SlideShare a Scribd company logo

DTS Solution - SCADA Security Solutions

Shah Sheikh
Shah Sheikh
1 of 70
SCADA / Industrial Control Systems Security Solutions www.dts-solution.com shah@dts-solution.com
Industrial Control Systems Security  Securing Industrial Control Systems (ICS) is enterprise is not business but mission critical.  The overall impact can be catastrophic.  Securing a process has different paradigm to securing a service  The framework should be built around National Critical Infrastructure Protection
Industrial Control Systems Security • Industrial Control Systems Security should be an integrated core mission of any organization in the Utilities and Transportation sector; • Electricity and Power Plants • Water Authorities • Energy Producers – Oil / Gas • Aviation and Airports
• SCADA – Supervisory Control and Data Acquisition • SCADA systems are vital components of most nation’s critical infrastructures • SCADA systems control: – Gas pipelines – Water and wastewater systems – Transportation systems – Electrical Utilities – Refineries and chemical plants – Manufacturing operations What is SCADA?
SCADA System SCADA systems are intended to provide a human operator with updated real-time information about the current state of the remote process being monitored, as well as the ability to manipulate the process remotely. William T. Shaw
SCADA Systems • Used to monitor and remotely control critical industrial processes • Industrial control systems (ICS) – SCADA systems – Distributed Control Systems (DCS) – Programmable Logic Controllers (PLC) • SCADA Components – Master Terminal Unit (Architecture unique) – Human Machine Interface – Remote Terminal Unit – Communications
SCADA Systems • Highly distributed • Geographically separated assets • Centralized data acquisition and control are critical – Oil and gas pipelines – Electrical power grids – Railway transportation systems • Field devices control local operations
Distributed Control System • Supervisory control of multiple integrated systems responsible for a local process • DCSs used extensively in process-based industries • Examples: – Oil and gas refineries – Electrical power generation – Automotive production • Feedback loops maintain set points • Programmable logic controllers used in the field
Programmable Logic Controllers • Computer based solid state devices • Control industrial equipment and processes • Regulate process flow – Automobile assembly line
SCADA, DCS or PLC Compare and Contrast • Location – SCADA – geographically dispersed – DCS and PLC – factory centered • Communications – SCADA – long distance, slow speed – DCS and PLC – LAN, high speed • Control – SCADA – supervisory level – DCS and PLC – closed feedback loops
SCADA – Why the emphasis? • SCADA Supports Critical Infrastructures • 80-90% of critical infrastructures (CI) are privately owned and operated • Critical to National survival and prosperity, yet dependent on industries driven by profit, not security
SCADA – Why the emphasis? • Many challenges exist when securing SCADA – Complex systems…patching, rebooting, authentication – Preponderance of legacy hardware, software and transmission protocols ($) – Multiple and divers access points…by design…radio, wireless, phone – The need to connect to business network • The Cyberwar Plan. Article by Shane Harris, Saturday, Nov. 14, 2009: President Obama confirmed that cyber-warriors have aimed at American networks. "We know that cyber-intruders have probed our electrical grid," he said at the White House in May, when he unveiled the next stage of the national cyber-security strategy. The president also confirmed, for the first time, that the weapons of cyberwar had claimed victims. "In other countries, cyberattacks have plunged entire cities into darkness."
SCADA Evolution • 1960 -1980s – Central Architectures – Single powerful computer performing all functions – 2nd identical computer for redundancy
SCADA Evolution • 1980s to present – Distributed Architectures – Multiple computers networked together with each performing a specific function – LAN improvements – practical and possible – Functions: • Remote terminal polling • Complex applications processing • Historian – data archiving and trending – Graceful degradation
SCADA Evolution • 1990s to present – Client/Server – Powerful PCs – TCP/IP networking – High speed Ethernet – Commercial real-time operating systems • Looking more like IT systems – Scalable and fault tolerant – Smart software makes redundancy easy
SCADA Evolution • Human Machine Interface – Printouts – Map board – Mimic panel – Video projection technology
SCADA Evolution HMI Example
SCADA Evolution • Remote Terminal Unit – Electronic devices located at key measurement and control points – Originally hardwired devices with limited capabilities and one proprietary communications protocol – Modern RTUs contain their own microprocessors and can support multiple sophisticated protocols
SCADA Evolution • Communications – Initially used telephone systems and radio transmitters designed for voice • Slow • Some remote areas had to build their own communication systems – Latest systems are digital networks designed to transfer data • TCP/IP • Wireless including cellular and satellite
SCADA Evolution Summary • SCADA systems are based on computer technology so they have evolved with computer technology • New technologies have also been introduced to SCADA systems • Huge decreases in proprietary nature
SCADA Evolution Summary • The Good News – Cheaper – Interoperable between vendors – Larger pool of available workers • The Bad News – Susceptible to malware, hackers and cyber attacks • We can’t go back. We must provide secure designs for now & the future
• Cost Savings – Reduced down time and maintenance costs – Improved productivity – Enhanced business continuity • Simplified Regulatory and Standards Compliance – FERC / NERC CIP – ANSI/ISA-99 – IEC 62443 • Enhanced Security and Safety – Improved safety for the plant, employees and community – Improved defense against malicious attacks Why is Cyber Security important?
