scada and other dangerous things
play

SCADA and Other Dangerous Things Professor Andrew Blyth, PhD. - PowerPoint PPT Presentation

Nov 26, 2022 •132 likes •303 views

SCADA and Other Dangerous Things Professor Andrew Blyth, PhD. University of South Wales, UK. E-Mail: andrew.blyth@southwales.ac.uk SCADA and Ukraine SCADA Hacking Typical SCADA Critical Infrastructure Architecture 4 SCADA and IPC Forensic

  1. SCADA and Other Dangerous Things Professor Andrew Blyth, PhD. University of South Wales, UK. E-Mail: andrew.blyth@southwales.ac.uk

  2. SCADA and Ukraine

  3. SCADA Hacking

  4. Typical SCADA Critical Infrastructure Architecture 4

  5. SCADA and IPC Forensic Challenges ➢ Why do challenges exist? ➢ IPC/SCADA systems designed to automate, monitor and control Critical Infrastructure were originally designed for isolated, air gapped networks ➢ Now interconnected with many networks and communicating via Internet ➢ Span huge geographical areas ➢ Include many proprietary and legacy devices and protocols ➢ Lack of security mechanisms in SCADA protocols ➢ No real guidance or methodologies for data acquisition at the control level 5

  6. SCADA Forensic Challenges ➢ Data Sources ➢ Variety of data sources, amount of data sources ➢ Live Acquisition ➢ Verification ➢ Response Time ➢ Logging and Storage ➢ Absence of Dedicated Forensic Tools 6

  7. SCADA Forensic Challenges ➢ Data Sources ➢ Live Acquisition ➢ Latency, interference and OOV (Order of Volatility) ➢ Verification ➢ Response Time ➢ Logging and Storage ➢ Absence of Dedicated Forensic Tools 7

  8. SCADA Forensic Challenges ➢ Data Sources ➢ Live Acquisition ➢ Verification ➢ Calculating hash values ➢ Response Time ➢ Logging and Storage ➢ Absence of Dedicated Forensic Tools 8

  9. SCADA Forensic Challenges ➢ Data Sources ➢ Live Acquisition ➢ Verification ➢ Response Time ➢ Span huge geographical areas, many field sites ➢ Logging and Storage ➢ Absence of Dedicated Forensic Tools 9

  10. SCADA Forensic Challenges ➢ Data Sources ➢ Live Acquisition ➢ Verification ➢ Response Time ➢ Logging and Storage ➢ Audit/logging functions disabled, minimal storage ➢ Absence of Dedicated Forensic Tools 10

  11. SCADA Forensic Challenges ➢ Data Sources ➢ Live Acquisition ➢ Verification ➢ Response Time ➢ Logging and Storage ➢ Absence of Dedicated Forensic Tools ➢ No real methodologies for data acquisition from PLCs 11

  12. IPC/SCADA Forensic Incident Response Model 12

  13. SCADA Forensic Incident Response Model ➢ Stage 1: Prepare ➢ Understand system architecture ➢ Understand system requirements ➢ Understand potential attacks 13

  14. SCADA Forensic Incident Response Model ➢ Stage 2: Detect ➢ Determine type of attack ➢ Determine infected areas ➢ Stage 3: Isolation ➢ Containment of infected areas in relation to business operations 14

  15. SCADA Forensic Incident Response Model ➢ Stage 4: Triage ➢ Identify data sources ➢ Prioritize data sources ➢ Stage 5: Respond ➢ Perform data acquisition ➢ Perform data analysis 15

  16. SCADA Forensic Incident Response Model ➢ Stage 6: Report ➢ Review findings ➢ Create report ➢ Update system architecture ➢ Update system requirements 16

  17. Questions 17

Recommend

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen Operations Support Manager Western Area Power Administration Sub Substation Ne station Netwo twork rk Sec Security urity Tyler Stinson

627 views • 13 slides
SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA Network Architecture CONFIDENTIAL

SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA Network Architecture CONFIDENTIAL

SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA Network Architecture CONFIDENTIAL INTERNAL ONLY 2 Where are the Threats Coming From? External Sources SCADA systems are often interconnected to other SCADA systems and

480 views • 12 slides
THE APPLICATION OF THE APPLICATION OF GPRS FOR SCADA GPRS FOR SCADA COMMUNICATIONS

THE APPLICATION OF THE APPLICATION OF GPRS FOR SCADA GPRS FOR SCADA COMMUNICATIONS

THE APPLICATION OF THE APPLICATION OF GPRS FOR SCADA GPRS FOR SCADA COMMUNICATIONS COMMUNICATIONS Dieter Gtschow Telecommunications specialist Industry Association Resource Centre African Utility Week, 810 May 2006 Overview

549 views • 21 slides
Out of Control: Demonstrating SCADA Exploitation Brian Meixell Eric Forner Black Hat 2013

