scada security
play

SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA - PowerPoint PPT Presentation

Jul 23, 2023 •348 likes •480 views

SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA Network Architecture CONFIDENTIAL INTERNAL ONLY 2 Where are the Threats Coming From? External Sources SCADA systems are often interconnected to other SCADA systems and

  1. SCADA Security Eric Chan Fortinet SouthEast Asia & HK

  2. SCADA Network Architecture CONFIDENTIAL – INTERNAL ONLY 2

  3. Where are the Threats Coming From? • External Sources • SCADA systems are often interconnected to other SCADA systems and their own RTU’s/MGMT stations via public networks RTU s/MGMT stations via public networks • Targetted attack of corporate systems with malware which propagate to SCADA systems • Internal sources • Internal sources • Virus’ brought into SCADA network via portable devices • Corporate espionage • Third party applications • File sharing, P2P and social networks • HMI terminals do not have or are not allowed to install an AV solution • Engineers laptop brought on site • Wireless sources • SCADA networks often employ WiFi or 3G based wireless connectivity to RTU’s. • Rogue AP set up as original equipment SSID • Host of encryption exploits yp p • No host based security features on RTU’s 3 CONFIDENTIAL – INTERNAL ONLY

  4. How to Protect your SCADA Environment • Control application/ communication into/out of the network Control application/ communication into/out of the network • Control application/ communication inside the network » Includes ICCP and DNPV3 • Control what/who can interface with SCADA systems • Control what/who can interface with SCADA systems • Monitor the network for virus/ attacks and be able to react to those events quickly 4 CONFIDENTIAL – INTERNAL ONLY

  5. Summary: Defense-in-Depth Security • A Defense-in-depth strategy deploys application security at both the host RTU and the network level • Deploy security systems that offer tightly integrated multiple detection Deploy security systems that offer tightly integrated multiple detection mechanisms: » IPS Corporate LAN » Antivirus » Antispam » Antispam » Application control Human Machine Interface (HMI) » Identity based policies » Web filtering Remote Terminal Unit » DB Pressure » Stateful firewall Pump/fan speed Flow Rate » VPN Remote Oil levels and Maintenance alarms Terminal » Wireless » Wireless Unit » Strong Authentication Pressure Pump/fan speed • Automated processes to update AV and Flow Rate IPS signature databases Oil levels and Maintenance alarms • Known SCADA Exploits already in AV/IPS databases • Known SCADA Exploits already in AV/IPS databases 5 CONFIDENTIAL – INTERNAL ONLY

  6. FortiGate Rugged • Reliability in harsh environments • IEC-61850-3 IEC 61850 3 EMI EMI Thermal Thermal • IEEE-1613 • Complete FortiOS Protection Vibration Vibration • Firewall • Intrusion Prevention I t i P ti • IPSec Encryption • Dynamic Routing y g 6 CONFIDENTIAL – INTERNAL ONLY

  7. Application Awareness for SCADA Protocols Supported Protocols Protocols ICCP Modbus DNP3 Ethernet.IP EtherCAT 7 CONFIDENTIAL – INTERNAL ONLY

  8. About Fortinet • Leading UTM & NG Firewall vendor » by industry analyst: Gartner IDC Frost&Sullivan » by industry analyst: Gartner, IDC, Frost&Sullivan • Certified Protection » 5 ICSA Labs security certifications » NSS UTM certification » ISO 9001:2008 certification » 12 Virus Bulletin (VB) 100% awards » 12 Virus Bulletin (VB) 100% awards » IPV6 certification for FortiOS 4.0 » Common Criteria Evaluation Assurance Level 4 Augmented (EAL 4+) for FortiOS 4.0 » FIPS PUB 140-2 » NEBS Level 3 8 CONFIDENTIAL – INTERNAL ONLY

  9. CONFIDENTIAL – INTERNAL ONLY 9

  10. More Security Fighting Advanced Fighting Advanced Fighting Advanced Fighting Advanced Threats Threats Threats Threats Client Reputation Advanced Anti-malware Protection Advanced Anti malware Protection 10 CONFIDENTIAL – INTERNAL ONLY