Pike Research – Smart Grid Cyber Security Ranking
Mission Critical Security is Our Specialty When dealing with Mission Critical Systems, partner with someone whose done it before…
Industrial Defender • Automation System Security Management • Exclusive focus on providing an integrated set of products and services for Automation Systems Security Management • Unify two challenging domains: • Automation Systems • Cyber security • 350+ customers worldwide – 10,000 deployments – Industrial Defender
Critical Infrastructure Operations – The Emerging Threat
• http://www.securityincidents.org/ - global repository of industrial control security incidents. Some Incidents - SCADA Copyright © 2008 Industrial Defender All rights reserved Process Control Security, Performance and Compliance Incidents
Corporate IT Automation Systems IT Not life threatening Safety first Availability important Non-interruption is critical Transactional orientation Real-time focus IBM, SAP, Oracle, ….. ABB, Emerson, GE, Honeywell, Siemens... People ~= Devices Few people; Many, many devices PCs and Servers Sensors, Controllers, Servers Web services model is dominant Polled automation control model MS Windows is dominant OS Vendor-embedded operating systems Many commercial software products installed on each PC Purpose-specific devices and application Protocol is primarily HTTP/HTTPS over TCP/IP -- widely known Many industrial protocols, some over TCP/IP – vendor and sector- specific Office environment, plus mobile Harsh operating plant environments Cross-industry IT jargon Industry sector-specific jargon Cross-industry regulations (mostly) Industry-specific regulations Automation Systems Security Really Unique?
Oil & Gas Industry Customers … many more Electric Power Industry Chemical Industry Water and Transportation Industry
Experience Across Many Automation Environments Security/Performance monitoring for: • ABB 800xA • ABB Symphony/Harmony • ABB Infi90 • ABB Network Manager • Automsoft RAPID Historian • Emerson DeltaV • Emerson Ovation • Emerson/Westinghouse WDPF • GE XA / 21 • Foxboro I/A Series • Honeywell Experion • Itron OpenWay System • Rockwell RSView • Schneider Momentum • Schneider Quantum • Siemens PCS7 • Yokogawa Centrum CS 3000 Operating systems: • HP-UX PA-RISC & Itanium • W2K, WinNT, W2003 • Linux • DEC Tru-64 • Sun Solaris • IBM AIX Industrial rules for: • DNP3 • Modbus • ICCP • IEC • Siemens S7 Protocol • TCP/IP
Security Maturity Evolution in Industrial Control Firewalls Business connectivity Locks on the Door Intrusion Detection Network Based Host Based Known Bad Industrial Protocols Alarm Sensors Event Monitor Central Logging Monitor and respond Alert on Events of interest Log everything and apply forensics Incident Management Flight recorder Intrusion Prevention Network Based Host Based Deep packet inspection Known Bad signatures Known Good Signatures Whitelisting System hardening System locked down Security Management Automates manual process Enforces policy, process & procedures Leverages “baselines” Manages changes Audit reporting Continuous assessments Attestation data Doing it and Proving you are doing it TechnologySophistication 2003 2005 2007 2009 2011
ICS Security - Defense-in-Depth
Industrial Control Systems Security
SCADA Network… What is the problem?
SCADA Network… Isolation and Zoning
SCADA Network… Secured Zones
Defense in Depth Strategy
Stuxnet
Automation System Management
• Compliance Manager consolidates all events, logs and configuration settings for archiving and audit reporting - Collectors • Security Event Manager (SEM) aggregates security events from all monitored systems • UTM/firewalls provide intrusion prevention at the network perimeter – ESP protection • HIPS provides the Host Intrusion Prevention – Protectors • HIDS provides the Host Intrusion Detection – Host Sensors • NIDS provides the Network Intrusion Detection – Network Sensors Industrial Defenders Defense-in-Depth - Solution
Tofino – Byres Security • Founder of the BCIT Critical Infrastructure Security Centre, a leading academic facility for SCADA cyber-security research. • Canadian representative for IEC TC65/WG10 standards effort for the protection of industrial facilities from cyber attack. • Chairs ISA S-99 Security Technologies W.G. • Member of DHS best practices approval board. • 2006 SANS Institute Security Leadership Award. • Six ISA and IEEE awards for security research. • Testified to the US Congress on SCADA Security.
“Security” Issues in Control Networks • “Soft” Targets – PCs run 24x7 without security updates or even antivirus – Controllers are optimized for real-time I/O, not for robust networking connections • Multiple Network Entry Points – The majority of cyber security incidents originate from secondary points of entry to the network – USB keys, maintenance connections, laptops, etc. • Poor Network Segmentation – Many control networks are “wide-open” with no isolation between different sub-systems – As a result problems spread rapidly through the network
External Network Control LAN Plant Network Office LAN Internet  Infected Laptops Infected Remote Support  Mis-Configured Firewalls  Unauthorized Connections  Modems   3rd Party Issues USB Drives  Pathways into the Plant Floor
A Perimeter Defense is Not Enough • We can’t just install a control system firewall and forget about security. – The bad guys will eventually get in – Many problems originate inside the plant network • We must harden the plant floor. • We need Defense in Depth. Crunchy on the Outside - Soft in the Middle
The Solution in the IT World • Your desktop has flaws so you add security software: – Patches – Personal Firewalls (like ZoneAlarm) – Anti-Virus Software – Encryption (VPN Client or PGP) • This is a good idea for PCs in the control system… • But you can’t add software to your DCS, PLC or RTU • The Result? Your receptionist’s PC is probably much better protected than the average PLC or RTU
