SlideShare a Scribd company logo

Why You Need an ICS Lab

EnergySec
EnergySec

Presented by: Chris Sistrunk, Entergy Abstract: IT folks have been doing it for years – building labs to test new products before rolling them out – but the concept is still rather revolutionary to most practitioners of SCADA security. Yet the benefits of a lab are many, including training staff and solving real-world problems by replicating and attacking them in the relatively low-risk lab environment. But how do you pitch this (not inexpensive) idea in a way that gets organizational buy-in? And if your organization is just too small, what are the factors to considering when using a third-party lab? Hear ideas and ask questions of someone who evolved his organization’s capabilities from one small lab to five complete labs.

TechnologyNews & Politics
1 of 38
Download to read offline
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Come  see  what’s  cooking  in  my  lab:   Why  you  need  a  lab  and  how  to  get  one   Chris  Sistrunk,  PE   Sr.  Engineer     Entergy  –  Jackson,  MS  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Why  do  we   need  a  lab,   Chris?  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   What  happens  when  you  use  nmap   on  an  Industrial  Control  System   http://securityreactions.tumblr.com
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Why  do  we  need  a  lab?   With  a  lab,  you  can   •  Test  relay  and  RTU  seAngs  on  a  replica  of   producDon  systems   •  Test  new  firmware  before  issuing  to  field   •  Perform  root-­‐cause  analysis   – Why  is  this  device  locking  up  once  a  month?   •  Try  out  new  equipment  from  a  vendor  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Why  do  we  need  a  lab?   Save  Dme  &  money  by   •  CreaDng  standard  seAngs  templates   •  Find  problems  before  they  are  widespread   (Not  having  to  recall  units  with  firmware  issues)   •  Develop  and  test  equipment  pilots  in-­‐house   rather  than  hiring  a  company  to  do  it     •  Use  lab  equipment  as  emergency  spare    
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Why  security  tesDng?   •  Not  all  SCADA/relay  vendors  do  negaDve  or   security  tesDng  at  their  factories   •  Even  if  they  did,  they  can’t  test  equipment  the   EXACT  way  that  you  use  it   •  Test  your  own  equipment  before  hackers  or   some  drive-­‐by  malware  does  it  for  you   •  Use  the  results  to  miDgate  vulnerabiliDes  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   What  kinds  of  tesDng?  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   •  Factory/Site  Acceptance  TesDng  (RTU  system)   •  Firmware/SoTware  TesDng  (new  or  patches)   •  Protocol  TesDng  (DNP3,  Modbus,  etc)   •  Protocol  Fuzzing  (custom  or  off-­‐the-­‐shelf)   •  PenetraDon  TesDng  (Metasploit,  etc)   •  Physical  security  tesDng  (cabinet  locks  etc)   •  DOCUMENT!    DOCUMENT!    DOCUMENT!   What  kinds  of  tesDng?  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   What  would  be  your  stuxnet?   •  Be  a  hardhat  hacker   •  Think  like  an  aacker  who  has  your  prints!   •  Build  your  systems  with  layers  of  defense   •  If  you  find  a  vulnerability,  let  your  vendor   know  (they  might  even  have  a  patch)   “To  make  things  work  well,     you  must  break  them!”  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   How  I  Audit  SCADA  Systems   http://securityreactions.tumblr.com
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   OK,  how  do  I  get  a  lab?  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   OK,  how  do  I  get  a  lab?   •  Ask  your  boss!    Ask  the  CIO!    Ask  Ask  Ask!   •  If  you  are  the  boss,  ask  your  best  people  what   they  want  in  their  lab  and  go  buy  it!   •  Put  together  a  plan  or  a  business  case!   – Add  it  to  NERC/CIP  compliance  budget  (big  driver)   •  Go  get  spare  equipment  and  make  a  rack!   •  Start  small  and  add  to  it.   – Mine  started  as  2  relay  racks  in  my  cubicle    
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Some  ideas  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   SDll  can’t  afford  it?  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Can’t  afford  one,  don’t  have  the   manpower,  don’t  have  the  experDse?   •  3rd  party  tesDng  such  as  Enernex,  Digital  Bond,   Kinectrics,  CimaDon  to  name  a  few   •  The  US  Gov’t  has  the  Idaho  NL  NaDonal  SCADA   Test  Bed,  Pacific  NW  NL,  &  Sandia  NL     •  Colleges  such  as  Louisiana  Tech,  Mississippi  State,   Jackson  State  have  power,  SCADA,  and  security   equipment  in  their  labs   •  Farm  out  the  tesDng  and  work  with  them  to  get   the  results  you  want  &  capitalize  the  test  costs  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   To  be  the  best,  you  need  the  best  tools!  