SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE...
Transcript of SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE...
![Page 1: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/1.jpg)
SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE
Muhammad Reza Shariff
Security Assurance
![Page 2: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/2.jpg)
Table of Contents
• Introduction
• Our Experience
• Preparation
• Approach and Methodology
• Tools for the Assessment
• Step by Step Assessment
• Top 5 Common Vulnerabilities Found
• Conclusion
2Copyright © 2013 CyberSecurity Malaysia
![Page 3: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/3.jpg)
Introduction
Copyright © 2013 CyberSecurity Malaysia3
![Page 4: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/4.jpg)
Introduction
Began its operation in 1997 as the Malaysian Computer Emergency Response Team (MyCERT) and renamed CyberSecurity Malaysia in 2007
Mandated and positioned itself as the national cyber security specialist under the Ministry of Science, Technology and Innovation (MOSTI)
It also provides safety tips, advisories, and specialized services in the fields of cyber security such as Digital Forensics, Security Assessment and Security Management and Best Practices
Copyright © 2013 CyberSecurity Malaysia4
![Page 5: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/5.jpg)
Our Expertise and Specialization
Malaysia's Computer Emergency Response Team (MyCERT) / Cyber999 Service
Security Assurance & Product Evaluation using Common Criteria Standard
Cyber Security Training and Professional CertificationOutreach, Awareness, and Social Responsibility Programs
Digital Forensics & Data Recovery Services
Security Management and Best Practice
Cyber Security Strategic Policy and Legal Research
Copyright © 2013 CyberSecurity Malaysia5
![Page 6: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/6.jpg)
Our Experiences
Copyright © 2013 CyberSecurity Malaysia6
![Page 7: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/7.jpg)
Our Experience 2013
7
Control System Security
Assessment(Total 7 + 2)
Oil & GasWater Works
AirportShipping
Port
Copyright © 2013 CyberSecurity Malaysia
![Page 8: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/8.jpg)
Preparation for the
assessment
Copyright © 2013 CyberSecurity Malaysia8
![Page 9: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/9.jpg)
Preparation Prior to the
Assessment
Ensure Stakeholder Buy
In
Define Scope and Duration
Define Prerequisite (Eq.
HSSE Training)
Project Charter and NDA
To Confirm Project Manager
(Client side)
Copyright © 2013 CyberSecurity Malaysia9
![Page 10: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/10.jpg)
Other Preparation
Hardware ready: Long cross cables,
fully charged notebooks, camera, torch lights, hubs,
etc
Customize Checklist -Know what
to do
Test the tools (at the
office)
Copyright © 2013 CyberSecurity Malaysia10
Entering a SCADA
installation may requires strict
and limited working
permits. Having the necessary
hardware / tools required
beforehand is important.
![Page 11: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/11.jpg)
Approach & Methodology
Copyright © 2013 CyberSecurity Malaysia11
![Page 12: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/12.jpg)
Approach & Methodology
ISA99
• Industrial Automation and Control Systems Security
ISMS 27001
• ISO/IEC 27001 Information Security Management System (ISMS)
Customize
• Vulnerability Assessment and Penetration Testing (VAPT)
Copyright © 2013 CyberSecurity Malaysia12
![Page 13: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/13.jpg)
Approach & Methodology
13
![Page 14: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/14.jpg)
Approach & Methodology
• Define project scope and terms of reference
•Define restrictions e.g. operating hours, tolerable downtime
(if any) etc.
