SlideShare a Scribd company logo

Defending Industrial Control Systems

Mountain States Engineering and Controls
Mountain States Engineering and Controls

This document outlines seven strategies that can be implemented to defend industrial control systems (ICSs) against cyber intrusions: 1) application whitelisting, 2) proper configuration/patch management, 3) reducing attack surface area, 4) building a defendable environment through network segmentation, 5) managing authentication securely, 6) implementing secure remote access, and 7) monitoring networks and having an incident response plan. The document estimates that implementing these strategies could have prevented 98% of incidents responded to by ICS-CERT in 2014-2015. It concludes that a layered defense approach is needed to protect internal systems and components.

Technology
1 of 7
Download to read offline
1 INTRODUCTION Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it’s not a matter of if an intrusion will take place, but when. In Fiscal Year (FY) 2015, 295 incidents were reported to ICS-CERT, and many more went unreported or undetected. The capabilities of our adversaries have been demonstrated and cyber incidents are increasing in frequency and complexity. Simply building a network with a hardened perimeter is no longer adequate. Securing ICSs against the modern threat requires well-planned and well-implemented strategies that will provide network defense teams a chance to quickly and effectively detect, counter, and expel an adversary. This paper presents seven strategies that can be implemented today to counter common exploitable weaknesses in “as-built” control systems. Seven Strategies to Defend ICSs Figure 1: Percentage of ICS-CERT FY 2014 and FY 2015 Incidents Potentially Mitigated by Each Strategya a. Incidents mitigated by more than one strategy are listed under the strategy ICS-CERT judged as more effective.
2 If system owners had implemented the strategies outlined in this paper, 98 percent of incidents ICS-CERT responded to in FY 2014 and FY 2015 would have been prevented. The remaining 2 percent could have been identified with increased monitoring and a robust incident response. THE SEVEN STRATEGIES 1. IMPLEMENT APPLICATION WHITELISTING Application Whitelisting (AWL) can detect and prevent attempted execution of malware uploaded by adversaries. The static nature of some systems, such as database servers and human-machine interface (HMI) computers, make these ideal candidates to run AWL. Operators are encouraged to work with their vendors to baseline and calibrate AWL deployments. Example: ICS-CERT recently responded to an incident where the victim had to rebuild the network from scratch at great expense. A particular malware compromised over 80 percent of its assets. Antivirus software was ineffective; the malware had a 0 percent detection rate on VirusTotal. AWL would have provided notification and blocked the malware execution. 2. ENSURE PROPER CONFIGURATION/PATCH MANAGEMENT Adversaries target unpatched systems. A configuration/patch management program centered on the safe importation and implementation of trusted patches will help keep control systems more secure. Such a program will start with an accurate baseline and asset inventory to track what patches are needed. It will prioritize patching and configuration management of “PC-architecture” machines used in HMI, database server, and engineering workstation roles, as current adversaries have significant cyber capabilities against these. Infected laptops are a significant malware vector. Such a program will limit connection of external laptops to the control network and preferably supply vendors with known-good company laptops. The program will also encourage initial installation of any updates onto a test system that includes malware detection features before the updates are installed on operational systems. Example: ICS-CERT responded to a Stuxnet infection at a power generation facility. The root cause of the infection was a vendor laptop. Use best practices when downloading software and patches destined for your control network. Take measures to avoid “watering hole” attacks. Use a web Domain Name System (DNS) reputation system. Get updates from authenticated vendor sites. Validate the authenticity of
3 downloads. Insist that vendors digitally sign updates, and/or publish hashes via an out-of-bound communications path, and use these to authenticate. Don’t load updates from unverified sources. Example: HAVEX spread by infecting patches. With an out-of-band communication path for patch hashes, such as a blast email, users could have validated that the patches were not authentic. 3. REDUCE YOUR ATTACK SURFACE AREA Isolate ICS networks from any untrusted networks, especially the Internet.b Lock down all unused ports. Turn off all unused services. Only allow real-time connectivity to external networks if there is a defined business requirement or control function. If one-way communication can accomplish a task, use optical separation (“data diode”). If bidirectional communication is necessary, then use a single open port over a restricted network path. Example: As of 2014, ICS-CERT was aware of 82,000 cases of industrial control systems hardware or software directly accessible from the public Internet. ICS-CERT has encountered numerous cases where direct or nearly direct Internet access enabled a breach. Examples include a US Crime Lab, a Dam, The Sochi Olympic stadium, and numerous water utilities. 4. BUILD A DEFENDABLE ENVIRONMENT Limit damage from network perimeter breaches. Segment networks into logical enclaves and restrict host-to-host communications paths. This can stop adversaries from expanding their access, while letting the normal system communications continue to operate. Enclaving limits possible damage, as compromised systems cannot be used to reach and contaminate systems in other enclaves. Containment provided by enclaving also makes incident cleanup significantly less costly.c b. ICS-ALERT-14-063-01AP, Multiple Reports of Internet Facing Control Systems, ICS-CERT 2015. c. Improving Industrial Control Systems Cybersecurity with Defense in Depth, ICS-CERT 2009.