Distributed Security Appliances • Add hardware instead - a security appliance designed to be placed in front of control devices (such as PLC, DCS, RTU etc). • User-configured firewall rules permit only the minimum network traffic required for correct plant operation • Complement security measures implemented by IT • Address the unique requirements of the plant network
ANSI/ISA-99: Dividing Up The Control System • A core concept in the new ANSI/ISA-99 security standard is “Zones and Conduits” • Offers a level of segmentation and traffic control inside the control system. • Control networks divided into layers or zones based on control function. • Multiple separated zones help to provide “defense in depth”.
Security Zone Definition • “Security zone: grouping of logical or physical assets that share common security requirements”. [ANSI/ISA- 99.01.01–2007- 3.2.116] – A zone has a clearly defined border (either logical or physical), which is the boundary between included and excluded elements. HMI Zone PLC Zone
Conduits • A conduit is a path for the flow of data between two zones. – can provide the security functions that allow different zones to communicate securely. – Any communications between zone must have a conduit. HMI Zone PLC Zone Conduit
Protecting the Network with Zones and Conduits • A firewall in each conduit will allow only the MINIMUM network traffic necessary for correct plant operation HMI Zone PLC Zone Firewall
Redefining Security Zones in ICS
Specifying Controlled Zones
Adding the Controlled Conduits Points
The Tofino™ Industrial Security Solution – What is it? • It is a distributed security solution managed from a central location. • Flexible architecture allows you to create security zones throughout your control network to protect critical system components. (ANSI/ISA-99 standards) • Monitoring and management are easy using one centralized software program.
Industrial Control Systems Security
• These are the devices that physically connect to the 802.3 Ethernet and provide Zone Level Security™ for other devices the IT firewall cannot protect The Tofino Security Appliance is the hardware component of the system Tofino Security Appliance Authorized SECURE ZONE Unauthorized
• Configure, manage and monitor all your Tofino Security Appliances from one workstation The Central Management Platform (CMP) is the centralized software program
Fast Deployment using Tofino™ CMP • Map your network • Drag and drop talkers and protocols to create rules • Test • Deploy & manage
Intuitive Rule Editor Preconfigured to block known device flaws Globally control specific types of communications Create a list of devices that can “talk” to a protected device using allowed protocols
• Tofino™ operates in three modes: – PASSIVE - all traffic allowed, logging off – TEST – all traffic allowed; logging on – OPERATIONAL – firewall rules applied • When operational, Tofino™ will drop any traffic for which there is no ‘allow’ rule. • Test mode allows all traffic, but reports traffic that would have been dropped if operational – Critical to ensuring that all required traffic has a corresponding rule to permit it Process-Friendly Test Mode
Tofino Loadable Security Modules are licensed to each Tofino Security Appliance based on the needs in that security zone • Downloaded into each Tofino Security Appliance (Tofino SA) via the CMP the LSMs offer customizable security functions depending on the zone-by-zone requirements of the control system.
• The SAM LSM is a sentry that identifies and reports the devices that communicate through the Tofino SA to the protected devices in the security zone. This builds a useful model of the network upon Tofino SA start up. • After system commissioning, the SAM LSM continues to scan for new devices and reports these to the CMP as a potential security threat Describing the Tofino™ Secure Asset Management LSM quickly
• When incoming communications arrive at the Tofino SA the Tofino™ Firewall LSM traffic cop determines if the communication traffic can pass into the security zone • This determination is based on a set of rules easily created by the control engineer in Tofino CMP Describing the Tofino™ Firewall LSM quickly Tofino™ Firewall LSM Authorized Protected Controller Unauthorized
• On a Modbus network traffic that passes the Firewall can have its “luggage searched” by the border guard • The Tofino™ Modbus TCP Enforcer LSM analyzes each packet based on a defined list of allowed Modbus commands, registers, coils and standards • Unlawful traffic is blocked and reported to the CMP Describing the Tofino™ Modbus TCP Enforcer LSM quickly Tofino™ Modbus TCP Enforcer Modbus Master Modbus Slave
• OPC servers cannot be protected by traditional firewalls because they create data connections using a wide range of TCP port numbers that cannot be determined in advance • OPC Enforcer is a ‘gatekeeper’ that tracks OPC data connections as they are created and opens only the minimum required ports in the firewall for authorized clients Describing the Tofino™ OPC Enforcer LSM quickly
• The Event Logger LSM records Tofino security alarm reports – Tofino SA’s with this LSM can report alarms directly to a syslog server (no CMP required) AND buffer/resend them if the connection to the server is interrupted/restored – Alarms can also be stored on the Tofino SA, then later offloaded via USB memory stick or CMP Describing the Tofino™ Event Logger LSM quickly
• This simple to set up LSM creates secure tunnels between Tofino Security Appliances; between Tofino and PCs; and between Tofino and supported third-party devices • It is designed for the control network, not the home or office network, and works hand-in-hand with other LSMs Describing the Tofino™ VPN LSM quickly VPN Tunnel Remote Client Main Facility Eavesdroppers Internet
DEMO
DTS Solution - SCADA Security Solutions

