How To Secure Your Automation Control SystemsHow To Secure Your Automation Control SystemsHow To Secure Your Automation Co...
INTENTIONALLY BLANK PAGE
Foreword
This document has the objective to present “How To Secure Your Automation Control Systems”.
Intellectual property...
Documentation Changes Certificate
Version Date Author Description
1.00 05.03.2009 Marcelo Branquinho First document genera...
Summarized Data
Training name
How To Secure Your Automation Control Systems
Field of knowledge (According to CNPq table - ...
Theoretical Reference
During the preparation of the course book and materials attached to training (demonstrations and exe...
Technical Demonstrations
During the training will be held some technical demonstrations of attacks and defenses against au...
Curriculum Organization
PERIOD I - INTRODUCTION
CURRICULUM UNIT HOURS PRE-REQUISITE
Initial presentations 0,5 h/c --
Intro...
Objectives and Content
Curriculum Unit Objectives Content
Initial presentations
Presentation of the rules and
objectives o...
Curriculum Unit Objectives Content
Malware and Cyber Weapons
(Cont.)
Presentation of methodology for
disinfecting an autom...
INTENTIONALLY BLANK PAGE
Upcoming SlideShare
Loading in …5
×

Contents - IACS Security Training

1,437 views

Published on

Document with the complete contents of the IACS Security training.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,437
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Contents - IACS Security Training