4 Example: In one ICS-CERT case, a nuclear asset owner failed to scan media entering a Level 3 facility. On exit, the media was scanned, and a virus was detected. Because the asset owner had implemented logical enclaving, only six systems were put at risk and had to be remediated. Had enclaving not been implemented, hundreds of hosts would have needed to be remediated. If one-way data transfer from a secure zone to a less secure zone is required, consider using approved removable media instead of a network connection. If real-time data transfer is required, consider using optical separation technologies. This allows replication of data without putting the control system at risk. Example: In one ICS-CERT case, a pipeline operator had directly connected the corporate network to the control network, because the billing unit had asserted it needed metering data. After being informed of a breach by ICS-CERT, the asset owner removed the connection. It took the billing department 4 days to notice the connection had been lost, clearly demonstrating that real-time data were not needed. 5. MANAGE AUTHENTICATION Adversaries are increasingly focusing on gaining control of legitimate credentials, especially those associated with highly privileged accounts. Compromising these credentials allows adversaries to masquerade as legitimate users, leaving less evidence than exploiting vulnerabilities or executing malware. Implement multi-factor authentication where possible. Reduce privileges to only those needed for a user’s duties. If passwords are necessary, implement secure password policies stressing length over complexity. For all accounts, including system and non-interactive accounts, ensure credentials are unique, and change all passwords at least every 90 days. Require separate credentials for corporate and control network zones and store these in separate trust stores. Never share Active Directory, RSA ACE servers, or other trust stores between corporate and control networks. Example: One US Government agency used the same password across the environment for local administrator accounts. This allowed an adversary to easily move laterally across all systems.
5 6. IMPLEMENT SECURE REMOTE ACCESS Some adversaries are effective at gaining remote access into control systems, finding obscure access vectors, even “hidden back doors” intentionally created by system operators. Remove such accesses wherever possible, especially modems as these are fundamentally insecure. Limit any accesses that remain. Where possible, implement “monitoring only” access enforced by data diodes, and do not rely on “read only” access enforced by software configurations or permissions. Do not allow remote persistent vendor connections into the control network. Require any remote access be operator controlled, time limited, and procedurally similar to “lock out, tag out.” Use the same remote access paths for vendor and employee connections; don’t allow double standards. Use two-factor authentication if possible, avoiding schemes where both tokens are similar types and can be easily stolen (e.g., password and soft certificate). Example: Following these guidelines would have prevented the BlackEnergy intrusions. BlackEnergy required communications paths for initial compromise, installation and “plug in” installation. 7. MONITOR AND RESPOND Defending a network against modern threats requires actively monitoring for adversarial penetration and quickly executing a prepared response. Consider establishing monitoring programs in the following five key places: 1) Watch IP traffic on ICS boundaries for abnormal or suspicious communications. 2) Monitor IP traffic within the control network for malicious connections or content. 3) Use host-based products to detect malicious software and attack attempts. 4) Use login analysis (time and place for example) to detect stolen credential usage or improper access, verifying all anomalies with quick phone calls. 5) Watch account/user administration actions to detect access control manipulation. Have a response plan for when adversarial activity is detected. Such a plan may include disconnecting all Internet connections, running a properly scoped search for malware, disabling affected user accounts, isolating suspect systems, and an immediate 100 percent password reset. Such a plan may also define escalation triggers and actions, including incident response, investigation, and public affairs activities. Have a restoration plan, including having “gold disks” ready to restore systems to known good states.
6 Example: Attackers render Windows®d based devices in a control network inoperative by wiping hard drive contents. Recent attacks against Saudi Aramco™e and Sony Pictures demonstrate that quick restoration of such computers is key to restoring an attacked network to an operational state. CONCLUSION Defense against the modern threat requires applying measures to protect not only the perimeter but also the interior. While no system is 100 percent secure, implementing the seven key strategies discussed in this paper can greatly improve the security posture of ICSs. DISCLAIMER The information and opinions contained in this document are provided “as is” and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes. ACKNOWLEDGMENT This document “Seven Steps to Effectively Defend Industrial Control Systems” was written in collaboration, with contributions from subject matter experts working at the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA). d. Windows® is a registered trademark of Microsoft Corp. e. Saudi Aramco™ is an unregistered trademark of Saudi Arabian Oil Company.
7 CONTACT INFORMATION POC Phone e-Mail Department of Homeland Security ICS-CERT 877-776-7585 ICS-CERT@HQ.DHS.GOV Federal Bureau of Investigation Cyber Division - CyWatch 855-292-3937 CyWatch@ic.fbi.gov National Security Agency (Industry) Industry Inquiries 410-854-6091 bao@nsa.gov National Security Agency (Government) IAD Client Contact Center 410-854-4200 IAD CCC@nsa.gov