Recommended

A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
Ch2 2009 cisa
Ch2 2009 cisaCh2 2009 cisa
Ch2 2009 cisaasrulsani09
 
What is the Siemens Open Library, and How it Decreased Development Time for E...
What is the Siemens Open Library, and How it Decreased Development Time for E...What is the Siemens Open Library, and How it Decreased Development Time for E...
What is the Siemens Open Library, and How it Decreased Development Time for E...DMC, Inc.
 
Alarm management at DeltaV
Alarm management at DeltaVAlarm management at DeltaV
Alarm management at DeltaVRobert-Emmanuel Mayssat
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Scada security
Scada securityScada security
Scada securitysommerville-videos
 

Recommended

A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
Ch2 2009 cisa
Ch2 2009 cisaCh2 2009 cisa
Ch2 2009 cisaasrulsani09
 
What is the Siemens Open Library, and How it Decreased Development Time for E...
What is the Siemens Open Library, and How it Decreased Development Time for E...What is the Siemens Open Library, and How it Decreased Development Time for E...
What is the Siemens Open Library, and How it Decreased Development Time for E...DMC, Inc.
 
Alarm management at DeltaV
Alarm management at DeltaVAlarm management at DeltaV
Alarm management at DeltaVRobert-Emmanuel Mayssat
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Scada security
Scada securityScada security
Scada securitysommerville-videos
 
Ppt on rs logix 5000
Ppt on rs logix 5000Ppt on rs logix 5000
Ppt on rs logix 5000Anil Maurya
 
Controllogix 5000 Training
Controllogix 5000 TrainingControllogix 5000 Training
Controllogix 5000 TrainingBusiness Industrial Network
 
automation plc - scada
automation plc - scadaautomation plc - scada
automation plc - scadaSaif Akhtar
 
SCADA of the Future
SCADA of the FutureSCADA of the Future
SCADA of the FutureSchneider Electric
 
Hima cyber security
Hima cyber securityHima cyber security
Hima cyber securityie-net ingenieursvereniging vzw
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
Scada system architecture, types and applications
Scada system architecture, types and applicationsScada system architecture, types and applications
Scada system architecture, types and applicationsUchi Pou
 
DCS PRESENTATION
DCS PRESENTATIONDCS PRESENTATION
DCS PRESENTATIONbvent2005
 
PLC SCADA
PLC SCADAPLC SCADA
PLC SCADAAppin Delhi
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
Technical slides tia_portal_v15_en
Technical slides tia_portal_v15_enTechnical slides tia_portal_v15_en
Technical slides tia_portal_v15_enDeepak kumar
 
Scada classification
Scada classificationScada classification
Scada classificationAhmed Sebaii
 
Scada system
Scada systemScada system
Scada systemPulakesh k kalita
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
S7 1200 basic
S7 1200 basicS7 1200 basic
S7 1200 basicControl Technique , Motion control
 
SCADA by K.LIPESH
SCADA by K.LIPESH SCADA by K.LIPESH
SCADA by K.LIPESH LIPESH KAPALA
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
Scada ppt
Scada pptScada ppt
Scada pptzudakki
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
Scada Security Best Practices
Scada Security Best PracticesScada Security Best Practices
Scada Security Best PracticesAVEVA
 

More Related Content

What's hot

Ppt on rs logix 5000
Ppt on rs logix 5000Ppt on rs logix 5000
Ppt on rs logix 5000Anil Maurya
 
automation plc - scada
automation plc - scadaautomation plc - scada
automation plc - scadaSaif Akhtar
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
Scada system architecture, types and applications
Scada system architecture, types and applicationsScada system architecture, types and applications
Scada system architecture, types and applicationsUchi Pou
 
DCS PRESENTATION
DCS PRESENTATIONDCS PRESENTATION
DCS PRESENTATIONbvent2005
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
Technical slides tia_portal_v15_en
Technical slides tia_portal_v15_enTechnical slides tia_portal_v15_en
Technical slides tia_portal_v15_enDeepak kumar
 
Scada classification
Scada classificationScada classification
Scada classificationAhmed Sebaii
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
Scada ppt
Scada pptScada ppt
Scada pptzudakki
 

What's hot (20)

Ppt on rs logix 5000
Ppt on rs logix 5000Ppt on rs logix 5000
Ppt on rs logix 5000
 
Controllogix 5000 Training
Controllogix 5000 TrainingControllogix 5000 Training
Controllogix 5000 Training
 
automation plc - scada
automation plc - scadaautomation plc - scada
automation plc - scada
 
SCADA of the Future
SCADA of the FutureSCADA of the Future
SCADA of the Future
 
Hima cyber security
Hima cyber securityHima cyber security
Hima cyber security
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and Confidence
 
Scada system architecture, types and applications
Scada system architecture, types and applicationsScada system architecture, types and applications
Scada system architecture, types and applications
 
DCS PRESENTATION
DCS PRESENTATIONDCS PRESENTATION
DCS PRESENTATION
 
PLC SCADA
PLC SCADAPLC SCADA
PLC SCADA
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
 
Technical slides tia_portal_v15_en
Technical slides tia_portal_v15_enTechnical slides tia_portal_v15_en
Technical slides tia_portal_v15_en
 
Scada classification
Scada classificationScada classification
Scada classification
 
Scada system
Scada systemScada system
Scada system
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
S7 1200 basic
S7 1200 basicS7 1200 basic
S7 1200 basic
 
SCADA by K.LIPESH
SCADA by K.LIPESH SCADA by K.LIPESH
SCADA by K.LIPESH
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security Presentation
 
Scada ppt
Scada pptScada ppt
Scada ppt
 

Viewers also liked

PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
Scada Security Best Practices
Scada Security Best PracticesScada Security Best Practices
Scada Security Best PracticesAVEVA
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksMaurice Dawson
 
Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsJames Arlen
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsDavid Spinks
 
Scada Security & Penetration Testing
Scada Security & Penetration TestingScada Security & Penetration Testing
Scada Security & Penetration TestingAhmed Sherif
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0Shah Sheikh
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
DTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job WayDTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job WayShah Sheikh
 
Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE Kangai Maukazuva, CGEIT
 
Fingrid Oyj, Investor Presentation December 2014
Fingrid Oyj, Investor Presentation December 2014Fingrid Oyj, Investor Presentation December 2014
Fingrid Oyj, Investor Presentation December 2014Fingrid Oyj
 

Viewers also liked (20)

PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrol
 
Scada Security Best Practices
Scada Security Best PracticesScada Security Best Practices
Scada Security Best Practices
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
 
Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security Experts
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
 
Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control Systems
 
ICS security
ICS securityICS security
ICS security
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA Security
 
Scada Security & Penetration Testing
Scada Security & Penetration TestingScada Security & Penetration Testing
Scada Security & Penetration Testing
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
SCADA Security
SCADA SecuritySCADA Security
SCADA Security
 
DTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job WayDTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job Way
 
Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE
 
Fingrid Oyj, Investor Presentation December 2014
Fingrid Oyj, Investor Presentation December 2014Fingrid Oyj, Investor Presentation December 2014
Fingrid Oyj, Investor Presentation December 2014
 