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Entergy  THQ  Virtual  Lab  Tour  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Transmission  HQ  Labs   •  Transmission  HQ  moved  from  NOLA  to  Jackson   •  Business  conDnuity  aTer  Hurricane  Katrina   •  Brand  new  building  in  Fall  of  2009   •  5  large  rooms  designated  for  lab  space   –  Relay  &  SCADA  Lab   –  CommunicaDons  &  Security  Lab   –  Real-­‐Dme  Power  System  Simulator  Lab   –  Mississippi  Grid  Lab   –  High  Voltage  Lab  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Relay  &  SCADA  Lab  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Relay  &  SCADA  Lab   NO   LAB  RATS   OR   CYBERATTACK   SQUIRRELS   ALLOWED  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Relay  &  SCADA  Lab  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Relay  &  SCADA  Lab   •  Cubicle:  2  racks  >>  Old  Break  Room:  7  racks   •  New  THQ:  15  bolted  racks,  10  rolling  racks   –  40+  ProtecDve  Relays  (7  different  standard  panels)   –  Digital  Fault  Recorder   –  8+  RTUs,  3  CommunicaDon  Processors   –  SubstaDon  Grade  LAN  &  Corp  Network   –  GPS  Clock  (IRIG-­‐B),  HMI  Screen  &  Keyboard   –  Toolbox,  O-­‐Scope,  MulDmeter,  Cables,  WorkstaDons,   Chip  Burner,  Relay  &  RTU  Test  Sets,  etc  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Relay  &  SCADA  Lab   •  THE  LAB  OF  MY  DREAMS!   •  We  can  replicate  almost  any  substaDon   •  Test  new  configuraDons   •  Test  problemaDc  field  configuraDons   •  Test  new  firmware  &  soTware   •  Test  drive  new  equipment   •  Train  relay  &  RTU  technicians  and  engineers  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   CommunicaDons  &  Security  Lab  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   CommunicaDons  &  Security  Lab   •  SubstaDon  Hardened  Router  &  Switch   •  Radios  of  different  bands  and  technologies   •  Six-­‐sided  PSP  for  simulaDng  CCA  sites   •  Several  field  firewalls   •  Wurldtech  Achilles  Fuzzer   –  Test  network  robustness  of  devices   –  Fuzzing  DNP3,  Modbus,  &  IEC  61850   –  Test  new  RTU  &  Relay  firmware  patches   –  Will  network  storm  affect  control  outputs?    
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   CommunicaDons  &  Security  Lab   •  Custom  DNP3  Fuzzer   – Created  by  Adam  Crain  to  test  openDNP3   – Closed  source  for  now   – Tests  DNP3  *Client*  and  Server   – Project  Robus   – hp://Automatak.com/robus   – Plan  to  release  as  open  source  next  year   …stay  tuned      
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Power  Real-­‐Time  Simulator  Lab  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Power  Real-­‐Time  Simulator  Lab  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Power  Real-­‐Time  Simulator  Lab   “Hypersim  is  the  only  real-­‐Dme  digital  simulator   with  the  power  to  simulate  and  analyze  very   large-­‐scale  power  systems  with  more  than  2000   three-­‐phase  buses.”    -­‐  hp://www.opal-­‐rt.com   •  Simulate  different  fault  scenarios     – Will  the  Relay  A,  B,  C  have  a  misoperaDon?   – Will  relay  fault  acDvity  affect  comm    (vice  versa)?   •  R&D  &  commissioning  tests    
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Mississippi  Grid  Lab  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Mississippi  Grid  Lab   •  MulDpurpose  type  lab  used  by  Entergy   Mississippi    T&D  Grid  Engineers   •  InspecDng/repairing  equipment   •  Pre-­‐test  new  panels  before  field  installaDon   •  Spare  parts  inventory    
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   High  Voltage  Lab  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   High  Voltage  Lab   •  The  Hi-­‐VARC  (High  Voltage  AC  ResisDve   Current)  test  set  provides  rapid,  automaDc   evaluaDon  of  MOV  arresters  and  polymer   insulators  using  AC  voltages  up  to  132kV.”   hp://www.jmxservices.com   •  InspecDon  &  root  cause  of  failed  insulators,   HV  circuit  breaker  components,  etc    
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Last  but  not  least…  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Go  make  stuff…Go  break  stuff  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   A  Few  Thoughts   SCADA  Security  isn’t  easy   •  Doing  the  best  we  can  with  what  we  have   SCADA,  Relay,  &  Security  Labs   •  Having  a  lab  is  so  valuable  for  tesDng,   troubleshooDng,  breaking  &  fixing  stuff   •  Yes  I  have  a  fuzzer  and  I’m  not  afraid  to  use  it   DNP3/IP  Secure  AuthenDcaDon  v5   •  Please  tell  your  vendors  you  want  NEED  it    
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Dream  BIG!  
8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Follow @chrissistrunk csistru@entergy.com   QuesDons?  