Recommended

CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
Cheatsheet for your cloud project
Cheatsheet for your cloud projectCheatsheet for your cloud project
Cheatsheet for your cloud projectPetteri Heino
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the CloudNetStandard
 
TACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentTACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentSaikat Chaudhuri
 
Industrial cyber threat landscape
Industrial cyber threat landscapeIndustrial cyber threat landscape
Industrial cyber threat landscapebayshorenet
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Euro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesEuro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesMiguel Ponce de Leon @ TSSG / Waterford Institute of Technology
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
 

Recommended

CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
Cheatsheet for your cloud project
Cheatsheet for your cloud projectCheatsheet for your cloud project
Cheatsheet for your cloud projectPetteri Heino
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the CloudNetStandard
 
TACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentTACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentSaikat Chaudhuri
 
Industrial cyber threat landscape
Industrial cyber threat landscapeIndustrial cyber threat landscape
Industrial cyber threat landscapebayshorenet
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Euro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesEuro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesMiguel Ponce de Leon @ TSSG / Waterford Institute of Technology
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability AssesmentDedi Dwianto
 
Network Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionNetwork Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionPramod M Mithyantha
 
RSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackRSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackDan Gunter
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagramSyed Ubaid Ali Jafri
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...John M. Willis
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
Web-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey GordeychikWeb-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey Gordeychikqqlan
 
2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vmazfayel
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsTom Kopko
 
Piping and Pipeline Accessories - Titan Flow Control, Inc.
Piping and Pipeline Accessories - Titan Flow Control, Inc.Piping and Pipeline Accessories - Titan Flow Control, Inc.
Piping and Pipeline Accessories - Titan Flow Control, Inc.Mountain States Engineering and Controls
 
