IndegyIndustrial Cyber Security

ISA New Orleans Section

Applying the NIST FrameworkFebruary 6, 2018

©2017 Indegy

- Confidential -

1. Introductions2. Indegy Background3. NIST Background and History with ICS4. What is the NIST Cybersecurity Framework?5. How does Indegy Support Implementation of the Framework?6. Wrap-up

Agenda

©2017 Indegy

- Confidential -

Founded2014

CustomersPharma, Energy,

Water, Automotive,Chemicals, F&B…

InvestorsShlomo Kramer

Gen. David Petraeus,Vertex, Magma, Aspect, SBI

Holdings

LocationsHQ – New York

R&D - Israel

Barak PerelmanCo-Founder, CEO

Stratoscale, IDF, Talpiot

Mille GandelsmanCo-Founder, CTO

Stratoscale, IDF, Talpiot

Ido TrivizkiCo-Founder, VP R&DStratoscale, IDF, Talpiot

Dana TamirVP Marketing

Trusteer, Imperva, Symantec

IndegyIndustrial Cyber Security

Gaby KorenVP Americas

Panaya, Radvision, NICE

©2017 Indegy

- Confidential -

Indegy protects againstoperational disruptions

caused by cyber threats, malicious insiders and human error, by

providing visibility and control to industrial networks.

Stuxnet (2010)Destroyed 20% of Iran's nuclear centrifuges

German Steel Plant Cyber Attack (2014)Second physical damage cyber attack reported in history

Dragonfly / BlackEnergy (2014)Over 250 ICS networks (Energy, Pharma, etc.) compromised

New York Water Dam (2015)Iranian hackers managing to get control of the flood gates

Crashoveride / Industroyer (2016)Ukraine Power Grid blackout as an act of Russian aggression

Dragonfly 2.0 / APT targeting Energy and more (2017)Wide range campaign targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors

Major Incidents

©2017 Indegy

Threats to Industrial Control Systems

Cyber Attacks (External Threats)•Targeted attacks•Collateral damage

Malicious Insiders (Insider Threat)

•Disgruntled employees•Compromised IT devices

Human Error and Negligence

•Unintentional mistakes• Unsecure contractor

equipment on site

©2017 Indegy

The risk to ICS Systems

#1Asset Inventory in the priority check list of

gaps in ICS environments (SANS July 2017)

61%of O&G ICS network’s

visibility and security is inadequate

(Security Magazine)

50% of global industrial

companies suffered 1-5 security incidents in

2016(Infosecurity Magazine)

https://www.sans.org/reading-room/whitepapers/analyst/basics-focus-first-cis-critical-security-controls-37537https://www.forbes.com/sites/forbestechcouncil/2017/04/03/cyber-security-risks-to-be-aware-of-in-the-oil-and-gas-industrieshttps://www.infosecurity-magazine.com/news/half-of-ics-firms-suffered/

©2017 Indegy

- Confidential -

ICS Infrastructures are Everywhere

SCADA and HMIControl Center

Water

Power & Energy

Oil & Gas Manufacturing

Transportation

Building Management & Automation

©2017 Indegy

- Confidential -

Low Impact ICS

• Product Examples: Non hazardous materials or products, Non-ingested consumer products

• Industry Examples: Plastic Injection Molding, Warehouse Applications

• Security Concerns: Protecting people, Capital investment, Ensuring uptime

Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf

©2017 Indegy

- Confidential -

Moderate Impact ICS

• Product Examples: Some hazardous products and/or steps during production, High amount of proprietary information

• Industry Examples: Automotive Metal Industries, Pulp & Paper, Semiconductors

• Security Concerns: Protecting people, Trade secrets, Capital investment, Ensuring uptime

Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf

©2017 Indegy

- Confidential -

High Impact ICS

• Product Examples: Critical Infrastructure, Hazardous Materials, Ingested Products

• Industry Examples: Utilities, Petrochemical, Food & Beverage, Pharmaceutical

• Security Concerns: Protecting human life, Ensuring basic social services, Protecting environment

Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf

©2017 Indegy

- Confidential -

Major ICS Security Objectives • Deploy security solution based on potential impact

• Not a one size fits all solution • Continuous monitoring

• Security is not a once and done exercise • Continuously monitor risk• Continuously monitor threats• Continuously monitor and mitigate vulnerabilities

• Continuously monitor system boundaries • Continuously monitor ingress and egress traffic • Continuously update security controls

Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf

©2017 Indegy

- Confidential -

NIST Cybersecurity Framework Components

Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf

©2017 Indegy

- Confidential -

Framework Core - Cybersecurity Framework Component

Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf

©2017 Indegy

- Confidential -

Cybersecurity Framework Core

Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf

©2017 Indegy

- Confidential -

Bridging the Gap – How Indegy Enables NIST Adherence

• Function: Identify• Category: Asset Management

• Subcategory: ID.AM-1

©2017 Indegy

- Confidential -

Identify (ID) – example from Indegy White Paperidentify

©2017 Indegy

- Confidential -

Understand what needs to be protected

• Automated Asset Discovery, Classification and Management

• Configuration Monitoring

identify

©2017 Indegy

- Confidential -

Protect (PR) - exampleProtect

©2017 Indegy

- Confidential -

Continuously monitor access and changes

• Real-time Monitoring

• A comprehensive audit trail

• Periodic integrity checks

• Reconnaissance detection

Protect

©2017 Indegy

- Confidential -

Detect (DE) - exampleDetect

©2017 Indegy

- Confidential -

Assess risk to ICS assets & network segments

• Assess risk to ICS assets and network segments

• Support mitigation efforts

Detect

©2017 Indegy

- Confidential -

Respond (RS) - exampleRespond

©2017 Indegy

- Confidential -

Enforce policies, Get real-time alerts

Granular policies for detecting anomalies and unauthorized activities

Respond

©2017 Indegy

- Confidential -

Recover (RC) - exampleRecover

©2017 Indegy

- Confidential -

Recover - Enabled via Aggregated SnapshotsAggregation of Snapshots into timeline of code versions in controllers

Recover

©2017 Indegy

- Confidential -

Understand What Needs to beProtected

Assess Risk toDevices andNetworks

Enforce Policies,

Indegy

A Continuous Process for Securing ICSCan you effectively manage and respond to events?

2

Without visibility you can’t have security

ContinuouslyMonitor

Access andChanges

Get Real-time Alerts

3

1

4

IndegyIndustrial Cyber Security

Indegy provides situational awareness and real-time security for industrial control networks to ensure operational continuity andreliability.

Questions/Comments?

Gaby Korengaby@indegy.com

Matt Petrauskasmpetrauskas@indegy.com

©2017 Indegy

Appendix

References and works cited:

https://www.nist.gov/cyberframework

https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing.pdf

Stouffer, K. (2016, November 4) Cybersecurity Framework Manufacturing Profile, Retrieved from URL https://www.nist.gov/sites/default/files/documents/2016/12/05/cybersecurity_for_smart_manufacturing

©2017 Indegy

- Confidential -