Evolving Security in Process Control
-
Upload
lockheed-martin -
Category
Technology
-
view
1.346 -
download
1
Transcript of Evolving Security in Process Control
![Page 1: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/1.jpg)
© Lockheed Martin
Evolving Security in Process Control4th Annual Cyber Security Summit – Energy & Utilities
Abu Dhabi
March 30, 2015
![Page 2: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/2.jpg)
© Lockheed Martin
Not ‘If’ but ‘When’
“Your IT systems may have already been
compromised, attackers could already have
your new product plans, bidding positions or
research, they may already be running your
process control systems.”
Sir Iain Lobban, Director General, GCHQ, Sept 2012
“There are two kinds of companies. There are those who've been hacked, and those who don't know they've been hacked.”James Comey, Director, FBI
![Page 3: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/3.jpg)
© Lockheed Martin
Cyber Attack Impacts Whole Value Chain
Business
Production
Control Systems
Customers
Security Incident
Impact
![Page 4: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/4.jpg)
© Lockheed Martin
Growth in Targeted AttacksNight Dragon - 2011
Shamoon - 2012
Energetic Bear - 2012
NorwegianOil & Gas - 2014
German steel works - 2014
![Page 5: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/5.jpg)
© Lockheed Martin
Just the Tip of the Iceberg
For every major incident that makes the news, many more smaller incidents go unreported
![Page 6: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/6.jpg)
© Lockheed Martin
Rapidly Changing Threat Landscape
• New vulnerabilities• Readily available exploit kits• Hacktivists• State sponsored activities• BYOD• Mobile devices• Cloud access from anywhere• Growth in social media• Internet of Things• Advanced Persistent Threats (APT’s)
![Page 7: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/7.jpg)
© Lockheed Martin
A173984
• Malicious Insider 37%
• Criminal Syndicates 26%
• Nation State Sponsored 19%
Top Threats
Intelligence Driven Cyber Defence, Ponemon Institute LLC, February 2015
![Page 8: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/8.jpg)
© Lockheed Martin
• Lost Intellectual Property– Geoscience data
• Reputation Damage– Joint Ventures– Customers– Government
• Business Disruption– Lost production– Incident investigation
• Damage to Critical Infrastructure– HSE– Cost of repair
Top Impacts
Intelligence Driven Cyber Defence, Ponemon Institute LLC, February 2015
![Page 9: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/9.jpg)
© Lockheed Martin
Internet Accessible Control Systems
241 locations>52,000 IP addresses
![Page 10: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/10.jpg)
© Lockheed Martin
Prevention is ideal but detection is a mustHowever, detection without response has minimal value
![Page 11: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/11.jpg)
© Lockheed Martin
Would you know if your system was compromised?
Average time from compromise to detection 14 months
![Page 12: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/12.jpg)
© Lockheed Martin
The Need to Evolve
Engineering workstation
HMI
Manualshutdown
F&GESD
Shutdown signal
PIserver
Remote monitoring
PIserver
File serverAntivirus
serverPatchserver
Remote accessserver
Offline Malware Analysis
Privilege Access Management &
Session Recording
SIEM/ID server
“We have a firewall and anti-virus software. We’re safe.”
![Page 13: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/13.jpg)
© Lockheed Martin
The Need to Evolve
Engineering workstation
HMI
Manualshutdown
F&GESD
Shutdown signal
PIserver
Remote monitoring
PIserver
File serverAntivirus
serverPatchserver
Remote accessserver
Offline Malware Analysis
Privilege Access Management &
Session Recording
SIEM/ID server
“We have a firewall and anti-virus software. We’re safe.”
NO! YOU ARE NOT SAFE
The insider is already the wrong side of your firewall – with your approval
![Page 14: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/14.jpg)
© Lockheed Martin
Foundational Security Technologies
Basic Security
Compliant Security (Reactive)
Sustainable Security(Proactive)
Intelligence Driven Defense®
(Predictive)
Procedures and Documentation
Automation and Efficient IT/OT Process Integration
Cyber Intelligence integrated in Operations
Compliance driven (ISO27001), COTS products, “set it and forget it”
Add good security practices, use SIEM to monitor & respond to alerts
Integrate IT & OT security, use available intelligence
See what’s coming at you, anticipate, generate & share intelligence
80%
20%
Security Evolution
![Page 15: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/15.jpg)
© Lockheed Martin
End Point Security Network Security
Reactive Looking inwards at vulnerability and managing impact to confidentiality, integrity and availability. This typically results in reactive actions after an intrusion has taken place. Address 80% Threat
Foundational Security
![Page 16: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/16.jpg)
© Lockheed Martin
Intelligence Driven Defense®
Threat FocusedThis builds on foundational security. It looks outwards at the specific adversaries attacking your enterprise and intimately understanding/analysing their tactics, techniques and procedures. This allows you to proactively take a defensive course of action.
Proactively address 20% and 80% Threat
![Page 17: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/17.jpg)
© Lockheed Martin
Campaign analysis is used to determine the patterns and behaviours of the intruders
LM Cyber Kill Chain® Campaign Heat Map
• Group intrusions together into “Campaigns”• Prioritize and measure against each campaign
Understand the Threat Landscape
![Page 18: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/18.jpg)
© Lockheed Martin
• Basic security measures essential– Reduce attack surface– Maintain signatures, patches, firewalls, etc.
• People– End users are part of your defences
– train & test them– Your adversaries are people. You need
people who understand their tactics, techniques & procedures (TTP) – train & test them
• Governance– Management focus on security– Ensure response capability is in place (you
will need it) – train & test them
– Measure success
Critical Success Factors
![Page 19: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/19.jpg)
© Lockheed Martin
Remember…
Security is a journey, not a destination
![Page 20: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/20.jpg)
© Lockheed Martin
![Page 21: Evolving Security in Process Control](https://reader035.fdocuments.us/reader035/viewer/2022062514/55a824de1a28abf16f8b466b/html5/thumbnails/21.jpg)
© Lockheed Martin
Thank you
Andrew Wadsworth, GICSP
Head of Process Control Security
Lockheed [email protected]
Johnstone House
52-54 Rose Street
Aberdeen
AB10 1UD
United Kingdom
Office +44 1224 611040
Mobile +44 7914 356962
Scott Keenon
Business Development Manager
Lockheed [email protected]
Johnstone House
52-54 Rose Street
Aberdeen
AB10 1UD
United Kingdom
Office +44 1224 611052
Mobile +44 7968 793353