Recommended

Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration EnergySec
 
Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayEnergySec
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Digital Bond
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Techniques of attacking ICS systems
Techniques of attacking ICS systems Techniques of attacking ICS systems
Techniques of attacking ICS systems qqlan
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 

Recommended

Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration EnergySec
 
Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayEnergySec
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Digital Bond
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Techniques of attacking ICS systems
Techniques of attacking ICS systems Techniques of attacking ICS systems
Techniques of attacking ICS systems qqlan
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...arnaudsoullie
 
BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101Wavestone
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 NetworksChris Sistrunk
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityChris Sistrunk
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSChris Sistrunk
 
Defcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesDefcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesMarina Krotofil
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Digital Bond
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance LabJim Gilsinn
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Energy Biographies Final Research report
Energy Biographies Final Research reportEnergy Biographies Final Research report
Energy Biographies Final Research reportenergybiographies
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationEnergySec
 

More Related Content

What's hot

Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...arnaudsoullie
 
BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101Wavestone
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 NetworksChris Sistrunk
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityChris Sistrunk
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSChris Sistrunk
 
Defcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesDefcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesMarina Krotofil
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Digital Bond
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance LabJim Gilsinn
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 

What's hot (20)

Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
 
BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 Networks
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS Security
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS Village
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICS
 
Defcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesDefcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slides
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
 
Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar Asia
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance Lab
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 

Viewers also liked

Energy Biographies Final Research report
Energy Biographies Final Research reportEnergy Biographies Final Research report
Energy Biographies Final Research reportenergybiographies
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationEnergySec
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
6 Tools for Improving IT Operations in ICS Environments
6 Tools for Improving IT Operations in ICS Environments6 Tools for Improving IT Operations in ICS Environments
6 Tools for Improving IT Operations in ICS EnvironmentsEnergySec
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayEnergySec
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedEnergySec
 
Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...
Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...
Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...energybiographies
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
How I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterHow I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterEnergySec
 
Building an Incident Response Team
Building an Incident Response TeamBuilding an Incident Response Team
Building an Incident Response TeamEnergySec
 
Security Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for BeginnersSecurity Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for BeginnersEnergySec
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaEnergySec
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Rapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementRapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementEnergySec
 
Energy biographies: narrative genres, lifecourse transitions and practice change
Energy biographies: narrative genres, lifecourse transitions and practice changeEnergy biographies: narrative genres, lifecourse transitions and practice change
Energy biographies: narrative genres, lifecourse transitions and practice changeenergybiographies
 
Living the "Good Life"?: energy biographies, identities and competing normati...
Living the "Good Life"?: energy biographies, identities and competing normati...Living the "Good Life"?: energy biographies, identities and competing normati...
Living the "Good Life"?: energy biographies, identities and competing normati...energybiographies
 

Viewers also liked (20)

Energy Biographies Final Research report
Energy Biographies Final Research reportEnergy Biographies Final Research report
Energy Biographies Final Research report
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
 
