SlideShare a Scribd company logo

Tonight, March 5th – Class 7 (last class) your test” on ICS.docx

Download as DOCX, PDF
T
turveycharlyn

Tonight, March 5th – Class 7 (last class) your “test” on ICS 210W (6,7). (100 pts) March 12 – no class research assignment due ICS210W (9,10) final cert (100, total 400) - enter the all pdfs for all 10 sessions! © 2016 Applied Control Engineering, Inc. NIST 800-82 Rev 2. 5. ICS Security Architecture 6. Applying Security Controls to ICS © 2016 Applied Control Engineering, Inc. ICS Security Architecture Network Segmentation and Segregation Logical network separation enforced by encryption or network device-enforced partitioning VLANS, Encrypted Virtual Private Networks (VPNs), Unidirectional gateways. Physical network separation to completely prevent any interconnectivity of traffic between domains. Network traffic filtering, Network layer filtering, State‐based filtering Port and/or protocol level filtering Application filtering including application-level firewalls, proxies, and content-based filters. © 2016 Applied Control Engineering, Inc. ICS Security Architecture Network Segmentation and Segregation Four common themes that implement the concept of defense-in-depth by providing for good network segmentation and segregation: Apply technologies at more than just the network layer. Each system and network should be segmented and segregated, where possible, from the data link layer up to and including the application layer. Use the principles of least privilege and need‐to‐know. If a system doesn’t need to communicate with another system, it should not be allowed to. If a system needs to talk only to another system on a specific port or protocol and nothing else–or it needs to transfer a limited set of labeled or fixed-format data, it should be restricted as such. Separate information and infrastructure based on security requirements. This may include using different hardware or platforms based on different threat and risk environments in which each system or network segment operates. The most critical components require more strict isolation from other components. In addition to network separation, the use of virtualization could be employed to accomplish the required isolation. Implement whitelisting instead of blacklisting; that is, grant access to the known good, rather than denying access to the known bad. The set of applications that run in ICS is essentially static. Look at the details and examples from section 5. This is important to your final paper! © 2016 Applied Control Engineering, Inc. 5.1 Network Segmentation and Segregation 5-1 5.2 Boundary Protection .5-3 5.3 Firewalls .5-4 5.4 Logically Separated Control Network 5-6 5.5 Network Segregation 5-7 5.5.1 Dual-Homed Computer/Dual Network Interface Cards (NIC) 5-7 5.5.2 Firewall between Corporate Network and Control Network 5-7 5.5.3 Firewall and Router between Corporate Network and Control Network 5-9 5.5.4 Firewall with DMZ between Corporate Network and Control Network . 5-10 5.5.5 Paired Firewalls between Corporate Network and Control ...