  11. Zero Day Attack Detection Identify potential … zero-day attacks Client Reputation Client Reputation Th Threat Status t St t Reputation by Activity Real Time, Relative, Multiple Scoring Vectors Drill-down, Correlated Policy Score Identification Ranking Enforcement Computatio n n 11 CONFIDENTIAL – INTERNAL ONLY

  12. Advanced Anti-Malware Protection Multi-pass Filters Multi-pass Filters FortiGuard Botnet IP FortiGuard Botnet IP Local Lightweight Local Lightweight Hardware Accelerated Hardware Accelerated Reputation DB & Code optimized Sandboxing Real time updated, Behavior / Attribute Based Cloud Based 3 rd party validated p y Heuristic Detection Sandboxing g Signature DB Application Control – Botnet Category Improves threat …. … detection In box Enhanced AV Engine In-box Enhanced AV Engine Cloud Based AV Service Cloud Based AV Service 12 CONFIDENTIAL – INTERNAL ONLY

Recommend

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen Operations Support Manager Western Area Power Administration Sub Substation Ne station Netwo twork rk Sec Security urity Tyler Stinson

627 views • 13 slides
SCADA deep inside: protocols and security mechanisms Aleksandr Timorin

SCADA deep inside: protocols and security mechanisms Aleksandr Timorin

SCADA deep inside: protocols and security mechanisms Aleksandr Timorin 05|06|07 September 2014 # whoami penetration tester at Positive Technologies SCADA security researcher, main specialisation -

1.03k views • 81 slides
SCADA STRANGELOVE SCADA.SL Sergey Gordeychik Internets Aleksandr Timorin StrangeLove movie and

SCADA STRANGELOVE SCADA.SL Sergey Gordeychik Internets Aleksandr Timorin StrangeLove movie and

SCADA STRANGELOVE SCADA.SL Sergey Gordeychik Internets Aleksandr Timorin StrangeLove movie and other Gleb Gritsai *All pictures are taken from Dr Group of security researchers focused on ICS/SCADA Alexander Timorin Dmitry Serebryannikov

1.13k views • 65 slides
SCADA Security: Why is it so hard? Amol Sarwate, Director of Vulnerability Labs, Qualys Inc.

SCADA Security: Why is it so hard? Amol Sarwate, Director of Vulnerability Labs, Qualys Inc.

SCADA Security: Why is it so hard? Amol Sarwate, Director of Vulnerability Labs, Qualys Inc. June 22, 2012 HACK IN PARIS Agenda SCADA Basics Threats (where, why & how) Challenges Recommendations and Proposals ScadaScan tool HACK

997 views • 65 slides
SCADA and Other Dangerous Things Professor Andrew Blyth, PhD. University of South Wales, UK.

SCADA and Other Dangerous Things Professor Andrew Blyth, PhD. University of South Wales, UK.

SCADA and Other Dangerous Things Professor Andrew Blyth, PhD. University of South Wales, UK. E-Mail: andrew.blyth@southwales.ac.uk SCADA and Ukraine SCADA Hacking Typical SCADA Critical Infrastructure Architecture 4 SCADA and IPC Forensic

303 views • 17 slides
THE APPLICATION OF THE APPLICATION OF GPRS FOR SCADA GPRS FOR SCADA COMMUNICATIONS

THE APPLICATION OF THE APPLICATION OF GPRS FOR SCADA GPRS FOR SCADA COMMUNICATIONS

THE APPLICATION OF THE APPLICATION OF GPRS FOR SCADA GPRS FOR SCADA COMMUNICATIONS COMMUNICATIONS Dieter Gtschow Telecommunications specialist Industry Association Resource Centre African Utility Week, 810 May 2006 Overview

549 views • 21 slides
Out of Control: Demonstrating SCADA Exploitation Brian Meixell Eric Forner Black Hat 2013

Out of Control: Demonstrating SCADA Exploitation Brian Meixell Eric Forner Black Hat 2013

Out of Control: Demonstrating SCADA Exploitation Brian Meixell Eric Forner Black Hat 2013 Agenda SCADA 101 Attack Scenarios Common Vulnerabilities Remediation Exploit Demo SCADA 101 SCADA DCS Supervisory Distributed

626 views • 45 slides
Building Hardened Implementations of SCADA/ICS Protocols Using Language-Theoretic Security

Building Hardened Implementations of SCADA/ICS Protocols Using Language-Theoretic Security

Building Hardened Implementations of SCADA/ICS Protocols Using Language-Theoretic Security Prashant Anantharaman, Dartmouth College pa@cs.dartmouth.edu http://cs.dartmouth.edu/~pa CREDC Industry Workshop March 27-29, 2017 Funded by the U.S.