6 Tools for Improving IT Operations in ICS Environments
6 Tools for Improving IT Operations in ICS Environments6 Tools for Improving IT Operations in ICS Environments
6 Tools for Improving IT Operations in ICS Environments
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
 
Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...
Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...
Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
 
How I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterHow I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart Meter
 
Building an Incident Response Team
Building an Incident Response TeamBuilding an Incident Response Team
Building an Incident Response Team
 
Security Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for BeginnersSecurity Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for Beginners
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six Sigma
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Rapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementRapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk Management
 
The grit in the oyster:
The grit in the oyster: The grit in the oyster:
The grit in the oyster:
 
Energy biographies: narrative genres, lifecourse transitions and practice change
Energy biographies: narrative genres, lifecourse transitions and practice changeEnergy biographies: narrative genres, lifecourse transitions and practice change
Energy biographies: narrative genres, lifecourse transitions and practice change
 
Living the "Good Life"?: energy biographies, identities and competing normati...
Living the "Good Life"?: energy biographies, identities and competing normati...Living the "Good Life"?: energy biographies, identities and competing normati...
Living the "Good Life"?: energy biographies, identities and competing normati...
 

Similar to Why You Need an ICS Lab

All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...EC-Council
 
Latihan3 comp-forensic-bab2
Latihan3 comp-forensic-bab2Latihan3 comp-forensic-bab2
Latihan3 comp-forensic-bab2sabtolinux
 
InfoSec IL 2014 - Nir Valtman & Lior Israel - Secure TDD
InfoSec IL 2014 - Nir Valtman & Lior Israel - Secure TDDInfoSec IL 2014 - Nir Valtman & Lior Israel - Secure TDD
InfoSec IL 2014 - Nir Valtman & Lior Israel - Secure TDDNir Valtman
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?Michael Gough
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseSplunk
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014Digital Bond
 
Ofer rivlin BGU - department seminar
Ofer rivlin BGU - department seminarOfer rivlin BGU - department seminar
Ofer rivlin BGU - department seminarOfer Rivlin, CISSP
 
Automated Testing with Docker on Steroids - nlOUG TechExperience 2018 (Amersf...
Automated Testing with Docker on Steroids - nlOUG TechExperience 2018 (Amersf...Automated Testing with Docker on Steroids - nlOUG TechExperience 2018 (Amersf...
Automated Testing with Docker on Steroids - nlOUG TechExperience 2018 (Amersf...Lucas Jellema
 
Looking for Trouble on OT Networks.pdf
Looking for Trouble on OT Networks.pdfLooking for Trouble on OT Networks.pdf
Looking for Trouble on OT Networks.pdfsipteck
 
application firewall research proposal
application firewall research proposalapplication firewall research proposal
application firewall research proposalPeter Cheung
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...AdaCore
 
SoftwareAssemblyLineOverview
SoftwareAssemblyLineOverviewSoftwareAssemblyLineOverview
SoftwareAssemblyLineOverviewGary Howard
 
Challenges in Practicing High Frequency Releases in Cloud Environments
Challenges in Practicing High Frequency Releases in Cloud Environments Challenges in Practicing High Frequency Releases in Cloud Environments
Challenges in Practicing High Frequency Releases in Cloud Environments Liming Zhu
 
Expanding Your .NET Testing Toolbox - GLUG NET
Expanding Your .NET Testing Toolbox - GLUG NETExpanding Your .NET Testing Toolbox - GLUG NET
Expanding Your .NET Testing Toolbox - GLUG NETMatt Eland
 
Building Connected Hardware (for the internet of things)
Building Connected Hardware (for the internet of things)Building Connected Hardware (for the internet of things)
Building Connected Hardware (for the internet of things)Jeff Katz
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityPaul Morse
 
The Strange DOM: Or How I Stopped Learned to Stop Worrying and Test for Acces...
The Strange DOM: Or How I Stopped Learned to Stop Worrying and Test for Acces...The Strange DOM: Or How I Stopped Learned to Stop Worrying and Test for Acces...
The Strange DOM: Or How I Stopped Learned to Stop Worrying and Test for Acces...Trevor Pierce
 
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyAccenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyHoneywell
 

Similar to Why You Need an ICS Lab (20)