•Customization of assessment procedures
• Information gathering
•Logistics
Copyright © 2013 CyberSecurity Malaysia14
STA
GE
1PROJECT PLANNING AND INITIATION
![Page 15: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/15.jpg)
Approach & Methodology
•Check desktop / server role and compare against services
running
• Check patch level
• Check permission on critical directories
• Check logging / Anti Virus
*Request for SCADA Engineer / Contractor, for better
understanding of the system
Copyright © 2013 CyberSecurity Malaysia15
STA
GE
2DESKTOP AND SERVER SECURITY ASSESSMENT
![Page 16: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/16.jpg)
Approach & Methodology
• Assessment on SCADA, RTU and PLC
• Check patch level
• Check connection type and communication
• Testing of register / coils
• No checking on program logics
*Request for SCADA Engineer / Contractor, for better
understanding of the system
Copyright © 2013 CyberSecurity Malaysia16
STA
GE
3SCADA SECURITY ASSESSMENT
![Page 17: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/17.jpg)
Approach & Methodology
•Review current network architecture design
•Conduct assessment on Network device configurations
•Network sniffing
*Request for client to send a formal request to
Telecommunication Company for the network configurations
Copyright © 2013 CyberSecurity Malaysia17
STA
GE
4NETWORK ARCHITECTURE REVIEW & SECURITY
ASSESSMENT
![Page 18: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/18.jpg)
Approach & Methodology
•Conduct physical assessment
•Check on the current policy
Copyright © 2013 CyberSecurity Malaysia18
STA
GE
5PHYSICAL ASSESSMENT
![Page 19: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/19.jpg)
Approach & Methodology
•Analysis of Findings
• Identify Risk Rating
•Consolidate Reports
Copyright © 2013 CyberSecurity Malaysia19
STA
GE
6CSSA REPORT
![Page 20: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/20.jpg)
Tools for Assessment
20Copyright © 2013 CyberSecurity Malaysia
![Page 21: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/21.jpg)
Tools Used
• Nessus, ModScan, Wireshark & TCPDump
• MBSA, Customize Scripts & Nipper
• Solarwinds, Putty, Telnet, Nmap & Netcat
Non Intrusive
• Nessus, Metasploit
• Nmap & NetcatIntrusive
• Snapshots tools, Digital Cameras
• Wordpad (MSword change the file headers)
• TruecryptOthers
Copyright © 2013 CyberSecurity Malaysia21
![Page 22: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/22.jpg)
Nessus
22
![Page 23: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/23.jpg)
Nessus
23
![Page 24: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/24.jpg)
Nessus
24
![Page 25: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/25.jpg)
Nessus
25
![Page 26: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/26.jpg)
Metasploit
Copyright © 2013 CyberSecurity Malaysia26
![Page 27: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/27.jpg)
ModScan 32
Copyright © 2013 CyberSecurity Malaysia27
![Page 28: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/28.jpg)
Best Practices for Tools
Clients are aware of the tools being used and its impact
Tools has been tested
Analyst are confident and well versed with the tools
Able to eliminate false positive findings
Tools are meant to make your work faster not easier
Copyright © 2013 CyberSecurity Malaysia28
![Page 29: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/29.jpg)
Step by Step Assessment
29Copyright © 2013 CyberSecurity Malaysia
![Page 30: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/30.jpg)
Desktop & Server Assessment
Interview Owner
• Maintenance and Corrective Preventive
• Log Book
• Purpose and Function of Machine
• Review Policy (if any)
Physical Assessment
• Check Physical Connection (Eth)
• External Drive Functionality (USB\CDROM)
• Hard Disk Space
• Backup System
OS and Application Assessment
• MBSA / Scripts
• Patch Level
• ACL
• Password
• Anti Virus
• Review of Programs / Application / Services (eg IIS, PDF, etc)
• Review of Ports
Copyright © 2013 CyberSecurity Malaysia30
![Page 31: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/31.jpg)
SCADA Security Assessment
Interview Owner
• Maintenance and Corrective Preventive
• Log Book
• Purpose and Function of SCADA/RTU/PLC
• Review Policy (if any)
Physical Assessment
• Check Physical Connection (UTP/Fibre/etc)
• Available Physical Ports
• Power System / Grounding
Application Assessment
• Web Functionality
• Patch Level
• ACL
• Password
• Review of Ports
• Coil / Register
Copyright © 2013 CyberSecurity Malaysia31
![Page 32: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/32.jpg)
Network Architecture Review
Interview Owner
• Review Current Network Design
• Review Devices Functionality Review
• Policy (if any)
Physical Assessment
• Map Current Network Design
• Review Network Segregation
• Test for external and internal (corporate) connection
