june 2017
play

June 2017 ECL Cyber Security Senior Systems Engineer Engineering - PowerPoint PPT Presentation

May 12, 2023 •210 likes •417 views

June 2017 ECL Cyber Security Senior Systems Engineer Engineering Control Ltd 10+ years experience Control Systems (DCS/PLC) Safety Systems (TV FSE 7040/13) Industrial Networks (Ethernet/fibre) Server Management

  1. June 2017 ECL Cyber Security

  2.  Senior Systems Engineer  Engineering Control Ltd  10+ years experience  Control Systems (DCS/PLC)  Safety Systems (TÜV FSE 7040/13)  Industrial Networks (Ethernet/fibre)  Server Management (Windows)  Current role  PCD IT Cyber Security (contract) with STOS  IDC Safety Control Systems & Hazardous Areas Conference  Auckland, 22-23 August 2017 ECL Cyber Security

  3.  Control/SCADA systems control “real - world” devices and processes  Cyber attacks on a control/SCADA system can lead to serious consequences  Cyber “security level” generally needs to provide more risk reduction than required safety integrity level for SIF to be effective.  Incident cost ECL Cyber Security

  4.  IEC 61508 – Functional Safety of Safety-Related Systems  IEC 61511 – Safety Instrumented Systems for the Process Industry  ISA / IEC 62443 – Cyber Security Suite of Standards  ISA TR84.00.09 – Cyber Security related to Function Safety process ECL Cyber Security

  5.  Standards for cyber security  Cyber security breaches impact  Networked facilities  Cyber attacker capabilities  Potential to shutdown process, change display, impact productivity ECL Cyber Security

  6.  Stuxnet  Specifically targets Siemens PLCs  Introduced by USB flash drive  May have destroyed up to 1000 centrifuges  German steel mill attack  “…manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in ‘massive’ damage”  Hacked into Office Network  … then production management software  … then plant control systems ECL Cyber Security

  7.  Black Energy malware  In December 2015, around half the homes in the Ivano-Frankivsk region in Ukraine were left with no electricity for a few hours. According to reports, the cause of the 6-hour power outage was a cyber-attack that utilized malware. Interestingly, the reported case was not an isolated incident, as other electric firms in Ukraine were found to have also been targeted.  Deployment via email ECL Cyber Security

  8.  Is the firmware up to date?  What about zero-day vulnerabilities?  Are the logs reviewed?  Has it been configured to a design?  Design documentation maintained?  Least privilege?  Are the ‘holes’ so large that a hacker could drive straight through? ECL Cyber Security

  9.  The firewall is one barrier  Has holes just like any other barrier  Not ok for process safety ECL Cyber Security

  10.  Air gapping is enough  Security by obscurity is a protection  Only Windows PCs are at risk (lvl2)  ICS cybersecurity threat is overblown  It won’t happen here because it hasn’t happened before ECL Cyber Security

  11. Cybersecurity program in place? 1. Designated cybersecurity leader? 2. Cybersecurity team understands the 3. role? Procedures specifically for detecting 4. and containing cyberattacks? Plan for responding to cybersecurity 5. incidents? Does our plan include testing, 6. assessments and continuous improvement? ECL Cyber Security

  12.  Policies and Procedures  Network Segregation  Physical Access Control  System Hardening  User Access Control  Malicious Software Prevention/Whitelisting  Antivirus  Patching  Backups  Logs  Performance Monitoring & Alerting ECL Cyber Security

  13.  These security concepts are great  Unrealistic to retrofit entire plant  Solutions available for legacy devices:  Become knowledgeable about ICS security and industry standards  Protect legacy devices and systems with security device  Can be installed in live systems without harm to production  Allows rules to be tested and changed without putting plant operations at risk ​ ECL Cyber Security

  14.  Purdue model (levels 0 to 4)  Bank has multiple layers of protection  Security guards – course access control  Security-trained tellers – fine access control  Steel doors – simple barriers (open/closed)  Bullet proof windows  Security box keys – allows access to specific authorised entities  Layers are context specific  Each layer provides some protection  Overall protection provided by layers working together ECL Cyber Security

  15.  Developed by Lockheed Martin  Phases of an attack: 1. Reconnaissance 2. Weaponization 3. Delivery 4. Exploitation 5. Installation 6. Command and control 7. Actions on intent. ECL Cyber Security