Compact Clean Steam Generator
Compact Clean Steam GeneratorCompact Clean Steam Generator
Compact Clean Steam GeneratorMountain States Engineering and Controls
 
Titan Flow Controls Series CV-50 Check Valve
Titan Flow Controls Series CV-50 Check ValveTitan Flow Controls Series CV-50 Check Valve
Titan Flow Controls Series CV-50 Check ValvePatrick Bryant
 
Rotor Insertion Flow Meter Technical Information
Rotor Insertion Flow Meter Technical InformationRotor Insertion Flow Meter Technical Information
Rotor Insertion Flow Meter Technical InformationMountain States Engineering and Controls
 
Back pressure valves for industrial process control
Back pressure valves for industrial process controlBack pressure valves for industrial process control
Back pressure valves for industrial process controlMountain States Engineering and Controls
 

More Related Content

What's hot

A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability AssesmentDedi Dwianto
 
Network Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionNetwork Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionPramod M Mithyantha
 
RSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackRSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackDan Gunter
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...John M. Willis
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
Web-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey GordeychikWeb-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey Gordeychikqqlan
 
2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vmazfayel
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsTom Kopko
 

What's hot (17)

A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control Systems
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability Assesment
 
Network Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionNetwork Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure Selection
 
RSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackRSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System Hack
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpoints
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networks
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM Success
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment Experience
 
Web-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey GordeychikWeb-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey Gordeychik
 
2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security Teams
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility Solutions
 

Viewers also liked

Titan Flow Controls Series CV-50 Check Valve
Titan Flow Controls Series CV-50 Check ValveTitan Flow Controls Series CV-50 Check Valve
Titan Flow Controls Series CV-50 Check ValvePatrick Bryant
 
3 A Papermachine Steam Systems Part1
3 A Papermachine Steam Systems Part13 A Papermachine Steam Systems Part1
3 A Papermachine Steam Systems Part1Nhan Vo Trong
 

Viewers also liked (18)

Piping and Pipeline Accessories - Titan Flow Control, Inc.
Piping and Pipeline Accessories - Titan Flow Control, Inc.Piping and Pipeline Accessories - Titan Flow Control, Inc.
Piping and Pipeline Accessories - Titan Flow Control, Inc.
 
Compact Clean Steam Generator
Compact Clean Steam GeneratorCompact Clean Steam Generator
Compact Clean Steam Generator
 
Titan Flow Controls Series CV-50 Check Valve
Titan Flow Controls Series CV-50 Check ValveTitan Flow Controls Series CV-50 Check Valve
Titan Flow Controls Series CV-50 Check Valve
 
Rotor Insertion Flow Meter Technical Information
Rotor Insertion Flow Meter Technical InformationRotor Insertion Flow Meter Technical Information
Rotor Insertion Flow Meter Technical Information
 
Back pressure valves for industrial process control
Back pressure valves for industrial process controlBack pressure valves for industrial process control
Back pressure valves for industrial process control
 
Sliding Gate Valve With Variable Orifice
Sliding Gate Valve With Variable OrificeSliding Gate Valve With Variable Orifice
Sliding Gate Valve With Variable Orifice
 
Methods of Detecting Water Level in Steam Boilers
Methods of Detecting Water Level in Steam BoilersMethods of Detecting Water Level in Steam Boilers
Methods of Detecting Water Level in Steam Boilers
 
Heat Exchange Fundamentals for Shell and Tube Units
Heat Exchange Fundamentals for Shell and Tube UnitsHeat Exchange Fundamentals for Shell and Tube Units
Heat Exchange Fundamentals for Shell and Tube Units
 
Super high efficiency coalescing filters for compressed air and gas
Super high efficiency coalescing filters for compressed air and gasSuper high efficiency coalescing filters for compressed air and gas
Super high efficiency coalescing filters for compressed air and gas
 
