Upload
trinhkhanh
View
222
Download
6
Embed Size (px)
Citation preview
SANS Process Control & SCADA Security Summit 2009
Control System Cyber Incident Handling:
A Law Enforcement Perspective
Panelists: Mr. Jeff Morgan, FBI Mr. Jeff Morgan, FBI
Cpl. Darren Sabourin, RCMPCpl. Darren Sabourin, RCMPSSA Susan Ferensic, FBISSA Susan Ferensic, FBI
Moderator: Mark Fabro, Lofty PerchMark Fabro, Lofty Perch
2SANS Process Control & SCADA Security Summit 2009
Introductions
Jeff Morgan, FBIJeff Morgan, FBIProcess Control Systems Analyst, Cyber DivisionProcess Control Systems Analyst, Cyber Division
Darren Sabourin, RCMPDarren Sabourin, RCMPCorporal, Corporal, RCMP Technological Crime UnitRCMP Technological Crime Unit
Susan Ferensic, FBISusan Ferensic, FBISupervisory Special Agent, Cyber Division, Supervisory Special Agent, Cyber Division, SCADA Program ManagerSCADA Program Manager
3SANS Process Control & SCADA Security Summit 2009
FBI
• FBI's cyber mission focuses foremost on serious computer intrusions.
• Trained cyber squads at all 56 field offices and FBI Headquarters.
• Dedicated analysts focused on Process Control / SCADA (PCS) issues and USG collaboration.
• Cyber Action Teams trained in PCS issues and ready to respond.
• Outreach efforts to PCS owners / operators.
4SANS Process Control & SCADA Security Summit 2009
RCMP• Eight (8) Integrated Technological Crime Units (TCU) across Canada
– Technological Crime Branch in Ottawa. • Mandate is extensive
– Computer/Network Intrusions, Computer Forensics, Internet-based Investigations, Mobile/Embedded Device Examination.
• Dedicated positions in each TCU to Critical Information Infrastructure Protection
– Training/investigational support to areas such as Botnets and SCADA/Control Systems.
• Align strategies with Public Safety Canada's "National Strategy and Action Plan for Critical Infrastructure".
– Document scheduled for release in Mar/2009. • October, 2008 SCADA Security Workshop
– Bringing together Private-Sector owner/operators and Government– Learn about Control System Cyber Security and the importance of partnerships
and information-sharing. • Work closely with other National departments and International Law
Enforcement.
5SANS Process Control & SCADA Security Summit 2009
Emerging Issues
• The changing landscape– Trending– Chatter– National efforts
• Working with the public• Working with the legal system• Finding the resources/talent
6SANS Process Control & SCADA Security Summit 2009
Observations From the Field
• Lessons from outreach efforts• What investigators can/should expect• What asset owners can expect• Public perceptions of LE actions• Applying current methods to SCADA/ICS
7SANS Process Control & SCADA Security Summit 2009
Research Initiatives – What can be done to help?
• What is needed by L.E. to bring response capability closer to the crime– Incident handling– Forensics
• OS vendor cooperation• ICS vendor cooperation
– Bag and tag – how does it differ with ICS?
8SANS Process Control & SCADA Security Summit 2009
Open Discussion