Holistic View of Industrial Control Cybersecurity -...
Transcript of Holistic View of Industrial Control Cybersecurity -...
![Page 1: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/1.jpg)
Holistic View of Industrial Control Cyber Security
A Deep Dive into Fundamentals of Industrial Control Cyber Security
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 2: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/2.jpg)
Learning Goals
o Understanding security implications involving industrial control systems and environments
o Understanding design considerations for industrial control networks
o Understanding differences between traditional IT networks vs. industrial networks
o Understanding solutions and techniques to harden security of industrial networks
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 3: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/3.jpg)
What is Industrial Control?
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 4: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/4.jpg)
Industrial Control Defined
o A system that controls a process
o Industrial Control System – traditionally a general term defining several types of control systems used in industrial production o Distributed Control System (DCS)
o Supervisory Control and Data Acquisition System (SCADA)
o Remote Terminal Units (RTU)
o Programmable Logic Controllers (PLC)
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 5: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/5.jpg)
Why learn about this topic?
o Industrial controls are everywhere!
o Utilities
o Factories
o Automobiles
o Military
o Data Centers
o Appliances
o Industrial controls are being networked like traditional IT networks.
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 6: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/6.jpg)
Some industrial controls that might surprise you o Environmental controls in your data center
o Missiles launched by the military
o Assembly line controller in a factory
o SCADA systems at utilities
o Gasoline pumps at a convenience store
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 7: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/7.jpg)
Distributed Control System
© Copyright 2014 Netsecuris Inc. All rights reserved
Basic DCS Configuration
![Page 8: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/8.jpg)
Distributed Control System
© Copyright 2014 Netsecuris Inc. All rights reserved
Example of a DCS HMI Display
![Page 9: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/9.jpg)
Distributed Control System
© Copyright 2014 Netsecuris Inc. All rights reserved
Functional Levels of DCS Example
![Page 10: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/10.jpg)
SCADA
© Copyright 2014 Netsecuris Inc. All rights reserved
Example of a SCADA Network
![Page 11: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/11.jpg)
SCADA
© Copyright 2014 Netsecuris Inc. All rights reserved
Example of a Electric SCADA Network
![Page 12: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/12.jpg)
SCADA
© Copyright 2014 Netsecuris Inc. All rights reserved
Example of a SCADA HMI Display
![Page 13: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/13.jpg)
Evolution 1
o Transition from mechanical switches or relays to Programmable Logic or Relay Logic
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 14: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/14.jpg)
Programmable Logic Controllers (PLC)
© Copyright 2014 Netsecuris Inc. All rights reserved
Example of a PLC Panel
![Page 15: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/15.jpg)
Programmable Logic Controllers (PLC)
© Copyright 2014 Netsecuris Inc. All rights reserved
Example of PLC Programming
![Page 16: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/16.jpg)
PLC vs. RTU
o RTUs are utilize to collect data over a wide geographic area as input to SCADA. o Such as with a network of electric substations
o PLCs are utilized in a localize fashion to control a process. o Such as with a local area network on a factory floor
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 17: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/17.jpg)
Industrial Control Evolution 2
o Transition from Standard Serial Communications (e.g. RS-232, RS-485, Async 2 wire) to higher performance non-Ethernet Fieldbus communications (e.g. BACnet MS/TP, ModBus RTU, CAN, ProfiBus, InterBus, LonWorks, SERCOS).
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 18: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/18.jpg)
T-shirt Question 1
oWhat has been considered the first “Industrial Control” virus?
oWhat did it do?
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 19: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/19.jpg)
Industrial Control Evolution 3
o Transition from Non-Ethernet Fieldbuses to Ethernet-based Communications (e.g. EtherCAT, Ethernet POWERLink).
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 20: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/20.jpg)
Industrial Ethernet vs. Non-Ethernet Fieldbuses Advantages o Better performance
o Greater bandwidth and larger data packages for communications with intelligent industrial devices
o Faster real-time communications and synchronization for demanding control applications
o Simple to integrate with networks that already exist in the business office environment
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 21: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/21.jpg)
Industrial Ethernet vs. Non-Ethernet Fieldbuses Disadvantages o It is collision-based and not inherently
deterministic—and process controls demand real-time operation.
o Universal acceptance of Ethernet tempts users to try to do too many things that could generate security issues.
o Standard telephone-type connectors do not meet the physical demands of industrial equipment.
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 22: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/22.jpg)
Impact of “Industrial Internet” o GE reported that “enabling Internet-connected
machines to communicate and operate automatically can bring substantial efficiency gains.”
o According to GE, the Industrial Internet will help eliminate hundreds of billions of dollars of wasted time and resources across critical industries.
o “The Industrial Internet has the potential to add $10 to 15 trillion U.S. dollars to the global GDP by 2030.”