Fluoroseal Sleeved Plug Valves
Fluoroseal Sleeved Plug ValvesFluoroseal Sleeved Plug Valves
Fluoroseal Sleeved Plug Valves
 
Kunkle Safety and Relief Valves Technical Reference
Kunkle Safety and Relief Valves Technical ReferenceKunkle Safety and Relief Valves Technical Reference
Kunkle Safety and Relief Valves Technical Reference
 
BTU Metering Device For Process or Commercial Tenant
BTU Metering Device For Process or Commercial TenantBTU Metering Device For Process or Commercial Tenant
BTU Metering Device For Process or Commercial Tenant
 
Crane FKX 9000 Triple Offset Butterfly Valves
Crane FKX 9000 Triple Offset Butterfly ValvesCrane FKX 9000 Triple Offset Butterfly Valves
Crane FKX 9000 Triple Offset Butterfly Valves
 
OMB Valves USA Product Line Overview
OMB Valves USA Product Line OverviewOMB Valves USA Product Line Overview
OMB Valves USA Product Line Overview
 
Condensate Pumps for industrial steam systems
Condensate Pumps for industrial steam systemsCondensate Pumps for industrial steam systems
Condensate Pumps for industrial steam systems
 
Pressure regulator valves for industrial process control
Pressure regulator valves for industrial process controlPressure regulator valves for industrial process control
Pressure regulator valves for industrial process control
 
Wellhead Valves Technical Data
Wellhead Valves Technical DataWellhead Valves Technical Data
Wellhead Valves Technical Data
 
3 A Papermachine Steam Systems Part1
3 A Papermachine Steam Systems Part13 A Papermachine Steam Systems Part1
3 A Papermachine Steam Systems Part1
 

Similar to Defending Industrial Control Systems

AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solutionSchneider Electric India
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesKrishna Chennareddy
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat managementRajendra Menon
 
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Editor IJCATR
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
 
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMINTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMIRJET Journal
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIOSR Journals
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guideAndy Kwong
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 

Similar to Defending Industrial Control Systems (20)

Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for Utilities
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat management
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
 
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...
 
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMINTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEM
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 
A017130104
A017130104A017130104
A017130104
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guide
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdf
 

More from Mountain States Engineering and Controls

More from Mountain States Engineering and Controls (20)

Design of Fluid Systems - Steam Utilization
Design of Fluid Systems - Steam UtilizationDesign of Fluid Systems - Steam Utilization
Design of Fluid Systems - Steam Utilization
 
Valves Used in Mining Operations
Valves Used in Mining OperationsValves Used in Mining Operations
Valves Used in Mining Operations
 
Regenerative Turbine Chemical Process Pumps
Regenerative Turbine Chemical Process PumpsRegenerative Turbine Chemical Process Pumps
Regenerative Turbine Chemical Process Pumps
 
Dual Snap Pressure, Temperature and Flow Switches
Dual Snap Pressure, Temperature and Flow SwitchesDual Snap Pressure, Temperature and Flow Switches
Dual Snap Pressure, Temperature and Flow Switches
 
Piston Isolation Valves For Steam and Condensate
Piston Isolation Valves For Steam and CondensatePiston Isolation Valves For Steam and Condensate
Piston Isolation Valves For Steam and Condensate
 
Hydrostatic Pressure Liquid Level Transmitter
Hydrostatic Pressure Liquid Level TransmitterHydrostatic Pressure Liquid Level Transmitter
Hydrostatic Pressure Liquid Level Transmitter
 
Steam Condensate Return Stations
Steam Condensate Return StationsSteam Condensate Return Stations
Steam Condensate Return Stations
 
Breathing Air Purifiers for Commercial and Industrial Use
Breathing Air Purifiers for Commercial and Industrial UseBreathing Air Purifiers for Commercial and Industrial Use
Breathing Air Purifiers for Commercial and Industrial Use
 