  16.  Information  Operational Technology Technology  Level 4+  Level 3-  Servers/PCs  All configurable devices  Device focus  People focus  Lifetime 15-20 yrs  Lifetime 3-5 years  End-point focus  Server focus  Safety and  Confidentiality and availability focus integrity focus ECL Cyber Security

  17. 1. Asset Inventory 2. Network Segmentation 3. Secure Access 4. Role-Based Access and Logging 5. Password Policy 6. Patch Vulnerabilities 7. Involve Management 8. Detect & Response Plan ECL Cyber Security

  18.  It’s a System  Alarm Management  Process Safety Management  Health & Safety Management  Ad hoc will only get you so far  Policies and Procedures  Culture – human factor ECL Cyber Security

  19.  Report – audit, identify, advise  Project manage – mitigations, actions  Training – empower your control system engineers  Implement – put new barriers in place, strengthen existing barriers  Maintain – cyber security is a process not an event ECL Cyber Security

Recommend

Internet Governance in June 2017 27 June 2017 Main events in June 30 May-2 June International

Internet Governance in June 2017 27 June 2017 Main events in June 30 May-2 June International

Internet Governance in June 2017 27 June 2017 Main events in June 30 May-2 June International Conference on Cyber Conflict (Tallinn) 5-7 June NANOG 70 (Washington) 6-7 June EuroDIG (Tallinn) 6-23 June UN Human Rights Council - 35th Session

282 views • 13 slides
Association Australasia - MEMBER ONLY WEBINAR - Certjfjcatjon Quarterly June 2017 22 June 2017

Association Australasia - MEMBER ONLY WEBINAR - Certjfjcatjon Quarterly June 2017 22 June 2017

Responsible Investment Association Australasia - MEMBER ONLY WEBINAR - Certjfjcatjon Quarterly June 2017 22 June 2017 Presenters: James Tayler - Morphic Asset Management Cheyne McKee - Bank Australia Kirsten Simpson - VicSuper June 2017

455 views • 33 slides
Getting ready 21 June, 2017 for APA # 1 proto 1 21 June 2017 1-APA #1 shipping schedule

Getting ready 21 June, 2017 for APA # 1 proto 1 21 June 2017 1-APA #1 shipping schedule

William Miller-UMN Getting ready 21 June, 2017 for APA # 1 proto 1 21 June 2017 1-APA #1 shipping schedule Schedule is holding Shipping Box to arrive at PSL on 23-June Week of 26-June PSL fits suspension system, works on

260 views • 10 slides
Q2 January June 2017 INTERIM REPORT JANUARY JUNE 2017 2017-07-18 Per Lindberg, CEO and

Q2 January June 2017 INTERIM REPORT JANUARY JUNE 2017 2017-07-18 Per Lindberg, CEO and

Q2 January June 2017 INTERIM REPORT JANUARY JUNE 2017 2017-07-18 Per Lindberg, CEO and President, and Susanne Lithander, CFO 1 Q2 2017 RESULTS AT A GLANCE NET SALES 3 % PACKAGING PAPER OTHER 5 600 Kraft paper Sack paper GROWTH 9%

786 views • 23 slides
Field Robot Event 2017 13 th June 16 th June 2017 14 Teams participated TAFR Team On a

Field Robot Event 2017 13 th June 16 th June 2017 14 Teams participated TAFR Team On a

Field Robot Event 2017 13 th June 16 th June 2017 14 Teams participated TAFR Team On a shoestring budget Floribot 2017 Fontys Venlo Cornholio SKALP Team UniCorn Uach-Dimabot 17 FREDT Kamaro Engineering Feldschmiede Moops Robatic

514 views • 24 slides
London 2017 Monday 26th June Wednesday 28th June 1 6/8/2017 Introductions 29 pupils in

London 2017 Monday 26th June Wednesday 28th June 1 6/8/2017 Introductions 29 pupils in

6/8/2017 @MusicBraesHigh London 2017 Monday 26th June Wednesday 28th June 1 6/8/2017 Introductions 29 pupils in total attending the trip from our current S2 S6. 4 staff Mr Morris, Mrs Corsie, Mrs Eckles & Miss Gibb.