Out of Control: Demonstrating SCADA Exploitation Brian Meixell Eric Forner Black Hat 2013

Out of Control: Demonstrating SCADA Exploitation Brian Meixell Eric Forner Black Hat 2013 Agenda SCADA 101 Attack Scenarios Common Vulnerabilities Remediation Exploit Demo SCADA 101 SCADA DCS Supervisory Distributed

626 views • 45 slides
SCADA STRANGELOVE SCADA.SL Sergey Gordeychik Internets Aleksandr Timorin StrangeLove movie and

SCADA STRANGELOVE SCADA.SL Sergey Gordeychik Internets Aleksandr Timorin StrangeLove movie and

SCADA STRANGELOVE SCADA.SL Sergey Gordeychik Internets Aleksandr Timorin StrangeLove movie and other Gleb Gritsai *All pictures are taken from Dr Group of security researchers focused on ICS/SCADA Alexander Timorin Dmitry Serebryannikov

1.13k views • 65 slides
_ ...... - I =-= I A Weatherford Enterra Company SCADA Systems Seminar TEST, Inc SCADA Ssmlnor

_ ...... - I =-= I A Weatherford Enterra Company SCADA Systems Seminar TEST, Inc SCADA Ssmlnor

_ ...... - I =-= I A Weatherford Enterra Company SCADA Systems Seminar TEST, Inc SCADA Ssmlnor slrtu030.doc ~_-Computer Alternate Signal Path (3 x #16 wires) 3.275 Ghz Satollite Earth Station 3.275 Ghz Satellite _-'/P"lnK Antenna

2.28k views • 183 slides
SCADA Supervisory Control and Data Acquisition What is SCADA? Superv rvisory Control and Data

SCADA Supervisory Control and Data Acquisition What is SCADA? Superv rvisory Control and Data

SCADA Supervisory Control and Data Acquisition What is SCADA? Superv rvisory Control and Data Acquisition SCADA is the system that controls the various operating processes at our facilities. It is also the system that collects and stores

1.17k views • 23 slides
System Management SCADA Replacing missing or incorrect values with estimates DM#12352252 What is

System Management SCADA Replacing missing or incorrect values with estimates DM#12352252 What is

System Management SCADA Replacing missing or incorrect values with estimates DM#12352252 What is SCADA? S upervisory C ontrol A nd D ata A cquisition , a computer system for gathering and analysing real-time data. SCADA systems are used to

309 views • 15 slides
Duan Vavreka September 2015 Quality metering RTU and SCADA RTU and SCADA Control systems

Duan Vavreka September 2015 Quality metering RTU and SCADA RTU and SCADA Control systems

www.elvac.eu Duan Vavreka September 2015 Quality metering RTU and SCADA RTU and SCADA Control systems for energetics Quality metering in class A ARTIQ 144 measurements 4V4I, communication interface RS-485, optionally Ethernet or USB,

605 views • 13 slides
Introduction to SCADA Most of the slides are from ECE 450/CSE 450 (Fall 2010) taught at Lehigh

Introduction to SCADA Most of the slides are from ECE 450/CSE 450 (Fall 2010) taught at Lehigh

10/30/2015 Introduction to SCADA Most of the slides are from ECE 450/CSE 450 (Fall 2010) taught at Lehigh University by Dr. Liang Cheng and Dr. Shalinee Kishore. Motivation for SCADA Suppose you have a simple electrical circuit consisting

538 views • 15 slides
ATTACK-AWARENESS FOR SPIRE (INTRUSION-TOLERANT SCADA) Tiger Gao, Dan Qian, Elaine Wong, &

ATTACK-AWARENESS FOR SPIRE (INTRUSION-TOLERANT SCADA) Tiger Gao, Dan Qian, Elaine Wong, &

ATTACK-AWARENESS FOR SPIRE (INTRUSION-TOLERANT SCADA) Tiger Gao, Dan Qian, Elaine Wong, & Jason Wong 1. BACKGROUND What is Spire? What is SCADA? What is SCADA? Supervisory Control and Data Acquisition Allows for centralized

530 views • 18 slides
SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar

SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar

SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar Krishnan & Dr. Mingkui Wei Department of Computer Science Sam Houston State University, Huntsville, Texas ISDFS 2019 SC SCADA Ov Overv

635 views • 22 slides
SCADA deep inside: protocols and security mechanisms Aleksandr Timorin

SCADA deep inside: protocols and security mechanisms Aleksandr Timorin

SCADA deep inside: protocols and security mechanisms Aleksandr Timorin 05|06|07 September 2014 # whoami penetration tester at Positive Technologies SCADA security researcher, main specialisation -

1.03k views • 81 slides
ADNA: online, context-aware, intelligent framework for Anomaly Detection aNd Analysis in SCADA

ADNA: online, context-aware, intelligent framework for Anomaly Detection aNd Analysis in SCADA

ADNA: online, context-aware, intelligent framework for Anomaly Detection aNd Analysis in SCADA networks Researchers: Wenyu Ren , Klara Nahrstedt, Tim Yardley Motivation Supervisory Control And Data Acquisition (SCADA) Problem with

1.12k views • 22 slides
SCADA Security: Why is it so hard? Amol Sarwate, Director of Vulnerability Labs, Qualys Inc.