  1. 1. How To Secure Your Automation Control SystemsHow To Secure Your Automation Control SystemsHow To Secure Your Automation Control SystemsHow To Secure Your Automation Control Systems Training Features and Program v. 1.20 Reviewed in 08/12/2013
  2. 2. INTENTIONALLY BLANK PAGE
  3. 3. Foreword This document has the objective to present “How To Secure Your Automation Control Systems”. Intellectual property All product names mentioned herein are trademarks of their respective manufacturers. This document and its information are confidential and proprietary to TI Safe. All property rights (including, without limitation, trademarks, trade secrets, etc.) evidenced by or contained in attachments or documents relating to this are relative only to TI Safe. TI Safe provides safe use of this material restricted to employees, customers and expressly authorized business partners, by the agreement to maintain the integrity and confidentiality. The use, distribution, or unauthorized reproduction will be considered as violation of property rights and civil or criminal action under existing legislation will be applied. Warning This document is intended to be complete and clear. TI Safe is not responsible for any damage, financial or business loss resulting from omissions or imperfections contained herein. This document is subject to change without notice. It is recommended to contact the TI Safe for updates and/or additional information. Contact TI Safe offers different communication channels with customers, suppliers and associates: Rio de Janeiro Centro Empresarial Cittá America - Barra da Tijuca Av. das Américas, 700, bloco 01, sala 331 CEP - 22640-100 - Rio de Janeiro, RJ – Brazil Tel: +55 (21) 2173-1159 Fax: +55 (21) 2173-1165 São Paulo Rua Dr. Guilherme Bannitz, nº 126 - 2º andar Cj 21, CV 9035 - Itaim Bibi CEP - 04532-060 - São Paulo, SP - Brazil Tel: +55 (11) 3040-8656 Fax: +55 (11) 3040-8656 e-mail: contato@tisafe.com website: www.tisafe.com skype: ti-safe Twitter: @tisafe
  4. 4. Documentation Changes Certificate Version Date Author Description 1.00 05.03.2009 Marcelo Branquinho First document generated 1.01 10.09.2009 Marcelo Branquinho Review and update themes included 1.02 13.10.2009 Marcelo Branquinho Content Review for 20 hours 1.03 13.04.2010 Marcelo Branquinho Inclusion of OPC security 1.04 19.07.2011 Marcelo Branquinho Including new chapters with information security foundation and practical demonstrations of attacks against networks and systems 1.05 26.07.2011 Marcelo Branquinho Program conceptual review 1.06 28.07.2011 Marcelo Branquinho Program conceptual review 1.07 30.07.2011 Marcelo Branquinho Program conceptual review 1.08 03.08.2011 Marcelo Branquinho Program conceptual review 1.09 06.08.2011 Marcelo Branquinho Program conceptual review 1.10 10.08.2011 Marcelo Branquinho Program conceptual review 1.11 12.08.2011 Marcelo Branquinho Program conceptual review 1.12 16.08.2011 Marcelo Branquinho Program conceptual review. Insertion of a case study for CSMS Framework. 1.13 06.09.2011 Marcelo Branquinho Program conceptual review 1.14 04.04.2012 Marcelo Branquinho e Jan Seidl Several chapters reviewed with content added and technological upgrading of training. 1.15 27.06.2012 Marcelo Branquinho Added theoretical framework on the program. 1.16 10.10.2012 Marcelo Branquinho Added content to the course book and reviewed the following chapters. Chapter 12 created. 1.17 03.03.2013 Jarcy Azevedo and Marcelo Branquinho Translation to English language. 1.18 03.05.2013 Jarcy Azevedo and Marcelo Branquinho Changed the training name. 1.19 09.05.2013 Marcelo Branquinho Inserted section for unidirectional security gateways. 1.20 12.05.2013 Marcelo Branquinho Inserted continuous monitoring.
  5. 5. Summarized Data Training name How To Secure Your Automation Control Systems Field of knowledge (According to CNPq table - Brazil only) Exact and Earth Sciences > Computer Science (1.03.00.00-7) > Information Systems (1.03.03.04-9) Reasons for creation of “How To Secure Your Automation Control Systems”. • There was no similar in Brazil and vey few worldwide. • Work experience in development and deployment of solutions for industrial networks already were pointing to vulnerabilities in critical infrastructure, and training would spread this culture. Justification of Offer The course fills a market segment still underexplored and with huge demand from industries whose infrastructures are critical to the nation. This is the first Brazilian training, which aims to teach the application of good practices of ANSI / ISA 99 standard, for security systems and industrial networks. Meets all requirements of ISA (details in http://www.isa.org/) for security in automation systems. Objectives To train professionals and make them able to identify risks in industrial networks, as well as recommend the best countermeasures therefor, in accordance with the main international security standards. Qualify professionals to design and deploy the CSMS (Cyber Security Management System) in automation networks of critical infrastructures, according to what was described at the ANSI/ISA-99 standard. Student profile IT or Automation professionals with knowledge of network protocols, operating systems, programming languages, hardware and software. Desirable knowledge in information security, automation systems (SCADA) and industrial networks. English language proficiency required to watch videos and read the training support material. Field of activity Automation Network Security in critical infrastructures. Total hours and course duration: The course is available in a 20 hours format, divided into five periods of four class hours each.
  6. 6. Theoretical Reference During the preparation of the course book and materials attached to training (demonstrations and exercises), were used technical content from different research sources that are part of the recommended bibliography: • “Securing SCADA Systems”, written by Ronald L. Krutz – Wiley Publishing Inc. • “Techno Security's Guide to Securing SCADA: A Comprehensive Handbook On Protecting The Critical Infrastructure” written by Jack Wiles, Ted Claypoole, Phil Drake, Paul A. Henry, Lester J. Johnson Jr, Sean Lowther, Greg Miles, Marc Weber Tobias and James H. Windle – Syngress Press. • “Protecting Industrial Control Systems from Electronic Threats”, written by Joseph Weiss. Momentum Press. • “The Stuxnet Computer Worm and Industrial Control System Security”, written by Jackson C. Rebane. Nova Press. • “Inside Cyber Warfare”, written by Jeffrey Carr. O´Reilly Press. • “Cyber War: The Next Threat to National Security and What to Do About It”, written by Richard A. Clarke e Robert Knake. Ecco Press. • “Cyberpower and National Security (National Defense University)”, written by Franklin D. Kramer, Stuart H. Starr and Larry Wentz. NDU Press. • “The Art of Deception: Controlling the Human Element of Security”, written by por William L. Simon, Kevin Mitnick. Wiley Publishing Inc. This comprehensive bibliography includes the same technical references used in the official programs of training in SCADA security from the main American cyber defense institutes and is based on the content of the plans recommended for training and awareness of the standard ANSI/ISA-99. Course Book The training course book was prepared in Portuguese and English languages, and is distributed in digital format (PDF File). It is constantly updated after each training conducted. Besides the references listed above, we rely on support of important leaders from the Industrial network security industry to ensure we have the insights into the latest technologies for industrial defense systems used today. A week before the scheduled date for the beginning of each training TI Safe will send the data to the enrolled students, so they can download the course book and supporting material. Is at the discretion of each student, to print the book or bring your laptop or tablet to class with the digital format book. TI Safe respects the environment and natural resources and strictly follows the principles of its environmental policy, for not printing nor recommend printing of digital files.