Similar to DTS Solution - SCADA Security Solutions

Introduction to scada systems & power control centres
Introduction to scada systems & power control centresIntroduction to scada systems & power control centres
Introduction to scada systems & power control centresHelder Joaquim Ale Psico
 
scada-130512133852-phpapp01.pptx
scada-130512133852-phpapp01.pptxscada-130512133852-phpapp01.pptx
scada-130512133852-phpapp01.pptxsurangagw
 
ICP DAS USA Products Presentation
ICP DAS USA Products PresentationICP DAS USA Products Presentation
ICP DAS USA Products PresentationColin McLeod
 
Lecture+9+-+SCADA+Systems.pdf
Lecture+9+-+SCADA+Systems.pdfLecture+9+-+SCADA+Systems.pdf
Lecture+9+-+SCADA+Systems.pdfSmritiGarg21
 
Wireless Communciation and Automation
Wireless Communciation and AutomationWireless Communciation and Automation
Wireless Communciation and Automationirfanhyd
 
LIBRARY RESEARCH PROJECT SECURITY CONTROL IN SCADA
LIBRARY RESEARCH PROJECT SECURITY CONTROL IN SCADALIBRARY RESEARCH PROJECT SECURITY CONTROL IN SCADA
LIBRARY RESEARCH PROJECT SECURITY CONTROL IN SCADASonuSingh81247
 
LIBRARY RESEARCH PROJECT cyber security control inSCAD.ppt
LIBRARY RESEARCH PROJECT cyber security control inSCAD.pptLIBRARY RESEARCH PROJECT cyber security control inSCAD.ppt
LIBRARY RESEARCH PROJECT cyber security control inSCAD.pptSonuSingh81247
 
Automation presentation
Automation presentationAutomation presentation
Automation presentationAKANSHA GURELE
 
Automation presentation 141227094725-conversion-gate02
Automation presentation 141227094725-conversion-gate02Automation presentation 141227094725-conversion-gate02
Automation presentation 141227094725-conversion-gate02Sahithya Mahesh
 
Lecture+9+-+SCADA+Systems.pptx
Lecture+9+-+SCADA+Systems.pptxLecture+9+-+SCADA+Systems.pptx
Lecture+9+-+SCADA+Systems.pptxsurangagw
 
Automation with plc & scada
Automation with plc & scadaAutomation with plc & scada
Automation with plc & scadaMNIT Jaipur
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Industrial automation.pptx
Industrial automation.pptxIndustrial automation.pptx
Industrial automation.pptxSURAJKUMAR779680
 
Practical Use & Understanding of Foundation FieldBus for Engineers & Technicians
Practical Use & Understanding of Foundation FieldBus for Engineers & TechniciansPractical Use & Understanding of Foundation FieldBus for Engineers & Technicians
Practical Use & Understanding of Foundation FieldBus for Engineers & TechniciansLiving Online
 

Similar to DTS Solution - SCADA Security Solutions (20)

Embedded
EmbeddedEmbedded
Embedded
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
 
Introduction to scada systems & power control centres
Introduction to scada systems & power control centresIntroduction to scada systems & power control centres
Introduction to scada systems & power control centres
 
scada-130512133852-phpapp01.pptx
scada-130512133852-phpapp01.pptxscada-130512133852-phpapp01.pptx
scada-130512133852-phpapp01.pptx
 
Scada
ScadaScada
Scada
 
ICP DAS USA Products Presentation
ICP DAS USA Products PresentationICP DAS USA Products Presentation
ICP DAS USA Products Presentation
 
Lecture+9+-+SCADA+Systems.pdf
Lecture+9+-+SCADA+Systems.pdfLecture+9+-+SCADA+Systems.pdf
Lecture+9+-+SCADA+Systems.pdf
 
Proxy biz institutional-10-2014-eng
Proxy biz institutional-10-2014-engProxy biz institutional-10-2014-eng
Proxy biz institutional-10-2014-eng
 
Wireless Communciation and Automation
Wireless Communciation and AutomationWireless Communciation and Automation
Wireless Communciation and Automation
 
LIBRARY RESEARCH PROJECT SECURITY CONTROL IN SCADA
LIBRARY RESEARCH PROJECT SECURITY CONTROL IN SCADALIBRARY RESEARCH PROJECT SECURITY CONTROL IN SCADA
LIBRARY RESEARCH PROJECT SECURITY CONTROL IN SCADA
 
LIBRARY RESEARCH PROJECT cyber security control inSCAD.ppt
LIBRARY RESEARCH PROJECT cyber security control inSCAD.pptLIBRARY RESEARCH PROJECT cyber security control inSCAD.ppt
LIBRARY RESEARCH PROJECT cyber security control inSCAD.ppt
 
Automation presentation
Automation presentationAutomation presentation
Automation presentation
 
Automation presentation 141227094725-conversion-gate02
Automation presentation 141227094725-conversion-gate02Automation presentation 141227094725-conversion-gate02
Automation presentation 141227094725-conversion-gate02
 
Lecture+9+-+SCADA+Systems.pptx
Lecture+9+-+SCADA+Systems.pptxLecture+9+-+SCADA+Systems.pptx
Lecture+9+-+SCADA+Systems.pptx
 
Automation with plc & scada
Automation with plc & scadaAutomation with plc & scada
Automation with plc & scada
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Industrial automation.pptx
Industrial automation.pptxIndustrial automation.pptx
Industrial automation.pptx
 
Embedded system
Embedded systemEmbedded system
Embedded system
 
Automation
AutomationAutomation
Automation
 
Practical Use & Understanding of Foundation FieldBus for Engineers & Technicians
Practical Use & Understanding of Foundation FieldBus for Engineers & TechniciansPractical Use & Understanding of Foundation FieldBus for Engineers & Technicians
Practical Use & Understanding of Foundation FieldBus for Engineers & Technicians
 

