AVEVA, profile picture
Uploaded byAVEVA
PPTX, PDF1,349 views

Scada security webinar 2012

The document provides guidance on securing SCADA networks, including conducting a thorough risk analysis of all network connections, disconnecting unnecessary connections, strengthening remaining connections with firewalls and intrusion detection systems, removing unnecessary services, implementing strong password policies and security features, and establishing physical and network security controls, roles and responsibilities. It emphasizes understanding network architecture, risks, and vulnerabilities through documentation and ongoing risk management.

Embed presentation

Downloaded 88 times
Identify all SCADA network connections • Conduct a thorough risk analysis to assess the risk and necessity of each connection to the SCADA network. • Develop a comprehensive understanding of all connections to the SCADA network, and how well these connections are protected. • Identify and evaluate the following types of connections: – Internal local area and wide area networks, including business networks – The Internet – Wireless network devices, including satellite uplinks – Modem or dial-up connections – Connections to business partners, vendors or regulatory agencies
Disconnect unnecessary connections • Isolate the SCADA network from other network connections to as great a degree as possible. – Any connection to another network introduces security risks, particularly if the connection creates a pathway from or to the Internet. – Connections with other networks may allow important information to be passed efficiently and conveniently, but are they worth the risk? • Use “demilitarized zones” (DMZs) and gateways to facilitate the secure transfer of data from the SCADA network to business networks.
Evaluate and strengthen any remaining connections • Conduct penetration testing and vulnerability analysis to evaluate the risk associated with these connections. • Use this information in conjunction with risk management processes to develop a robust protection strategy for any pathways to the SCADA network. • Implement firewalls and other appropriate security measures. – Configure firewall rules to prohibit access from and to the SCADA network. – Be specific when permitting approved connections. • Strategically place intrusion detection systems at each entry point to alert security personnel of potential breaches of network security.
Remove and/or disable unnecessary services • Remove or disable unused services and network daemons to reduce the risk of direct attack. – Email services – Internet access. – Remote maintenance. • Perform a thorough risk assessment of the consequences of allowing and service or feature – Benefits should far outweigh the potential for vulnerability exploitation. • Work with your SCADA vendor to identify secure configurations and coordinate any and all changes to operational systems to ensure that removing or disabling services does not cause downtime, interruption of service, or loss of support.
Password management • Users routinely pick simple passwords that are found in dictionaries and susceptible to brute force attacks and often used over and over again so the successful guess of a single password means that numerous other devices can be exploited. • Administrators must provide explicit guidance on how a password should be chosen. – Should not contain a word that could be found in a dictionary, a product name, or other key word – Should include a mix of upper and lower case letters, numbers, and special characters. • Passwords used for weak systems or weak protocols should not be the same as the passwords used for stronger systems.
Proprietary protocols will not protect your system • SCADA systems often use unique, proprietary protocols for communications between field devices and servers. • Often the security of SCADA systems is based solely on the secrecy of these protocols. • Bad idea. Obscure protocols provide very little “real” security. • Demand that vendors disclose any backdoors or vendor interfaces to your SCADA systems, and expect them to provide systems that are capable of being secured.
Implement the security features provided by device and system vendors • Most older SCADA systems have no security features whatsoever. • Newer SCADA devices are shipped with basic security features, but these are usually disabled to ensure ease of installation. • Additionally, factory default security settings (such as in computer network firewalls) are often set to provide maximum usability, but minimal security. • Analyze each SCADA device to determine whether security features are present. Set all security features to provide the maximum level of security. • Allow settings below maximum security only after a thorough risk assessment of the consequences. • Insist that your system vendor implement security features in the form of product patches or upgrades.