  7. 7. Technical Demonstrations During the training will be held some technical demonstrations of attacks and defenses against automation networks. For the demonstration of attacks against industrial networks, the instructors will use a simulator of a typical small control system, consisting of a PLC that controls a tank of natural gas and a computer with an HMI (Human Machine Interface) connected to the PLC, as shown in the figure below:
  8. 8. Curriculum Organization PERIOD I - INTRODUCTION CURRICULUM UNIT HOURS PRE-REQUISITE Initial presentations 0,5 h/c -- Introduction to Industrial networks and control and monitoring systems (SCADA) 1,5 h/c -- Critical infrastructure and Cyber Terrorism 2 h/c 2 h/c previous in this course. PERIOD II – GOVERNANCE AND RISK ANALISYS FOR INDUSTRIAL NETWORKS CURRICULUM UNIT HOURS PRE-REQUISITE Governance for industrial networks 2 h/c -- Introduction to risk analysis 1 h/c 2 h/c previous in this course. Risk analysis in industrial networks and SCADA systems 1 h/c 3 h/c previous in this course. PERIOD III – MALWARE AND CYBER WEAPONS CURRICULUM UNIT HOURS PRE-REQUISITE Malware and Cyber Weapons 4 h/c -- PERIOD IV – SECURITY STRATEGIES CURRICULUM UNIT HOURS PRE-REQUISITE Perimeter security in automation networks 2,5 h/c -- Cryptography in industrial networks 1,5 h/c -- PERIOD V – ACCESS CONTROL, DEFENSE IN DEPTH AND MONITORING CURRICULUM UNIT HOURS PRE-REQUISITE Access control in SCADA systems 2 h/c -- Defense in Depth 1,5 h/c 18 h/c previous in this course. Continuous Monitoring and New Technologies 0,5 h/c 19,5 h/c previous in this course. TOTAL: 20 h/c
  9. 9. Objectives and Content Curriculum Unit Objectives Content Initial presentations Presentation of the rules and objectives of the training, instructors and students. • Presentation of training objectives, bibliography and support material used. • Short presentation of the instructors and students. Introduction to Industrial networks and control and monitoring systems (SCADA) Presentation of the history of industrial systems and their evolution to modern SCADA systems. • History of industrial automation. • Industrial systems archtecture. • SCADA Systems. Critical infrastructure and Cyber- terrorism Definition of what is a critical infrastructure, its importance and presentation of cases of cyber- terrorism that recently occurred. Presentation of the main techniques used by attackers to attack servers inside computer networks. • What is a critical Infrastructure? • Cyber-terrorism. • Attacks on industrial networks and control systems. • Anatomy of an invasion. • Practical demonstration of attacks using the SCADA simulator. Governance for industrial networks Presentation of the main international standards that describes the implementation of policies and procedures for information security in industrial networks. Presentation of concepts of governance in industrial networks and the fundamentals of developing a business continuity plan (BCP). • Reference standards. • The ANSI/ISA 99 standard. • The NIST 800-82 Guide. • The NERC-CIP standard. • The ANSI/ISA-100.11a standard. • Writing and deploying security policies for automation fields. • Developing a business continuity plan (BCP). Introduction to risk analysis Procedures for the development of risk analysis pointed by NIST in the SP800-30 guide. • Definitions. • Risk analysis steps: inventory, analysis, evaluation and treatment. • Risk management. Risk analysis in industrial networks and SCADA systems Presentation of key vulnerabilities and threats of industrial systems according to security standards. Demonstration of the usage of an automation security risk analysis tool. • Vulnerabilities and industrial system threats. • Specific aspects for risk analysis in industrial environments. • Use of automated tool for risk analysis in SCADA networks. • Building risk analysis reports with the tool. Malware and Cyber Weapons Presentation of concepts about the different types of Malware, how they infect and quickly spread inside an industrial network. Presentation of case studies of infections in networks and practical demonstrations. Presentation of strategies for use of antivirus and update patches on network automation computers. • Major Malware types. • Routes of infection and spreading on the network. • Demonstration of construction of a cyber weapon for industrial network infection, using the Metasploit toolkit and codes. • Demonstration of industrial network infection. Strategies for using antivirus and patch update in automation networks.
  10. 10. Curriculum Unit Objectives Content Malware and Cyber Weapons (Cont.) Presentation of methodology for disinfecting an automation network that was contaminated by malware. • Typical problems for disinfection of contaminated networks • Methodology for disinfection ◦ Disinfection cycle ◦ Isolation and diagnosis ◦ Cleaning ◦ Edge Security ◦ System restauration ◦ Access Control ◦ Monitoring Perimeter security in automation networks Presentation of Firewalls and other perimeter security solutions in automation networks. Security practices for industrial wireless networks. • Types of Firewalls. • Firewalls architectures and DMZ deployment. • Firewall policies. • VLANs. • Intrusion detection and prevention systems (IDPS). • Industrial wireless network security. Cryptography in industrial networks Presentation of fundamentals of symmetric and asymmetric encryption, and their applications in industrial network security. • Introduction to Cryptography. • Symmetric Encryption. • Asymmetric Encryption. • SSL and Tunneling. • Applications in industrial networks. Access control in SCADA systems Presentation of concepts and good practices to define access controls for the establishment of security in access to industrial networks. Some methods will be presented for the implementation of access control policies and group policies (GPOs) using Active Directory. Presentation of devices used to establish multiple authentication factors (OTP tokens, biometrics, among others). • Access control: concepts, methodologies and techniques. • Threats to access control: identification, assessment, response and prevention. • Deploying access control policies. • Active Directory and group policies (GPOs). • DLP in industrial networks. • Authentication mechanisms: Biometrics, Smartcards and USB Tokens, OTP. Defense in Depth Detailing the strategy of defense in depth detailed in the ANSI/ISA-99 standard and presentation of the zones and conduits model. Presentation of industrial firewalls solutions used for internal network security of automation networks. • Defense-in-depth Strategies. • The Zones and Conduits model. • Demonstration of Industrial firewalls and how they protect a security zone. • Unidirectional Security Gateways. Continuous Monitoring and New Technologies Presentation of methods for implementing continuous monitoring in automation networks. Introduction of new technologies under development for industrial security. • What should be monitored in an automation network? • How to implement confinuous monitoring using an open source tool. • New technologies for industrial network security.
  11. 11. INTENTIONALLY BLANK PAGE

×