Education
1 of 44
Tonight, March 5th – Class 7 (last class) your “test” on ICS 210W (6,7). (100 pts) March 12 – no class research assignment due ICS210W (9,10) final cert (100, total 400) - enter the all pdfs for all 10 sessions! © 2016 Applied Control Engineering, Inc. NIST 800-82 Rev 2. 5. ICS Security Architecture 6. Applying Security Controls to ICS © 2016 Applied Control Engineering, Inc. ICS Security Architecture Network Segmentation and Segregation Logical network separation enforced by encryption or network device-enforced partitioning VLANS, Encrypted Virtual Private Networks (VPNs), Unidirectional gateways. Physical network separation to completely prevent any interconnectivity of traffic between domains. Network traffic filtering, Network layer filtering, State‐based filtering Port and/or protocol level filtering Application filtering including application-level firewalls, proxies, and content-based filters.
© 2016 Applied Control Engineering, Inc. ICS Security Architecture Network Segmentation and Segregation Four common themes that implement the concept of defense-in- depth by providing for good network segmentation and segregation: Apply technologies at more than just the network layer. Each system and network should be segmented and segregated, where possible, from the data link layer up to and including the application layer. Use the principles of least privilege and need‐to‐know. If a system doesn’t need to communicate with another system, it should not be allowed to. If a system needs to talk only to another system on a specific port or protocol and nothing else– or it needs to transfer a limited set of labeled or fixed-format data, it should be restricted as such. Separate information and infrastructure based on security requirements. This may include using different hardware or platforms based on different threat and risk environments in which each system or network segment operates. The most critical components require more strict isolation from other components. In addition to network separation, the use of virtualization could be employed to accomplish the required isolation. Implement whitelisting instead of blacklisting; that is, grant access to the known good, rather than denying access to the known bad. The set of applications that run in ICS is essentially static. Look at the details and examples from section 5. This is
important to your final paper! © 2016 Applied Control Engineering, Inc. 5.1 Network Segmentation and Segregation 5-1 5.2 Boundary Protection .5-3 5.3 Firewalls .5-4 5.4 Logically Separated Control Network 5-6 5.5 Network Segregation 5-7 5.5.1 Dual-Homed Computer/Dual Network Interface Cards (NIC) 5-7 5.5.2 Firewall between Corporate Network and Control Network 5-7 5.5.3 Firewall and Router between Corporate Network and Control Network 5-9 5.5.4 Firewall with DMZ between Corporate Network and Control Network . 5-10 5.5.5 Paired Firewalls between Corporate Network and Control Network 5-12 5.5.6 Network Segregation Summary 5-13 5.6 Recommended Defense-in-Depth Architecture. 5-13 5.7 General Firewall Policies for ICS 5-14 ICS Security Architecture © 2016 Applied Control Engineering, Inc. 5.8 Recommended Firewall Rules for Specific Services . 5-16 5.8.1 Domain Name System (DNS) . 5-17 5.8.2 Hypertext Transfer Protocol (HTTP) . 5-17 5.8.3 FTP and Trivial File Transfer Protocol (TFTP) 5-17 5.8.4 Telnet . 5-17 5.8.5 Dynamic Host Configuration Protocol (DHCP) . 5-18 5.8.6 Secure Shell (SSH) 5-18 5.8.7 Simple Object Access Protocol (SOAP) . 5-18
5.8.8 Simple Mail Transfer Protocol (SMTP) . 5-18 5.8.9 Simple Network Management Protocol (SNMP) . 5-18 5.8.10 Distributed Component Object Model (DCOM) . 5-19 5.8.11 SCADA and Industrial Protocols . 5-19 5.9 Network Address Translation (NAT) . 5-19 ICS Security Architecture © 2016 Applied Control Engineering, Inc. 5.10 Specific ICS Firewall Issues . 5-20 5.10.1 Data Historians 5-20 5.10.2 Remote Support Access . 5-20 5.10.3 Multicast Traffic 5-20 5.11 Unidirectional Gateways . 5-21 5.12 Single Points of Failure . 5-21 5.13 Redundancy and Fault Tolerance . 5-21 5.14 Preventing Man-in-the-Middle Attacks 5-22 5.15 Authentication and Authorization 5-24 5.15.1 ICS Implementation Considerations . 5-25 5.16 Monitoring, Logging, and Auditing 5-25 5.17 Incident Detection, Response, and System Recovery 5-25 ICS Security Architecture © 2016 Applied Control Engineering, Inc. Applying Security Controls to ICS Executing the Risk Management Framework Tasks for ICS Step 1: Categorize Information Systems Step 2: Select Security Controls Step 3: Implement Security Controls Step 4: Assess Security Controls Step 5: Authorize Information System Step 6: Monitor Security Controls
This is what your previous assignment was about. © 2016 Applied Control Engineering, Inc. Applying Security Controls to ICS Executing the Risk Management Framework Tasks for ICS Access Control – Role-based, Wireless, VLANs, web-servers, Dial-up Awareness and Training Audit and Accountability Security Assessment and Authorization Configuration Management Contingency Planning /Business Continuity – identify the recovery objective, DRP Identification and Authentication – Password, 2-Factor, Biometric, Smart Cards, Tokens © 2016 Applied Control Engineering, Inc. 9 Applying Security Controls to ICS Executing the Risk Management Framework Tasks for ICS Incident Response – symptoms of an incident Unusually heavy network traffic. Out of disk space or significantly reduced free disk space. Unusually high CPU usage. Creation of new user accounts. Attempted or actual use of administrator-level accounts. Locked-out accounts. Account in-use when the user is not at work.
Cleared log files. Full log files with unusually large number of events. Antivirus or IDS alerts. Disabled antivirus software and other security controls. Unexpected patch changes. Machines connecting to outside IP addresses. Requests for information about the system (social engineering attempts). Unexpected changes in configuration settings. Unexpected system shutdown. Plan a response - Classification of Incidents; Response Actions; Recovery Actions. © 2016 Applied Control Engineering, Inc. 10 Applying Security Controls to ICS Executing the Risk Management Framework Tasks for ICS Maintenance Media Protection Physical and Environmental Protection Planning Personnel Security Hiring Policies Organization Policies and Practices Terms and Conditions of Employment Risk Assessment System and Services Acquisition System and Communications Protection – Encryption, VPNs System and Information Integrity Virus detection and malicious code Intrusion detection
Patch management Program Management Privacy Controls © 2016 Applied Control Engineering, Inc. 11 Good Luck with your Career! Please fill out the IDEA survey! Spring B1 2018 IDEA surveys are available to students. Students can access their surveys by entering their full Wilmington University email address and password at wilmu.campuslabs.com/courseeval. Faculty are encouraged to promote student participation in the IDEA survey. Faculty can view real-time response rates, as well as past survey results via https://wilmu.campuslabs.com/faculty. (Please note that survey histories begin with Fall 2016 course reports). © 2016 Applied Control Engineering, Inc. 12 © 2016 Applied Control Engineering, Inc. © 2008 The MITRE Corporation. All rights Reserved.
Malicious Control System Cyber Security Attack Case Study– Maroochy Water Services, Australia Marshall D. Abrams, The MITRE Corporation Joe Weiss, Applied Control Solution s, LLC Annual Computer Security Applications Conference December 2008 © 2008 The MITRE Corporation. All rights Reserved. 2 NIST Industrial Control System (ICS) Cyber Security Project ■ Objective: to improve the cyber security of federally
owned/operated ICS ■ ICS pervasive throughout all critical infrastructures ■ Improve the security of public and private sector ICS – Work with voluntary industry standards groups (e.g., The Instrumentation, Systems, and Automation Society – ISA) oAssist in ICS cyber security standards and guideline development oFoster ICS cyber security standards convergence – Raise the level of ICS security through R&D and testing ■ Purpose of case studies is to focus in on factors otherwise overlooked, not to ascribe any blame © 2008 The MITRE Corporation. All rights Reserved. 3 NIST Cyber Security Strategic Vision
■ Promote the development of key security standards and guidelines to support the implementation of and compliance with the Federal Information Security Management Act (FISMA) ■ Build a solid foundation of information security across one of the largest information technology infrastructures in the world based on comprehensive security standards and technical guidance. ■ Institutionalize a comprehensive Risk Management Framework that promotes flexible, cost-effective information security programs for federal agencies. ■ Establish a fundamental level of “security due diligence” for federal agencies and their contractors based on minimum security requirements and security controls. © 2008 The MITRE Corporation. All rights Reserved. 4
The Current Landscape dependent on information systems to carry out their missions and business functions. systems become open and internet-connected, thus putting the national services critical infrastructure at risk. usiness success, enterprise information systems must be dependable in the face of serious cyber threats. must be appropriately protected. © 2008 The MITRE Corporation. All rights Reserved. 5 The Threat Situation
■ ICS are becoming more open making them vulnerable to intentional and unintentional cyber threats ■ Effects of errors and omissions increasingly catastrophic ■ Attacks are organized, disciplined, aggressive, and well resourced; many are extremely sophisticated ■ Adversaries are nation states, terrorist groups, criminals, hackers, and individuals or groups with intentions of compromising information systems ■ Significant exfiltration of critical and sensitive information and implantation of malicious software occurring on a regular basis ■ Largely untutored work force with little interest in IT security ■ ICS community diverse using different protocols (many archaic) © 2008 The MITRE Corporation. All rights Reserved.
6 NIST ICS Project Deliverables ■ Support public & private sectors, and standards organizations that want to use NIST Standards & Guidelines for ICS ■ Evolve SP 800-53 Recommended Security Controls for Federal Information Systems to better address ICS – Revision 2 published December 2007 – Revision 3 first public draft scheduled for (end of) December 2008 ■ Develop SP 800-82 Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control System Security – Second draft September 2007 – Final in 2009 © 2008 The MITRE Corporation. All rights Reserved.
7 Case Study Overview ■ Examine actual control system cyber event – Resulted in significant environmental and economic damage – Malicious attack by knowledgeable insider, who had been a trusted contractor employee – Timelines, control system response, and control system policies ■ Identify operating policies and procedures that were missing or had readily identifiable cyber security vulnerabilities ■ Identify NIST SP 800-53 management, operational, and technical safeguards or countermeasures that, if implemented, could have prevented or ameliorated the event © 2008 The MITRE Corporation. All rights Reserved.
Attack Synopsis ■ Vitek Boden worked for Hunter Watertech, an Australian firm that installed SCADA radio-controlled sewage equipment for the Maroochy Shire Council in Queensland, Australia (a rural area of great natural beauty and a tourist destination ) – Applied for a job with the Maroochy Shire Council – Walked away from a “strained relationship” with Hunter Watertech – The Council decided not to hire him – Boden decided to get even with both the Council and his former employer ■ On at least 46 occasions issued radio commands to the sewage equipment – Caused 800,000 liters of raw sewage to spill out into local parks, rivers and even the grounds of a Hyatt Regency hotel – Marine life died, the creek water turned black and the stench was unbearable for residents
8 © 2008 The MITRE Corporation. All rights Reserved. Time Line ■ 1997-December 1999 – Boden employed by Hunter Watertech ■ December 3, 1999 – Boden resigns from Hunter Watertech ■ Early December 1999 – Boden seeks City Council employment ■ Early January 2000 – Boden turned down ■ February 9-April 23, 2000 – SCADA system experiences series of faults ■ March 16, 2000 – Hunter Watertech investigator tried to troubleshoot system ■ April 19, 2000 – Log indicates system program had been run at least 31 times
■ April 23, 2000 – Boden disabled alarms at four pumping stations using the identification of pumping station 4. ■ April 23, 2000 – Boden pulled over by police with computer equipment in car ■ October 31, 2001 – Boden convicted in trial – sentenced to 2 years ■ March 21, 2002 – Appeal rejected 9 © 2008 The MITRE Corporation. All rights Reserved. Evidence Found in Boden’s Vehicle ■ Laptop – Reloaded February 28, 2000 – Software used in the sewerage system (re)installed February 29 o Run at least 31 times prior to April 19
o Last run on April 23 ■ Motorola M120 two-way radio same type used in the Council’s system – Tuned into the frequencies of the repeater stations – Serial numbers matched delivery docket provided by the supplier of the radios to Hunter Watertech ■ PDS Compact 500 computer control device – Address set to spoof pumping station – Serial number identified it as a device which should have been in the possession of Hunter Watertech 10 © 2008 The MITRE Corporation. All rights Reserved. Observations (1/2)
■ Boden was an insider who was never an employee of the organization he attacked – Employee of contractor that supplied IT/control system technology – With his knowledge he was the “ultimate insider” ■ Contractor’s responsibilities unstated or inadequate – Management, technical and operational cyber security controls – Personnel security controls o Background investigations o Protection from disgruntled employees ■ As a skillful adversary, Boden was able to disguise his actions – A number of anomalous events occurred before recognition that the incidents were intentional – Extensive digital forensics were required to determine that a deliberate attack was underway ■ No existing cyber security policies or procedures ■ No cyber security defenses
11 © 2008 The MITRE Corporation. All rights Reserved. Observations (2/2) ■ Difficult to differentiate attacks from malfunctions ■ When/why is it important to determine whether intentional attack, or unintentional flaw or error? ■ Difficult to protect against insider attacks ■ Radio communications commonly used in SCADA systems are often insecure or improperly configured ■ SCADA devices and software should be secured to the extent possible using physical and logical controls ■ Security controls often not implemented or used properly ■ Generally SCADA systems lack adequate logging mechanisms for forensic purposes ■ Also recommended