583 views • 36 slides
_ ...... - I =-= I A Weatherford Enterra Company SCADA Systems Seminar TEST, Inc SCADA Ssmlnor

_ ...... - I =-= I A Weatherford Enterra Company SCADA Systems Seminar TEST, Inc SCADA Ssmlnor

_ ...... - I =-= I A Weatherford Enterra Company SCADA Systems Seminar TEST, Inc SCADA Ssmlnor slrtu030.doc ~_-Computer Alternate Signal Path (3 x #16 wires) 3.275 Ghz Satollite Earth Station 3.275 Ghz Satellite _-'/P"lnK Antenna

2.28k views • 183 slides
SCADA Supervisory Control and Data Acquisition What is SCADA? Superv rvisory Control and Data

SCADA Supervisory Control and Data Acquisition What is SCADA? Superv rvisory Control and Data

SCADA Supervisory Control and Data Acquisition What is SCADA? Superv rvisory Control and Data Acquisition SCADA is the system that controls the various operating processes at our facilities. It is also the system that collects and stores

1.17k views • 23 slides
System Management SCADA Replacing missing or incorrect values with estimates DM#12352252 What is

System Management SCADA Replacing missing or incorrect values with estimates DM#12352252 What is

System Management SCADA Replacing missing or incorrect values with estimates DM#12352252 What is SCADA? S upervisory C ontrol A nd D ata A cquisition , a computer system for gathering and analysing real-time data. SCADA systems are used to

309 views • 15 slides
Duan Vavreka September 2015 Quality metering RTU and SCADA RTU and SCADA Control systems

Duan Vavreka September 2015 Quality metering RTU and SCADA RTU and SCADA Control systems

www.elvac.eu Duan Vavreka September 2015 Quality metering RTU and SCADA RTU and SCADA Control systems for energetics Quality metering in class A ARTIQ 144 measurements 4V4I, communication interface RS-485, optionally Ethernet or USB,

605 views • 13 slides
Introduction to SCADA Most of the slides are from ECE 450/CSE 450 (Fall 2010) taught at Lehigh

Introduction to SCADA Most of the slides are from ECE 450/CSE 450 (Fall 2010) taught at Lehigh

10/30/2015 Introduction to SCADA Most of the slides are from ECE 450/CSE 450 (Fall 2010) taught at Lehigh University by Dr. Liang Cheng and Dr. Shalinee Kishore. Motivation for SCADA Suppose you have a simple electrical circuit consisting

538 views • 15 slides
ATTACK-AWARENESS FOR SPIRE (INTRUSION-TOLERANT SCADA) Tiger Gao, Dan Qian, Elaine Wong, &

ATTACK-AWARENESS FOR SPIRE (INTRUSION-TOLERANT SCADA) Tiger Gao, Dan Qian, Elaine Wong, &

ATTACK-AWARENESS FOR SPIRE (INTRUSION-TOLERANT SCADA) Tiger Gao, Dan Qian, Elaine Wong, & Jason Wong 1. BACKGROUND What is Spire? What is SCADA? What is SCADA? Supervisory Control and Data Acquisition Allows for centralized

530 views • 18 slides
SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar

SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar

SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar Krishnan & Dr. Mingkui Wei Department of Computer Science Sam Houston State University, Huntsville, Texas ISDFS 2019 SC SCADA Ov Overv

635 views • 22 slides
ADNA: online, context-aware, intelligent framework for Anomaly Detection aNd Analysis in SCADA

ADNA: online, context-aware, intelligent framework for Anomaly Detection aNd Analysis in SCADA

ADNA: online, context-aware, intelligent framework for Anomaly Detection aNd Analysis in SCADA networks Researchers: Wenyu Ren , Klara Nahrstedt, Tim Yardley Motivation Supervisory Control And Data Acquisition (SCADA) Problem with

