[CLASS 2014] Palestra Técnica - Samuel Linares
-
Upload
ti-safe-seguranca-da-informacao -
Category
Technology
-
view
100 -
download
0
description
Transcript of [CLASS 2014] Palestra Técnica - Samuel Linares
1
Linking Critical
Infrastructure Protection
and Industrial
Cybersecurity: Is there a
Cyber-Tsunami in waiting?
Samuel LinaresIndustrial Cybersecurity Center (CCI)
Director
Earthquake Research Institute, University of Tokyo
1960 Chile Great Earthquake Mw9.5
1964 Alaska Earthquake Mw 9.2
1957 Andreanof Islands Earthquaker Mw9.1
1952 Kamchatka Earthquake Mw9.0
2011 East Japan Great Earthquake Mw 9.0
2004 Indian Ocean Earthquake Mw9.0
2010 Chile Earthquake Mw8.8
Changing
Environment?
Convergence
Consequences: Intangible
Web Portal unavailable
No email
Consequences: Tangible, Concrete
Production Losses
Environmental Damages
Public Health
Lower Company Valuation
Physical & Cyber Worlds Convergence
8
IT in the Industrial World
Convergence
IT in the Industrial World
Industrial devices have inherited
all problems from IT
Industrial Control
Systems are NOT
isolated anymore.
They have moved
from using
dedicated serial
lines to Ethernet or
WiFi
Now, most of
industrial protocols
are running over
TCP/IP
Industrial Control
Systems use general
purpose operating
systems
10
IT in the Industrial World
Convergence
Different Cultures
Plant vs IT vs Security
Plant / IT Conflict:
– “Watertight” environments. “Don’t get
into my lot, and I won’t into yours”
– Attention is not paid to communication
interfaces between both worlds
– Connection interfaces are no man’s land,
and many times, unknown (others
WWW… Wild Wild West ☺)
12
IT in the Industrial World
Convergence
Different Cultures
¿Security?
¿Cyber Security?Industrial Safety
Physical Security
Environmental
Safety
SECURITY
14
Stuxnet
Stuxnet
16
Project Basecamp
& Project Robus
Project Basecamp
SCADA Security
Scientific
Symposium (S4)
18
Project Robus: Master Serial Killer
• Objective: Analysis of Implementation of
Industrial Protocols (First: DNP3)
• DNP3: 15 advisories, 28 tickets reported
• Fuzzing techniques
• All devices analyzed vulnerables: only 2 ok!
• Implementaciones se limitan a garantizar
funcionalidad, pero no la seguridad
• Hundreds of thousands vulnerable devices:
much of them connected to Internet
19
Smart Grid and
Internet of Things are coming…
Smart Grid
Internet de las CosasInternet of Things
22
Cybersecurity
Strategies and Regulations
European Cyber Security Strategy
CYBERSECURITY
FRAMEWORK
CIP Regulations
24
Shodan
Shodan (www.shodanhq.com)
• Internet search engine that indexes internet-
connected services response (FTP, SSH, Telnet,
HTTP, HTTPS, SNMP, uPNP, SMB…)
• Provide cccess to millions of Internet-
connected devices
26
27
28
Internet-facing
Industrial Systems+2.000.000Located in
United States30%ISP’s Dynamic
Addresses80%
Project SHINESHodan INtelligence Extraction
30
Shodan
Demo
33
34
35
Who's Really Attacking
our ICS Devices?
• ONLY attacks that were targeted
• ONLY attempted modification of
pump system
• ONLY attempted modification via
Modbus/DNP3
• DoS/DDoS were considered attacks
Kyle Wilhoit
(Trendmicro)
…on the look-out
RRRR
“C3R: Collaboration, Coordination and Commitment based
Relationships”
Collaboration
CoordinationCommitment
Industrial Cyber Security
Tsunami is here…
Will you keep
watching?
Thank youSamuel Linares - @infosecmanblog – [email protected]