• Anti- encryption • Upgrade-able SCADA systems (from a security perspective) 12 © 2008 The MITRE Corporation. All rights Reserved. 13 SP 800-53 Security Control Classes, Families, and Identifiers © 2008 The MITRE Corporation. All rights Reserved. SP 800-53 Pervasive Cyber Security Prophylactic Controls PROBLEM CONTROL FAMILY
Policy and Procedures The first control in every control family addresses policy and procedure. Personnel Security Personnel Security (PS) Hardware & Software System and Services Acquisition (SA) Awareness and Training Awareness and Training (AT) Audit Audit and Accountability (AU) Contingency Planning Contingency Planning (CP) Incident Response Incident Response (IR) Cryptographic Protection System and Communications Protection (SC)
14 © 2008 The MITRE Corporation. All rights Reserved. SP 800-53 Controls for Malicious Activities MALICIOUS ACTIVITY CONTROL FAMILY Issuing radio commands Access Control (AC) Identification and Authentication (IA) Falsifying network address Access Control (AC) Sending false data
and instructions System and Information Integrity (SI) Disabling alarms 15 © 2008 The MITRE Corporation. All rights Reserved. Access Control (AC) AC-1 Access Control Policy and Procedures AC-11 Session Lock AC-2 Account Management AC-12 Session Termination AC-3 Access Enforcement AC-13 Supervision and Review— Access Control AC-4 Information Flow Enforcement AC-14 Permitted Actions without
Identification or Authentication AC-5 Separation of Duties AC-15 Automated Marking AC-6 Least Privilege AC-16 Automated Labeling AC-7 Unsuccessful Login Attempts AC-17 Remote Access AC-8 System Use Notification AC-18 Wireless Access Restrictions AC-9 Previous Logon Notification AC-19 Access Control for Portable and Devices AC-10 Concurrent Session Control AC-20 Use of External Information Systems 16
■ A combination of access controls would have alleviated or prevented the attack ■ Tightly coupled with Identification and Authentication © 2008 The MITRE Corporation. All rights Reserved. Learning From the 2000 Maroochy Shire Cyber Attack ■ Public record of an intentional, targeted attack by a knowledgeable person on an industrial control system teaches us to consider: – Critical physical, administrative, and supply chain vulnerabilities – Vulnerabilities coming from suppliers or others outside the organization – Contractor and sub-contractor personnel as a potential attack source ■ Need to be concerned with both inside & outside attack ■ Difficulty in identifying a control system cyber incident as a
malicious attack and retaking control of a “hijacked” system ■ A determined, knowledgeable adversary could potentially defeat most controls ■ Structured defense-in-depth security is best 17 © 2008 The MITRE Corporation. All rights Reserved. 18 Additional Information ■Authors – Marshall Abrams <[email protected]> – Joe Weiss <[email protected]> ■ Incident – See references in paper ■Case Study
– http://csrc.nist.gov/sec-cert/ics/papers.html ■NIST Industrial Control System Security Project – http://csrc.nist.gov/sec-cert/ics/index.html ■NIST Project Managers – Stu Katzke <[email protected]> – Keith Stouffer <[email protected]> http://csrc.nist.gov/sec-cert/ics/papers.html http://csrc.nist.gov/sec-cert/ics/papers.html ICS ARCHITECTURE FINAL PROJECT TEMPLATE ICS Architecture Final Project Template
SEC6082 Your Name Running Head: ICS Architecture Final Project Template Table of Contents Executive SummaryX ICS Industry Architecture Being DesignedX OverviewX Statement of NeedX Detailed DescriptionX ICS Network ArchitectureX Physical and Logical DesignsX ProtocolsX DevicesX ICS Security ArchitectureX Device Security ConfigurationX Device Security ConfigurationX Device Security ConfigurationX EtcX AppendixX *Comprehensive Network MapX Example: Device Data FlowsX Example: Security Design DocumentsX
Example: Intrusion Detection SystemX Example: Honeypot ConfigurationX *The comprehensive network map must include all devices and communication protocols. List of Tables and Figures Figure 1. Example: Total Network DesignX Figure 2. Example: Device Data FlowX Figure 3. Example: Intrusion Detection SystemX Figure 4. Example: Honeypot ConfigurationX Executive Summary An Executive Summary provides a brief overview for C-level Executives who only need to know what the material is about, not the details of the material. Give a brief summary, one page
or less, of what this project is about. ICS Industry Architecture Being Designed This is arguably the most important part of the ICS architecture project. The logistical work done during this phase makes it possible to architect a successful ICS network. The origins of all problems experienced during the other phases can usually be tracked back to a lack of planning and understanding of your project during this phase. You will describe the industry you are architecting this ICS network for. 1. Overview Begin describing the types of network designs commonly used to architect this network. 2. Statement of Need Discuss the network needs of this architectural project. Your ICS network must include a SCADA network controlling at least two remote DCS networks. The SCADA network must securely share data with a traditional business IT network. 3. Detailed Description Now that you know the types of network commonly found and used in this industry and you know the particular needs of this architectural project, address how you will design this ICS network.
ICS Network Architecture Provide a brief description of what will occur during this phase. For example: This is the phase where you will describe the physical and logical design of your network, etc. This phase has three sections: Physical and Logical Designs; Protocols; and Devices. 1. Physical and Logical Designs There are many physical and logical network designs possible. ICS networks usually have more than one physical and logical network solution. Describe your physical and logical ICS network designs here. Include Visios or Excel designs to graphically illustrate your designs. A block of words is provided below to jog your mind: Ring, star, bus, mesh, twisted pair, coax, fiber, microwave, satellite. 2. Protocols This section is where you will document and describe the protocols in use, where, and why. The protocols listed should be represented in your network diagram(s). A block of words is provided below to jog your mind: DNP3, Fieldbus, Modbus, Profibus, Ethernet. 3. Devices A list of devices should be provided with as much information as possible. Identify the open ports and services running on each. List them here and explain why you’ve chosen them. All
devices listed should appear in your network diagram(s). Follow these steps below: a. Identify the device. b. Identify what the device does. c. Identify the open ports. d. Identify the services running on these ports. Example devices include, but are not limited to: Router, firewall, IDS/IPS, Honeypot, Historian, PLC, RTU, IED, data acquisition server, HMI, protocol gateway, SCADA master station, sensors. ICS Security Architecture List each device you previously documented in “3. Devices” but this time annotate how they will be secured. This will require you to research vendor documentation, industry best practices, and other authoritative sources. Identify known weaknesses of the devices and how you will mitigate them.
Reference
Appendix WILMINGTON UNIVERSITY Course: SEC 6082 Final Research Paper Instructor: Dirk Sweigart Student:___________________ Weighted Content:______CT:______Comm:______ Weighted Rubric Score:__________ _ Performance Unsatisfactory 1 Developing 2 Competent 3 Accomplished
4 Exemplary 5 Knowledge of Content 50% of rubric score Work does not reflect the assignment purpose Work marginally reflects the assignment purpose Work reflects the assignment purpose Work is accurately detailed, and in line with course content Work stands-out as exemplary, is accurately detailed, and in
line with course content Minimal details of ICS Industry being designed Overview and description provides only basic information Overview and Description provides general information Architecture section provides a detailed need and description Architecture section provides a clear and concise statement and description Does not include physical, logical, protocols or devices Includes a basic overview of physical, logical, protocols or devices Includes a general overview of the physical, logical, protocols or devices Includes a relatively detailed overview physical, logical, protocols or devices Includes a clear and concise overview of the network architecture including detailed description physical, logical, protocols or devices No description of ICS security architecture Basic description of ICS security architecture with no details on devices Includes a general description of of ICS security architecture but minimal device details
Includes a relatively detailed description of ICS security architecture along with device details Includes a clear and concise description of ICS security architecture and detailed description of device security configurations Does not include appendices Includes minimal appendices Include basic description of appendixes with good content Include detailed appendices that are appropriate to the content Include clear and concise appendices that build on the main content. No figures or descriptions (these can be embedded) Minor figures but not very relevant Good figures, tables and descriptions appropriate to content Well-defined figures and tables appropriate to the content Figures and descriptions are the content and express the ideas beyond the text. Ineffective documentation of research/support or 0 Prof references used Uses at least 2 Prof ref to support research with poor integration Uses at least 3 Prof ref to support research with adequate integration
Uses at least 4 references and integrates them acceptably into the document Uses 5 or more references and integrates them clearly and concisely into the document Unsatisfactory Developing Competent Accomplished Exemplary Critical Thinking 30% of rubric score Ability to incorporate graphical data/info is lacking Ability to incorporate graphical data/info is emerging Ability to incorporate graphical data/info is basic Ability to incorporate graphical data/info & link key relationships is proficient Ability to incorporate graphical data/info & link key relationships is superior Design does not discuss the impact of the unique challenges that
exist in securing Industrial Control Systems Design marginally describes the impact of the unique challenges that exist in securing Industrial Control Systems Design assesses the impact of the unique challenges that exist in securing Industrial Control Systems Design effectively assess the impact of the unique challenges that exist in securing Industrial Control Systems with generalized solutions to address those challenges Design assess in technical detail the impact of the unique challenges that exist in securing Industrial Control Systems with customized solutions to address those challenges Design does not address methods to balance security with potential negative impact to process operations and productivity. Design documents need for balanced security but includes no discussion of how to achieve it. Design provides a basic description of methods to balance security with potential negative impact to process operations and productivity. Design provides a detailed description of methods to balance security with potential negative impact to process operations and productivity. Design provides a clear and concise description of methods to balance security with potential negative impact to process
operations and productivity. Design does not provide any options for security implementations Design provides a small number of options for security implementations Design provides options for security implementations Design provides some options for security implementations with detailed guidance Design provides lots of options for security implementations with detailed guidance Unsatisfactory Developing Competent Accomplished Exemplary Communications (Written)20% of rubric score Sentences are not well-constructed and often lack clarity.
Formats and patterns are repetitive Sentences are somewhat clear and well constructed, but lack variety in format& length Most sentences are clear and well-constructed some evidence of variety in format, length, and complexity. Sentences are clear and well-constructed - Some evidence of variety in format, length, and complexity Varied well-constructed sentences are evident throughout the document with an appropriate stylistic flair Paper is riddled with spelling, punctuation, and/or grammatical errors Paper contains 5 or 6 spelling, punctuation, and/or grammatical errors Paper contains 3 or 4 spelling, punctuation, and/or grammatical errors Paper contains 1 or 2 spelling, punctuation, and/or grammatical errors No spelling, punctuation, and/or grammatical errors are readily apparent Paper is riddled with APA errors Paper contains 5 or 6 APA errors Paper contains 3 or 4 APA errors Paper contains 1 or 2 APA
errors No APA errors are readily apparent Executive summary lacking or does not create interest Executive summary evident but not particularly engaging Executive summary creates interest and engages the audience Executive summary creates interest and engages the audience, sets the stage for the main presentation Creates interest, engages and involves the audience, sets stage for the main presentation Main points are not clear or well organized - Lacks supporting evidence and detail Main points are clear but not well developed - More supporting evidence and detail are needed Main points are clear and well developed - Evidence and detail adequately support the presentation Main points are clear and well developed. Evidence and detail provide strong support for the presentation Main points are clear and well developed - Etc. Logical development is easy to follow
No conclusion, paper just ends Conclusion exists but does not summarize Conclusion mentions main points Conclusion summarizes main points Conclusion summarizes and drives home main points. No presentation aids used Basic presentation aids used, either not well designed or well integrated into the presentation Presentation aids are designed and integrated to communicate content but lack variety Presentation aids are well designed & integrated, as well as varied (some use of graphics/visual or sound effects) Presentation aids are of professional quality, enhancing the flow and persuasiveness (well integrated graphs, video or other electronic media)