Establish strong controls over any backdoor into the SCADA network • Strong authentication must be implemented to ensure secure communications. • Require secure, encrypted connections. • Modems, wireless, and wired networks used for communications and maintenance represent a significant vulnerability to the SCADA network and remote sites. • Successful attacks could allow an attacker to bypass all other controls and have direct access to the SCADA network or resources. • To minimize the risk of such attacks, disable inbound access. All connections should be initiated by the SCADA system.
Implement internal and external intrusion detection systems and notification • Establish an intrusion detection strategy that includes alerting network administrators of malicious network activity originating from internal or external sources. • Intrusion detection system monitoring is essential 24 hours a day; this capability can be easily set up through a pager. • Additionally, incident response procedures must be in place to allow an effective response to any attack. • To complement network monitoring, enable logging on all systems and audit system logs daily to detect suspicious activity as soon as possible.
Perform technical audits to identify security concerns • Many commercial and open-source security tools are available that allow system administrators to conduct audits of their systems and networks to identify active services, patch level, and common vulnerabilities. • Analyze identified vulnerabilities to determine their significance, and take corrective actions as appropriate. • Track corrective actions and analyze this information to identify trends. • Retest systems after corrective actions have been taken to ensure that vulnerabilities were actually eliminated. • Scan non-production environments actively to identify and address potential problems.
Conduct physical security surveys and assess all remote sites to evaluate their security • Conduct a physical security survey and inventory access points at each facility that has a connection to the SCADA system. • Identify and assess any source of information including, – remote telephone, network, fiber optic cables that could be tapped – radio and microwave links that are exploitable – computer terminals that could be accessed – wireless local area network access points. • Identify and eliminate single points of failure. • The security of the site must be adequate to detect or prevent unauthorized access. • Do not allow “live” network access points at remote, unguarded sites simply for convenience.
Establish SCADA “Red Teams” to identify and evaluate possible attack scenarios • Establish a “Red Team” to identify potential attack scenarios and evaluate potential system vulnerabilities. • Use a variety of people who can provide insight into weaknesses of the overall network, SCADA systems, physical systems, and security controls. • Ensure that the risk from a malicious insider is fully evaluated, given that this represents one of the greatest threats to an organization. • Feed information resulting from the “Red Team” evaluation into risk management processes to assess the information and establish appropriate protection strategies.
Clearly define cyber security roles, responsibilities, and authorities • Organization personnel need to understand the specific expectations associated with protecting information technology resources through the definition of clear and logical roles and responsibilities. • Key personnel need to be given sufficient authority to carry out their assigned responsibilities. • Establish a cyber security organizational structure that defines roles and responsibilities and clearly identifies how cyber security issues are escalated and who is notified in an emergency.
Document network and systems that serve critical functions or contain sensitive information • Documenting the information security architecture and its components is critical to understanding the overall protection strategy, and identifying single points of failure. • Develop and document a robust information security architecture as part of a process to establish an effective protection strategy. • It is essential that organizations design their networks with security in mind and continue to have a strong understanding of their network architecture throughout its lifecycle. • Of particular importance, an in-depth understanding of the functions that the systems perform and the sensitivity of the stored information is required.
Establish a rigorous, ongoing risk management process • A thorough understanding of the risks to network computing resources from attacks and the vulnerability of sensitive information to compromise is essential to an effective cyber security program. • Risk assessments form the technical basis of this understanding and are critical to formulating effective strategies to mitigate vulnerabilities and preserve the integrity of computing resources. – Perform a baseline risk analysis based on a current threat assessment to use for developing a network protection strategy. – Due to rapidly changing technology and the emergence of new threats on a daily basis, an ongoing risk assessment process is needed so that routine changes can be made to the protection strategy to ensure it remains effective.
