hazmat signs for industrial software
play

Hazmat Signs for Industrial Software if they existed, what would - PowerPoint PPT Presentation

Jan 17, 2024 •360 likes •570 views

Hazmat Signs for Industrial Software if they existed, what would they look like? Bryan Owen PE, OSIsoft LLC cred-c.org | 1 Most Industrial Software is Toxic cred-c.org | 2 Toxicity The degree to which a chemical substance can damage

  1. Hazmat Signs for Industrial Software … if they existed, what would they look like? Bryan Owen PE, OSIsoft LLC cred-c.org | 1

  2. Most Industrial Software is ‘Toxic’ cred-c.org | 2

  3. Toxicity The degree to which a chemical substance can damage an organism • Whole organism • Organs, • Tissue, • Or even cellular damage. cred-c.org | 3

  4. Toxin Categories Biological Corrosive Physical Non-Ionizing Hazard Hazard Hazard Radiation Hazard cred-c.org | 4

  5. “Cyber” – Bio Hazard Abuse of legitimate ICS functionality • Stuxnet • Crashoverride / Industroyer • Eg Protocols: IEC101, IEC104, and Biological IEC61850 Hazard cred-c.org | 5

  6. “Cyber” – Corrosive Hazard Non-ICS specific Ransomware & Wipers • Brickerbot • Not Petya / WannaCry • Shamoon Corrosive • Eg Protocols: SMB, Telnet Hazard cred-c.org | 6

  7. “Cyber” – Physical Hazard Enlistment in bots • Carna • Mirai • Reaper • And many other similar threats Physical Hazard cred-c.org | 7

  8. “Cyber” – Radio Hazards Recent malware targeting radios • BadBIOS • BlueBorne • WPA2 Krack Non-Ionizing Radiation Hazard cred-c.org | 8

  9. Chemical Hazard Labels – NFPA Diamond 0 4 FLAMABILITY Least Most Serious Serious HEALTH REACTIVITY 0 Will Not Burn SPECIAL HAZARDS Shock and Heat 3 May Detonate cred-c.org | 9

  10. Cyber Hazard Labels: “C-I-A Triad Model” Remote, Anonymous, Default 4 Configuration, Root Access INTEGRITY Remote, Anonymous, Default 3 Configuration, User Access Remote, Authenticated, Default 2 CONFIDENTIALITY AVAILABILITY Configuration, Root Access Remote, Authenticated, Custom 1 Configuration, Write Access SPECIAL Remote, Authenticated, Read 0 HAZARDS Access cred-c.org | 10

  11. Cyber Hazard Labels: “V-A-T Model (OSSTMM)” 1/2 VISIBILITY 4 ACCESS Remote management endpoints 3 Remote write access endpoints VISIBILITY TRUST 2 Remote read access endpoints 1 SPECIAL Device broadcasts HAZARDS 0 No targets visible remotely cred-c.org | 11

  12. Cyber Hazard Labels: “V-A-T Model (OSSTMM)” 2/2 TRUST Unmanaged 3P components, 3P 4 ACCESS managed trust infrastructure 3 Unmanaged 3P components VISIBILITY TRUST 2 3P managed trust infrastructure Self-managed 3P components, 1 SPECIAL trust infrastructure HAZARDS Trusted foundry with 0 transparency cred-c.org | 12

  13. Cyber Hazard Labels: Cornell “SoS” Blueprint Blueprint for a science of cybersecurity Safety The Next Wave Vol. 19 No. 2 | 2012 Fred B. Schneider • No ‘bad thing’ happens ISOLATION Liveness • Some ‘good thing’ happens OBFUSCATION MONITORING SPECIAL HAZARDS cred-c.org | 13

  14. Special Cyber Hazards: “Observables” • Digital signature or unique hash • Documentation of third party components • Important dates (creation, last modified) • Memory safe frameworks and languages • User mode vs kernel or root A badness-omemter can’t tell you that you’re secure. • Execution flags (ASLR, CFG, DEP, NX, etc…) It can only tell you that • Network protocol safety you’re not. • Software update mechanism Badness-ometers are good. Do you own one? by Gary McGraw https://www.synopsys.com/blogs/software-security/badness-ometers-are-good-do-you-own-one cred-c.org | 14