Recommended

Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
PSOIOT-1151.pdf
PSOIOT-1151.pdfPSOIOT-1151.pdf
PSOIOT-1151.pdfAlekseySolomin
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammondPROFIBUS and PROFINET InternationaI - PI UK
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsBen Rothke
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 

Recommended

Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
PSOIOT-1151.pdf
PSOIOT-1151.pdfPSOIOT-1151.pdf
PSOIOT-1151.pdfAlekseySolomin
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammondPROFIBUS and PROFINET InternationaI - PI UK
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsBen Rothke
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 
Cloud computing security- critical infrastructures
Cloud computing security- critical infrastructuresCloud computing security- critical infrastructures
Cloud computing security- critical infrastructuresMohammed Saqib
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 
Maintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixMaintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixHCLSoftware
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsYusuf Hadiwinata Sutandar
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentationaksit_services
 
Aksit profile final
Aksit profile finalAksit profile final
Aksit profile finalSaurabh Kumar
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco Canada
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
resume IT security
resume IT securityresume IT security
resume IT securityMichael Moore
 
Effective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSEffective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSIRJET Journal
 
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)Cisco Canada
 
Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327vimal Kumar Gupta
 
Mitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-RadarMitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-RadarFrancisco González Jiménez
 
Cyber threats
Cyber threatsCyber threats
Cyber threatsSonia Baratas Alves
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
 
Cybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA NetworksCybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA NetworksGeorge Wainblat
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayDotha Keller
 
Exam #3 ReviewChapter 10· Balance of payment statements · .docx
Exam #3 ReviewChapter 10· Balance of payment statements · .docxExam #3 ReviewChapter 10· Balance of payment statements · .docx
Exam #3 ReviewChapter 10· Balance of payment statements · .docxturveycharlyn
 
Evolving Role of the Nursing Informatics Specialist Ly.docx
Evolving Role of the Nursing Informatics Specialist Ly.docxEvolving Role of the Nursing Informatics Specialist Ly.docx
Evolving Role of the Nursing Informatics Specialist Ly.docxturveycharlyn
 

More Related Content

Similar to Tonight, March 5th – Class 7 (last class) your test” on ICS.docx

Cloud computing security- critical infrastructures
Cloud computing security- critical infrastructuresCloud computing security- critical infrastructures
Cloud computing security- critical infrastructuresMohammed Saqib
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 
Maintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixMaintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixHCLSoftware
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsYusuf Hadiwinata Sutandar
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentationaksit_services
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco Canada
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Effective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSEffective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSIRJET Journal
 
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)Cisco Canada
 
Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327vimal Kumar Gupta
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
 
Cybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA NetworksCybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA NetworksGeorge Wainblat
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayDotha Keller
 

Similar to Tonight, March 5th – Class 7 (last class) your test” on ICS.docx (20)

Cloud computing security- critical infrastructures
Cloud computing security- critical infrastructuresCloud computing security- critical infrastructures
Cloud computing security- critical infrastructures
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 
Maintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixMaintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFix
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentation
 
Aksit profile final
Aksit profile finalAksit profile final
Aksit profile final
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with meraki
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
resume IT security
resume IT securityresume IT security
resume IT security
 
Effective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSEffective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaS
 
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
 
Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327
 
Mitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-RadarMitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-Radar
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
 
Cybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA NetworksCybridge Secure Content Filter for SCADA Networks
Cybridge Secure Content Filter for SCADA Networks
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance Essay
 

More from turveycharlyn

Exam #3 ReviewChapter 10· Balance of payment statements · .docx
Exam #3 ReviewChapter 10· Balance of payment statements · .docxExam #3 ReviewChapter 10· Balance of payment statements · .docx
Exam #3 ReviewChapter 10· Balance of payment statements · .docxturveycharlyn
 
Evolving Role of the Nursing Informatics Specialist Ly.docx
Evolving Role of the Nursing Informatics Specialist Ly.docxEvolving Role of the Nursing Informatics Specialist Ly.docx
Evolving Role of the Nursing Informatics Specialist Ly.docxturveycharlyn
 
eworkMarket45135.0 (441)adminNew bid from Madam Cathy.docx
eworkMarket45135.0 (441)adminNew bid from Madam Cathy.docxeworkMarket45135.0 (441)adminNew bid from Madam Cathy.docx
eworkMarket45135.0 (441)adminNew bid from Madam Cathy.docxturveycharlyn
 
Evolving Technology Please respond to the following Analyze t.docx
Evolving Technology Please respond to the following Analyze t.docxEvolving Technology Please respond to the following Analyze t.docx
Evolving Technology Please respond to the following Analyze t.docxturveycharlyn
 
Evolving Health Care Environment and Political ActivismRead and .docx
Evolving Health Care Environment and Political ActivismRead and .docxEvolving Health Care Environment and Political ActivismRead and .docx
Evolving Health Care Environment and Political ActivismRead and .docxturveycharlyn
 
Evolving Families PresentationPrepare a PowerPoint presentatio.docx
Evolving Families PresentationPrepare a PowerPoint presentatio.docxEvolving Families PresentationPrepare a PowerPoint presentatio.docx
Evolving Families PresentationPrepare a PowerPoint presentatio.docxturveycharlyn
 
EvolutionLets keep this discussion scientific! I do not want .docx
EvolutionLets keep this discussion scientific! I do not want .docxEvolutionLets keep this discussion scientific! I do not want .docx
EvolutionLets keep this discussion scientific! I do not want .docxturveycharlyn
 
Evolutionary Theory ApproachDiscuss your understanding of .docx
Evolutionary Theory ApproachDiscuss your understanding of .docxEvolutionary Theory ApproachDiscuss your understanding of .docx
Evolutionary Theory ApproachDiscuss your understanding of .docxturveycharlyn
 
Evolution or change over time occurs through the processes of natura.docx
Evolution or change over time occurs through the processes of natura.docxEvolution or change over time occurs through the processes of natura.docx
Evolution or change over time occurs through the processes of natura.docxturveycharlyn
 
Evolution, Religion, and Intelligent DesignMany people mistakenl.docx
Evolution, Religion, and Intelligent DesignMany people mistakenl.docxEvolution, Religion, and Intelligent DesignMany people mistakenl.docx
Evolution, Religion, and Intelligent DesignMany people mistakenl.docxturveycharlyn
 