Establish a network protection strategy based on the principle of defense-in- depth • A fundamental principle that must be part of any network protection strategy is defense-in-depth. • Defense-in-depth must be considered early in the design phase of the development process, and must be an integral consideration in all technical decision-making associated with the network. • Utilize technical and administrative controls to mitigate threats from identified risks to as great a degree as possible at all levels of the network. • Single points of failure must be avoided, and cyber security defense must be layered to limit and contain the impact of any security incidents. • Additionally, each layer must be protected against other systems at the same layer.
Clearly identify cyber security requirements • Organizations and companies need structured security programs with mandated requirements to establish expectations and allow personnel to be held accountable. • Formalized policies and procedures are typically used to establish and institutionalize a cyber security program. • A formal program is essential for establishing a consistent, standards- based approach to cyber security throughout an organization and eliminates sole dependence on individual initiative. • Policies and procedures also inform employees of their specific cyber security responsibilities, provide guidance regarding actions to be taken during a cyber security incident, promote efficient and effective actions during a time of crisis, and the consequences of failing to meet those responsibilities. • Establish requirements to minimize the threat from malicious insiders, including the need for conducting background checks and limiting network privileges to those absolutely necessary.
Establish effective configuration management processes • Configuration management is a fundamental management process needed to maintain a secure network. • Needs to cover both hardware configurations and software configurations. • Changes to hardware or software can easily introduce vulnerabilities that undermine network security. • Processes are required to evaluate and control any change to ensure that the network remains secure. • Configuration management begins with well-tested and documented security baselines for your various systems.
Conduct routine self-assessments • Robust performance evaluation processes are needed to provide organizations with feedback on the effectiveness of cyber security policy and technical implementation. • A sign of a mature organization is one that is able to self- identify issues, conduct root cause analyses, and implement effective corrective actions that address individual and systemic problems. • Self-assessment processes that are normally part of an effective cyber security program include routine scanning for vulnerabilities, automated auditing of the network, and self- assessments of organizational and individual performance.
Establish system backups and disaster recovery plans • Establish a disaster recovery plan that allows for rapid recovery from any emergency (including a cyber attack). • System backups are an essential part of any plan and allow rapid reconstruction of the network. • Routinely exercise disaster recovery plans to ensure that they work and that personnel are familiar with them. • Make appropriate changes to disaster recovery plans based on lessons learned from exercises.
Senior leadership should establish expectations and accountability • It is essential that senior management establish an expectation for strong cyber security and communicate this to their subordinate managers throughout the organization. • It is also essential that senior organizational leadership establish a structure for implementation of a cyber security program, promote consistent implementation, and sustain a strong cyber security program. • All individuals need to be held accountable for their performance as it relates to cyber security, including managers, system administrators, technicians, and operators.
Minimize the inadvertent disclosure of sensitive information • Release data related to the SCADA network only on a strict, need- to-know basis, and only to persons explicitly authorized to receive such information. • “Social engineering” is often the first step in a malicious attack on computer networks. – The more information revealed about a computer or computer network, the more vulnerable the computer/network is. – Never divulge data related to a SCADA network over telephones or to personnel unless they are explicitly authorized to receive such information. – Any requests for information by unknown persons need to be sent to a central network security location for verification and fulfillment. • Conduct training and information awareness campaigns to ensure that personnel remain diligent in guarding sensitive network information, particularly their passwords.
Email (US) info@indusoft.com (Brazil) info@indusoft.com.br (Germany) info@indusoft-germany.de USA Support support@indusoft.com Web site (English) www.indusoft.com (Portuguese) www.indusoft.com.br (German) www.indusoft-germany.de Brazil Phone (512) 349-0334 (US) +55-11-3293-9139 (Brazil) +49 (0) 6227-732510 (Germany) Germany Toll-Free 877-INDUSOFT (877-463-8763) Fax (512) 349-0375