More from Shah Sheikh

ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceShah Sheikh
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingShah Sheikh
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....Shah Sheikh
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...Shah Sheikh
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotShah Sheikh
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015Shah Sheikh
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting Shah Sheikh
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0Shah Sheikh
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
SeGW Whitepaper from Radisys
SeGW Whitepaper from RadisysSeGW Whitepaper from Radisys
SeGW Whitepaper from RadisysShah Sheikh
 

More from Shah Sheikh (20)

ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company Presentation
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company Presentation
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration Testing
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
 
DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
 
SeGW Whitepaper from Radisys
SeGW Whitepaper from RadisysSeGW Whitepaper from Radisys
SeGW Whitepaper from Radisys
 

DTS Solution - SCADA Security Solutions

  • 1. SCADA / Industrial Control Systems Security Solutions www.dts-solution.com shah@dts-solution.com
  • 2. Industrial Control Systems Security  Securing Industrial Control Systems (ICS) is enterprise is not business but mission critical.  The overall impact can be catastrophic.  Securing a process has different paradigm to securing a service  The framework should be built around National Critical Infrastructure Protection
  • 3. Industrial Control Systems Security • Industrial Control Systems Security should be an integrated core mission of any organization in the Utilities and Transportation sector; • Electricity and Power Plants • Water Authorities • Energy Producers – Oil / Gas • Aviation and Airports
  • 4. • SCADA – Supervisory Control and Data Acquisition • SCADA systems are vital components of most nation’s critical infrastructures • SCADA systems control: – Gas pipelines – Water and wastewater systems – Transportation systems – Electrical Utilities – Refineries and chemical plants – Manufacturing operations What is SCADA?
  • 5. SCADA System SCADA systems are intended to provide a human operator with updated real-time information about the current state of the remote process being monitored, as well as the ability to manipulate the process remotely. William T. Shaw
  • 6. SCADA Systems • Used to monitor and remotely control critical industrial processes • Industrial control systems (ICS) – SCADA systems – Distributed Control Systems (DCS) – Programmable Logic Controllers (PLC) • SCADA Components – Master Terminal Unit (Architecture unique) – Human Machine Interface – Remote Terminal Unit – Communications
  • 7. SCADA Systems • Highly distributed • Geographically separated assets • Centralized data acquisition and control are critical – Oil and gas pipelines – Electrical power grids – Railway transportation systems • Field devices control local operations
  • 8. Distributed Control System • Supervisory control of multiple integrated systems responsible for a local process • DCSs used extensively in process-based industries • Examples: – Oil and gas refineries – Electrical power generation – Automotive production • Feedback loops maintain set points • Programmable logic controllers used in the field
  • 9. Programmable Logic Controllers • Computer based solid state devices • Control industrial equipment and processes • Regulate process flow – Automobile assembly line
  • 10. SCADA, DCS or PLC Compare and Contrast • Location – SCADA – geographically dispersed – DCS and PLC – factory centered • Communications – SCADA – long distance, slow speed – DCS and PLC – LAN, high speed • Control – SCADA – supervisory level – DCS and PLC – closed feedback loops
  • 11. SCADA – Why the emphasis? • SCADA Supports Critical Infrastructures • 80-90% of critical infrastructures (CI) are privately owned and operated • Critical to National survival and prosperity, yet dependent on industries driven by profit, not security
  • 12. SCADA – Why the emphasis? • Many challenges exist when securing SCADA – Complex systems…patching, rebooting, authentication – Preponderance of legacy hardware, software and transmission protocols ($) – Multiple and divers access points…by design…radio, wireless, phone – The need to connect to business network • The Cyberwar Plan. Article by Shane Harris, Saturday, Nov. 14, 2009: President Obama confirmed that cyber-warriors have aimed at American networks. "We know that cyber-intruders have probed our electrical grid," he said at the White House in May, when he unveiled the next stage of the national cyber-security strategy. The president also confirmed, for the first time, that the weapons of cyberwar had claimed victims. "In other countries, cyberattacks have plunged entire cities into darkness."
  • 13. SCADA Evolution • 1960 -1980s – Central Architectures – Single powerful computer performing all functions – 2nd identical computer for redundancy
  • 14. SCADA Evolution • 1980s to present – Distributed Architectures – Multiple computers networked together with each performing a specific function – LAN improvements – practical and possible – Functions: • Remote terminal polling • Complex applications processing • Historian – data archiving and trending – Graceful degradation
  • 15. SCADA Evolution • 1990s to present – Client/Server – Powerful PCs – TCP/IP networking – High speed Ethernet – Commercial real-time operating systems • Looking more like IT systems – Scalable and fault tolerant – Smart software makes redundancy easy
  • 16. SCADA Evolution • Human Machine Interface – Printouts – Map board – Mimic panel – Video projection technology
  • 18. SCADA Evolution • Remote Terminal Unit – Electronic devices located at key measurement and control points – Originally hardwired devices with limited capabilities and one proprietary communications protocol – Modern RTUs contain their own microprocessors and can support multiple sophisticated protocols
  • 19. SCADA Evolution • Communications – Initially used telephone systems and radio transmitters designed for voice • Slow • Some remote areas had to build their own communication systems – Latest systems are digital networks designed to transfer data • TCP/IP • Wireless including cellular and satellite