1.12k views • 22 slides
Dec-2018 Meeting Jodi A. Jensen Senior SCADA Advisor WECC SASMS, February 7, 2019 1 New CIP-C

Dec-2018 Meeting Jodi A. Jensen Senior SCADA Advisor WECC SASMS, February 7, 2019 1 New CIP-C

NERC CIP-C Highlights Dec-2018 Meeting Jodi A. Jensen Senior SCADA Advisor WECC SASMS, February 7, 2019 1 New CIP-C Initiatives for 2019 Utility Essential Security Practices Whitepaper Cyber-Physical Resiliency Task Force Supply Chain

446 views • 12 slides
Jonathan Pollet conference Part 2: Stuxnet APT-Style Attacks on SCADA Systems Stuxnet Night

Jonathan Pollet conference Part 2: Stuxnet APT-Style Attacks on SCADA Systems Stuxnet Night

Rome, May 31, 2011 Jonathan Pollet conference Part 2: Stuxnet APT-Style Attacks on SCADA Systems Stuxnet Night Dragon Jonathan Pollet, CAP, CISSP, PCIP Founder, Principal Consultant Red Tiger Security - USA 1 speaker Jonathan

223 views • 21 slides
APT-Style Attacks on SCADA Systems Stuxnet Night Dragon Jonathan Pollet, CAP, CISSP, PCIP

APT-Style Attacks on SCADA Systems Stuxnet Night Dragon Jonathan Pollet, CAP, CISSP, PCIP

APT-Style Attacks on SCADA Systems Stuxnet Night Dragon Jonathan Pollet, CAP, CISSP, PCIP Founder, Principal Consultant Red Tiger Security - USA 1 speaker Jonathan Pollet, CISSP, CAP, PCIP Started as a Control Systems Engineer

352 views • 20 slides
Safety-security co-engineering: formal outlook Elena Troubitsyna (Assoc. Prof at Theoretical

Safety-security co-engineering: formal outlook Elena Troubitsyna (Assoc. Prof at Theoretical

Safety-security co-engineering: formal outlook Elena Troubitsyna (Assoc. Prof at Theoretical Computer Science, KTH) Introduction Until recently the main focus of designing SCADA (supervisory control and data acquisition) systems has been on

320 views • 21 slides
New Threat Vectors for ICS/SCADA Networks and How to Prepare for Them June 27, 2017 Phil

New Threat Vectors for ICS/SCADA Networks and How to Prepare for Them June 27, 2017 Phil

New Threat Vectors for ICS/SCADA Networks and How to Prepare for Them June 27, 2017 Phil Neray, VP of Industrial Cybersecurity Why Now? Featuring CyberXs threat intelligence & vulnerability research 3 Key Trends Driving ICS

537 views • 25 slides
Autonomic Management of Component-based Services Cristian Ruz, PhD SCADA Workshop Ingenieur

Autonomic Management of Component-based Services Cristian Ruz, PhD SCADA Workshop Ingenieur

Autonomic Management of Component-based Services Cristian Ruz, PhD SCADA Workshop Ingenieur Equipe OASIS INRIA Sophia Antipolis M editerran ee France July 24, 2012 PLAN MOTIVATION CONTEXT FRAMEWORK Problem Design of the

1.07k views • 78 slides
V-SCADA2000 Product Series The cross platform SCADA system 1 V-SCADA2000 Product Series

V-SCADA2000 Product Series The cross platform SCADA system 1 V-SCADA2000 Product Series

Veesta World Co. Veesta World Co. V-SCADA2000 Product Series The cross platform SCADA system 1 V-SCADA2000 Product Series V-SCADA2000 Veesta SCADA Control System V-SCADA 2000 2000 Product Series Overview Overview V-SCADA2000 Series

676 views • 38 slides
Scheme in Industrial Automation Marco Benelli <mbenelli@yahoo.com> SCADA Supervisor

Scheme in Industrial Automation Marco Benelli <mbenelli@yahoo.com> SCADA Supervisor

Scheme in Industrial Automation Marco Benelli <mbenelli@yahoo.com> SCADA Supervisor Control And Data Acquisition Sensors / Actuators Microcontrollers (PLCs) Supervisor Human Machine Interface Image from wikipedia

559 views • 39 slides

More recommend