More Related Content

PPTX
Using Assessment Tools on ICS (English)
byDigital Bond
 
PDF
Monitoring ICS Communications
byDigital Bond
 
PDF
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
byEran Goldstein
 
PPTX
Scada security presentation by Stephen Miller
byAVEVA
 
PPTX
SCADA Security Webinar
byAVEVA
 
PDF
DTS Solution - Software Defined Security v1.0
byShah Sheikh
 
PDF
Securing SCADA
byJeffrey Wang , P.Eng
 
PDF
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
byAVEVA
 
Using Assessment Tools on ICS (English)
byDigital Bond
 
Monitoring ICS Communications
byDigital Bond
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
byEran Goldstein
 
Scada security presentation by Stephen Miller
byAVEVA
 
SCADA Security Webinar
byAVEVA
 
DTS Solution - Software Defined Security v1.0
byShah Sheikh
 
Securing SCADA
byJeffrey Wang , P.Eng
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
byAVEVA
 

What's hot

PDF
ICS security
byAhmed Shitta
 
PDF
Irm 5-malicious networkbehaviour
byKasper de Waard
 
PDF
PT-DTS SCADA Security using MaxPatrol
byShah Sheikh
 
PDF
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
byShah Sheikh
 
PPTX
Security in embedded systems
byRaghav S
 
PDF
Cybersecurity in Industrial Control Systems (ICS)
byJoan Figueras Tugas
 
PDF
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
byJiunn-Jer Sun
 
PPTX
Security in an embedded system
byUrmilasSrinivasan
 
PDF
ICS Network Security Monitoring (NSM)
byDigital Bond
 
PDF
Network Architecture Review Checklist
byEberly Wilson
 
PDF
Mission Impact Assessment for Industrial Control Systems
byMarina Krotofil
 
PPTX
Cyber & Process Attack Scenarios for ICS
byJim Gilsinn
 
PDF
Nist 800 82 ICS Security Auditing Framework
byMarcoAfzali
 
PPT
DHS ICS Security Presentation
byguest85a34f
 
PDF
Embedded Systems Security: Building a More Secure Device
byPriyanka Aash
 
PDF
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
byPriyanka Aash
 
PDF
Webinar - Reducing the Risk of a Cyber Attack on Utilities
byWPICPE
 
PPTX
Protecting Infrastructure from Cyber Attacks
byMaurice Dawson
 
PDF
McAffee_Security and System Integrity in Embedded Devices
byIşınsu Akçetin
 
PPTX
Hacker Halted 2016 - How to get into ICS security
byChris Sistrunk
 
ICS security
byAhmed Shitta
 
Irm 5-malicious networkbehaviour
byKasper de Waard
 
PT-DTS SCADA Security using MaxPatrol
byShah Sheikh
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
byShah Sheikh
 
Security in embedded systems
byRaghav S
 
Cybersecurity in Industrial Control Systems (ICS)
byJoan Figueras Tugas
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
byJiunn-Jer Sun
 
Security in an embedded system
byUrmilasSrinivasan
 
ICS Network Security Monitoring (NSM)
byDigital Bond
 
Network Architecture Review Checklist
byEberly Wilson
 
Mission Impact Assessment for Industrial Control Systems
byMarina Krotofil
 
Cyber & Process Attack Scenarios for ICS
byJim Gilsinn
 
Nist 800 82 ICS Security Auditing Framework
byMarcoAfzali
 
DHS ICS Security Presentation
byguest85a34f
 
Embedded Systems Security: Building a More Secure Device
byPriyanka Aash
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
byPriyanka Aash
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
byWPICPE
 
Protecting Infrastructure from Cyber Attacks
byMaurice Dawson
 
McAffee_Security and System Integrity in Embedded Devices
byIşınsu Akçetin
 
Hacker Halted 2016 - How to get into ICS security
byChris Sistrunk
 

Similar to Scada security webinar 2012

PPT
Risk Assessment Methodologies
byPhilippe A. R. Schaeffer
 
PPTX
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
byAbhishek Goel
 
PDF
CISA GOV - Seven Steps to Effectively Defend ICS
byMuhammad FAHAD
 
PDF
Defending Industrial Control Systems From Cyberattack
byMountain States Engineering and Controls
 
PDF
Designing a security policy to protect your automation solution
bySchneider Electric India
 
PDF
Industrial Control Systems Security and Resiliency Practice and Theory Craig ...
bytworkaireyl9
 
PDF
Substation Cyber Security
bySchneider Electric
 
DOCX
UNCLASSIFIED Generic SCADA Risk Management.docx
byaryan532920
 
PPTX
Critical Infrastructure Security by Subodh Belgi
byClubHack
 
PDF
Seven recommendations for bolstering industrial control system cyber security
byCTi Controltech
 
PDF
SCADA Exposure Will Short-Circuit US Utilities
byFitCEO, Inc. (FCI)
 
PDF
Standards based security for energy utilities
byNirmal Thaliyil
 
PDF
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
byShakeel Ali
 
PDF
Dr Dev Kambhampati | DOE- Steps to Improve Cybersecurity of SCADA Networks
byDr Dev Kambhampati
 
PDF
Steps to Improve Cyber Security of SCADA Networks by U.S. Department of Energy
byMuhammad FAHAD
 
PDF
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
byPatricia M Watson
 
PDF
Securing SCADA
byJeffrey Wang , P.Eng
 
PDF
David Blanco ISHM 8280-2016
byDavid Blanco
 
PDF
Information security management guidance for discrete automation
byjohnnywess
 
DOCX
· Answer the following questions in a 100- to 150 word response .docx
byoswald1horne84988
 
Risk Assessment Methodologies
byPhilippe A. R. Schaeffer
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
byAbhishek Goel
 
CISA GOV - Seven Steps to Effectively Defend ICS
byMuhammad FAHAD
 
Defending Industrial Control Systems From Cyberattack
byMountain States Engineering and Controls
 
Designing a security policy to protect your automation solution
bySchneider Electric India
 