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 23: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/23.jpg)
Rise of Industrial Internet o IMS Research predicts that in 2016, “Ethernet
will account for over 30 percent of all new nodes installed in industrial applications.”
o Ethernet TCP/IP was estimated to account for over one-third of new Ethernet nodes installed in 2011.
o Wireless networking to grow 75% by 2017 compared to 2012.
o Fieldbus protocols still have the high ground but Industrial Ethernet adoption is on the rise.
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 24: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/24.jpg)
Evolution 4
o Transition from Ethernet-based Non-TCP/IP Communications to Ethernet-based TCP/IP Communications (e.g. BACnet/I, ModBus-TCP, EtherNet-IP, PROFINET-IO).
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 25: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/25.jpg)
Cyber Security Implications
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 26: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/26.jpg)
Cyber Security Implications
o Cybersecurity failures have the potential to cause physical consequences.
o Cybersecurity issues can manifest as process anomalies.
o Cybersecurity is hard to manage.
o Cybersecurity threats or issues can be complex.
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 27: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/27.jpg)
Cybersecurity Implication – Physical Consequences o Electric Power Blackouts
o September 2007 cyber attack in Brazil
o 2003 Northeast blackout
o 1999 Southern Brazil blackout
o 1965 Northeast blackout
o 1979 Three Mile Island Nuclear Plant Accident
o 2000 Maroochy Shire cyber event
o 2007 Aurora Generator Test
o 2009 Stuxnet
o 2010 San Bruno natural gas pipeline explosion
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 28: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/28.jpg)
Aurora Generator Test
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 29: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/29.jpg)
Implications – Process Anomalies
o Actual cyber security issue vs. real process problem o Can be difficult to distinguish a real cyber security
issue from a process anomaly.
o Inadequate cyber security training for operators could lead to an attack not being recognized.
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 30: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/30.jpg)
Implications – Security Management Difficulties
o Introduced latency and jitter o Measurement of time for packets to travel between
nodes.
o Variation in time between packets arriving to be process.
o Difference in managing IT vs. OT
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 31: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/31.jpg)
Implications – Complexities
o Non-typical network protocols
o Commands that cannot be blocked due to safety or production issues.
o Attackers using valid communications in invalid ways.
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 32: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/32.jpg)
IT Cyber Security vs. OT Cyber Security
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 33: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/33.jpg)
IT Cyber Security vs. OT Cyber Security - Performance Requirements
© Copyright 2014 Netsecuris Inc. All rights reserved
Source: Derived from the NIST 800-82 Standard
![Page 34: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/34.jpg)
IT Cyber Security vs. OT Cyber Security - Availability Requirements
© Copyright 2014 Netsecuris Inc. All rights reserved
Source: Derived from the NIST 800-82 Standard
![Page 35: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/35.jpg)
IT Cyber Security vs. OT Cyber Security - Risk Management Requirements
© Copyright 2014 Netsecuris Inc. All rights reserved
Source: Derived from the NIST 800-82 Standard
![Page 36: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/36.jpg)
IT Cyber Security vs. OT Cyber Security - Change Management Requirements
© Copyright 2014 Netsecuris Inc. All rights reserved
Source: Derived from the NIST 800-82 Standard
![Page 37: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/37.jpg)
IT Cyber Security vs. OT Cyber Security - Unintended Consequences Requirements
© Copyright 2014 Netsecuris Inc. All rights reserved
Source: Derived from the NIST 800-82 Standard
![Page 38: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/38.jpg)
Survey of Specialized Communications Protocols
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 39: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/39.jpg)
Modbus
© Copyright 2014 Netsecuris Inc. All rights reserved
o Open protocol standard
o Moves raw bits or words without placing many restrictions on vendors.
o TCP/IP packet may look perfectly normal but the Modbus frame could crafted to carry malicious code.
![Page 40: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/40.jpg)
DNP3 (Distributed Network Protocol)
© Copyright 2014 Netsecuris Inc. All rights reserved
o Open Standard
o Designed to be reliable but not secure.
o Header may look perfectly normal but the data payload could crafted to carry malicious code.
o No authentication mechanism in basic DNP3. o Secure DNP3
![Page 41: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/41.jpg)
OPC (Open Platform Communications
© Copyright 2014 Netsecuris Inc. All rights reserved
o Based on the OLE, COM, and DCOM technologies developed by Microsoft.
o Any vulnerabilities in these technologies is carried into this protocol.
o OPC is firewall unfriendly because OPC servers dynamically assign TCP ports.
o DCOM and RPC are extremely complicated protocols that can be translated into attack surfaces for malicious actors.
o OPC is complicated to setup so some vendors leave exposures in their products.