Trunnion Mount Ball Valves For Industrial Pipelines
Trunnion Mount Ball Valves For Industrial PipelinesTrunnion Mount Ball Valves For Industrial Pipelines
Trunnion Mount Ball Valves For Industrial Pipelines
 
Thermodynamic Steam Traps for Condensate Removal
Thermodynamic Steam Traps for Condensate RemovalThermodynamic Steam Traps for Condensate Removal
Thermodynamic Steam Traps for Condensate Removal
 
Steam Thermocompressor Technical Information
Steam Thermocompressor Technical InformationSteam Thermocompressor Technical Information
Steam Thermocompressor Technical Information
 
Integrated control valve, sensors, actuator, and controller
Integrated control valve, sensors, actuator, and controllerIntegrated control valve, sensors, actuator, and controller
Integrated control valve, sensors, actuator, and controller
 
Pneumatic Actuators For Industrial Valves
Pneumatic Actuators For Industrial ValvesPneumatic Actuators For Industrial Valves
Pneumatic Actuators For Industrial Valves
 
Natural Gas Dryer for Fueling Station Operations
Natural Gas Dryer for Fueling Station OperationsNatural Gas Dryer for Fueling Station Operations
Natural Gas Dryer for Fueling Station Operations
 
Direct Operated Temperature Regulators
Direct Operated Temperature RegulatorsDirect Operated Temperature Regulators
Direct Operated Temperature Regulators
 
Pneumatic Rack and Pinion Valve Actuators
Pneumatic Rack and Pinion Valve ActuatorsPneumatic Rack and Pinion Valve Actuators
Pneumatic Rack and Pinion Valve Actuators
 
Improved closed loop cooling arrangement
Improved closed loop cooling arrangementImproved closed loop cooling arrangement
Improved closed loop cooling arrangement
 
Three Piece Ball Valves Available With Metal Seats
Three Piece Ball Valves Available With Metal SeatsThree Piece Ball Valves Available With Metal Seats
Three Piece Ball Valves Available With Metal Seats
 
Industrial Linear Electric Actuators for Valves
Industrial Linear Electric Actuators for ValvesIndustrial Linear Electric Actuators for Valves
Industrial Linear Electric Actuators for Valves
 
Trunnion mounted ball valves for industrial applications
Trunnion mounted ball valves for industrial applicationsTrunnion mounted ball valves for industrial applications
Trunnion mounted ball valves for industrial applications
 