Industrial Control Systems Security and Resiliency Practice and Theory Craig ...
bytworkaireyl9
 
Substation Cyber Security
bySchneider Electric
 
UNCLASSIFIED Generic SCADA Risk Management.docx
byaryan532920
 
Critical Infrastructure Security by Subodh Belgi
byClubHack
 
Seven recommendations for bolstering industrial control system cyber security
byCTi Controltech
 
SCADA Exposure Will Short-Circuit US Utilities
byFitCEO, Inc. (FCI)
 
Standards based security for energy utilities
byNirmal Thaliyil
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
byShakeel Ali
 
Dr Dev Kambhampati | DOE- Steps to Improve Cybersecurity of SCADA Networks
byDr Dev Kambhampati
 
Steps to Improve Cyber Security of SCADA Networks by U.S. Department of Energy
byMuhammad FAHAD
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
byPatricia M Watson
 
Securing SCADA
byJeffrey Wang , P.Eng
 
David Blanco ISHM 8280-2016
byDavid Blanco
 
Information security management guidance for discrete automation
byjohnnywess
 
· Answer the following questions in a 100- to 150 word response .docx
byoswald1horne84988
 

More from AVEVA

PPTX
Alarm Notifications with WIN-911 NOW Available for InduSoft Web Studio - WIN-...
byAVEVA
 
PPTX
Webinar: OPC UA Clients on Linux Systems with InduSoft Web Studio-InduSoft Pr...
byAVEVA
 
PPTX
Webinar: OPC UA Clients on Linux Systems with InduSoft Web Studio-OPC Foundat...
byAVEVA
 
PPTX
Security and LDAP integration in InduSoft Web Studio
byAVEVA
 
PPTX
Tips and Tricks for InduSoft Web Studio-August 2017
byAVEVA
 
PPTX
What's New In InduSoft Web Studio 8.1 + SP5 from AVEVA
byAVEVA
 
PPTX
Introduction to InduSoft Web Studio 8.1 + SP1
byAVEVA
 
PPTX
What’s coming in InduSoft Web Studio 8.1
byAVEVA
 
PPTX
What's New In InduSoft Web Studio 8.1 + SP4
byAVEVA
 
PPTX
What's New In InduSoft Web Studio 8.1 + SP1
byAVEVA
 
PPTX
What's New In InduSoft Web Studio 8.1 + SP3
byAVEVA
 
PPTX
Introduction to InduSoft Web Studio 8.1
byAVEVA
 
PPTX
What's New In InduSoft Web Studio 8.1
byAVEVA
 
PPTX
Introduction to InduSoft Web Studio 8.1 + SP3
byAVEVA
 
PPTX
Introduction to InduSoft Web Studio 8.1 + SP5
byAVEVA
 
PPTX
Introduction to InduSoft Web Studio 8.1 + SP2
byAVEVA
 
PPTX
Introduction to InduSoft Web Studio 8.1 + Service Pack 1
byAVEVA
 
PPTX
What's New In InduSoft Web Studio 8.1 + SP2
byAVEVA
 
POTX
Alarm Notifications with WIN-911 NOW Available for InduSoft Web Studio - Indu...
byAVEVA
 
PPTX
Graphical Interface Scaling in InduSoft Web Studio
byAVEVA
 
Alarm Notifications with WIN-911 NOW Available for InduSoft Web Studio - WIN-...
byAVEVA
 
Webinar: OPC UA Clients on Linux Systems with InduSoft Web Studio-InduSoft Pr...
byAVEVA
 
Webinar: OPC UA Clients on Linux Systems with InduSoft Web Studio-OPC Foundat...
byAVEVA
 