  15. Idea: Safety Data Sheets cred-c.org | 15

  16. Cyber Security Data Sheets Cyber Security Technical Assessment Methodology: Vulnerability Identification and Mitigation 3002008023 Final Report, October 2016 Michael Thow – EPRI Steve Hagan – Fisher Valves Dan Griffin – JW Secure John Connelly – Exelon Inman – Lanier – Fisher Valves Justin Kosar – Assoc. Electric Cooperative Manu Sharma – Exelon Mike Hagen – Fisher Valves Andrew Dettmer – Assoc. Electric Cooperative Kenneth Levandoski – Exelon Andrew Clark – Sandia National Laboratory Steve Ricker – East Kentucky Power Cooperative Brad Yeates – Southern Company Matthew Coulter – Duke Energy Phillip Turner – Sandia National Laboratory Scott Junkin – Southern Company Susan Ritter – Duke Energy Tim Wheeler – Sandia National Laboratory Richard Atkinson – Arizona Public Service Mark Denton – Duke Energy Alice Muna – Sandia National Laboratory Sandra Bittner – Arizona Public Service Norman Geddes – Southern Eng. Services Christine Lai – Sandia National Laboratory cred-c.org | 16

  17. EPRI TAM Overview cred-c.org | 17

  18. EPRI TAM – Attack Surface Characterization cred-c.org | 18

  19. Reference Cyber Security Data Sheets A key part of the Supply Chain • Step 1 & 2 by EPRI, Vendors, and Big Idea: other Stakeholders You can create a • Starting point for tailored CSDS CSDS too! Cyber Security Technical Assessment Methodology: Vulnerability Identification and Mitigation 3002008023 cred-c.org | 19

  20. http://cred-c.org @credcresearch facebook.com/credcresearch/ Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security

Recommend

Assessing Risks from Hazmat Transportation on Rail by Phani K. Raj HazMat Division, FRA

Assessing Risks from Hazmat Transportation on Rail by Phani K. Raj HazMat Division, FRA

Assessing Risks from Hazmat Transportation on Rail by Phani K. Raj HazMat Division, FRA presented at Hazardous Materials Training Seminar Houston, TX Aug 21 to 23, 2018 DISCLAIMER All references to companies, their names, addresses and

499 views • 24 slides
HazMat Transportation Compliance September 2017 My HazMat Journey Biology Freshwater Sciences

HazMat Transportation Compliance September 2017 My HazMat Journey Biology Freshwater Sciences

HazMat Transportation Compliance September 2017 My HazMat Journey Biology Freshwater Sciences Environmental Studies Labelmaster One Stop DG Shop 30,000+ products with Twenty years Team of regulatory and core capabilities in

359 views • 32 slides
INDUSTRIAL SIGNS WHO ARE WE ? Family company Founded in 1996 Production area: 2222 m

INDUSTRIAL SIGNS WHO ARE WE ? Family company Founded in 1996 Production area: 2222 m

more than INDUSTRIAL SIGNS WHO ARE WE ? Family company Founded in 1996 Production area: 2222 m 2 Employees: 30 Managing director: Karol Brix WHAT IS IMPORTANT FOR US? PROCUSTOMER ORIENTATION COMMUNICATION SEARCH FOR

815 views • 34 slides
Whats different in Industrial Software Engineering Dirk Taubner sd&m AG software design

Whats different in Industrial Software Engineering Dirk Taubner sd&m AG software design

Whats different in Industrial Software Engineering Dirk Taubner sd&m AG software design & management Thomas-Dehler-Strae 27 81737 Mnchen Telefon (0 89) 6 38 12-0 Telefax (0 89) 6 38 12-155 http://www.sdm.de Focus: Individual

674 views • 45 slides
Se lf Dir e c tion in the Ne w Wor ld Or de r of Soc ial Pr ogr ams: An Innovative Oppor

Se lf Dir e c tion in the Ne w Wor ld Or de r of Soc ial Pr ogr ams: An Innovative Oppor

Se lf Dir e c tion in the Ne w Wor ld Or de r of Soc ial Pr ogr ams: An Innovative Oppor tunity for Community L iving Connie Gar ne r May 8, 2017 Signs Signs, signs, everywhere theyre signs Blockin out the scenery,

463 views • 13 slides
D.O.T. HAZMAT / DANGEROUS GOODS TRAINING FOR HEALTHCARE WORKERS including the Nuclear

D.O.T. HAZMAT / DANGEROUS GOODS TRAINING FOR HEALTHCARE WORKERS including the Nuclear