  • 20. SCADA Evolution Summary • SCADA systems are based on computer technology so they have evolved with computer technology • New technologies have also been introduced to SCADA systems • Huge decreases in proprietary nature
  • 21. SCADA Evolution Summary • The Good News – Cheaper – Interoperable between vendors – Larger pool of available workers • The Bad News – Susceptible to malware, hackers and cyber attacks • We can’t go back. We must provide secure designs for now & the future
  • 22. • Cost Savings – Reduced down time and maintenance costs – Improved productivity – Enhanced business continuity • Simplified Regulatory and Standards Compliance – FERC / NERC CIP – ANSI/ISA-99 – IEC 62443 • Enhanced Security and Safety – Improved safety for the plant, employees and community – Improved defense against malicious attacks Why is Cyber Security important?
  • 23. Pike Research – Smart Grid Cyber Security Ranking
  • 24. Mission Critical Security is Our Specialty When dealing with Mission Critical Systems, partner with someone whose done it before…
  • 25. Industrial Defender • Automation System Security Management • Exclusive focus on providing an integrated set of products and services for Automation Systems Security Management • Unify two challenging domains: • Automation Systems • Cyber security • 350+ customers worldwide – 10,000 deployments – Industrial Defender
  • 26. Critical Infrastructure Operations – The Emerging Threat
  • 27. • http://www.securityincidents.org/ - global repository of industrial control security incidents. Some Incidents - SCADA Copyright © 2008 Industrial Defender All rights reserved Process Control Security, Performance and Compliance Incidents
  • 28. Corporate IT Automation Systems IT Not life threatening Safety first Availability important Non-interruption is critical Transactional orientation Real-time focus IBM, SAP, Oracle, ….. ABB, Emerson, GE, Honeywell, Siemens... People ~= Devices Few people; Many, many devices PCs and Servers Sensors, Controllers, Servers Web services model is dominant Polled automation control model MS Windows is dominant OS Vendor-embedded operating systems Many commercial software products installed on each PC Purpose-specific devices and application Protocol is primarily HTTP/HTTPS over TCP/IP -- widely known Many industrial protocols, some over TCP/IP – vendor and sector- specific Office environment, plus mobile Harsh operating plant environments Cross-industry IT jargon Industry sector-specific jargon Cross-industry regulations (mostly) Industry-specific regulations Automation Systems Security Really Unique?
  • 29. Oil & Gas Industry Customers … many more Electric Power Industry Chemical Industry Water and Transportation Industry
  • 30. Experience Across Many Automation Environments Security/Performance monitoring for: • ABB 800xA • ABB Symphony/Harmony • ABB Infi90 • ABB Network Manager • Automsoft RAPID Historian • Emerson DeltaV • Emerson Ovation • Emerson/Westinghouse WDPF • GE XA / 21 • Foxboro I/A Series • Honeywell Experion • Itron OpenWay System • Rockwell RSView • Schneider Momentum • Schneider Quantum • Siemens PCS7 • Yokogawa Centrum CS 3000 Operating systems: • HP-UX PA-RISC & Itanium • W2K, WinNT, W2003 • Linux • DEC Tru-64 • Sun Solaris • IBM AIX Industrial rules for: • DNP3 • Modbus • ICCP • IEC • Siemens S7 Protocol • TCP/IP
  • 31. Security Maturity Evolution in Industrial Control Firewalls Business connectivity Locks on the Door Intrusion Detection Network Based Host Based Known Bad Industrial Protocols Alarm Sensors Event Monitor Central Logging Monitor and respond Alert on Events of interest Log everything and apply forensics Incident Management Flight recorder Intrusion Prevention Network Based Host Based Deep packet inspection Known Bad signatures Known Good Signatures Whitelisting System hardening System locked down Security Management Automates manual process Enforces policy, process & procedures Leverages “baselines” Manages changes Audit reporting Continuous assessments Attestation data Doing it and Proving you are doing it TechnologySophistication 2003 2005 2007 2009 2011
  • 32.
  • 33. ICS Security - Defense-in-Depth
  • 35. SCADA Network… What is the problem?
  • 38. Defense in Depth Strategy
  • 41. • Compliance Manager consolidates all events, logs and configuration settings for archiving and audit reporting - Collectors • Security Event Manager (SEM) aggregates security events from all monitored systems • UTM/firewalls provide intrusion prevention at the network perimeter – ESP protection • HIPS provides the Host Intrusion Prevention – Protectors • HIDS provides the Host Intrusion Detection – Host Sensors • NIDS provides the Network Intrusion Detection – Network Sensors Industrial Defenders Defense-in-Depth - Solution
  • 42. Tofino – Byres Security • Founder of the BCIT Critical Infrastructure Security Centre, a leading academic facility for SCADA cyber-security research. • Canadian representative for IEC TC65/WG10 standards effort for the protection of industrial facilities from cyber attack. • Chairs ISA S-99 Security Technologies W.G. • Member of DHS best practices approval board. • 2006 SANS Institute Security Leadership Award. • Six ISA and IEEE awards for security research. • Testified to the US Congress on SCADA Security.
  • 43. “Security” Issues in Control Networks • “Soft” Targets – PCs run 24x7 without security updates or even antivirus – Controllers are optimized for real-time I/O, not for robust networking connections • Multiple Network Entry Points – The majority of cyber security incidents originate from secondary points of entry to the network – USB keys, maintenance connections, laptops, etc. • Poor Network Segmentation – Many control networks are “wide-open” with no isolation between different sub-systems – As a result problems spread rapidly through the network
  • 44. External Network Control LAN Plant Network Office LAN Internet  Infected Laptops Infected Remote Support  Mis-Configured Firewalls  Unauthorized Connections  Modems   3rd Party Issues USB Drives  Pathways into the Plant Floor
  • 45. A Perimeter Defense is Not Enough • We can’t just install a control system firewall and forget about security. – The bad guys will eventually get in – Many problems originate inside the plant network • We must harden the plant floor. • We need Defense in Depth. Crunchy on the Outside - Soft in the Middle