Security and LDAP integration in InduSoft Web Studio
byAVEVA
 
Tips and Tricks for InduSoft Web Studio-August 2017
byAVEVA
 
What's New In InduSoft Web Studio 8.1 + SP5 from AVEVA
byAVEVA
 
Introduction to InduSoft Web Studio 8.1 + SP1
byAVEVA
 
What’s coming in InduSoft Web Studio 8.1
byAVEVA
 
What's New In InduSoft Web Studio 8.1 + SP4
byAVEVA
 
What's New In InduSoft Web Studio 8.1 + SP1
byAVEVA
 
What's New In InduSoft Web Studio 8.1 + SP3
byAVEVA
 
Introduction to InduSoft Web Studio 8.1
byAVEVA
 
What's New In InduSoft Web Studio 8.1
byAVEVA
 
Introduction to InduSoft Web Studio 8.1 + SP3
byAVEVA
 
Introduction to InduSoft Web Studio 8.1 + SP5
byAVEVA
 
Introduction to InduSoft Web Studio 8.1 + SP2
byAVEVA
 
Introduction to InduSoft Web Studio 8.1 + Service Pack 1
byAVEVA
 
What's New In InduSoft Web Studio 8.1 + SP2
byAVEVA
 
Alarm Notifications with WIN-911 NOW Available for InduSoft Web Studio - Indu...
byAVEVA
 
Graphical Interface Scaling in InduSoft Web Studio
byAVEVA
 

Recently uploaded

PPTX
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
PPSX
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
PPTX
Governance, Deployment & Methodologies for Agentic Automation [2/3]
bysuhanisingh58689
 
PDF
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
PDF
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
PDF
Manage Networking in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
The Complete Crypto Airdrop Playbook: Strategies, Scams & Success Stories | 3...
by3verseTV
 
PPTX
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
PDF
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
PDF
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Getting started with Agent Framework.pdf
byNilesh Gule
 
PDF
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
PDF
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
PDF
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Do more with the HP Z2 Mini G1a
byPrincipled Technologies
 
PDF
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
PDF
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
Governance, Deployment & Methodologies for Agentic Automation [2/3]
bysuhanisingh58689
 
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
Manage Networking in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
The Complete Crypto Airdrop Playbook: Strategies, Scams & Success Stories | 3...
by3verseTV
 
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
Getting started with Agent Framework.pdf
byNilesh Gule
 
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
Do more with the HP Z2 Mini G1a
byPrincipled Technologies
 