![Page 42: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/42.jpg)
Cyber Security Problems and Issues
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 43: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/43.jpg)
Cyber Security Problems and Issues - TCP/IP Stack and Industrial Protocols
o Problems exist due to original design and purpose for Internet.
o Poor software design
o Fragility caused by deviation from RFC o Internet Protocol (IP version 4) (RFC 791)
o User Datagram Protocol (UDP) (RFC 768)
o Transmission Control Protocol (TCP) (RFC 793)
o Address Resolution Protocol (ARP) (RFC 826)
o Internet Control Messaging Protocol (ICMP) (RFC 792)
o Internet Group Management Protocol (IGMP) (RFC 1112 & 2236)
o IEEE 802.3 (Ethernet) as defined in RFC 894
o Protocol Complexity o ModBus TCP adds additional fields to standard TCP (Function Codes)
o Session Manipulation
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 44: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/44.jpg)
Cyber Security Problems and Issues - Lack of Strong Authentication
o Risk of compromise o Spoofing
o Brute Force Attacks
o Session Hijacking
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 45: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/45.jpg)
Cyber Security Problems and Issues - Lack of Strong Authorization Practices
o Malicious actors could gain access or perform a function that they are not entitled to perform.
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 46: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/46.jpg)
Cyber Security Problems and Issues - Lack of Strong Encryption Practices o Commands and addresses passed in clear text;
which can be captured and spoofed or manipulated.
o Some encryption mandates are making it into regulations in some industrial control using industries.
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 47: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/47.jpg)
Cyber Security Problems and Issues - Programmability
o ICS devices are meant to be programmable; which makes them inherently vulnerable.
o A whole lot of Fuzzing going on.
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 48: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/48.jpg)
Cyber Security Problems and Issues - Lack of Message Checksum
o Ability to spoofed commands is easier since the checksum is generated at the Transmission Layer and not the Application Layer.
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 49: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/49.jpg)
Cyber Security Problems and Issues - Accessibility
o Some protocols are meant to be used for Wide Area networks making them highly accessible and susceptible to many kinds of attacks.
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 50: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/50.jpg)
Cyber Security Controls
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 51: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/51.jpg)
Cyber Security Controls - Firewall
o A firewall can become a sieve.
o Not a “catch all”, “be all” security control but still a necessity.
o Protocol recognition.
o Don’t forget a secure default rule; Deny All.
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 52: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/52.jpg)
Cyber Security Controls - Intrusion Detection and Prevention
o Intrusion Prevention vs. Intrusion Detection
o Why is IPS a necessity?
o Behavior recognition
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 53: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/53.jpg)
Cyber Security Controls - ICS Honeypots
o Sets a trap
o Decoy
o ICS Capable
o SCADA HoneyNet Project
o http://scadahoneynet.sourceforge.net/
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 54: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/54.jpg)
Cyber Security Controls - Anti-Malware
o If you cannot install host-based anti-malware software on any particular ICS system, implement network-based anti-malware.
o Implement and configure host-based firewalls; if possible.
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 55: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/55.jpg)
Cyber Security Controls - Security Information and Event Management
o Log, Log, Log!
o Real-Time or Near Real-Time Alerts
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 56: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/56.jpg)
Cyber Security Recommendations
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 57: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/57.jpg)
Industrial Control Network Cyber Security Recommendations o Defend against the unknown
o Advanced Persistent Threats (APTs)
o Advanced Evasion Techniques (AETs)
o Alternative threat detection or prevention
o Situational Awareness
o Behavior Analysis and Detection
o Practice Defense in Depth o Patch, Patch, Patch
o Whitelisting
o Collect and analyze logs
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 58: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/58.jpg)
Industrial Control Network Cyber Security Recommendations
o Avoid misconceptions o Avoid the Air Gap Myth
o “We have a firewall!”
o “We’re just a small site, we’re not a target”
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 59: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/59.jpg)
Industrial Control Network Cyber Security Recommendations
o Utilize Egress Filtering
o Change Default Accounts and Passwords
o Check your IP addresses with Shodan
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 60: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/60.jpg)
Shodan
o An industrial control system and network search engine.
o http://www.shodanhq.com/
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 61: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/61.jpg)
Shodan
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 62: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/62.jpg)
Netsecuris
o A leading Managed Security Service Provider specializing in protecting Industrial Control, Financial Services, Healthcare, and Government network environments.
o Contact Information o Leonard Jacobs, MBA, CISSP
o President/CEO
o 952-641-1421
© Copyright 2014 Netsecuris Inc. All rights reserved
![Page 63: Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b734c217f8b9a4b6b8dffad/html5/thumbnails/63.jpg)
Questions and Answers
Thank you
© Copyright 2014 Netsecuris Inc. All rights reserved