  • 46. The Solution in the IT World • Your desktop has flaws so you add security software: – Patches – Personal Firewalls (like ZoneAlarm) – Anti-Virus Software – Encryption (VPN Client or PGP) • This is a good idea for PCs in the control system… • But you can’t add software to your DCS, PLC or RTU • The Result? Your receptionist’s PC is probably much better protected than the average PLC or RTU
  • 47. Distributed Security Appliances • Add hardware instead - a security appliance designed to be placed in front of control devices (such as PLC, DCS, RTU etc). • User-configured firewall rules permit only the minimum network traffic required for correct plant operation • Complement security measures implemented by IT • Address the unique requirements of the plant network
  • 48. ANSI/ISA-99: Dividing Up The Control System • A core concept in the new ANSI/ISA-99 security standard is “Zones and Conduits” • Offers a level of segmentation and traffic control inside the control system. • Control networks divided into layers or zones based on control function. • Multiple separated zones help to provide “defense in depth”.
  • 49. Security Zone Definition • “Security zone: grouping of logical or physical assets that share common security requirements”. [ANSI/ISA- 99.01.01–2007- 3.2.116] – A zone has a clearly defined border (either logical or physical), which is the boundary between included and excluded elements. HMI Zone PLC Zone
  • 50. Conduits • A conduit is a path for the flow of data between two zones. – can provide the security functions that allow different zones to communicate securely. – Any communications between zone must have a conduit. HMI Zone PLC Zone Conduit
  • 51. Protecting the Network with Zones and Conduits • A firewall in each conduit will allow only the MINIMUM network traffic necessary for correct plant operation HMI Zone PLC Zone Firewall
  • 54. Adding the Controlled Conduits Points
  • 55. The Tofino™ Industrial Security Solution – What is it? • It is a distributed security solution managed from a central location. • Flexible architecture allows you to create security zones throughout your control network to protect critical system components. (ANSI/ISA-99 standards) • Monitoring and management are easy using one centralized software program.
  • 57. • These are the devices that physically connect to the 802.3 Ethernet and provide Zone Level Security™ for other devices the IT firewall cannot protect The Tofino Security Appliance is the hardware component of the system Tofino Security Appliance Authorized SECURE ZONE Unauthorized
  • 58. • Configure, manage and monitor all your Tofino Security Appliances from one workstation The Central Management Platform (CMP) is the centralized software program
  • 59. Fast Deployment using Tofino™ CMP • Map your network • Drag and drop talkers and protocols to create rules • Test • Deploy & manage
  • 60. Intuitive Rule Editor Preconfigured to block known device flaws Globally control specific types of communications Create a list of devices that can “talk” to a protected device using allowed protocols
  • 61. • Tofino™ operates in three modes: – PASSIVE - all traffic allowed, logging off – TEST – all traffic allowed; logging on – OPERATIONAL – firewall rules applied • When operational, Tofino™ will drop any traffic for which there is no ‘allow’ rule. • Test mode allows all traffic, but reports traffic that would have been dropped if operational – Critical to ensuring that all required traffic has a corresponding rule to permit it Process-Friendly Test Mode
  • 62. Tofino Loadable Security Modules are licensed to each Tofino Security Appliance based on the needs in that security zone • Downloaded into each Tofino Security Appliance (Tofino SA) via the CMP the LSMs offer customizable security functions depending on the zone-by-zone requirements of the control system.
  • 63. • The SAM LSM is a sentry that identifies and reports the devices that communicate through the Tofino SA to the protected devices in the security zone. This builds a useful model of the network upon Tofino SA start up. • After system commissioning, the SAM LSM continues to scan for new devices and reports these to the CMP as a potential security threat Describing the Tofino™ Secure Asset Management LSM quickly
  • 64. • When incoming communications arrive at the Tofino SA the Tofino™ Firewall LSM traffic cop determines if the communication traffic can pass into the security zone • This determination is based on a set of rules easily created by the control engineer in Tofino CMP Describing the Tofino™ Firewall LSM quickly Tofino™ Firewall LSM Authorized Protected Controller Unauthorized
  • 65. • On a Modbus network traffic that passes the Firewall can have its “luggage searched” by the border guard • The Tofino™ Modbus TCP Enforcer LSM analyzes each packet based on a defined list of allowed Modbus commands, registers, coils and standards • Unlawful traffic is blocked and reported to the CMP Describing the Tofino™ Modbus TCP Enforcer LSM quickly Tofino™ Modbus TCP Enforcer Modbus Master Modbus Slave
  • 66. • OPC servers cannot be protected by traditional firewalls because they create data connections using a wide range of TCP port numbers that cannot be determined in advance • OPC Enforcer is a ‘gatekeeper’ that tracks OPC data connections as they are created and opens only the minimum required ports in the firewall for authorized clients Describing the Tofino™ OPC Enforcer LSM quickly
  • 67. • The Event Logger LSM records Tofino security alarm reports – Tofino SA’s with this LSM can report alarms directly to a syslog server (no CMP required) AND buffer/resend them if the connection to the server is interrupted/restored – Alarms can also be stored on the Tofino SA, then later offloaded via USB memory stick or CMP Describing the Tofino™ Event Logger LSM quickly
  • 68. • This simple to set up LSM creates secure tunnels between Tofino Security Appliances; between Tofino and PCs; and between Tofino and supported third-party devices • It is designed for the control network, not the home or office network, and works hand-in-hand with other LSMs Describing the Tofino™ VPN LSM quickly VPN Tunnel Remote Client Main Facility Eavesdroppers Internet
  • 69. DEMO

Editor's Notes

  1. HIPS Protectors supports multiple platformsWindows NT 4 SP6a, 2000, XP(e), Server 2003, Windows Server 2008/Windows Vista, Win 7Solaris 7-10UTMs provide: Secure remote access Secure network segmentation such as historians in DMZ