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 

Scada security webinar 2012

  • 4.
    Identify all SCADAnetwork connections • Conduct a thorough risk analysis to assess the risk and necessity of each connection to the SCADA network. • Develop a comprehensive understanding of all connections to the SCADA network, and how well these connections are protected. • Identify and evaluate the following types of connections: – Internal local area and wide area networks, including business networks – The Internet – Wireless network devices, including satellite uplinks – Modem or dial-up connections – Connections to business partners, vendors or regulatory agencies
  • 5.
    Disconnect unnecessary connections • Isolate the SCADA network from other network connections to as great a degree as possible. – Any connection to another network introduces security risks, particularly if the connection creates a pathway from or to the Internet. – Connections with other networks may allow important information to be passed efficiently and conveniently, but are they worth the risk? • Use “demilitarized zones” (DMZs) and gateways to facilitate the secure transfer of data from the SCADA network to business networks.
  • 6.
    Evaluate and strengthenany remaining connections • Conduct penetration testing and vulnerability analysis to evaluate the risk associated with these connections. • Use this information in conjunction with risk management processes to develop a robust protection strategy for any pathways to the SCADA network. • Implement firewalls and other appropriate security measures. – Configure firewall rules to prohibit access from and to the SCADA network. – Be specific when permitting approved connections. • Strategically place intrusion detection systems at each entry point to alert security personnel of potential breaches of network security.
  • 7.
    Remove and/or disableunnecessary services • Remove or disable unused services and network daemons to reduce the risk of direct attack. – Email services – Internet access. – Remote maintenance. • Perform a thorough risk assessment of the consequences of allowing and service or feature – Benefits should far outweigh the potential for vulnerability exploitation. • Work with your SCADA vendor to identify secure configurations and coordinate any and all changes to operational systems to ensure that removing or disabling services does not cause downtime, interruption of service, or loss of support.
  • 8.
    Password management • Users routinely pick simple passwords that are found in dictionaries and susceptible to brute force attacks and often used over and over again so the successful guess of a single password means that numerous other devices can be exploited. • Administrators must provide explicit guidance on how a password should be chosen. – Should not contain a word that could be found in a dictionary, a product name, or other key word – Should include a mix of upper and lower case letters, numbers, and special characters. • Passwords used for weak systems or weak protocols should not be the same as the passwords used for stronger systems.
  • 9.
    Proprietary protocols willnot protect your system • SCADA systems often use unique, proprietary protocols for communications between field devices and servers. • Often the security of SCADA systems is based solely on the secrecy of these protocols. • Bad idea. Obscure protocols provide very little “real” security. • Demand that vendors disclose any backdoors or vendor interfaces to your SCADA systems, and expect them to provide systems that are capable of being secured.
  • 10.
    Implement the securityfeatures provided by device and system vendors • Most older SCADA systems have no security features whatsoever. • Newer SCADA devices are shipped with basic security features, but these are usually disabled to ensure ease of installation. • Additionally, factory default security settings (such as in computer network firewalls) are often set to provide maximum usability, but minimal security. • Analyze each SCADA device to determine whether security features are present. Set all security features to provide the maximum level of security. • Allow settings below maximum security only after a thorough risk assessment of the consequences. • Insist that your system vendor implement security features in the form of product patches or upgrades.
  • 11.
    Establish strong controlsover any backdoor into the SCADA network • Strong authentication must be implemented to ensure secure communications. • Require secure, encrypted connections. • Modems, wireless, and wired networks used for communications and maintenance represent a significant vulnerability to the SCADA network and remote sites. • Successful attacks could allow an attacker to bypass all other controls and have direct access to the SCADA network or resources. • To minimize the risk of such attacks, disable inbound access. All connections should be initiated by the SCADA system.
  • 12.
    Implement internal andexternal intrusion detection systems and notification • Establish an intrusion detection strategy that includes alerting network administrators of malicious network activity originating from internal or external sources. • Intrusion detection system monitoring is essential 24 hours a day; this capability can be easily set up through a pager. • Additionally, incident response procedures must be in place to allow an effective response to any attack. • To complement network monitoring, enable logging on all systems and audit system logs daily to detect suspicious activity as soon as possible.
  • 13.
    Perform technical auditsto identify security concerns • Many commercial and open-source security tools are available that allow system administrators to conduct audits of their systems and networks to identify active services, patch level, and common vulnerabilities. • Analyze identified vulnerabilities to determine their significance, and take corrective actions as appropriate. • Track corrective actions and analyze this information to identify trends. • Retest systems after corrective actions have been taken to ensure that vulnerabilities were actually eliminated. • Scan non-production environments actively to identify and address potential problems.
  • 14.
    Conduct physical securitysurveys and assess all remote sites to evaluate their security • Conduct a physical security survey and inventory access points at each facility that has a connection to the SCADA system. • Identify and assess any source of information including, – remote telephone, network, fiber optic cables that could be tapped – radio and microwave links that are exploitable – computer terminals that could be accessed – wireless local area network access points. • Identify and eliminate single points of failure. • The security of the site must be adequate to detect or prevent unauthorized access. • Do not allow “live” network access points at remote, unguarded sites simply for convenience.
  • 15.
    Establish SCADA “RedTeams” to identify and evaluate possible attack scenarios • Establish a “Red Team” to identify potential attack scenarios and evaluate potential system vulnerabilities. • Use a variety of people who can provide insight into weaknesses of the overall network, SCADA systems, physical systems, and security controls. • Ensure that the risk from a malicious insider is fully evaluated, given that this represents one of the greatest threats to an organization. • Feed information resulting from the “Red Team” evaluation into risk management processes to assess the information and establish appropriate protection strategies.
