Cyber Security for Data Center InfrastructureAFCOM Data Center WorldLas Vegas 2012Presenter: Eric Gallant

Agenda:

• Emergence of cyber weapons that target Industrial Control Systems (ICS/DCS/SCADA).

• Why should Data Centers care?• Who would target a Data Center? • Challenges to securing ICS-SCADA systems.• Recommendations.• Summary.

Natanz Nuclear Fuel Enrichment Plant (FEP)

• Key facility in Iranian nuclear program

• Extremely secure facility• Located in a rugged, rural area• Centrifuges located in

hardened bunkers under 22 meters of soil.

• No Internet connection• In 2010, a cyber-weapon called

STUXNET infected ICS-SCADA systems and caused catastrophic physical damage to centrifuges.

STUXNET was a “game changer”

• Groundbreaking features:– First SCADA “worm”– Crossed the barrier

between the “cyber” and the “real”

– Crossed the “air gap” to infect un-networked systems

– First PLC rootkit– Sent false data to HMI

Stuxnet was a game changer

• The STUXNET cyber attack was of great interest to:– Cyber security community– Homeland Security and Intelligence communities– Providers of Infrastructure of National interest

• But data center infrastructure?

Why should data centers care?

• What is ICS-SCADA?– ICS Industrial Control System– SCADA Supervisory Control and Data Acquisition– DCS Distributed Control System

• Systems consist of:– SCADA controller (Windows or Linux PC)– Human Machine Interface (HMI)– Programmable Logic Controllers (PLC)– Field Devices (Sensors)– Communication Infrastructure

Why should data centers care?

• How are ICS-SCADA systems used?– At Natanz to control centrifuge speed– At electrical utilities to control flow of

current – At water purification plant to control

flow and process • How are ICS-SCADA systems used in data

centers?– Switchgear– Mechanical Systems – Building Automation

Why should data centers care?

• Langner’s prediction, “The next cyber weapon will be considerably cheaper, since much of the attack vector and the specifics of how to use automation equipment will simply be copied. Sabotage with the motivation of extortion will get a commonplace scenario. At this time targets are no longer limited to critical infrastructure but will especially cover the private sector — a TARGET-RICH AREA where it cannot be assumed that organizations will install countermeasures large scale in a reasonable amount of time.”

Why should data centers care?

• Most data centers use some type of ICS-SCADA to monitor and control their electrical and/or mechanical infrastructure.

• Data center ICS-SCADA systems have precisely the same vulnerabilities as the systems at Natanz.

• Since STUXNET, cyber weapons that target physical infrastructure through ICS-SCADA vulnerabilities have proliferated.

• ICS-SCADA malware, malware development tools and exploits are becoming more common and a wide variety of bad actors are developing capabilities.

• More Advanced Persistent Threats (APT) similar to STUXNET have been discovered.

• ICS-CERT has issued alerts for every major ICS manufacturer. Including: GE, Schneider, Siemens, Koyo, ABB, Rockwell/Allen Bradley

Aurora Generator Test

Who would attack a data center’s ICS-SCADA?

• National Agencies

– Disrupt Banking and Commerce– Disrupt Intelligence Gathering– Disrupt Communication Infrastructure

• In 2007 a Blue Horizons paper, titled, “State Actor Threats in 2025” was prepared by the US Air Force. The paper identified a number of scenarios that could threaten the United States in the future. The scenario with “the highest potential for a state actor to inflict catastrophic damage to the US” is known as Phantom Menace. In this scenario, cyber attacks are used, “against the enemy so that the civilian electricity network, traffic dispatching network, financial transaction network, telephone communications network, and mass media network are completely paralyzed, this will cause the enemy nation to fall into social panic, street riots, and a political crisis.”

Who would attack a data center’s ICS-SCADA?

• Cybercriminals – Many Data Centers have deep pockets and are

vulnerable to extortion

Who would attack a data center’s ICS-SCADA?

• Corporate Espionage – Gain a competitive advantage

• Operation Aurora: Google, Adobe Systems, Juniper Networks and Rackspace have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical were also among the targets.

Who would attack a data center’s ICS-SCADA?

• Hacktivists – Anonymous– Radical Environmentalists– Occupy Movement

Who would attack a data center’s ICS-SCADA?

• Script Kiddies

Challenges to securing ICS-SCADA systems

• ICS-SCADA systems are squarely in the gap between facilities and IT

• Awareness of vulnerability is low among IT and Facilities teams

• Security is assumed• Standard cyber security tactics are ineffective and

often counterproductive• No authentication in communication protocols • ICS-SCADA systems have very complex attack surface

Complex Attack Surfaces

Control System Vulnerabilities

Recommendations

• Physical Security• Dedicated Networks• Ban Removable Storage Devices• Training• 3rd Party Penetration/Vulnerability Testing• White Listing

Summary

• There's a cyberwar raging all around us. – Nation vs. nation– Nation vs. corporation– Corporation vs. corporation– Extremists vs. everyone

• ICS-SCADA systems are now on the battlefield• Hackers and malware have the motivation and

capability to strike data centers• Yesterday’s security strategies are no longer

effective

Questions?Eric GallantSchneider ElectricEric.gallant@schneider-electric.comM: 404-431-1986