All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
 
Latihan3 comp-forensic-bab2
Latihan3 comp-forensic-bab2Latihan3 comp-forensic-bab2
Latihan3 comp-forensic-bab2
 
Hardware hacking 101
Hardware hacking 101Hardware hacking 101
Hardware hacking 101
 
InfoSec IL 2014 - Nir Valtman & Lior Israel - Secure TDD
InfoSec IL 2014 - Nir Valtman & Lior Israel - Secure TDDInfoSec IL 2014 - Nir Valtman & Lior Israel - Secure TDD
InfoSec IL 2014 - Nir Valtman & Lior Israel - Secure TDD
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk Enterprise
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014
 
Ofer rivlin BGU - department seminar
Ofer rivlin BGU - department seminarOfer rivlin BGU - department seminar
Ofer rivlin BGU - department seminar
 
Automated Testing with Docker on Steroids - nlOUG TechExperience 2018 (Amersf...
Automated Testing with Docker on Steroids - nlOUG TechExperience 2018 (Amersf...Automated Testing with Docker on Steroids - nlOUG TechExperience 2018 (Amersf...
Automated Testing with Docker on Steroids - nlOUG TechExperience 2018 (Amersf...
 
Looking for Trouble on OT Networks.pdf
Looking for Trouble on OT Networks.pdfLooking for Trouble on OT Networks.pdf
Looking for Trouble on OT Networks.pdf
 
application firewall research proposal
application firewall research proposalapplication firewall research proposal
application firewall research proposal
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
 
SoftwareAssemblyLineOverview
SoftwareAssemblyLineOverviewSoftwareAssemblyLineOverview
SoftwareAssemblyLineOverview
 
Challenges in Practicing High Frequency Releases in Cloud Environments
Challenges in Practicing High Frequency Releases in Cloud Environments Challenges in Practicing High Frequency Releases in Cloud Environments
Challenges in Practicing High Frequency Releases in Cloud Environments
 
Expanding Your .NET Testing Toolbox - GLUG NET
Expanding Your .NET Testing Toolbox - GLUG NETExpanding Your .NET Testing Toolbox - GLUG NET
Expanding Your .NET Testing Toolbox - GLUG NET
 
Planning open stack-poc
Planning open stack-pocPlanning open stack-poc
Planning open stack-poc
 
Building Connected Hardware (for the internet of things)
Building Connected Hardware (for the internet of things)Building Connected Hardware (for the internet of things)
Building Connected Hardware (for the internet of things)
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud Security
 
The Strange DOM: Or How I Stopped Learned to Stop Worrying and Test for Acces...
The Strange DOM: Or How I Stopped Learned to Stop Worrying and Test for Acces...The Strange DOM: Or How I Stopped Learned to Stop Worrying and Test for Acces...
The Strange DOM: Or How I Stopped Learned to Stop Worrying and Test for Acces...
 
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyAccenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
 

More from EnergySec

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsEnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherEnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherEnergySec
 

More from EnergySec (20)