D.O.T. HAZMAT / DANGEROUS GOODS TRAINING FOR HEALTHCARE WORKERS including the Nuclear Medicine Technologist (NMT) Jason S. Tavel, PhD, DABR Astarita Associates, Inc. Why The NMT? The NMT routinely ships Excepted Packages The NMT

854 views • 49 slides
Signs of Stress and Trauma That Parents Need to Know About Warning Signs to Look For

Signs of Stress and Trauma That Parents Need to Know About Warning Signs to Look For

Signs of Stress and Trauma That Parents Need to Know About Warning Signs to Look For Preschoolers Thumb sucking Bedwetting Clinging to parents Sleep Difficulties (Trouble falling asleep, nightmares) Separation

386 views • 10 slides
Software Defined Radio using the Linux Industrial IO framework - A Hardware Abstraction Layer -

Software Defined Radio using the Linux Industrial IO framework - A Hardware Abstraction Layer -

Software Defined Radio using the Linux Industrial IO framework - A Hardware Abstraction Layer - Lars-Peter Clausen, Analog Devices What is IIO? Industrial Input/Output framework Not really just for Industrial IO All non-HID IO

1.33k views • 41 slides
Procera Plus Design, Drawing and calculation software for industrial low voltage installations

Procera Plus Design, Drawing and calculation software for industrial low voltage installations

GE Consumer & Industrial Power Protection Procera Plus Design, Drawing and calculation software for industrial low voltage installations including distribution circuits ProceraPlus The new HD384 and R064-03 standards require that the

987 views • 61 slides
The Next Industrial Revolution: Manufacturing and the Industrial Internet Joseph J. Salvo, Ph.D.

The Next Industrial Revolution: Manufacturing and the Industrial Internet Joseph J. Salvo, Ph.D.

The Next Industrial Revolution: Manufacturing and the Industrial Internet Joseph J. Salvo, Ph.D. Founder and Director of the Industrial Internet Consortium The Physical World is Evolving at the Speed of Software "If you went to bed last

399 views • 27 slides
Developing a Hazardous Materials Training Program What You Should Know Russell Kelly FRA Hazmat

Developing a Hazardous Materials Training Program What You Should Know Russell Kelly FRA Hazmat

Developing a Hazardous Materials Training Program What You Should Know Russell Kelly FRA Hazmat Inspector Salt Lake City, UT Effective Training Program Develop Safety Culture Provides Employees with Understanding of Regulatory

916 views • 33 slides
New advance and alternative location danger warning and prohibitory signs? Group of Experts on

New advance and alternative location danger warning and prohibitory signs? Group of Experts on

New advance and alternative location danger warning and prohibitory signs? Group of Experts on Road Signs and Signals Geneva, 29 May 2017 UNECE Secretariat . Chapter II: Road signs, Article 6 1. Signs shall be so placed that the drivers for

382 views • 15 slides
Progress in the Industrial Deployment of Materials Modelling Software Experiences from

Progress in the Industrial Deployment of Materials Modelling Software Experiences from

Progress in the Industrial Deployment of Materials Modelling Software Experiences from Thermo-Calc Software Anders Engstrm EMMC Int. Workshop 2019, February 25-27, 2019 Vienna, Austria 1 st material designed using Materials Modelling

397 views • 12 slides
Introduction to Signs of Safety Working in partnership with Children and Families This e-learning

Introduction to Signs of Safety Working in partnership with Children and Families This e-learning

Introduction to Signs of Safety Working in partnership with Children and Families This e-learning course is to give you an overview of Signs of Safety and how it is implemented within this authority Background to Signs of Safety Signs of

845 views • 37 slides
EXPERT GROUP ROAD SIGNS & SIGNALS Final Report Convention signs ECE/TRANS/WP.1/2019/4

EXPERT GROUP ROAD SIGNS & SIGNALS Final Report Convention signs ECE/TRANS/WP.1/2019/4

EXPERT GROUP ROAD SIGNS & SIGNALS Final Report Convention signs ECE/TRANS/WP.1/2019/4 MANDATE Three main objectives: 1. assess the internal (in)consistencies of the 1968 Convention on Road Signs and Signals and the 1971 European Agreement

519 views • 14 slides
North Essex Signs Ltd Who Are we? North Essex Signs is a family owned Company, based in

