Upload
vanngoc
View
213
Download
0
Embed Size (px)
Citation preview
Sven Grone – Critical Controls Solutions Consultant
Presenting on behalf of
Glen Bounds Global Modernization Consultant
Are you prepared to be next?
Invensys Cyber Security
Agenda
• Cyber Security Defined
• Industrial Network Overview
• Industrial Network Security Challenges
• Defense In Depth Solutions
• Industry Leading Network Security Solutions
• Best of Breed System Security & Monitoring Solutions
• Security Focused Implementations
Slide 4
Cyber Security Defined
•The ability to control and preventunauthorized external or internalaccess to critical infrastructuresystems
– Why it’s important
• Increases (plant) safety
• Reduces down time
• Compliance to internal &country-specific regulations
• Protection of intellectualproperty
Slide 5
ICS/SCADA vulnerabilities have increasedmore than 600% since 2010!
Cyber-Espionage malware program stealssensitive documents from government for 5YEARS before being discovered!
Power company targeted by approximately10,000 cyber attacks per month!
Software Defined Radio (SDR) wirelesshack targets proprietary SCADA wirelesstechnology.
NSS Labs Vulnerability Report - 2013
Slide 6
Why Care?
CLIENTS
THREATS
INVENSYS
Mitigate business interruptionManage business risk
More frequentMore hostile
Vulnerabilities in offeringsProtect against legal action
Still......• Never happened to our company• Our networks are isolated• Not my Responsibility• Don’t see the benefit• Additional security hinders process• Does not increase revenue• There are more important issues...Sound familiar?
Slide 7
Evolution of Threats• Nature of threats diversifying
– Targeted - destructive
– Stealth - data gathering & IP theft
– Time delayed
– Hardware control vs. software corruption
– Communities of hackers (e.g. Anonymous)
• Motivation changing– State sponsored espionage
– Politically driven
– Corporate competition
– Disgruntled employees
– Criminal
• Not just external (malicious) attack– Unintentional introduction (USB, contactor Laptop)
– Covert hardware vulnerabilities
– Obsolete operating system vulnerabilities
• Threats evolving at pace of technology!
Slide 8
Priorities for Cyber Security
Availability
Traditional IT
Availability
Automation
There is a need to strike a balance between competing goals. The rightquestion is “What’s the appropriate amount of security?”
Slide 9
Industrial Network SecurityChallenges
• Increased Complexity and Connectivity• Corporate Access, Remote Access
Wireless, PCs, TCP/IP
• Evolving Threat Landscape
• Advanced Persistent Threat Attacks (APT)
• Stuxnet, Duqu, Flame, Gauss, Shamoon, ???
• Malware (Drive-by Exploits)
• Cloud-based Solutions
• Insider Threat
• Social Engineering
Slide 11
Defense In Depth Solutions• Industry Leading Network Security Solutions
• Juniper, Enterasys, Cisco, Ultra Electronics
• Best of Breed System Security and Monitoring Solutions
• McAfee, Symantec, Orion Solarwinds, Enterasys NETSIGHT
• Established Software & Hardware Vendors
• Microsoft, Dell, HP
• Experienced and Certified Security Consultants with 3rd partycertified credentials - CISSP, CCIE, Network+, Security+, ITIL
Slide 12
Industry Leading Network SecuritySolutions
• Juniper SRX and SSG Firewalls with Integrated IPS
Enterasys & Cisco Switches providing Edge to Core and Industrialconnectivity
Ultra Electronics Industrial Grade Wireless
Slide 13
Best of Breed System Security &Monitoring Solutions
• McAfee - Endpoint Security Solutions
• Symantec - Backup Solutions
NETSIGHT and Solarwinds - Monitoring Solutions
Slide 14
Security Focused Implementations
• Networking technologyutilized to create logicalsegmentation andredundant connectivity
• Custom Active Directory SecurityConfigurations which include robustlevels of System Lockdown and Auditing
Slide 15
Consulting Service Offerings• Vendor Independent Vulnerability Assessments
• On-Site Network Assessment, Design, Implementation
• Network / System Audit, Hardening, Security Evaluations
• Information Security Program Development / Training
• Change Control and Disaster Recovery Process Design / Review
• Incident / Emergency Response
Slide 16
Security-Enhanced Solutions
Microsoft Patch Management
• Individual assessments and manual updates
Host Endpoint Protection
• Host Intrusion Prevention
• Anti Virus / Anti Spyware
• BIOS Lockdown
Host Backup
• Disaster recovery
• System restoration
Vulnerability Assessments
• System hardening / audit
Local Security Policies
• Access Control
• Account Management
• User Rights Assignments
Microsoft Windows Active Directory
• Centralized system management
• Individual User logons
• Group-based security policies
Microsoft Patch Management
• Centralized distribution
Centralized Endpoint Protection
• Host Intrusion Prevention
• Anti Virus / Anti Spyware
• Device Management (DLP)
Centralized Backup
• Disaster recovery
• System restoration
Network Segmentation
• Network-based AV / AS
• Network-based IPS
• Strict access policies
Centralized monitoring
• System Management
• System Statistics
• System Availability
• Alerting and reporting
IsolatedSystems
NetworkedSystems
Slide 18
Zoned Network SegregationDMZ Edge
Switch
Demilitarized Zone
Secure NetworkGateway + IPS
Any System that requiresaccess to the IT Networkand Zones
Slide 19
1. Designing and building a secure operating
environment is priority #1 at Invensys
2. All products designed with security in mind to comply
with Industry and Corporate Standards
3. Dedicated ICST personnel assigned to each Security
Project
• Backed up by secondary team members
• Proven / certified expertise
• Domain knowledge
• Immediate response
“Safety and Cyber Security are job one at Invensys”Mike Caliel - President & CEO Invensys Operations Management
Slide 21
The Top 5 Cyber Security Questions
Questions for CEOs
How is our executive leadership informed about the current level and businessimpact of cyber risks to our company?
What is the current level and business impact of cyber risks to our company? Whatis our plan to address identified risks?
How does our cyber security program apply industry standards and best practices?
How many and what types of cyber incidents do we detect in a normal week? Whatis the threshold for notifying our executive leadership?
How comprehensive is our cyber incident response plan? How often is it tested?
Slide 22
Wrap Up!
1. Cyber threats are a reality – not if, but when
2. Types of threats are evolving, access vectors expanding - simpleisolation not adequate defense
3. Risk depends on many factors and needs to assessed, withappropriate protection put in place
4. Threats are evolving at the pace of technology – system hardwareand software currency and management is key
5. Defense in Depth strategy is the bare minimum needed toestablish a base for Cyber Security
6. Additional security layers are needed (hardware, software, people,practices)
7. Cyber security is a journey not a destination – has to be managedover lifecycle of asset
Slide 24
© Invensys 00/00/00
THANK YOUTHANK YOU
Critical Controls Solutions Consultant
Sven Grone