View
187
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Título da Palestra: O Estado atual da segurança cibernética industrial na Colômbia
Citation preview
Ing. Diego BernalIDENTIAN [email protected]
CYBERSECURITY STATUS IN COLOMBIA
Agenda
CIBERSECURITY IN COLOMBIA
• Risks
• Challenges
• Tendencies in Cibersecurity
• Strategies
• Models
• CIBERSEGURY´S ROADMAP
• CONCLUSIONS
Objectives and benefitsFraud, cyber-security, solutions
Cybersecurity framework in Colombia
Ludolf Luehmann, Gerente de Tecnología de Shellasegura que tanto su compañía como otras del sector, estánexperimentando una ¨nueva dimensión¨ de ataques quepodrían poner la maquinaria física en riesgo.
¨Si alguien logra entrar a un área en la que puede controlar laapertura o el cierre de válvulas, pueden imaginar lo quesucederá…costará vidas, dinero y producción, causará incendiosy la pérdida del control de los daños al medio ambiente. Ladestrucción podría ser enorme, enorme¨
BBC News, Diciembre 2011
The Economist
REPRESENTATIVE ATACKS
The average annual cost of a security in 2013 incident was 5.9 million dollars for the services sector and energy was 19,78
million dollars.
Ponemon Institute, Agosto 2011
SCADA
CRITICAL INFRAESTRUCTURES IN COLOMBIA
CRITICAL INFRAESTRUCTURES IN COLOMBIA
ACTUAL VIEW
RISKS IN CRITICAL INFRAESTRUCTURES IN COLOMBIA
Overconfidence in security due to ignorance in Industrial technology, large visibility.
Interconnection of SCADA systems with corporate networks
Use of multiple technologies and solutions of general purpose
Generalization and expansion of the use of monitoring and control systems
Configurations by default in technologies critical operation
Architectures of CONTROL without safety network
The possibilities of attacks increase
Inappropriate uses of components
Lock/intercept/counterfeiting of industrial communications
Computer virus or malware (SCADA)
STUXNET, FLAME, DUQU.
Internal attack: sabotage and espionage
Unautorized Access Operational mistakes
IC/HMI/SCADA ATACKS
LAWS
World Wide & USA
• Creation of a CERT or CSIRT (USCERT, PerCert, ArCert, CRISIS, CTIR-GOV, CCIRC, CERTUy, VenCERT) 55 National CERT by U. Carnegie Mellon
• IC Protection and sovereignty (Cibersecurity´s Strategies, DHS CIP, Germany, Australia, Canada, Latvia, France)
CriticalInfraestructure
•NERC CIP•ISA SP99•Others (AGA 12, API 1164, ISO 17799/27001/15408, NIST PCSRF, HIPAA, FIPS, IEC 62351, IEEE 1402-2000, ANSI Homeland Security Department.)
Colombia
• OEA CICTE (May 2011)
• COMPES (3701 Julio 14 de 2011)
• LAWS AND REGULATIONS of Security Systems (527 Electrónic commerce, 599 penal, 962 Transactions, 1150 transparency, 1273 Data and Information Security, 1341 Creation of the NationalAgency of new technologies Min TIC , 2258 Regulation of Comunications, Circular 052)
SUPORT INSTITUTIONS
COORDINATION MODEL
SUPPORT INSTITUTIONS: GOVERMENT THE MOST EVOLVEDSECTOR ENERGY
COLOMBIA PROTECTS IT SELF?. COLCERT
CIBERSECURITY´S MAINLINES
PROTECTION DIAGRAM
IPS
Unidades
Generación
Proveedores
Terceros
Outsorcing TIC
Soporte
Replica Históricos,
Servidores Scada, RTU,
DB, Scada WEB, Soporte
Switch Red Control
IDS SCADA
Source Fire
Servidores
PublicosServidores
Corporativos
Matrix
PLANT
Activities in periods of six months
Short Time
Middle
Time
Long Time
1 2 3 4 5 6 7 8 10 11 12 13 14
Training
IDENTIFY CYBER COMPONENTS AND CYBER CRITICAL IC INFRASTRUCTURE
MANAGE RISKS OF IC – SCADA
CONTINUITY STRETEGIES, DRP IC
SECURITY AT ORGANIZATIONAL LEVEL
PHYSICALCAND LOGICAL SECURITY
INFRASTRUCTURE IC´S SECURITY SOLUTIONS
MANAGE IC SECURITY
MANAGING AND MONITORING
CHANGE´S MANAGEMENT, COMUNICATION´S CHANELS
SGSI IC AND SCADA SYSTEMS
APLICATION OF CIBERSECURITY ROADMAP
Energy´sevolution
FUTURE CHALLENGES?
CONCLUSIONS
CONCLUSIONS
CONCLUSIONS
¨Security is, I would say, our number one priority, because all the exciting
things that we can do with computers - organize our lives, keep in touch with the people, be creative - if we do not resolve these security problems, we
will have to stop. ¨ Bill Gates
THANKS
Follow us:@IDENTIAN
Bogotá, Cra. 16 A No. 80-16 Of. 402 / +571 7042400 / +57 315 333 7483 / +57 300 688 1950
7682 Audubon Meadow Way, Alexandria, VA 22306 / +1 703 625 6699
www.identian.co - [email protected]