North Essex Signs Ltd Who Are we? North Essex Signs is a family owned Company, based in

North Essex Signs Ltd Who Are we? North Essex Signs is a family owned Company, based in Colchester. The manufacturing facility is 90,000 sq. ft. spread over two sites with a staff of over 50. What do we do? We specialise in high quality

572 views • 23 slides
FUTURE CHALLENGES IN SOFTWARE EVOLUTION AND QUALITY ANALYSIS FROM INDUSTRIAL & ACADEMIC

FUTURE CHALLENGES IN SOFTWARE EVOLUTION AND QUALITY ANALYSIS FROM INDUSTRIAL & ACADEMIC

FUTURE CHALLENGES IN SOFTWARE EVOLUTION AND QUALITY ANALYSIS FROM INDUSTRIAL & ACADEMIC PERSPECTIVES Aiko Yamashita, PhD. Centrum Wiskunde & Informatica, Netherlands Oslo and Akershus University College of Applied Sciences, Norway

960 views • 73 slides
VITAL SIGNS BRC RAM - Vital Signs Random selection, National sample household flooding 13,436k

VITAL SIGNS BRC RAM - Vital Signs Random selection, National sample household flooding 13,436k

The BRC brings you a BRAND NEW Radio Audience Measurement System BRC RAM: Jan Jun 2016 BRC RAM - VITAL SIGNS BRC RAM - Vital Signs Random selection, National sample household flooding 13,436k Households 36,447k Individuals Universe:

1.03k views • 77 slides
Definition Of A Sign Purpose of Signs Visibility Basic Rules Sign Types

Definition Of A Sign Purpose of Signs Visibility Basic Rules Sign Types

Definition Of A Sign Purpose of Signs Visibility Basic Rules Sign Types Options In Lighting Lighting Types Photos of Signs Special Signs Variations In Sign Summary/Questions Purpose of Signs

321 views • 29 slides
SIGNS & the Frail Older People programme Update to Rushcliffe CCG Governing Body September

SIGNS & the Frail Older People programme Update to Rushcliffe CCG Governing Body September

RCCG/GB/13/125 SIGNS & the Frail Older People programme Update to Rushcliffe CCG Governing Body September 2013 Jeremy Griffiths Chair of SIGNS, Clinical lead Activity and financial implications (Nottinghamshire) SIGNS- Frail elderly

154 views • 12 slides
SIDEWALKS AND SIGNS SEMINAR JUNE 16, 2016 PRESENTATION OVERVIEW 1. INTRODUCTION 2. SIDEWALK

SIDEWALKS AND SIGNS SEMINAR JUNE 16, 2016 PRESENTATION OVERVIEW 1. INTRODUCTION 2. SIDEWALK

SIDEWALKS AND SIGNS SEMINAR JUNE 16, 2016 PRESENTATION OVERVIEW 1. INTRODUCTION 2. SIDEWALK DISPLAYS AND SALES a) What requires a permit b) Revocable Permit c) Application, fee and approval process 3. SIGNS a) Prohibited signs b)

501 views • 20 slides
June 24, 2016 1. Reorganized structure of the signage rules 2. Off-site signs 3. On-site signs 4.

June 24, 2016 1. Reorganized structure of the signage rules 2. Off-site signs 3. On-site signs 4.

Policy & Implementation Committee June 24, 2016 1. Reorganized structure of the signage rules 2. Off-site signs 3. On-site signs 4. Electronic message displays Current off-site sign types: Commercial Agricultural Commercial

649 views • 22 slides
Hardware & Software Platform for Next Generation Industrial Drones Chetak Kandaswamy Kai Yan

Hardware & Software Platform for Next Generation Industrial Drones Chetak Kandaswamy Kai Yan

Hardware & Software Platform for Next Generation Industrial Drones Chetak Kandaswamy Kai Yan Helmut Prendinger Whats next in industry drones? Market: Technical topics: Infrastructure inspection Advanced controller (No GPS,

391 views • 18 slides
Technician License Course Chapters 7 and 8 Lesson Module 16 Call Signs, Control Operators,

Technician License Course Chapters 7 and 8 Lesson Module 16 Call Signs, Control Operators,

Technician License Course Chapters 7 and 8 Lesson Module 16 Call Signs, Control Operators, Station Identification and Third-Party Communications Call Signs Your Radio Name All amateur call signs have a prefix and a suffix

969 views • 71 slides

More recommend