SCADA Security: Why is it so hard? Amol Sarwate, Director of Vulnerability Labs, Qualys Inc.

SCADA Security: Why is it so hard? Amol Sarwate, Director of Vulnerability Labs, Qualys Inc. June 22, 2012 HACK IN PARIS Agenda SCADA Basics Threats (where, why & how) Challenges Recommendations and Proposals ScadaScan tool HACK

997 views • 65 slides
Making C Less Dangerous in the Linux Kernel Kees Cook | @keescook LINUX.CONF.AU 21-25 January

Making C Less Dangerous in the Linux Kernel Kees Cook | @keescook LINUX.CONF.AU 21-25 January

Making C Less Dangerous in the Linux Kernel Kees Cook | @keescook LINUX.CONF.AU 21-25 January The Linux of Things | #LCA2019 | @linuxconfau 2019 Christchurch, NZ Making C Less Dangerous in the Linux Kernel Linux Conf AU January 25,

505 views • 29 slides
Real-time risk definition in the transport of dangerous goods by road dangerous goods by road

Real-time risk definition in the transport of dangerous goods by road dangerous goods by road

Real-time risk definition in the transport of dangerous goods by road dangerous goods by road Chi Chiara Bersani, Claudio Roncoli B i Cl di R li University of Genova, Department of Communication, Computer and System Science DIST 16145

685 views • 39 slides
Dangerous goods make the world go round! truck with UN 1831 SULPHURIC ACID, FUMING 8+6.1 I, in

Dangerous goods make the world go round! truck with UN 1831 SULPHURIC ACID, FUMING 8+6.1 I, in

1 EASA European Association of dangerous goods Safety Advisers Dangerous goods make the world go round! truck with UN 1831 SULPHURIC ACID, FUMING 8+6.1 I, in Bolivia: The Dangerous Goods Safety Adviser (DGSA): Key Figure for Safety &

655 views • 34 slides
Dangerous goods make the world go round! truck with UN 1831 SULPHURIC ACID, FUMING 8+6.1 I, in

Dangerous goods make the world go round! truck with UN 1831 SULPHURIC ACID, FUMING 8+6.1 I, in

1 EASA European Association of dangerous goods Safety Advisers Dangerous goods make the world go round! truck with UN 1831 SULPHURIC ACID, FUMING 8+6.1 I, in Bolivia: The Dangerous Goods Safety Adviser (DGSA): Key Figure for Safety &

415 views • 37 slides
There are at least 4 types of bears indigenous to this country. They are from least dangerous

There are at least 4 types of bears indigenous to this country. They are from least dangerous

There are at least 4 types of bears indigenous to this country. They are from least dangerous to most dangerous: Teddy Bear Black Bear (U. americanus) Brown or Grizzly Bear (U. Arctos) Chicago Bear (D. Butkus) Two types exist in New Mexico

420 views • 25 slides
Department of Neighborhoods Dangerous Buildings and Make Safe Process 1 Agenda

Department of Neighborhoods Dangerous Buildings and Make Safe Process 1 Agenda

Department of Neighborhoods Dangerous Buildings and Make Safe Process 1 Agenda Responsibilities & Role of City employees Dangerous Building Reporting Process What is a Public Hearing? What is an Order? Enforcement

623 views • 26 slides
Protecting Consumers In the EU market from dangerous imports Mike Turner, International Paper

Protecting Consumers In the EU market from dangerous imports Mike Turner, International Paper

Protecting Consumers In the EU market from dangerous imports Mike Turner, International Paper Pack2Go Europe Spring meeting 2015 3-4-5 June The Landmark, London Dangerous goods in the EU market Who are the stakeholders? 1. The consumer:

412 views • 11 slides
The Safe Journey of Dangerous Goods by Rail RDIMS # 14054460 PURPOSE - To get a better

The Safe Journey of Dangerous Goods by Rail RDIMS # 14054460 PURPOSE - To get a better

The Safe Journey of Dangerous Goods by Rail RDIMS # 14054460 PURPOSE - To get a better understanding of: - Transport Canadas regulatory regime: - Rail; - Transportation of Dangerous Goods; - What happens in an emergency situation involving

550 views • 19 slides
Revelation 1:19 Write the things which you have seen, and the things which are, and the

Revelation 1:19 Write the things which you have seen, and the things which are, and the

Revelation 1:19 Write the things which you have seen, and the things which are, and the things which will take place after this. Revelation 4:1 After these things I looked, and behold, a door standing open in heaven. And the

438 views • 30 slides

More recommend