Evolution of Millon’sPersonality PrototypesJames P. Choc.docx
Evolution of Millon’sPersonality PrototypesJames P. Choc.docxEvolution of Millon’sPersonality PrototypesJames P. Choc.docx
Evolution of Millon’sPersonality PrototypesJames P. Choc.docxturveycharlyn
 
Evolution and Its ProcessesFigure 1 Diversity of Life on Eart.docx
Evolution and Its ProcessesFigure 1 Diversity of Life on Eart.docxEvolution and Its ProcessesFigure 1 Diversity of Life on Eart.docx
Evolution and Its ProcessesFigure 1 Diversity of Life on Eart.docxturveycharlyn
 
Evolution in Animals and Population of HumansHumans belong t.docx
Evolution in Animals and Population of HumansHumans belong t.docxEvolution in Animals and Population of HumansHumans belong t.docx
Evolution in Animals and Population of HumansHumans belong t.docxturveycharlyn
 
Evolution of Seoul City in South KoreaHow the City changed s.docx
Evolution of Seoul City in South KoreaHow the City changed s.docxEvolution of Seoul City in South KoreaHow the City changed s.docx
Evolution of Seoul City in South KoreaHow the City changed s.docxturveycharlyn
 
evise your own definition of homegrown terrorism. Then using t.docx
evise your own definition of homegrown terrorism. Then using t.docxevise your own definition of homegrown terrorism. Then using t.docx
evise your own definition of homegrown terrorism. Then using t.docxturveycharlyn
 
eview the Paraphrasing tutorial here (Links to an external sit.docx
eview the Paraphrasing tutorial here (Links to an external sit.docxeview the Paraphrasing tutorial here (Links to an external sit.docx
eview the Paraphrasing tutorial here (Links to an external sit.docxturveycharlyn
 
Evidenced-Based Practice- Sample Selection and Application .docx
Evidenced-Based Practice- Sample Selection and Application .docxEvidenced-Based Practice- Sample Selection and Application .docx
Evidenced-Based Practice- Sample Selection and Application .docxturveycharlyn
 
Evidenced-Based Practice- Evaluating a Quantitative Research S.docx
Evidenced-Based Practice- Evaluating a Quantitative Research S.docxEvidenced-Based Practice- Evaluating a Quantitative Research S.docx
Evidenced-Based Practice- Evaluating a Quantitative Research S.docxturveycharlyn
 
eview the Captain Edith Strong case study in Ch. 6 of Organi.docx
eview the Captain Edith Strong case study in Ch. 6 of Organi.docxeview the Captain Edith Strong case study in Ch. 6 of Organi.docx
eview the Captain Edith Strong case study in Ch. 6 of Organi.docxturveycharlyn
 
Evidenced based practice In this writing, locate an article pert.docx
Evidenced based practice In this writing, locate an article pert.docxEvidenced based practice In this writing, locate an article pert.docx
Evidenced based practice In this writing, locate an article pert.docxturveycharlyn
 

More from turveycharlyn (20)

Exam #3 ReviewChapter 10· Balance of payment statements · .docx
Exam #3 ReviewChapter 10· Balance of payment statements · .docxExam #3 ReviewChapter 10· Balance of payment statements · .docx
Exam #3 ReviewChapter 10· Balance of payment statements · .docx
 
Evolving Role of the Nursing Informatics Specialist Ly.docx
Evolving Role of the Nursing Informatics Specialist Ly.docxEvolving Role of the Nursing Informatics Specialist Ly.docx
Evolving Role of the Nursing Informatics Specialist Ly.docx
 
eworkMarket45135.0 (441)adminNew bid from Madam Cathy.docx
eworkMarket45135.0 (441)adminNew bid from Madam Cathy.docxeworkMarket45135.0 (441)adminNew bid from Madam Cathy.docx
eworkMarket45135.0 (441)adminNew bid from Madam Cathy.docx
 
Evolving Technology Please respond to the following Analyze t.docx
Evolving Technology Please respond to the following Analyze t.docxEvolving Technology Please respond to the following Analyze t.docx
Evolving Technology Please respond to the following Analyze t.docx
 
Evolving Health Care Environment and Political ActivismRead and .docx
Evolving Health Care Environment and Political ActivismRead and .docxEvolving Health Care Environment and Political ActivismRead and .docx
Evolving Health Care Environment and Political ActivismRead and .docx
 
Evolving Families PresentationPrepare a PowerPoint presentatio.docx
Evolving Families PresentationPrepare a PowerPoint presentatio.docxEvolving Families PresentationPrepare a PowerPoint presentatio.docx
Evolving Families PresentationPrepare a PowerPoint presentatio.docx
 
EvolutionLets keep this discussion scientific! I do not want .docx
EvolutionLets keep this discussion scientific! I do not want .docxEvolutionLets keep this discussion scientific! I do not want .docx
EvolutionLets keep this discussion scientific! I do not want .docx
 
Evolutionary Theory ApproachDiscuss your understanding of .docx
Evolutionary Theory ApproachDiscuss your understanding of .docxEvolutionary Theory ApproachDiscuss your understanding of .docx
Evolutionary Theory ApproachDiscuss your understanding of .docx
 
Evolution or change over time occurs through the processes of natura.docx
Evolution or change over time occurs through the processes of natura.docxEvolution or change over time occurs through the processes of natura.docx
Evolution or change over time occurs through the processes of natura.docx
 
Evolution, Religion, and Intelligent DesignMany people mistakenl.docx
Evolution, Religion, and Intelligent DesignMany people mistakenl.docxEvolution, Religion, and Intelligent DesignMany people mistakenl.docx
Evolution, Religion, and Intelligent DesignMany people mistakenl.docx
 
Evolution of Millon’sPersonality PrototypesJames P. Choc.docx
Evolution of Millon’sPersonality PrototypesJames P. Choc.docxEvolution of Millon’sPersonality PrototypesJames P. Choc.docx
Evolution of Millon’sPersonality PrototypesJames P. Choc.docx
 
Evolution and Its ProcessesFigure 1 Diversity of Life on Eart.docx
Evolution and Its ProcessesFigure 1 Diversity of Life on Eart.docxEvolution and Its ProcessesFigure 1 Diversity of Life on Eart.docx
Evolution and Its ProcessesFigure 1 Diversity of Life on Eart.docx
 
Evolution in Animals and Population of HumansHumans belong t.docx
Evolution in Animals and Population of HumansHumans belong t.docxEvolution in Animals and Population of HumansHumans belong t.docx
Evolution in Animals and Population of HumansHumans belong t.docx
 
Evolution of Seoul City in South KoreaHow the City changed s.docx
Evolution of Seoul City in South KoreaHow the City changed s.docxEvolution of Seoul City in South KoreaHow the City changed s.docx
Evolution of Seoul City in South KoreaHow the City changed s.docx
 
evise your own definition of homegrown terrorism. Then using t.docx
evise your own definition of homegrown terrorism. Then using t.docxevise your own definition of homegrown terrorism. Then using t.docx
evise your own definition of homegrown terrorism. Then using t.docx
 
eview the Paraphrasing tutorial here (Links to an external sit.docx
eview the Paraphrasing tutorial here (Links to an external sit.docxeview the Paraphrasing tutorial here (Links to an external sit.docx
eview the Paraphrasing tutorial here (Links to an external sit.docx
 
Evidenced-Based Practice- Sample Selection and Application .docx
Evidenced-Based Practice- Sample Selection and Application .docxEvidenced-Based Practice- Sample Selection and Application .docx
Evidenced-Based Practice- Sample Selection and Application .docx
 
Evidenced-Based Practice- Evaluating a Quantitative Research S.docx
Evidenced-Based Practice- Evaluating a Quantitative Research S.docxEvidenced-Based Practice- Evaluating a Quantitative Research S.docx
Evidenced-Based Practice- Evaluating a Quantitative Research S.docx
 
eview the Captain Edith Strong case study in Ch. 6 of Organi.docx
eview the Captain Edith Strong case study in Ch. 6 of Organi.docxeview the Captain Edith Strong case study in Ch. 6 of Organi.docx
eview the Captain Edith Strong case study in Ch. 6 of Organi.docx
 
Evidenced based practice In this writing, locate an article pert.docx
Evidenced based practice In this writing, locate an article pert.docxEvidenced based practice In this writing, locate an article pert.docx
Evidenced based practice In this writing, locate an article pert.docx
 

Recently uploaded

JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 

Recently uploaded (20)

JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 

Tonight, March 5th – Class 7 (last class) your test” on ICS.docx

  • 1. Tonight, March 5th – Class 7 (last class) your “test” on ICS 210W (6,7). (100 pts) March 12 – no class research assignment due ICS210W (9,10) final cert (100, total 400) - enter the all pdfs for all 10 sessions! © 2016 Applied Control Engineering, Inc. NIST 800-82 Rev 2. 5. ICS Security Architecture 6. Applying Security Controls to ICS © 2016 Applied Control Engineering, Inc. ICS Security Architecture Network Segmentation and Segregation Logical network separation enforced by encryption or network device-enforced partitioning VLANS, Encrypted Virtual Private Networks (VPNs), Unidirectional gateways. Physical network separation to completely prevent any interconnectivity of traffic between domains. Network traffic filtering, Network layer filtering, State‐based filtering Port and/or protocol level filtering Application filtering including application-level firewalls, proxies, and content-based filters.
  • 2. © 2016 Applied Control Engineering, Inc. ICS Security Architecture Network Segmentation and Segregation Four common themes that implement the concept of defense-in- depth by providing for good network segmentation and segregation: Apply technologies at more than just the network layer. Each system and network should be segmented and segregated, where possible, from the data link layer up to and including the application layer. Use the principles of least privilege and need‐to‐know. If a system doesn’t need to communicate with another system, it should not be allowed to. If a system needs to talk only to another system on a specific port or protocol and nothing else– or it needs to transfer a limited set of labeled or fixed-format data, it should be restricted as such. Separate information and infrastructure based on security requirements. This may include using different hardware or platforms based on different threat and risk environments in which each system or network segment operates. The most critical components require more strict isolation from other components. In addition to network separation, the use of virtualization could be employed to accomplish the required isolation. Implement whitelisting instead of blacklisting; that is, grant access to the known good, rather than denying access to the known bad. The set of applications that run in ICS is essentially static. Look at the details and examples from section 5. This is
  • 3. important to your final paper! © 2016 Applied Control Engineering, Inc. 5.1 Network Segmentation and Segregation 5-1 5.2 Boundary Protection .5-3 5.3 Firewalls .5-4 5.4 Logically Separated Control Network 5-6 5.5 Network Segregation 5-7 5.5.1 Dual-Homed Computer/Dual Network Interface Cards (NIC) 5-7 5.5.2 Firewall between Corporate Network and Control Network 5-7 5.5.3 Firewall and Router between Corporate Network and Control Network 5-9 5.5.4 Firewall with DMZ between Corporate Network and Control Network . 5-10 5.5.5 Paired Firewalls between Corporate Network and Control Network 5-12 5.5.6 Network Segregation Summary 5-13 5.6 Recommended Defense-in-Depth Architecture. 5-13 5.7 General Firewall Policies for ICS 5-14 ICS Security Architecture © 2016 Applied Control Engineering, Inc. 5.8 Recommended Firewall Rules for Specific Services . 5-16 5.8.1 Domain Name System (DNS) . 5-17 5.8.2 Hypertext Transfer Protocol (HTTP) . 5-17 5.8.3 FTP and Trivial File Transfer Protocol (TFTP) 5-17 5.8.4 Telnet . 5-17 5.8.5 Dynamic Host Configuration Protocol (DHCP) . 5-18 5.8.6 Secure Shell (SSH) 5-18 5.8.7 Simple Object Access Protocol (SOAP) . 5-18
  • 4. 5.8.8 Simple Mail Transfer Protocol (SMTP) . 5-18 5.8.9 Simple Network Management Protocol (SNMP) . 5-18 5.8.10 Distributed Component Object Model (DCOM) . 5-19 5.8.11 SCADA and Industrial Protocols . 5-19 5.9 Network Address Translation (NAT) . 5-19 ICS Security Architecture © 2016 Applied Control Engineering, Inc. 5.10 Specific ICS Firewall Issues . 5-20 5.10.1 Data Historians 5-20 5.10.2 Remote Support Access . 5-20 5.10.3 Multicast Traffic 5-20 5.11 Unidirectional Gateways . 5-21 5.12 Single Points of Failure . 5-21 5.13 Redundancy and Fault Tolerance . 5-21 5.14 Preventing Man-in-the-Middle Attacks 5-22 5.15 Authentication and Authorization 5-24 5.15.1 ICS Implementation Considerations . 5-25 5.16 Monitoring, Logging, and Auditing 5-25 5.17 Incident Detection, Response, and System Recovery 5-25 ICS Security Architecture © 2016 Applied Control Engineering, Inc. Applying Security Controls to ICS Executing the Risk Management Framework Tasks for ICS Step 1: Categorize Information Systems Step 2: Select Security Controls Step 3: Implement Security Controls Step 4: Assess Security Controls Step 5: Authorize Information System Step 6: Monitor Security Controls
  • 5. This is what your previous assignment was about. © 2016 Applied Control Engineering, Inc. Applying Security Controls to ICS Executing the Risk Management Framework Tasks for ICS Access Control – Role-based, Wireless, VLANs, web-servers, Dial-up Awareness and Training Audit and Accountability Security Assessment and Authorization Configuration Management Contingency Planning /Business Continuity – identify the recovery objective, DRP Identification and Authentication – Password, 2-Factor, Biometric, Smart Cards, Tokens © 2016 Applied Control Engineering, Inc. 9 Applying Security Controls to ICS Executing the Risk Management Framework Tasks for ICS Incident Response – symptoms of an incident Unusually heavy network traffic. Out of disk space or significantly reduced free disk space. Unusually high CPU usage. Creation of new user accounts. Attempted or actual use of administrator-level accounts. Locked-out accounts. Account in-use when the user is not at work.
  • 6. Cleared log files. Full log files with unusually large number of events. Antivirus or IDS alerts. Disabled antivirus software and other security controls. Unexpected patch changes. Machines connecting to outside IP addresses. Requests for information about the system (social engineering attempts). Unexpected changes in configuration settings. Unexpected system shutdown. Plan a response - Classification of Incidents; Response Actions; Recovery Actions. © 2016 Applied Control Engineering, Inc. 10 Applying Security Controls to ICS Executing the Risk Management Framework Tasks for ICS Maintenance Media Protection Physical and Environmental Protection Planning Personnel Security Hiring Policies Organization Policies and Practices Terms and Conditions of Employment Risk Assessment System and Services Acquisition System and Communications Protection – Encryption, VPNs System and Information Integrity Virus detection and malicious code Intrusion detection
  • 7. Patch management Program Management Privacy Controls © 2016 Applied Control Engineering, Inc. 11 Good Luck with your Career! Please fill out the IDEA survey! Spring B1 2018 IDEA surveys are available to students. Students can access their surveys by entering their full Wilmington University email address and password at wilmu.campuslabs.com/courseeval. Faculty are encouraged to promote student participation in the IDEA survey. Faculty can view real-time response rates, as well as past survey results via https://wilmu.campuslabs.com/faculty. (Please note that survey histories begin with Fall 2016 course reports). © 2016 Applied Control Engineering, Inc. 12 © 2016 Applied Control Engineering, Inc. © 2008 The MITRE Corporation. All rights Reserved.
  • 8. Malicious Control System Cyber Security Attack Case Study– Maroochy Water Services, Australia Marshall D. Abrams, The MITRE Corporation Joe Weiss, Applied Control Solution s, LLC Annual Computer Security Applications Conference December 2008 © 2008 The MITRE Corporation. All rights Reserved. 2 NIST Industrial Control System (ICS) Cyber Security Project ■ Objective: to improve the cyber security of federally
  • 9. owned/operated ICS ■ ICS pervasive throughout all critical infrastructures ■ Improve the security of public and private sector ICS – Work with voluntary industry standards groups (e.g., The Instrumentation, Systems, and Automation Society – ISA) oAssist in ICS cyber security standards and guideline development oFoster ICS cyber security standards convergence – Raise the level of ICS security through R&D and testing ■ Purpose of case studies is to focus in on factors otherwise overlooked, not to ascribe any blame © 2008 The MITRE Corporation. All rights Reserved. 3 NIST Cyber Security Strategic Vision
  • 10. ■ Promote the development of key security standards and guidelines to support the implementation of and compliance with the Federal Information Security Management Act (FISMA) ■ Build a solid foundation of information security across one of the largest information technology infrastructures in the world based on comprehensive security standards and technical guidance. ■ Institutionalize a comprehensive Risk Management Framework that promotes flexible, cost-effective information security programs for federal agencies. ■ Establish a fundamental level of “security due diligence” for federal agencies and their contractors based on minimum security requirements and security controls. © 2008 The MITRE Corporation. All rights Reserved. 4
  • 11. The Current Landscape dependent on information systems to carry out their missions and business functions. systems become open and internet-connected, thus putting the national services critical infrastructure at risk. usiness success, enterprise information systems must be dependable in the face of serious cyber threats. must be appropriately protected. © 2008 The MITRE Corporation. All rights Reserved. 5 The Threat Situation
