Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges V1.5
Download as PPTX, PDF3 likes2,288 views
The document discusses cyber security challenges for industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems used in petroleum production. It notes that ICS/SCADA systems are no longer isolated and were not designed with security in mind, making them vulnerable to threats. It outlines potential threats from both external hackers and internal actors seeking to harm operations or steal information. The document then proposes a holistic cyber security approach including governance, technical safeguards, physical security, and crisis management to help mitigate risks. It acknowledges challenges in securing remote sites and ensuring security solutions work with ICS/SCADA systems and protocols.
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges V1.5
- 1. Cyber Security Solutions & Challenges Ahmed M. Al Enizy IT Security Manager International Systems Engineering
- 2. 2 10/3/2012
- 3. ICS and SCADA systems are important for our petroleum business and for our national economic growth because they automate and monitor the production processes. ICS and SCADA systems are no longer isolated from corporate and internet network. Most ICS and SCADA protocols, Designs, and Implementations were done without security in mind. This made them even more exposed to threats and vulnerabilities, and it made challenges even tougher. 3 10/3/2012
- 4. 4 10/3/2012
- 5. Concept Abstraction Solution Concept Abstraction The Right Solution For You Cyber Security Services & Solutions Catalog Suggested Roadmap Challenges 5 10/3/2012
- 6. Someone Somewhere with Motivation, Means, and Opportunity Advanced Wants to Spy / Harm Conventional Persistent External Threat Hacking Threat Remote Internet Contractors - Partners - Support Economic Growth GDC Access Threat & Unsecured Unmanaged 3rd Party Production Business StuxNet $ ICS / Monitor Control Report Operations SCADA IT Shamoon Local Internal Threat Poor 6 10/3/2012 Governance – Design – Security
- 7. 7 10/3/2012
- 8. Someone Somewhere with Motivation, Means, and Opportunity Wants to Spy / Harm Contractors - Partners - Support Internet Remote Economic Growth 3rd Party Production $ Business Monitor & ICS / Control Report Operations SCADA Local IT Logical Security Physical Security 8 10/3/2012 Governance, Risk, and Compliance Assurance
- 9. It is not a menu that you choose from or an advice from a very reliable source, you have to do your homework in assessing your risks. Solutions can be ◦ Administrative, e.g. GRC, policy, and process. ◦ Technical Safeguards prevents the threat from happening, e.g. firewall. Counter measures, e.g. antivirus, remediation and recovery procedures. ◦ Physical, i.e. gates, doors, barriers… etc. The right solution for you should help mitigate identified risks and save you some money. 9 10/3/2012
- 10. Consultation MSS IT Security Network Security Intelligence and SOC End Point Protection Firewall / UTM reports Business Continuity Access Control and and Disaster Penetration Testing IDS / IPS Identity Management Recovery Encryption and Data Crisis Management Threat Management Traffic Encryption Protection Data Leakage Security Programs Forensics NAP/NAC Prevention Host and Web and Email Awareness Application Security Risk and Compliance Security Fraud and Identity Vulnerability and Security Assessment Protection Patch Management Wireless Security and Health Check Traffic Monitoring 10 10/3/2012
- 11. Security Roadmap and Continues Improvement Plan Development Security Program and Policy Review and Amendment Crisis Management, Business Continuity and Disaster Recovery Readiness Assessment Security Controls Effectiveness Assessment ICS/SCADA Risk Assessment 11 10/3/2012
- 12. Remote sites … ◦ In the middle of the desert. ◦ Connectivity. ◦ Local support. ◦ Remote support. ◦ Log collection. ◦ Incident response and handling. Security solutions not compatible with ICS/SCADA software and communication protocols. Cyber Security standards for ICS/SCADA. Centralized Cyber Security for monitoring, control, and response. 12 10/3/2012
- 13. Directly or indirectly connected to the internet or to any 3rd party or you allow data transfer or exchange electronically, then you are facing Cyber Threats. It is never too late to start fixing because you are going to be targeted once again. Cyber Security same as any complicated problem can be concurred if simplified, abstracted, and divided into smaller logical groups. There is no 100% security and guarantee even if everybody is saying so. keep doing your best in assessing, discovering risks and fortifying your security. Make sure that you are ready to survive the crisis and restore your business in very short time. 13 10/3/2012
- 14. 14 10/3/2012
Editor's Notes
- #7: A look into some ICS/SCADA Cyber AttacksStuxnet - June 2010FactsSeven Iranian organizations scoring 70% of infections compared to other countries. It exploited zero day vulnerabilities in Microsoft platformsTargeted Siemens SCADA software. It contained Programmable Logic Unit rootkit that allowed it to spy on specific automated industrials procedures.In other words it is a Cyber Espionage attackWikipedia – Symantec - TrendMicroBusiness ImpactIn countries that their Gross Domestic Product depends heavily on petroleum business, the major impact is the restrain of the national economic growth.Shamoon - August 2012ARAMCO and RasGas were hit by this Cyber AttackFactsMassive outbreak resulting in 30k computers.Loss of data on infected computers.Operation loss on infected computersData leakagesIn other words it is a Cyber Espionage and Destruction attack.Symantec - WikipediaBusiness ImpactImpact on Gross Domestic Product results majorly in restrain of the national economic growth due to the fact that in Saudi Arabia “The petroleum sector accounts for roughly 80% of budget revenues, 45% of GDP, and 90% of export earnings." (mundi index) ICS/SCADA HackingObviously anyone who doesn’t like you or competing with you and has nothing to stop him (Motivation, Means, Opportunity).Conventional or Typical HackingA hacker somewhere in the world doing his best to hack your networkMost of the companies deploy pretty good protection on their internet gateway so it is hard to gain access from that way.Insider ThreatDeliberate harmful act by Disgruntle employee.Simply a human mistake due to poor conduct. Advanced Persistent Threat aka Cyber ThreatA very intelligent group somewhere in the world deploying most sophisticated techniques you probably never have heard about (Zero Day) to spy on you and/or destroy you.
- #9: A look into some ICS/SCADA Cyber AttacksStuxnet - June 2010FactsSeven Iranian organizations scoring 70% of infections compared to other countries. It exploited zero day vulnerabilities in Microsoft platformsTargeted Siemens SCADA software. It contained Programmable Logic Unit rootkit that allowed it to spy on specific automated industrials procedures.In other words it is a Cyber Espionage attackWikipedia – Symantec - TrendMicroBusiness ImpactIn countries that their Gross Domestic Product depends heavily on petroleum business, the major impact is the restrain of the national economic growth.Shamoon - August 2012ARAMCO and RasGas were hit by this Cyber AttackFactsMassive outbreak resulting in 30k computers.Loss of data on infected computers.Operation loss on infected computersData leakagesIn other words it is a Cyber Espionage and Destruction attack.Symantec - WikipediaBusiness ImpactImpact on Gross Domestic Product results majorly in restrain of the national economic growth due to the fact that in Saudi Arabia “The petroleum sector accounts for roughly 80% of budget revenues, 45% of GDP, and 90% of export earnings." (mundi index) ICS/SCADA HackingObviously anyone who doesn’t like you or competing with you and has nothing to stop him (Motivation, Means, Opportunity).Conventional or Typical HackingA hacker somewhere in the world doing his best to hack your networkMost of the companies deploy pretty good protection on their internet gateway so it is hard to gain access from that way.Insider ThreatDeliberate harmful act by Disgruntle employee.Simply a human mistake due to poor conduct. Advanced Persistent Threat aka Cyber ThreatA very intelligent group somewhere in the world deploying most sophisticated techniques you probably never have heard about (Zero Day) to spy on you and/or destroy you.