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 

Recently uploaded

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Why You Need an ICS Lab

  • 1. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Come  see  what’s  cooking  in  my  lab:   Why  you  need  a  lab  and  how  to  get  one   Chris  Sistrunk,  PE   Sr.  Engineer     Entergy  –  Jackson,  MS  
  • 2. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Why  do  we   need  a  lab,   Chris?  
  • 3. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   What  happens  when  you  use  nmap   on  an  Industrial  Control  System   http://securityreactions.tumblr.com
  • 4. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Why  do  we  need  a  lab?   With  a  lab,  you  can   •  Test  relay  and  RTU  seAngs  on  a  replica  of   producDon  systems   •  Test  new  firmware  before  issuing  to  field   •  Perform  root-­‐cause  analysis   – Why  is  this  device  locking  up  once  a  month?   •  Try  out  new  equipment  from  a  vendor  
  • 5. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Why  do  we  need  a  lab?   Save  Dme  &  money  by   •  CreaDng  standard  seAngs  templates   •  Find  problems  before  they  are  widespread   (Not  having  to  recall  units  with  firmware  issues)   •  Develop  and  test  equipment  pilots  in-­‐house   rather  than  hiring  a  company  to  do  it     •  Use  lab  equipment  as  emergency  spare    
  • 6. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Why  security  tesDng?   •  Not  all  SCADA/relay  vendors  do  negaDve  or   security  tesDng  at  their  factories   •  Even  if  they  did,  they  can’t  test  equipment  the   EXACT  way  that  you  use  it   •  Test  your  own  equipment  before  hackers  or   some  drive-­‐by  malware  does  it  for  you   •  Use  the  results  to  miDgate  vulnerabiliDes  
  • 7. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   What  kinds  of  tesDng?  
  • 8. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   •  Factory/Site  Acceptance  TesDng  (RTU  system)   •  Firmware/SoTware  TesDng  (new  or  patches)   •  Protocol  TesDng  (DNP3,  Modbus,  etc)   •  Protocol  Fuzzing  (custom  or  off-­‐the-­‐shelf)   •  PenetraDon  TesDng  (Metasploit,  etc)   •  Physical  security  tesDng  (cabinet  locks  etc)   •  DOCUMENT!    DOCUMENT!    DOCUMENT!   What  kinds  of  tesDng?  
  • 9. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   What  would  be  your  stuxnet?   •  Be  a  hardhat  hacker   •  Think  like  an  aacker  who  has  your  prints!   •  Build  your  systems  with  layers  of  defense   •  If  you  find  a  vulnerability,  let  your  vendor   know  (they  might  even  have  a  patch)   “To  make  things  work  well,     you  must  break  them!”  
  • 10. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   How  I  Audit  SCADA  Systems   http://securityreactions.tumblr.com
  • 11. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   OK,  how  do  I  get  a  lab?  
  • 12. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   OK,  how  do  I  get  a  lab?   •  Ask  your  boss!    Ask  the  CIO!    Ask  Ask  Ask!   •  If  you  are  the  boss,  ask  your  best  people  what   they  want  in  their  lab  and  go  buy  it!   •  Put  together  a  plan  or  a  business  case!   – Add  it  to  NERC/CIP  compliance  budget  (big  driver)   •  Go  get  spare  equipment  and  make  a  rack!   •  Start  small  and  add  to  it.   – Mine  started  as  2  relay  racks  in  my  cubicle    
  • 13. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Some  ideas  
  • 14. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   SDll  can’t  afford  it?  
  • 15. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Can’t  afford  one,  don’t  have  the   manpower,  don’t  have  the  experDse?   •  3rd  party  tesDng  such  as  Enernex,  Digital  Bond,   Kinectrics,  CimaDon  to  name  a  few   •  The  US  Gov’t  has  the  Idaho  NL  NaDonal  SCADA   Test  Bed,  Pacific  NW  NL,  &  Sandia  NL     •  Colleges  such  as  Louisiana  Tech,  Mississippi  State,   Jackson  State  have  power,  SCADA,  and  security   equipment  in  their  labs   •  Farm  out  the  tesDng  and  work  with  them  to  get   the  results  you  want  &  capitalize  the  test  costs  
  • 16. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   To  be  the  best,  you  need  the  best  tools!  
  • 17. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Entergy  THQ  Virtual  Lab  Tour  
  • 18. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Transmission  HQ  Labs   •  Transmission  HQ  moved  from  NOLA  to  Jackson   •  Business  conDnuity  aTer  Hurricane  Katrina   •  Brand  new  building  in  Fall  of  2009   •  5  large  rooms  designated  for  lab  space   –  Relay  &  SCADA  Lab   –  CommunicaDons  &  Security  Lab   –  Real-­‐Dme  Power  System  Simulator  Lab   –  Mississippi  Grid  Lab   –  High  Voltage  Lab  