  • 12. ■ ICS are becoming more open making them vulnerable to intentional and unintentional cyber threats ■ Effects of errors and omissions increasingly catastrophic ■ Attacks are organized, disciplined, aggressive, and well resourced; many are extremely sophisticated ■ Adversaries are nation states, terrorist groups, criminals, hackers, and individuals or groups with intentions of compromising information systems ■ Significant exfiltration of critical and sensitive information and implantation of malicious software occurring on a regular basis ■ Largely untutored work force with little interest in IT security ■ ICS community diverse using different protocols (many archaic) © 2008 The MITRE Corporation. All rights Reserved.
  • 13. 6 NIST ICS Project Deliverables ■ Support public & private sectors, and standards organizations that want to use NIST Standards & Guidelines for ICS ■ Evolve SP 800-53 Recommended Security Controls for Federal Information Systems to better address ICS – Revision 2 published December 2007 – Revision 3 first public draft scheduled for (end of) December 2008 ■ Develop SP 800-82 Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control System Security – Second draft September 2007 – Final in 2009 © 2008 The MITRE Corporation. All rights Reserved.
  • 14. 7 Case Study Overview ■ Examine actual control system cyber event – Resulted in significant environmental and economic damage – Malicious attack by knowledgeable insider, who had been a trusted contractor employee – Timelines, control system response, and control system policies ■ Identify operating policies and procedures that were missing or had readily identifiable cyber security vulnerabilities ■ Identify NIST SP 800-53 management, operational, and technical safeguards or countermeasures that, if implemented, could have prevented or ameliorated the event © 2008 The MITRE Corporation. All rights Reserved.
  • 15. Attack Synopsis ■ Vitek Boden worked for Hunter Watertech, an Australian firm that installed SCADA radio-controlled sewage equipment for the Maroochy Shire Council in Queensland, Australia (a rural area of great natural beauty and a tourist destination ) – Applied for a job with the Maroochy Shire Council – Walked away from a “strained relationship” with Hunter Watertech – The Council decided not to hire him – Boden decided to get even with both the Council and his former employer ■ On at least 46 occasions issued radio commands to the sewage equipment – Caused 800,000 liters of raw sewage to spill out into local parks, rivers and even the grounds of a Hyatt Regency hotel – Marine life died, the creek water turned black and the stench was unbearable for residents
  • 16. 8 © 2008 The MITRE Corporation. All rights Reserved. Time Line ■ 1997-December 1999 – Boden employed by Hunter Watertech ■ December 3, 1999 – Boden resigns from Hunter Watertech ■ Early December 1999 – Boden seeks City Council employment ■ Early January 2000 – Boden turned down ■ February 9-April 23, 2000 – SCADA system experiences series of faults ■ March 16, 2000 – Hunter Watertech investigator tried to troubleshoot system ■ April 19, 2000 – Log indicates system program had been run at least 31 times
  • 17. ■ April 23, 2000 – Boden disabled alarms at four pumping stations using the identification of pumping station 4. ■ April 23, 2000 – Boden pulled over by police with computer equipment in car ■ October 31, 2001 – Boden convicted in trial – sentenced to 2 years ■ March 21, 2002 – Appeal rejected 9 © 2008 The MITRE Corporation. All rights Reserved. Evidence Found in Boden’s Vehicle ■ Laptop – Reloaded February 28, 2000 – Software used in the sewerage system (re)installed February 29 o Run at least 31 times prior to April 19
  • 18. o Last run on April 23 ■ Motorola M120 two-way radio same type used in the Council’s system – Tuned into the frequencies of the repeater stations – Serial numbers matched delivery docket provided by the supplier of the radios to Hunter Watertech ■ PDS Compact 500 computer control device – Address set to spoof pumping station – Serial number identified it as a device which should have been in the possession of Hunter Watertech 10 © 2008 The MITRE Corporation. All rights Reserved. Observations (1/2)
  • 19. ■ Boden was an insider who was never an employee of the organization he attacked – Employee of contractor that supplied IT/control system technology – With his knowledge he was the “ultimate insider” ■ Contractor’s responsibilities unstated or inadequate – Management, technical and operational cyber security controls – Personnel security controls o Background investigations o Protection from disgruntled employees ■ As a skillful adversary, Boden was able to disguise his actions – A number of anomalous events occurred before recognition that the incidents were intentional – Extensive digital forensics were required to determine that a deliberate attack was underway ■ No existing cyber security policies or procedures ■ No cyber security defenses
  • 20. 11 © 2008 The MITRE Corporation. All rights Reserved. Observations (2/2) ■ Difficult to differentiate attacks from malfunctions ■ When/why is it important to determine whether intentional attack, or unintentional flaw or error? ■ Difficult to protect against insider attacks ■ Radio communications commonly used in SCADA systems are often insecure or improperly configured ■ SCADA devices and software should be secured to the extent possible using physical and logical controls ■ Security controls often not implemented or used properly ■ Generally SCADA systems lack adequate logging mechanisms for forensic purposes ■ Also recommended
  • 21. • Anti- encryption • Upgrade-able SCADA systems (from a security perspective) 12 © 2008 The MITRE Corporation. All rights Reserved. 13 SP 800-53 Security Control Classes, Families, and Identifiers © 2008 The MITRE Corporation. All rights Reserved. SP 800-53 Pervasive Cyber Security Prophylactic Controls PROBLEM CONTROL FAMILY
  • 22. Policy and Procedures The first control in every control family addresses policy and procedure. Personnel Security Personnel Security (PS) Hardware & Software System and Services Acquisition (SA) Awareness and Training Awareness and Training (AT) Audit Audit and Accountability (AU) Contingency Planning Contingency Planning (CP) Incident Response Incident Response (IR) Cryptographic Protection System and Communications Protection (SC)
  • 23. 14 © 2008 The MITRE Corporation. All rights Reserved. SP 800-53 Controls for Malicious Activities MALICIOUS ACTIVITY CONTROL FAMILY Issuing radio commands Access Control (AC) Identification and Authentication (IA) Falsifying network address Access Control (AC) Sending false data
  • 24. and instructions System and Information Integrity (SI) Disabling alarms 15 © 2008 The MITRE Corporation. All rights Reserved. Access Control (AC) AC-1 Access Control Policy and Procedures AC-11 Session Lock AC-2 Account Management AC-12 Session Termination AC-3 Access Enforcement AC-13 Supervision and Review— Access Control AC-4 Information Flow Enforcement AC-14 Permitted Actions without
  • 25. Identification or Authentication AC-5 Separation of Duties AC-15 Automated Marking AC-6 Least Privilege AC-16 Automated Labeling AC-7 Unsuccessful Login Attempts AC-17 Remote Access AC-8 System Use Notification AC-18 Wireless Access Restrictions AC-9 Previous Logon Notification AC-19 Access Control for Portable and Devices AC-10 Concurrent Session Control AC-20 Use of External Information Systems 16
  • 26. ■ A combination of access controls would have alleviated or prevented the attack ■ Tightly coupled with Identification and Authentication © 2008 The MITRE Corporation. All rights Reserved. Learning From the 2000 Maroochy Shire Cyber Attack ■ Public record of an intentional, targeted attack by a knowledgeable person on an industrial control system teaches us to consider: – Critical physical, administrative, and supply chain vulnerabilities – Vulnerabilities coming from suppliers or others outside the organization – Contractor and sub-contractor personnel as a potential attack source ■ Need to be concerned with both inside & outside attack ■ Difficulty in identifying a control system cyber incident as a
  • 27. malicious attack and retaking control of a “hijacked” system ■ A determined, knowledgeable adversary could potentially defeat most controls ■ Structured defense-in-depth security is best 17 © 2008 The MITRE Corporation. All rights Reserved. 18 Additional Information ■Authors – Marshall Abrams <[email protected]> – Joe Weiss <[email protected]> ■ Incident – See references in paper ■Case Study
  • 28. – http://csrc.nist.gov/sec-cert/ics/papers.html ■NIST Industrial Control System Security Project – http://csrc.nist.gov/sec-cert/ics/index.html ■NIST Project Managers – Stu Katzke <[email protected]> – Keith Stouffer <[email protected]> http://csrc.nist.gov/sec-cert/ics/papers.html http://csrc.nist.gov/sec-cert/ics/papers.html ICS ARCHITECTURE FINAL PROJECT TEMPLATE ICS Architecture Final Project Template
  • 29. SEC6082 Your Name Running Head: ICS Architecture Final Project Template Table of Contents Executive SummaryX ICS Industry Architecture Being DesignedX OverviewX Statement of NeedX Detailed DescriptionX ICS Network ArchitectureX Physical and Logical DesignsX ProtocolsX DevicesX ICS Security ArchitectureX Device Security ConfigurationX Device Security ConfigurationX Device Security ConfigurationX EtcX AppendixX *Comprehensive Network MapX Example: Device Data FlowsX Example: Security Design DocumentsX
  • 30. Example: Intrusion Detection SystemX Example: Honeypot ConfigurationX *The comprehensive network map must include all devices and communication protocols. List of Tables and Figures Figure 1. Example: Total Network DesignX Figure 2. Example: Device Data FlowX Figure 3. Example: Intrusion Detection SystemX Figure 4. Example: Honeypot ConfigurationX Executive Summary An Executive Summary provides a brief overview for C-level Executives who only need to know what the material is about, not the details of the material. Give a brief summary, one page