Copyright © 2013 CyberSecurity Malaysia32
![Page 33: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/33.jpg)
Network Security Assessment
Interview Owner
• Review Current Network Design
• Review Devices Functionality Review
• Request for scripts, configuration, & rules
• Policy (if any)
Physical Assessment
• Check Physical Connection (UTP/Fibre/etc)
• Available Physical Ports
• Network Sniffing
Device Assessment
• Web Functionality
• Patch Level
• ACL
• Password
• Review of Ports
• Access Common Management Ports (SSH, Telnet, Snmp, ftp)
• Review Routing Table
Copyright © 2013 CyberSecurity Malaysia33
![Page 34: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/34.jpg)
Physical Assessment
Interview Owner
• Security of the Current Installation
• Review Security Policy or Standards being applied
Physical Assessment
• Site Walk
• Locate all possible entrance to Command Control Room, RTU, PLC and Connection
• Check on all door access, windows and it security
• Check on the Riser Room
Copyright © 2013 CyberSecurity Malaysia34
![Page 35: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/35.jpg)
Top 5 Common Vulnerabilities
Found
35Copyright © 2013 CyberSecurity Malaysia
![Page 36: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/36.jpg)
36
5Copyright © 2013 CyberSecurity Malaysia
![Page 37: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/37.jpg)
SCADA Security Policy Issues
37
Applying Corporate IT Policy
Lack of Enforcement
No or Incomplete SCADA Security Policy
Copyright © 2013 CyberSecurity Malaysia
![Page 38: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/38.jpg)
38
4Copyright © 2013 CyberSecurity Malaysia
![Page 39: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/39.jpg)
Password Issues
39
No Access Control List
Default Password
All for One
Copyright © 2013 CyberSecurity Malaysia
![Page 40: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/40.jpg)
PLC Web Enabled - Password
Copyright © 2013 CyberSecurity Malaysia40
![Page 41: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/41.jpg)
Annuaire.XML for Topkapi
Copyright © 2013 CyberSecurity Malaysia41
![Page 42: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/42.jpg)
Hardcoded Password in the Registry
Copyright © 2013 CyberSecurity Malaysia42
![Page 43: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/43.jpg)
43
3Copyright © 2013 CyberSecurity Malaysia
![Page 44: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/44.jpg)
Network Architecture and Design
44
Web Enabled RTU and PLC
Active Ports Available
No Segregation of Network
Copyright © 2013 CyberSecurity Malaysia
![Page 45: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/45.jpg)
Coils Read & Write
Copyright © 2013 CyberSecurity Malaysia45
![Page 46: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/46.jpg)
46
2Copyright © 2013 CyberSecurity Malaysia
![Page 47: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/47.jpg)
Antivirus Issues
47
Fear of System Disruption
Missing AV or Updates
False Sense of Security – Closed Network
Copyright © 2013 CyberSecurity Malaysia
![Page 48: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/48.jpg)
Antivirus Issues
Copyright © 2013 CyberSecurity Malaysia48
![Page 49: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/49.jpg)
49
1Copyright © 2013 CyberSecurity Malaysia
![Page 50: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/50.jpg)
Operating System & Applications
50
No Hardening
Obsolete OS, Missing Patches & Services Packs
Vulnerable to Malware, DOS, Hacking, & etc
Copyright © 2013 CyberSecurity Malaysia
![Page 51: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/51.jpg)
Obsolete System
Copyright © 2013 CyberSecurity Malaysia51
![Page 52: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/52.jpg)
Conclusion
1• Stakeholder BUY IN is important
• Know the chain of command, who is the Project Manager (Client Side)
2• SCADA Assessment are similar to common security assessment
• Commercial of the shelf (COTS) tools are commonly being used
3
• Experienced Analyst needed, SCADA are delicate and some obsolete systems do exist
• Manual assessment are sometime needed, where minimum use of tools
Copyright © 2013 CyberSecurity Malaysia52
![Page 53: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/53.jpg)
Good References
• NIST Special Publication 800-53A
http://csrc.nist.gov/publications/nistpubs/800-
53A-rev1/sp800-53A-rev1-final.pdf
• ISA99
http://www.isa.org/MSTemplate.cfm?MicrositeID
=988&CommitteeID=6821
Copyright © 2013 CyberSecurity Malaysia53
![Page 55: SCADA SECURITY ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE · ASSESSMENT METHODOLOGY, THE MALAYSIA EXPERIENCE ... Cyber Security Training and Professional Certification ... RTU,](https://reader031.fdocuments.us/reader031/viewer/2022022605/5b71098c7f8b9af12d8e7743/html5/thumbnails/55.jpg)