  • 17.
    Clearly define cybersecurity roles, responsibilities, and authorities • Organization personnel need to understand the specific expectations associated with protecting information technology resources through the definition of clear and logical roles and responsibilities. • Key personnel need to be given sufficient authority to carry out their assigned responsibilities. • Establish a cyber security organizational structure that defines roles and responsibilities and clearly identifies how cyber security issues are escalated and who is notified in an emergency.
  • 18.
    Document network andsystems that serve critical functions or contain sensitive information • Documenting the information security architecture and its components is critical to understanding the overall protection strategy, and identifying single points of failure. • Develop and document a robust information security architecture as part of a process to establish an effective protection strategy. • It is essential that organizations design their networks with security in mind and continue to have a strong understanding of their network architecture throughout its lifecycle. • Of particular importance, an in-depth understanding of the functions that the systems perform and the sensitivity of the stored information is required.
  • 19.
    Establish a rigorous,ongoing risk management process • A thorough understanding of the risks to network computing resources from attacks and the vulnerability of sensitive information to compromise is essential to an effective cyber security program. • Risk assessments form the technical basis of this understanding and are critical to formulating effective strategies to mitigate vulnerabilities and preserve the integrity of computing resources. – Perform a baseline risk analysis based on a current threat assessment to use for developing a network protection strategy. – Due to rapidly changing technology and the emergence of new threats on a daily basis, an ongoing risk assessment process is needed so that routine changes can be made to the protection strategy to ensure it remains effective.
  • 20.
    Establish a networkprotection strategy based on the principle of defense-in- depth • A fundamental principle that must be part of any network protection strategy is defense-in-depth. • Defense-in-depth must be considered early in the design phase of the development process, and must be an integral consideration in all technical decision-making associated with the network. • Utilize technical and administrative controls to mitigate threats from identified risks to as great a degree as possible at all levels of the network. • Single points of failure must be avoided, and cyber security defense must be layered to limit and contain the impact of any security incidents. • Additionally, each layer must be protected against other systems at the same layer.
  • 21.
    Clearly identify cybersecurity requirements • Organizations and companies need structured security programs with mandated requirements to establish expectations and allow personnel to be held accountable. • Formalized policies and procedures are typically used to establish and institutionalize a cyber security program. • A formal program is essential for establishing a consistent, standards- based approach to cyber security throughout an organization and eliminates sole dependence on individual initiative. • Policies and procedures also inform employees of their specific cyber security responsibilities, provide guidance regarding actions to be taken during a cyber security incident, promote efficient and effective actions during a time of crisis, and the consequences of failing to meet those responsibilities. • Establish requirements to minimize the threat from malicious insiders, including the need for conducting background checks and limiting network privileges to those absolutely necessary.
  • 22.
    Establish effective configurationmanagement processes • Configuration management is a fundamental management process needed to maintain a secure network. • Needs to cover both hardware configurations and software configurations. • Changes to hardware or software can easily introduce vulnerabilities that undermine network security. • Processes are required to evaluate and control any change to ensure that the network remains secure. • Configuration management begins with well-tested and documented security baselines for your various systems.
  • 23.
    Conduct routine self-assessments • Robust performance evaluation processes are needed to provide organizations with feedback on the effectiveness of cyber security policy and technical implementation. • A sign of a mature organization is one that is able to self- identify issues, conduct root cause analyses, and implement effective corrective actions that address individual and systemic problems. • Self-assessment processes that are normally part of an effective cyber security program include routine scanning for vulnerabilities, automated auditing of the network, and self- assessments of organizational and individual performance.
  • 24.
    Establish system backupsand disaster recovery plans • Establish a disaster recovery plan that allows for rapid recovery from any emergency (including a cyber attack). • System backups are an essential part of any plan and allow rapid reconstruction of the network. • Routinely exercise disaster recovery plans to ensure that they work and that personnel are familiar with them. • Make appropriate changes to disaster recovery plans based on lessons learned from exercises.
  • 25.
    Senior leadership shouldestablish expectations and accountability • It is essential that senior management establish an expectation for strong cyber security and communicate this to their subordinate managers throughout the organization. • It is also essential that senior organizational leadership establish a structure for implementation of a cyber security program, promote consistent implementation, and sustain a strong cyber security program. • All individuals need to be held accountable for their performance as it relates to cyber security, including managers, system administrators, technicians, and operators.
  • 26.
    Minimize the inadvertentdisclosure of sensitive information • Release data related to the SCADA network only on a strict, need- to-know basis, and only to persons explicitly authorized to receive such information. • “Social engineering” is often the first step in a malicious attack on computer networks. – The more information revealed about a computer or computer network, the more vulnerable the computer/network is. – Never divulge data related to a SCADA network over telephones or to personnel unless they are explicitly authorized to receive such information. – Any requests for information by unknown persons need to be sent to a central network security location for verification and fulfillment. • Conduct training and information awareness campaigns to ensure that personnel remain diligent in guarding sensitive network information, particularly their passwords.
  • 30.
    Email (US) [email protected] (Brazil) [email protected] (Germany) [email protected] USA Support [email protected] Web site (English) www.indusoft.com (Portuguese) www.indusoft.com.br (German) www.indusoft-germany.de Brazil Phone (512) 349-0334 (US) +55-11-3293-9139 (Brazil) +49 (0) 6227-732510 (Germany) Germany Toll-Free 877-INDUSOFT (877-463-8763) Fax (512) 349-0375