  • 31. or less, of what this project is about. ICS Industry Architecture Being Designed This is arguably the most important part of the ICS architecture project. The logistical work done during this phase makes it possible to architect a successful ICS network. The origins of all problems experienced during the other phases can usually be tracked back to a lack of planning and understanding of your project during this phase. You will describe the industry you are architecting this ICS network for. 1. Overview Begin describing the types of network designs commonly used to architect this network. 2. Statement of Need Discuss the network needs of this architectural project. Your ICS network must include a SCADA network controlling at least two remote DCS networks. The SCADA network must securely share data with a traditional business IT network. 3. Detailed Description Now that you know the types of network commonly found and used in this industry and you know the particular needs of this architectural project, address how you will design this ICS network.
  • 32. ICS Network Architecture Provide a brief description of what will occur during this phase. For example: This is the phase where you will describe the physical and logical design of your network, etc. This phase has three sections: Physical and Logical Designs; Protocols; and Devices. 1. Physical and Logical Designs There are many physical and logical network designs possible. ICS networks usually have more than one physical and logical network solution. Describe your physical and logical ICS network designs here. Include Visios or Excel designs to graphically illustrate your designs. A block of words is provided below to jog your mind: Ring, star, bus, mesh, twisted pair, coax, fiber, microwave, satellite. 2. Protocols This section is where you will document and describe the protocols in use, where, and why. The protocols listed should be represented in your network diagram(s). A block of words is provided below to jog your mind: DNP3, Fieldbus, Modbus, Profibus, Ethernet. 3. Devices A list of devices should be provided with as much information as possible. Identify the open ports and services running on each. List them here and explain why you’ve chosen them. All
  • 33. devices listed should appear in your network diagram(s). Follow these steps below: a. Identify the device. b. Identify what the device does. c. Identify the open ports. d. Identify the services running on these ports. Example devices include, but are not limited to: Router, firewall, IDS/IPS, Honeypot, Historian, PLC, RTU, IED, data acquisition server, HMI, protocol gateway, SCADA master station, sensors. ICS Security Architecture List each device you previously documented in “3. Devices” but this time annotate how they will be secured. This will require you to research vendor documentation, industry best practices, and other authoritative sources. Identify known weaknesses of the devices and how you will mitigate them.
  • 35. Appendix WILMINGTON UNIVERSITY Course: SEC 6082 Final Research Paper Instructor: Dirk Sweigart Student:___________________ Weighted Content:______CT:______Comm:______ Weighted Rubric Score:__________ _ Performance Unsatisfactory 1 Developing 2 Competent 3 Accomplished
  • 36. 4 Exemplary 5 Knowledge of Content 50% of rubric score Work does not reflect the assignment purpose Work marginally reflects the assignment purpose Work reflects the assignment purpose Work is accurately detailed, and in line with course content Work stands-out as exemplary, is accurately detailed, and in
  • 37. line with course content Minimal details of ICS Industry being designed Overview and description provides only basic information Overview and Description provides general information Architecture section provides a detailed need and description Architecture section provides a clear and concise statement and description Does not include physical, logical, protocols or devices Includes a basic overview of physical, logical, protocols or devices Includes a general overview of the physical, logical, protocols or devices Includes a relatively detailed overview physical, logical, protocols or devices Includes a clear and concise overview of the network architecture including detailed description physical, logical, protocols or devices No description of ICS security architecture Basic description of ICS security architecture with no details on devices Includes a general description of of ICS security architecture but minimal device details
  • 38. Includes a relatively detailed description of ICS security architecture along with device details Includes a clear and concise description of ICS security architecture and detailed description of device security configurations Does not include appendices Includes minimal appendices Include basic description of appendixes with good content Include detailed appendices that are appropriate to the content Include clear and concise appendices that build on the main content. No figures or descriptions (these can be embedded) Minor figures but not very relevant Good figures, tables and descriptions appropriate to content Well-defined figures and tables appropriate to the content Figures and descriptions are the content and express the ideas beyond the text. Ineffective documentation of research/support or 0 Prof references used Uses at least 2 Prof ref to support research with poor integration Uses at least 3 Prof ref to support research with adequate integration
  • 39. Uses at least 4 references and integrates them acceptably into the document Uses 5 or more references and integrates them clearly and concisely into the document Unsatisfactory Developing Competent Accomplished Exemplary Critical Thinking 30% of rubric score Ability to incorporate graphical data/info is lacking Ability to incorporate graphical data/info is emerging Ability to incorporate graphical data/info is basic Ability to incorporate graphical data/info & link key relationships is proficient Ability to incorporate graphical data/info & link key relationships is superior Design does not discuss the impact of the unique challenges that
  • 40. exist in securing Industrial Control Systems Design marginally describes the impact of the unique challenges that exist in securing Industrial Control Systems Design assesses the impact of the unique challenges that exist in securing Industrial Control Systems Design effectively assess the impact of the unique challenges that exist in securing Industrial Control Systems with generalized solutions to address those challenges Design assess in technical detail the impact of the unique challenges that exist in securing Industrial Control Systems with customized solutions to address those challenges Design does not address methods to balance security with potential negative impact to process operations and productivity. Design documents need for balanced security but includes no discussion of how to achieve it. Design provides a basic description of methods to balance security with potential negative impact to process operations and productivity. Design provides a detailed description of methods to balance security with potential negative impact to process operations and productivity. Design provides a clear and concise description of methods to balance security with potential negative impact to process
  • 41. operations and productivity. Design does not provide any options for security implementations Design provides a small number of options for security implementations Design provides options for security implementations Design provides some options for security implementations with detailed guidance Design provides lots of options for security implementations with detailed guidance Unsatisfactory Developing Competent Accomplished Exemplary Communications (Written)20% of rubric score Sentences are not well-constructed and often lack clarity.
  • 42. Formats and patterns are repetitive Sentences are somewhat clear and well constructed, but lack variety in format& length Most sentences are clear and well-constructed some evidence of variety in format, length, and complexity. Sentences are clear and well-constructed - Some evidence of variety in format, length, and complexity Varied well-constructed sentences are evident throughout the document with an appropriate stylistic flair Paper is riddled with spelling, punctuation, and/or grammatical errors Paper contains 5 or 6 spelling, punctuation, and/or grammatical errors Paper contains 3 or 4 spelling, punctuation, and/or grammatical errors Paper contains 1 or 2 spelling, punctuation, and/or grammatical errors No spelling, punctuation, and/or grammatical errors are readily apparent Paper is riddled with APA errors Paper contains 5 or 6 APA errors Paper contains 3 or 4 APA errors Paper contains 1 or 2 APA
  • 43. errors No APA errors are readily apparent Executive summary lacking or does not create interest Executive summary evident but not particularly engaging Executive summary creates interest and engages the audience Executive summary creates interest and engages the audience, sets the stage for the main presentation Creates interest, engages and involves the audience, sets stage for the main presentation Main points are not clear or well organized - Lacks supporting evidence and detail Main points are clear but not well developed - More supporting evidence and detail are needed Main points are clear and well developed - Evidence and detail adequately support the presentation Main points are clear and well developed. Evidence and detail provide strong support for the presentation Main points are clear and well developed - Etc. Logical development is easy to follow
  • 44. No conclusion, paper just ends Conclusion exists but does not summarize Conclusion mentions main points Conclusion summarizes main points Conclusion summarizes and drives home main points. No presentation aids used Basic presentation aids used, either not well designed or well integrated into the presentation Presentation aids are designed and integrated to communicate content but lack variety Presentation aids are well designed & integrated, as well as varied (some use of graphics/visual or sound effects) Presentation aids are of professional quality, enhancing the flow and persuasiveness (well integrated graphs, video or other electronic media)