Post on 08-Jul-2020
IndegyIndustrial Cyber Security
ISA New Orleans Section
Applying the NIST FrameworkFebruary 6, 2018
©2017 Indegy
- Confidential -
1. Introductions2. Indegy Background3. NIST Background and History with ICS4. What is the NIST Cybersecurity Framework?5. How does Indegy Support Implementation of the Framework?6. Wrap-up
Agenda
©2017 Indegy
- Confidential -
Founded2014
CustomersPharma, Energy,
Water, Automotive,Chemicals, F&B…
InvestorsShlomo Kramer
Gen. David Petraeus,Vertex, Magma, Aspect, SBI
Holdings
LocationsHQ – New York
R&D - Israel
Barak PerelmanCo-Founder, CEO
Stratoscale, IDF, Talpiot
Mille GandelsmanCo-Founder, CTO
Stratoscale, IDF, Talpiot
Ido TrivizkiCo-Founder, VP R&DStratoscale, IDF, Talpiot
Dana TamirVP Marketing
Trusteer, Imperva, Symantec
IndegyIndustrial Cyber Security
Gaby KorenVP Americas
Panaya, Radvision, NICE
©2017 Indegy
- Confidential -
Indegy protects againstoperational disruptions
caused by cyber threats, malicious insiders and human error, by
providing visibility and control to industrial networks.
Stuxnet (2010)Destroyed 20% of Iran's nuclear centrifuges
German Steel Plant Cyber Attack (2014)Second physical damage cyber attack reported in history
Dragonfly / BlackEnergy (2014)Over 250 ICS networks (Energy, Pharma, etc.) compromised
New York Water Dam (2015)Iranian hackers managing to get control of the flood gates
Crashoveride / Industroyer (2016)Ukraine Power Grid blackout as an act of Russian aggression
Dragonfly 2.0 / APT targeting Energy and more (2017)Wide range campaign targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors
Major Incidents
©2017 Indegy
Threats to Industrial Control Systems
Cyber Attacks (External Threats)•Targeted attacks•Collateral damage
Malicious Insiders (Insider Threat)
•Disgruntled employees•Compromised IT devices
Human Error and Negligence
•Unintentional mistakes• Unsecure contractor
equipment on site
©2017 Indegy
The risk to ICS Systems
#1Asset Inventory in the priority check list of
gaps in ICS environments (SANS July 2017)
61%of O&G ICS network’s
visibility and security is inadequate
(Security Magazine)
50% of global industrial
companies suffered 1-5 security incidents in
2016(Infosecurity Magazine)
https://www.sans.org/reading-room/whitepapers/analyst/basics-focus-first-cis-critical-security-controls-37537https://www.forbes.com/sites/forbestechcouncil/2017/04/03/cyber-security-risks-to-be-aware-of-in-the-oil-and-gas-industrieshttps://www.infosecurity-magazine.com/news/half-of-ics-firms-suffered/
©2017 Indegy
- Confidential -
ICS Infrastructures are Everywhere
SCADA and HMIControl Center
Water
Power & Energy
Oil & Gas Manufacturing
Transportation
Building Management & Automation
©2017 Indegy
- Confidential -
Low Impact ICS
• Product Examples: Non hazardous materials or products, Non-ingested consumer products
• Industry Examples: Plastic Injection Molding, Warehouse Applications
• Security Concerns: Protecting people, Capital investment, Ensuring uptime
Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf
©2017 Indegy
- Confidential -
Moderate Impact ICS
• Product Examples: Some hazardous products and/or steps during production, High amount of proprietary information
• Industry Examples: Automotive Metal Industries, Pulp & Paper, Semiconductors
• Security Concerns: Protecting people, Trade secrets, Capital investment, Ensuring uptime
Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf
©2017 Indegy
- Confidential -
High Impact ICS
• Product Examples: Critical Infrastructure, Hazardous Materials, Ingested Products
• Industry Examples: Utilities, Petrochemical, Food & Beverage, Pharmaceutical
• Security Concerns: Protecting human life, Ensuring basic social services, Protecting environment
Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf
©2017 Indegy
- Confidential -
Major ICS Security Objectives • Deploy security solution based on potential impact
• Not a one size fits all solution • Continuous monitoring
• Security is not a once and done exercise • Continuously monitor risk• Continuously monitor threats• Continuously monitor and mitigate vulnerabilities
• Continuously monitor system boundaries • Continuously monitor ingress and egress traffic • Continuously update security controls
Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf
©2017 Indegy
- Confidential -
NIST Cybersecurity Framework Components
Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf
©2017 Indegy
- Confidential -
Framework Core - Cybersecurity Framework Component
Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf
©2017 Indegy
- Confidential -
Cybersecurity Framework Core
Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf
©2017 Indegy
- Confidential -
Bridging the Gap – How Indegy Enables NIST Adherence
• Function: Identify• Category: Asset Management
• Subcategory: ID.AM-1
©2017 Indegy
- Confidential -
Identify (ID) – example from Indegy White Paperidentify
©2017 Indegy
- Confidential -
Understand what needs to be protected
• Automated Asset Discovery, Classification and Management
• Configuration Monitoring
identify
©2017 Indegy
- Confidential -
Protect (PR) - exampleProtect
©2017 Indegy
- Confidential -
Continuously monitor access and changes
• Real-time Monitoring
• A comprehensive audit trail
• Periodic integrity checks
• Reconnaissance detection
Protect
©2017 Indegy
- Confidential -
Detect (DE) - exampleDetect
©2017 Indegy
- Confidential -
Assess risk to ICS assets & network segments
• Assess risk to ICS assets and network segments
• Support mitigation efforts
Detect
©2017 Indegy
- Confidential -
Respond (RS) - exampleRespond
©2017 Indegy
- Confidential -
Enforce policies, Get real-time alerts
Granular policies for detecting anomalies and unauthorized activities
Respond
©2017 Indegy
- Confidential -
Recover (RC) - exampleRecover
©2017 Indegy
- Confidential -
Recover - Enabled via Aggregated SnapshotsAggregation of Snapshots into timeline of code versions in controllers
Recover
©2017 Indegy
- Confidential -
Understand What Needs to beProtected
Assess Risk toDevices andNetworks
Enforce Policies,
Indegy
A Continuous Process for Securing ICSCan you effectively manage and respond to events?
2
Without visibility you can’t have security
ContinuouslyMonitor
Access andChanges
Get Real-time Alerts
3
1
4
IndegyIndustrial Cyber Security
Indegy provides situational awareness and real-time security for industrial control networks to ensure operational continuity andreliability.
Questions/Comments?
Gaby Korengaby@indegy.com
Matt Petrauskasmpetrauskas@indegy.com
©2017 Indegy
Appendix
References and works cited:
https://www.nist.gov/cyberframework
https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf
Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing
©2017 Indegy
- Confidential -