678 views • 39 slides
Belgium and France 26 th June 29 th June 2017 Welcome! Please, can you . . . 1. Pop you

Belgium and France 26 th June 29 th June 2017 Welcome! Please, can you . . . 1. Pop you

Year 8 and 9 History Trip Battlefields Belgium and France 26 th June 29 th June 2017 Welcome! Please, can you . . . 1. Pop you mobile phones on silent or off 2. Save any questions you may have and ask me at the end. 3. Check the

408 views • 14 slides
6/7/2017 1 6/7/2017 Planning for I/I Reduction and Strategies to Get the Job Done June 7, 2017

6/7/2017 1 6/7/2017 Planning for I/I Reduction and Strategies to Get the Job Done June 7, 2017

6/7/2017 1 6/7/2017 Planning for I/I Reduction and Strategies to Get the Job Done June 7, 2017 1:00 3:00 pm Eastern How to Participate Today Audio Modes Listen using Mic & S peakers Or, select Use Telephone

742 views • 53 slides
Operational Advisory Group June 2, 2017 CCI Operational Advisory Group June 2, 2017

Operational Advisory Group June 2, 2017 CCI Operational Advisory Group June 2, 2017

UW Madison Campus Computing Initiative Operational Advisory Group June 2, 2017 CCI Operational Advisory Group June 2, 2017 Welcome New Role of this Group CCIV Technical Updates Data Center RFP Update Public Cloud

487 views • 20 slides
Jonathon Peros Council Staff NEFMC June 21, 2017 1 4. Scallops - June 20-22, 2017 #1 Scallop

Jonathon Peros Council Staff NEFMC June 21, 2017 1 4. Scallops - June 20-22, 2017 #1 Scallop

44 4 44 - Jonathon Peros Council Staff NEFMC June 21, 2017 1 4. Scallops - June 20-22, 2017 #1 Scallop Report Outline: 1. LAGC IFQ Program Review (Doc.3) 2. 2018/2019 RSA Priorities (Doc.4a, 4b) 3. FW29 Update (Doc. 5a-d) 4. Control date

1.06k views • 80 slides
First Polymer Colloid Group Micro-Symposium , June 16-17, 1972, held at Lehigh i. University. Four

First Polymer Colloid Group Micro-Symposium , June 16-17, 1972, held at Lehigh i. University. Four

Mohamed S. El- Aassers talking points related to ppt presentation on history of IPCG 1971 -2017 Presentation made on June 28, 2017, at the 2017 IPCG meeting (June 25 30), Arantzazu, (ONATI, Spain) 1. I personally enjoyed preparing this talk.

368 views • 4 slides
Webinars Monday, June 5, 2017 11:00am 12:30pm Tuesday, June 6, 2017 11:00am 12:30pm Monday,

Webinars Monday, June 5, 2017 11:00am 12:30pm Tuesday, June 6, 2017 11:00am 12:30pm Monday,

EAST Cohort 2 Kickoff Webinars Monday, June 5, 2017 11:00am 12:30pm Tuesday, June 6, 2017 11:00am 12:30pm Monday, June 12, 2017 1:00pm 2:30pm The EAST Project Team Susan Stearns Sara Amato Mei Mendez Matthew Revitt Project

936 views • 68 slides
Presentation June 2017 1 Capital Raise June 2017 1. Spear REIT at a Glance Table of Contents 2.

Presentation June 2017 1 Capital Raise June 2017 1. Spear REIT at a Glance Table of Contents 2.

Capital Raise Presentation June 2017 1 Capital Raise June 2017 1. Spear REIT at a Glance Table of Contents 2. Highlights 3. Financial Performance 4 months ended 28 February 2017 4. Group Structure & Management 5. Portfolio Overview MISSION

767 views • 49 slides
Company Presentation: 5 June 2017 Sunrise Resources plc: AIM SRES 1 5 June 2017 Important

Company Presentation: 5 June 2017 Sunrise Resources plc: AIM SRES 1 5 June 2017 Important

Sunrise Resources plc CS Pozzolan-Perlite Project Nevada USA Company Presentation: 5 June 2017 Sunrise Resources plc: AIM SRES 1 5 June 2017 Important Notice The content of information contained in these slides and the accompanying verbal

736 views • 42 slides
2nd Quarter 2017 Financial Results and Outlook June 29, 2017 The following slides accompany a

2nd Quarter 2017 Financial Results and Outlook June 29, 2017 The following slides accompany a

McCormick & Company, Inc. 2nd Quarter 2017 Financial Results and Outlook June 29, 2017 The following slides accompany a June 29, 2017 presentation to investment analysts. This information should be read in conjunction with the press

586 views • 34 slides
CEO HelloGold 4-6 JUNE 2017 Grand Copthorne, Singapore HelloGold the opportunity 4-6 JUNE 2017,

CEO HelloGold 4-6 JUNE 2017 Grand Copthorne, Singapore HelloGold the opportunity 4-6 JUNE 2017,