Recently uploaded

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 

Recently uploaded (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 

Defending Industrial Control Systems

  • 1. 1 INTRODUCTION Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it’s not a matter of if an intrusion will take place, but when. In Fiscal Year (FY) 2015, 295 incidents were reported to ICS-CERT, and many more went unreported or undetected. The capabilities of our adversaries have been demonstrated and cyber incidents are increasing in frequency and complexity. Simply building a network with a hardened perimeter is no longer adequate. Securing ICSs against the modern threat requires well-planned and well-implemented strategies that will provide network defense teams a chance to quickly and effectively detect, counter, and expel an adversary. This paper presents seven strategies that can be implemented today to counter common exploitable weaknesses in “as-built” control systems. Seven Strategies to Defend ICSs Figure 1: Percentage of ICS-CERT FY 2014 and FY 2015 Incidents Potentially Mitigated by Each Strategya a. Incidents mitigated by more than one strategy are listed under the strategy ICS-CERT judged as more effective.
  • 2. 2 If system owners had implemented the strategies outlined in this paper, 98 percent of incidents ICS-CERT responded to in FY 2014 and FY 2015 would have been prevented. The remaining 2 percent could have been identified with increased monitoring and a robust incident response. THE SEVEN STRATEGIES 1. IMPLEMENT APPLICATION WHITELISTING Application Whitelisting (AWL) can detect and prevent attempted execution of malware uploaded by adversaries. The static nature of some systems, such as database servers and human-machine interface (HMI) computers, make these ideal candidates to run AWL. Operators are encouraged to work with their vendors to baseline and calibrate AWL deployments. Example: ICS-CERT recently responded to an incident where the victim had to rebuild the network from scratch at great expense. A particular malware compromised over 80 percent of its assets. Antivirus software was ineffective; the malware had a 0 percent detection rate on VirusTotal. AWL would have provided notification and blocked the malware execution. 2. ENSURE PROPER CONFIGURATION/PATCH MANAGEMENT Adversaries target unpatched systems. A configuration/patch management program centered on the safe importation and implementation of trusted patches will help keep control systems more secure. Such a program will start with an accurate baseline and asset inventory to track what patches are needed. It will prioritize patching and configuration management of “PC-architecture” machines used in HMI, database server, and engineering workstation roles, as current adversaries have significant cyber capabilities against these. Infected laptops are a significant malware vector. Such a program will limit connection of external laptops to the control network and preferably supply vendors with known-good company laptops. The program will also encourage initial installation of any updates onto a test system that includes malware detection features before the updates are installed on operational systems. Example: ICS-CERT responded to a Stuxnet infection at a power generation facility. The root cause of the infection was a vendor laptop. Use best practices when downloading software and patches destined for your control network. Take measures to avoid “watering hole” attacks. Use a web Domain Name System (DNS) reputation system. Get updates from authenticated vendor sites. Validate the authenticity of
  • 3. 3 downloads. Insist that vendors digitally sign updates, and/or publish hashes via an out-of-bound communications path, and use these to authenticate. Don’t load updates from unverified sources. Example: HAVEX spread by infecting patches. With an out-of-band communication path for patch hashes, such as a blast email, users could have validated that the patches were not authentic. 3. REDUCE YOUR ATTACK SURFACE AREA Isolate ICS networks from any untrusted networks, especially the Internet.b Lock down all unused ports. Turn off all unused services. Only allow real-time connectivity to external networks if there is a defined business requirement or control function. If one-way communication can accomplish a task, use optical separation (“data diode”). If bidirectional communication is necessary, then use a single open port over a restricted network path. Example: As of 2014, ICS-CERT was aware of 82,000 cases of industrial control systems hardware or software directly accessible from the public Internet. ICS-CERT has encountered numerous cases where direct or nearly direct Internet access enabled a breach. Examples include a US Crime Lab, a Dam, The Sochi Olympic stadium, and numerous water utilities. 4. BUILD A DEFENDABLE ENVIRONMENT Limit damage from network perimeter breaches. Segment networks into logical enclaves and restrict host-to-host communications paths. This can stop adversaries from expanding their access, while letting the normal system communications continue to operate. Enclaving limits possible damage, as compromised systems cannot be used to reach and contaminate systems in other enclaves. Containment provided by enclaving also makes incident cleanup significantly less costly.c b. ICS-ALERT-14-063-01AP, Multiple Reports of Internet Facing Control Systems, ICS-CERT 2015. c. Improving Industrial Control Systems Cybersecurity with Defense in Depth, ICS-CERT 2009.
