schwartz)

41. Critical Infra Under Siege!
© ACinfotec 2017 41

42. © ACinfotec 2017 42
Source: http://thehackernews.com/2017/08/solar-panel-power-grid.html

43. © ACinfotec 2017 43

44. ICS/SCADA Security Challenges
• Improper implementation and configuration
• Updating OS Patch
• Updating Antivirus Definition
• Cost of testing environment
• Connection between corporate and ICS network
• No security built-in, plain-text protocol, lack of
authentication
• Gap between Engineering skills and IT security skills
• External Threats - Cyber Terrorist
• Internal Threats - Disgruntled employees
• Etc.

45. Agenda
© ACinfotec 2017 45
! ภัยคุกคามทางไซเบอร์ในปัจจุบันและอนาคต (Security Landscape of 2017 and Beyond)
! ความเสี่ยงทางไซเบอร์ต่อกลุ่มธุรกิจพลังงาน
! แนวทางการรักษาความมั่นคงปลอดภัยไซเบอร์และสร้างความเชื่อมั่น

46. แนวทางการรักษาความมั่นคงปลอดภัยไซเบอร์และสร้างความเชื่อมั่น
© ACinfotec 2017 46
Security Assessment
& Architecture
03
Standard &
Best Practice
02
Risk Management
01
Awareness &
Education
04
Cyber Drill
05
Regulated
Environment
06

47. Risk Management
© ACinfotec 2017 47
Common Concepts Across All Standards & Best Practices

48. Recommended Cyber Security Related Standards
• ISO 27001 & ISO 27002 --> information security
• มาตรฐานการรักษาความมั่นคงปลอดภัยของระบบสารสนเทศตามวิธีการแบบปลอดภัย
พ.ศ. 2555 (MICT) --> information security
• ISO 27019 --> information security for ICS/SCADA in energy sector
• NERC CIP Standards --> energy sector
• Energy Sector Specific Plan by Homeland Security --> energy sector
• EECSP Report: Cyber Security in the Energy Sector February 2017 -->
energy sector
• ISO 27032 --> cyber security
• NIST CSF --> cyber security
© ACinfotec 2017 48

49. US: NERC CIP
© ACinfotec 2017 49

50. EU: Cyber Security in the Energy Sector Report
© ACinfotec 2017 50

51. ISO 27001 is Commonly Used as a Basis for Laws & Regulations
© ACinfotec 2017 51
-- Alan Calder, CEO of IT Governance Institute, UK

52. Enterprise Security Architecture
Surviving organization change, planning for cyber resilient systems
• Change is a constant in life
• Different head, different direction!
• Lack of Enterprise Security Architecture causing duplicate,
ineffective, unalignment or even useless security spending

53. Security Awareness Campaign

54. PECB Lead SCADA Security Professional Training & EXAM
© ACinfotec 2017 54
TRAINING CENTER

55. ICS/SCADA Security Assessment
• Port Scan could crash the system because of strange payloads and
overwhelming packets.
• With embedded devices which are not Windows/Unix, you will have
more problems.
• Most control systems use simple HTTP GET/POST requests,
automated tools could shutdown the mission-critical functions.
• Traditional Pentest tools are not enough for ICS protocols. We need
better and more specific tools to tackle the ICS world.
“You need elaborate plans and procedures to conduct
security assessment against ICS environment.”
Danger of Traditional Pentest

56. ACinfotec Services & Approaches
• Layered-approach Security Assessment based on
NERC CIP, CPNI, ISA-99/IEC62443, ISO27001, SANS
• ICS/SCADA Architecture Review
• Smart Grid Security Assessment
• Safety and availability
• With elite team members

57. DDoS Simulation / Cyber Drill Testing
© ACinfotec 2017 57
Evaluate Security Incident Response Plan
Evaluate the capability of people to respond and recover
from cyber security incidents
Evaluate effectiveness of cyber security solutions / tools
Improve plan, process and control
Detect
Response
Recover
Prevent

58. We Need Regulated Environment
May the force be with you!
• Action by regulator in each sector
• Enforce security best practice
• Independent audit
• Continuous improvement

59. For more information, contact: ACinfotec Consulting Services
02-670-8980-3 | services@acinfotec.com | www.acinfotec.com
THANK YOU
DRIVING BUSINESS EXCELLENCE