4-6 JUNE 2017, GRAND COPTHORNE, SINGAPORE Shariah compliant gold fintech platform Robin Lee CEO HelloGold 4-6 JUNE 2017 Grand Copthorne, Singapore HelloGold the opportunity 4-6 JUNE 2017, GRAND COPTHORNE, SINGAPORE 815 Million Total Number of

495 views • 10 slides
Inv nvestor or Presentation June 2017 NYSE: CIE INVESTOR PRESENTATION JUNE 2017 1 Legal

Inv nvestor or Presentation June 2017 NYSE: CIE INVESTOR PRESENTATION JUNE 2017 1 Legal

NYSE: CIE | www.cobaltintl.com Inv nvestor or Presentation June 2017 NYSE: CIE INVESTOR PRESENTATION JUNE 2017 1 Legal Disclosures Neither the United States Securities and Exchange Commission nor any other state companies in our

243 views • 9 slides
Re Retail: Finding Jean Baptiste de Ma Marb rbot JU JUNE E 22 2017 Outline of Presentation

Re Retail: Finding Jean Baptiste de Ma Marb rbot JU JUNE E 22 2017 Outline of Presentation

Quo Vadis Capital, Inc. Proprietary Structural Analysis & Forecasting June 2017 917-470-2073 john.zolidis@quovadiscapital.com Re Retail: Finding Jean Baptiste de Ma Marb rbot JU JUNE E 22 2017 Outline of Presentation June 2017

837 views • 47 slides
June 23 rd 2017 Flood Event 27 June 2017 Dwight Boyd Director of Engineering Presentation

June 23 rd 2017 Flood Event 27 June 2017 Dwight Boyd Director of Engineering Presentation

June 23 rd 2017 Flood Event 27 June 2017 Dwight Boyd Director of Engineering Presentation Outline Focus of this presentation is on West Montrose Chronology of Event Weather Warnings Monitoring System Alerts Watershed

302 views • 19 slides
LA Retirement Fund Actuarial Valuation as at 30 June 2017 Presenter: Sean Neethling Valuator

LA Retirement Fund Actuarial Valuation as at 30 June 2017 Presenter: Sean Neethling Valuator

LA Retirement Fund Actuarial Valuation as at 30 June 2017 Presenter: Sean Neethling Valuator Membership statistics 30 June 2017 5 000 30 June 2016 30 June 2017 3 951 4 000 3 730 Number of members 3 000 2 000 1 478 1 463 1 000 0 4

283 views • 10 slides
January June 2017 June 12 th , 2017 Help Desk SLA The IT Help Desk has the following

January June 2017 June 12 th , 2017 Help Desk SLA The IT Help Desk has the following

IT IT Service Le Level Agreement In Information January June 2017 June 12 th , 2017 Help Desk SLA The IT Help Desk has the following Service Level Agreement standards: Customer Satisfaction is 4.0 or greater on a 5.0 scale.

369 views • 14 slides
I N V E S T O R P R E S E N TAT I O N SECOND QUARTER 2017 (As of June 30, 2017)

I N V E S T O R P R E S E N TAT I O N SECOND QUARTER 2017 (As of June 30, 2017)

I N V E S T O R P R E S E N TAT I O N SECOND QUARTER 2017 (As of June 30, 2017) Disclaimer/Forward-Looking Statements Statements made by us in this presentation and in other reports and statements could limit our ability to acquire additional

288 views • 25 slides
2017: Into the Future CME Group ISM June 2017 Source: CME Group Nov 2017 Source: CME

2017: Into the Future CME Group ISM June 2017 Source: CME Group Nov 2017 Source: CME

2017: Into the Future CME Group ISM June 2017 Source: CME Group Nov 2017 Source: CME Group ISM: Semiannual Economic Forecast Manufacturing Operating Rate 81.9% Inflation (prices paid) of 1.3% (decrease 0.4% in 2016)

538 views • 6 slides
Sponsorship and Marketing Opportunities Moorland Farm, Far Hills, New Jersey June 24-25, 2017

Sponsorship and Marketing Opportunities Moorland Farm, Far Hills, New Jersey June 24-25, 2017

Sponsorship and Marketing Opportunities Moorland Farm, Far Hills, New Jersey June 24-25, 2017 www.essexhorsetrials.org (908) 234-9115 Benefitting Sponsored By Essex Horse Trials Country Weekend June 24 and 25, 2017 In June 2016, over four

145 views • 13 slides

More recommend