  • 19. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Relay  &  SCADA  Lab  
  • 20. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Relay  &  SCADA  Lab   NO   LAB  RATS   OR   CYBERATTACK   SQUIRRELS   ALLOWED  
  • 21. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Relay  &  SCADA  Lab  
  • 22. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Relay  &  SCADA  Lab   •  Cubicle:  2  racks  >>  Old  Break  Room:  7  racks   •  New  THQ:  15  bolted  racks,  10  rolling  racks   –  40+  ProtecDve  Relays  (7  different  standard  panels)   –  Digital  Fault  Recorder   –  8+  RTUs,  3  CommunicaDon  Processors   –  SubstaDon  Grade  LAN  &  Corp  Network   –  GPS  Clock  (IRIG-­‐B),  HMI  Screen  &  Keyboard   –  Toolbox,  O-­‐Scope,  MulDmeter,  Cables,  WorkstaDons,   Chip  Burner,  Relay  &  RTU  Test  Sets,  etc  
  • 23. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Relay  &  SCADA  Lab   •  THE  LAB  OF  MY  DREAMS!   •  We  can  replicate  almost  any  substaDon   •  Test  new  configuraDons   •  Test  problemaDc  field  configuraDons   •  Test  new  firmware  &  soTware   •  Test  drive  new  equipment   •  Train  relay  &  RTU  technicians  and  engineers  
  • 24. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   CommunicaDons  &  Security  Lab  
  • 25. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   CommunicaDons  &  Security  Lab   •  SubstaDon  Hardened  Router  &  Switch   •  Radios  of  different  bands  and  technologies   •  Six-­‐sided  PSP  for  simulaDng  CCA  sites   •  Several  field  firewalls   •  Wurldtech  Achilles  Fuzzer   –  Test  network  robustness  of  devices   –  Fuzzing  DNP3,  Modbus,  &  IEC  61850   –  Test  new  RTU  &  Relay  firmware  patches   –  Will  network  storm  affect  control  outputs?    
  • 26. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   CommunicaDons  &  Security  Lab   •  Custom  DNP3  Fuzzer   – Created  by  Adam  Crain  to  test  openDNP3   – Closed  source  for  now   – Tests  DNP3  *Client*  and  Server   – Project  Robus   – hp://Automatak.com/robus   – Plan  to  release  as  open  source  next  year   …stay  tuned      
  • 27. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Power  Real-­‐Time  Simulator  Lab  
  • 28. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Power  Real-­‐Time  Simulator  Lab  
  • 29. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Power  Real-­‐Time  Simulator  Lab   “Hypersim  is  the  only  real-­‐Dme  digital  simulator   with  the  power  to  simulate  and  analyze  very   large-­‐scale  power  systems  with  more  than  2000   three-­‐phase  buses.”    -­‐  hp://www.opal-­‐rt.com   •  Simulate  different  fault  scenarios     – Will  the  Relay  A,  B,  C  have  a  misoperaDon?   – Will  relay  fault  acDvity  affect  comm    (vice  versa)?   •  R&D  &  commissioning  tests    
  • 30. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Mississippi  Grid  Lab  
  • 31. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Mississippi  Grid  Lab   •  MulDpurpose  type  lab  used  by  Entergy   Mississippi    T&D  Grid  Engineers   •  InspecDng/repairing  equipment   •  Pre-­‐test  new  panels  before  field  installaDon   •  Spare  parts  inventory    
  • 32. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   High  Voltage  Lab  
  • 33. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   High  Voltage  Lab   •  The  Hi-­‐VARC  (High  Voltage  AC  ResisDve   Current)  test  set  provides  rapid,  automaDc   evaluaDon  of  MOV  arresters  and  polymer   insulators  using  AC  voltages  up  to  132kV.”   hp://www.jmxservices.com   •  InspecDon  &  root  cause  of  failed  insulators,   HV  circuit  breaker  components,  etc    
  • 34. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Last  but  not  least…  
  • 35. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Go  make  stuff…Go  break  stuff  
  • 36. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   A  Few  Thoughts   SCADA  Security  isn’t  easy   •  Doing  the  best  we  can  with  what  we  have   SCADA,  Relay,  &  Security  Labs   •  Having  a  lab  is  so  valuable  for  tesDng,   troubleshooDng,  breaking  &  fixing  stuff   •  Yes  I  have  a  fuzzer  and  I’m  not  afraid  to  use  it   DNP3/IP  Secure  AuthenDcaDon  v5   •  Please  tell  your  vendors  you  want  NEED  it    
  • 37. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Dream  BIG!  
  • 38. 8th  Security  Summit   Portland,  Oregon   9th  Security  Summit   Denver,  Colorado   Follow @chrissistrunk csistru@entergy.com   QuesDons?