scada security
play

SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA - PowerPoint PPT Presentation

SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA Network Architecture CONFIDENTIAL INTERNAL ONLY 2 Where are the Threats Coming From? External Sources SCADA systems are often interconnected to other SCADA systems and


  1. SCADA Security Eric Chan Fortinet SouthEast Asia & HK

  2. SCADA Network Architecture CONFIDENTIAL – INTERNAL ONLY 2

  3. Where are the Threats Coming From? • External Sources • SCADA systems are often interconnected to other SCADA systems and their own RTU’s/MGMT stations via public networks RTU s/MGMT stations via public networks • Targetted attack of corporate systems with malware which propagate to SCADA systems • Internal sources • Internal sources • Virus’ brought into SCADA network via portable devices • Corporate espionage • Third party applications • File sharing, P2P and social networks • HMI terminals do not have or are not allowed to install an AV solution • Engineers laptop brought on site • Wireless sources • SCADA networks often employ WiFi or 3G based wireless connectivity to RTU’s. • Rogue AP set up as original equipment SSID • Host of encryption exploits yp p • No host based security features on RTU’s 3 CONFIDENTIAL – INTERNAL ONLY

  4. How to Protect your SCADA Environment • Control application/ communication into/out of the network Control application/ communication into/out of the network • Control application/ communication inside the network » Includes ICCP and DNPV3 • Control what/who can interface with SCADA systems • Control what/who can interface with SCADA systems • Monitor the network for virus/ attacks and be able to react to those events quickly 4 CONFIDENTIAL – INTERNAL ONLY

  5. Summary: Defense-in-Depth Security • A Defense-in-depth strategy deploys application security at both the host RTU and the network level • Deploy security systems that offer tightly integrated multiple detection Deploy security systems that offer tightly integrated multiple detection mechanisms: » IPS Corporate LAN » Antivirus » Antispam » Antispam » Application control Human Machine Interface (HMI) » Identity based policies » Web filtering Remote Terminal Unit » DB Pressure » Stateful firewall Pump/fan speed Flow Rate » VPN Remote Oil levels and Maintenance alarms Terminal » Wireless » Wireless Unit » Strong Authentication Pressure Pump/fan speed • Automated processes to update AV and Flow Rate IPS signature databases Oil levels and Maintenance alarms • Known SCADA Exploits already in AV/IPS databases • Known SCADA Exploits already in AV/IPS databases 5 CONFIDENTIAL – INTERNAL ONLY

  6. FortiGate Rugged • Reliability in harsh environments • IEC-61850-3 IEC 61850 3 EMI EMI Thermal Thermal • IEEE-1613 • Complete FortiOS Protection Vibration Vibration • Firewall • Intrusion Prevention I t i P ti • IPSec Encryption • Dynamic Routing y g 6 CONFIDENTIAL – INTERNAL ONLY

  7. Application Awareness for SCADA Protocols Supported Protocols Protocols ICCP Modbus DNP3 Ethernet.IP EtherCAT 7 CONFIDENTIAL – INTERNAL ONLY

  8. About Fortinet • Leading UTM & NG Firewall vendor » by industry analyst: Gartner IDC Frost&Sullivan » by industry analyst: Gartner, IDC, Frost&Sullivan • Certified Protection » 5 ICSA Labs security certifications » NSS UTM certification » ISO 9001:2008 certification » 12 Virus Bulletin (VB) 100% awards » 12 Virus Bulletin (VB) 100% awards » IPV6 certification for FortiOS 4.0 » Common Criteria Evaluation Assurance Level 4 Augmented (EAL 4+) for FortiOS 4.0 » FIPS PUB 140-2 » NEBS Level 3 8 CONFIDENTIAL – INTERNAL ONLY

  9. CONFIDENTIAL – INTERNAL ONLY 9

  10. More Security Fighting Advanced Fighting Advanced Fighting Advanced Fighting Advanced Threats Threats Threats Threats Client Reputation Advanced Anti-malware Protection Advanced Anti malware Protection 10 CONFIDENTIAL – INTERNAL ONLY

  11. Zero Day Attack Detection Identify potential … zero-day attacks Client Reputation Client Reputation Th Threat Status t St t Reputation by Activity Real Time, Relative, Multiple Scoring Vectors Drill-down, Correlated Policy Score Identification Ranking Enforcement Computatio n n 11 CONFIDENTIAL – INTERNAL ONLY

  12. Advanced Anti-Malware Protection Multi-pass Filters Multi-pass Filters FortiGuard Botnet IP FortiGuard Botnet IP Local Lightweight Local Lightweight Hardware Accelerated Hardware Accelerated Reputation DB & Code optimized Sandboxing Real time updated, Behavior / Attribute Based Cloud Based 3 rd party validated p y Heuristic Detection Sandboxing g Signature DB Application Control – Botnet Category Improves threat …. … detection In box Enhanced AV Engine In-box Enhanced AV Engine Cloud Based AV Service Cloud Based AV Service 12 CONFIDENTIAL – INTERNAL ONLY

Recommend


More recommend