Palestra "Prevenção de Invasão em Sistemas SCADA - Histórias do Mundo Real", realizada no dia 19/05/2016.

1. © 2012 IBM Corporation
Smarter SCADA Security
José Antunes – jose.antunes@br.ibm.com

2. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015
Attack types
2012
40% increase
2013
800,000,000+ records
2014
Unprecedented impact
XSS SQLiMisconfig. Watering
Hole
Brute
Force
Physical
Access
Heartbleed Phishing DDoS Malware Undisclosed
Attackers break through conventional safeguards every day
V2015-07-30
$6.5M
average cost of a U.S. data breachaverage time to detect APTs
256 days
Source: 2015 Cost of Data Breach Study, Ponemon Institute

3. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
New technologies introduce new risks…
V2015-04-24
of security leaders
expect a major cloud provider to suffer
a significant security breach in the future
44% 33%
of organizations don’t
test their mobile apps
of enterprises have difficulty
finding the security skills they need
Source: Enterprise Information Security in Transition, 2012 ESG Technology Brief
85 security tools from
45 vendors
Source: IBM Client Example
… and traditional security practices are unsustainable
83%
Source: November 2014, “Security for the Cloud and on the Cloud”, Security Intelligence.com

4. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
Today’s point products defend against yesterday’s attacks
Tactical Approach
Compliance-driven, Reactionary
Strategic Approach
Intelligence-driven, Continuous
Broad Attacks
Indiscriminate malware,
spam and DoS activity
Multi-faceted Targeted Attacks
Advanced, persistent, organized,
and politically or financially motivated
 Rely on pattern matching to find specific
instances of attacks
 Rely on other add-on products like proxies
and application firewalls
 Targets only certain types of broad attacks
 Solution provider obtains their research
from third parties
 Piece-part solution
 Block entire classes of attacks,
including mutations
 Protect against user-focused and
application-level attacks
 Protect against advanced malware
and persistent threats
 Offer industry-leading security research
and development
 Seamlessly integrate with an entire portfolio
of industry-leading security solutions

5. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
Business Challenges in Oil and Gas
 Earlier leak detection
 Faster problem resolution
 Mitigation of environmental
risk
 Effective audit and
regulation
 Better asset management
 Efficient operations.

6. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
6
The Promise of BIG DATA
Data Visibility
And Analysis
Business
Innovation
Big Data will drive a revolution
in business innovation

7. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
But what if you can’t access the data??
Data Jail
Data Sources
Big Data
Analytics

8. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
8
A Sampling of the Protocols Used by SCADA Systems
Allen-Bradley DF1
Allen-Bradley DH+
Allen-Bradley EN/IP
Amocam (all versions)
ARCNet
ATS
BITbus
CANbus
CA
CCM2
CDCI
CDCII
Conitel
DeviceNet
Daniel
DL130
DNP 3.0
MODBUS ASCII
MODBUS RTU
MODBUS Plus
MPS9000
MTS
Omron Host Link
Optomux
PERT 2631
Plessey TC6
RDACSII
REDAC 70H
RNIM
Siemens 3964R
Siemens RK512
SLIP
SNET -I
SNET –II
GE SRTP
TANO Model 10
TANO Model 100
Tejas
Total-Flow
Transit Bus
TRW 9550
Valmet Series 5
Transmitton MT700
TRW S-70
TRW S-703
Varec
Wesdac 4F
WISP
Wireless HART
Elliott
Enron Modbus
F&M
Ferranti MK2A
Galveston-Houston
GPE
GSI
Harris 5000/5500/6000
Hansa S002
HART
Hayes
Honeywell DE
Kodata
L&J
LANDAC
Landis & Gyr
Micromotion Flowscale

9. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
Typical SCADA Architecture (1)
RTU
RTU
RTU
Flow
Computer
Flow
Computer
Flow
Computer
PLC
PLCP P
T
L
F
SCADA Host
Historian
Polling-based protocols are used for communications
Polling creates latency inhibiting company response to leaks
Tight coupling between field equipment and SCADA
host systems
Makes it difficult to change devices or to share information
beyond the host
High cost of communications and data storage
Drives companies to limit the amount of data they collect in
their historian database
PLC = Programmable Logic Controller
RTU = Remote Terminal Unit

10. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
Typical SCADA Architecture (2)
Asset
Managers
Data
Warehouses
Partner
Access
EFM
ETMS
ERP
RTU
RTU
RTU
Flow
Computer
Flow
Computer
Flow
Computer
PLC
PLCP P
T
L
F
SCADA Host
Historian
Flow
Computer
Flow
ComputerRTU
RTU
RTU
Flow
Computer
PLC
PLCP P
T
L
F
SCADA Host
Historian
RTU
RTU
RTU
Flow
Computer
Flow
Computer
Flow
Computer
PLC
PLCP P
T
L
F
SCADA Host
Historian
Custom programs are used for every
data pull creating high costs as well
as high risk of security breaches.
Operations
Domain
Enterprise
Domain

11. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
Typical SCADA Architecture (3)
Each SCADA host exists in its own domain,
limiting ability to correlate events across
domains.
RTU
RTU
RTU
Flow
Computer
Flow
Computer
Flow
Computer
PLC
PLCP P
T
L
F
SCADA Host1
Historian
Flow
Computer
Flow
ComputerRTU
RTU
RTU
Flow
Computer
PLC
PLCP P
T
L
F
SCADA Host3
Historian
RTU
RTU
RTU
Flow
Computer
Flow
Computer
Flow
Computer
PLC
PLCP P
T
L
F
SCADA Host2
Historian
?
“event”
“event”
“event”Telemetry
Hosts
“event”

12. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
Is there a Smarter Approach to SCADA?
“The Enterprise”
Upstream
Midstream/Downstream
Pipeline SCADA
Tank
Farm/Storage
Cathodic
Protection
Terminal
Automation
Fleet
Management
?
?

13. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
There is a Smarter Approach to SCADA
IBM
Connectivity
BIG ACCESS!!
Access whatever information you
need; deliver it anywhere.
MQTT
Transport
“The Enterprise”
Upstream
Midstream/Downstream
Pipeline SCADA
Tank
Farm/Storage
Cathodic
Protection
Terminal
Automation
Fleet
Management

14. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
IBM Smarter SCADAEnterprise
Asset
ManagementCentralized
Data Warehouse /
Historian
Mobile
Dashboards
Centralized
Event
Correlation
Externalized
Web API
Services
EFM
ETMS
ERP
SCADA Hosts
Telemetry Hosts
Smarter Data Routing
Smarter Event Correlation
Smarter Security
Operations
Domain
Enterprise
Domain
 DECOUPLE SCADA DEVICES from their
hosts so that information can flow wherever it
is needed
 USE BETTER DEVICE PROTOCOLS that
eliminate polling, drive lower latency, and
ensure a nonproprietary approach
 ENSURE SECURITY so that data access is
tightly and centrally controlled
 PROVIDE EVENT CORRELATION across
domains.
Smart
Sensor
Network
Smarter Device ProtoclsPush
RTU
RTUFlow
Computer
PLCPLCP P
T
L
F
Smart
Sensor
Network
Smarter Device ProtocolsPush
RTU RTUFlow
Computer
PLCP P
T
L
F
Smarter SCADA

15. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
 Data Recording, Capture & Store
– Record in-flight SCADA data via Broker
– Graphically configure data capture including
whole, partial & multi-field data
– Stores data in a database
 Web Tooling to View and Query data
 Replay data of interest for flow
reprocessing or redelivery to other
systems/applications
– SCADA Host
– Problem Determination
– Training
– Others
Record & Replay for Problem Determination
System of Record
RTU RTU RTU RTU RTU
RTU RTU RTU RTU RTU
IBM Integration
Bus v9
SCADA
Host
Data
Warehouse
ERP
ETMS
EFM
Mobile
Dashboard
RTU
RTU

16. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
IBM InfoSphere Streams – The Power of Big Data in Real-time
Injection
Site
Injection
Site
Injection
Site
Injection
Site
Booster
Station
#1
Booster
Station
#2
Booste
r
Station
#N
SCADA
Domain 1
SCADA
Domain 2
Telematics
Domain
Pipeline repair crew
Millions of
events per
second
Powerful
Analytics

17. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
IBM Security has global reach
monitored countries (MSS)
service delivery experts
endpoints protected
+
events managed per day
+
IBM Security by the Numbers
+
+

18. © 2012 IBM Corporation
Smarter SCADA for Oil and Gas
Summary -- Mobile Messaging for Smarter SCADA in Oil and Gas
 The SCADA industry is going through a
major change
 BIG DATA requires BIG ACCESS
 MQTT and IBM MessageSight and
Integration Broker provide the core
technology
 Customers have already experienced
results with IBM Smarter SCADA
techniques
 You can help drive the vision by getting
involved with PAHO.
Smarter Oil and Gas
Instrumented Interconnected Intelligent

19. © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any
kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor
shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or
capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product
or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries
or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside
your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks
on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access.
IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other
systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE
IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOU
www.ibm.com/security

20. Information concerning non-IBM products was obtained from the suppliers of those
products, their published announcements or other publicly available sources. IBM has
not tested those products in connection with this publication and cannot confirm the
accuracy of performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the suppliers
of those products. IBM does not warrant the quality of any third-party products, or the
ability of any such third-party products to interoperate with IBM’s products. IBM
EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The provision of the information contained herein is not intended to, and does not, grant
any right or license under any IBM patents, copyrights, trademarks or other intellectual
property right.
Other company, product, or service names may be trademarks or service marks of
others. A current list of IBM trademarks is available at “Copyright and
trademark information” www.ibm.com/legal/copytrade.shtml
Copyright © 2015 by International Business Machines Corporation (IBM). No part of this
document may be reproduced or transmitted in any form without written permission from
IBM.
U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by
GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that have
not yet been announced by IBM) has been reviewed for accuracy as of the date of initial
publication and could include unintentional technical or typographical errors. IBM shall
have no responsibility to update this information. THIS document is distributed "AS IS"
without any warranty, either express or implied. In no event shall IBM be liable for any
damage arising from the use of this information, including but not limited to, loss of data,
business interruption, loss of profit or loss of opportunity.
IBM products and services are warranted according to the terms and conditions of the
agreements under which they are provided.
Any statements regarding IBM’s future direction, intent or product plans are subject to
change or withdrawal without notice. Performance data contained herein was generally
obtained in a controlled, isolated environments. Customer examples are presented as
illustrations of how those customers have used IBM products and the results they may
have achieved. Actual performance, cost, savings or other results in other operating
environments may vary. References in this document to IBM products, programs, or
services does not imply that IBM intends to make such products, programs or services
available in all countries in which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent
session speakers, and do not necessarily reflect the views of IBM. All materials and
discussions are provided for informational purposes only, and are neither intended to,
nor shall constitute legal or other guidance or advice to any individual participant or their
specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements
and to obtain advice of competent legal counsel as to the identification and interpretation
of any relevant laws and regulatory requirements that may affect the customer’s business
and any actions the customer may need to take to comply with such laws. IBM does not
provide legal advice or represent or warrant that its services or products will ensure that
the customer is in compliance with any law.
Legal notices and disclaimers