  • 4. 4 Example: In one ICS-CERT case, a nuclear asset owner failed to scan media entering a Level 3 facility. On exit, the media was scanned, and a virus was detected. Because the asset owner had implemented logical enclaving, only six systems were put at risk and had to be remediated. Had enclaving not been implemented, hundreds of hosts would have needed to be remediated. If one-way data transfer from a secure zone to a less secure zone is required, consider using approved removable media instead of a network connection. If real-time data transfer is required, consider using optical separation technologies. This allows replication of data without putting the control system at risk. Example: In one ICS-CERT case, a pipeline operator had directly connected the corporate network to the control network, because the billing unit had asserted it needed metering data. After being informed of a breach by ICS-CERT, the asset owner removed the connection. It took the billing department 4 days to notice the connection had been lost, clearly demonstrating that real-time data were not needed. 5. MANAGE AUTHENTICATION Adversaries are increasingly focusing on gaining control of legitimate credentials, especially those associated with highly privileged accounts. Compromising these credentials allows adversaries to masquerade as legitimate users, leaving less evidence than exploiting vulnerabilities or executing malware. Implement multi-factor authentication where possible. Reduce privileges to only those needed for a user’s duties. If passwords are necessary, implement secure password policies stressing length over complexity. For all accounts, including system and non-interactive accounts, ensure credentials are unique, and change all passwords at least every 90 days. Require separate credentials for corporate and control network zones and store these in separate trust stores. Never share Active Directory, RSA ACE servers, or other trust stores between corporate and control networks. Example: One US Government agency used the same password across the environment for local administrator accounts. This allowed an adversary to easily move laterally across all systems.
  • 5. 5 6. IMPLEMENT SECURE REMOTE ACCESS Some adversaries are effective at gaining remote access into control systems, finding obscure access vectors, even “hidden back doors” intentionally created by system operators. Remove such accesses wherever possible, especially modems as these are fundamentally insecure. Limit any accesses that remain. Where possible, implement “monitoring only” access enforced by data diodes, and do not rely on “read only” access enforced by software configurations or permissions. Do not allow remote persistent vendor connections into the control network. Require any remote access be operator controlled, time limited, and procedurally similar to “lock out, tag out.” Use the same remote access paths for vendor and employee connections; don’t allow double standards. Use two-factor authentication if possible, avoiding schemes where both tokens are similar types and can be easily stolen (e.g., password and soft certificate). Example: Following these guidelines would have prevented the BlackEnergy intrusions. BlackEnergy required communications paths for initial compromise, installation and “plug in” installation. 7. MONITOR AND RESPOND Defending a network against modern threats requires actively monitoring for adversarial penetration and quickly executing a prepared response. Consider establishing monitoring programs in the following five key places: 1) Watch IP traffic on ICS boundaries for abnormal or suspicious communications. 2) Monitor IP traffic within the control network for malicious connections or content. 3) Use host-based products to detect malicious software and attack attempts. 4) Use login analysis (time and place for example) to detect stolen credential usage or improper access, verifying all anomalies with quick phone calls. 5) Watch account/user administration actions to detect access control manipulation. Have a response plan for when adversarial activity is detected. Such a plan may include disconnecting all Internet connections, running a properly scoped search for malware, disabling affected user accounts, isolating suspect systems, and an immediate 100 percent password reset. Such a plan may also define escalation triggers and actions, including incident response, investigation, and public affairs activities. Have a restoration plan, including having “gold disks” ready to restore systems to known good states.
  • 6. 6 Example: Attackers render Windows®d based devices in a control network inoperative by wiping hard drive contents. Recent attacks against Saudi Aramco™e and Sony Pictures demonstrate that quick restoration of such computers is key to restoring an attacked network to an operational state. CONCLUSION Defense against the modern threat requires applying measures to protect not only the perimeter but also the interior. While no system is 100 percent secure, implementing the seven key strategies discussed in this paper can greatly improve the security posture of ICSs. DISCLAIMER The information and opinions contained in this document are provided “as is” and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes. ACKNOWLEDGMENT This document “Seven Steps to Effectively Defend Industrial Control Systems” was written in collaboration, with contributions from subject matter experts working at the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA). d. Windows® is a registered trademark of Microsoft Corp. e. Saudi Aramco™ is an unregistered trademark of Saudi Arabian Oil Company.
  • 7. 7 CONTACT INFORMATION POC Phone e-Mail Department of Homeland Security ICS-CERT 877-776-7585 ICS-CERT@HQ.DHS.GOV Federal Bureau of Investigation Cyber Division - CyWatch 855-292-3937 CyWatch@ic.fbi.gov National Security Agency (Industry) Industry Inquiries 410-854-6091 bao@nsa.gov National Security Agency (Government) IAD Client Contact Center 410-854-4200 IAD CCC@nsa.gov