SlideShare une entreprise Scribd logo
1  sur  11
Télécharger pour lire hors ligne
Were we Just Hacked? Applying
Digital Forensic Techniques for your
Industrial Control Systems
• Matt Luallen , Co-Founder,
Dragos Security LLC
• Robert M. Lee, Co-Founder,
Dragos Security LLC
• Peter Welander, Content
Manager, Control Engineering,
CFE Media
Speakers:
Were we Just Hacked? Applying
Digital Forensic Techniques for your
Industrial Control Systems
Matt E. Luallen and Robert M. Lee
1. Identifying a Compromise
• How to determine you’ve been hacked
– What are simple things you can do NOW to
detect
– Capabilities of hackers and general attack
scenario
• Be cautious in performing an active response
immediately!
– Keep in mind that the indication may be an
outcome of months of backdoors or possibly just
a false indicator
Hacked – assumptions
• At this time you must assume two things
– Your communications and capabilities are being
eavesdropped upon
– Your assets can be denied service or misused
• Does the hack immediately appear as if it can
impact the entire operation? Could there be
loss of life? Are you authorized to perform
any changes such as the extreme situation of
taking the operations offline? Do you have
an out of band communication capability?
2. What’s Next?
• After you’ve been compromised:
– Tools available to identify and analyze
intrusions
– Handling “too much” data
– Contact the right people
• Internal
• Trusted Peers
• Vendors
• Government
Trustworthiness Validation
• Interview personnel for history of odd behavior
– (e.g. strange emails, system behavior, phone calls, control operations)
• Physical facility inspections
– Any devices and attributes that are abnormal
• Review and compare system baselines to active host settings
– Host images (Windows, *nix, Applications)
– Processed logic
– Device firmware
– Network communications
• Review operational logs for indicators
– Historian, OPC, HMI, IT system logging and any other log-enabled device
• Do you have mechanisms to compare active systems to known good images and
communication profiles?
• What if you do not have the capabilities in house?
– Do you have an outsourcing agreement in place to manage incidents?
3. How Do We Prepare?
• Preparing before or after the compromise
– Tools for monitoring traffic
– Creating chokepoints and understanding
– Questions to ask to determine your readiness
• Future Efforts and Research Needed
– PLC/PAC/Embedded Device specific tools
– Validation, customization, and testing of
known methodologies/tools
Follow on discussions at:
www.DragosSecurity.com
• Matt Luallen , Co-Founder,
Dragos Security LLC
• Robert M. Lee, Co-Founder,
Dragos Security LLC
• Peter Welander, Content
Manager, Control Engineering,
CFE Media
Speakers:
Were we Just Hacked? Applying
Digital Forensic Techniques for your
Industrial Control Systems

Contenu connexe

Tendances

Validating Non Functional Requirements
Validating Non Functional RequirementsValidating Non Functional Requirements
Validating Non Functional RequirementsReuben Korngold
 
2008 Presentation Intelli Check
2008 Presentation Intelli Check2008 Presentation Intelli Check
2008 Presentation Intelli Checkledererand
 
Florin Coada: MOBILE TESTING - A SIMPLE SOLUTION TO YOUR MOBILE SECURITY TESTING
Florin Coada: MOBILE TESTING - A SIMPLE SOLUTION TO YOUR MOBILE SECURITY TESTINGFlorin Coada: MOBILE TESTING - A SIMPLE SOLUTION TO YOUR MOBILE SECURITY TESTING
Florin Coada: MOBILE TESTING - A SIMPLE SOLUTION TO YOUR MOBILE SECURITY TESTINGIevgenii Katsan
 
Capturing Measurable Non Functional Requirements
Capturing Measurable Non Functional RequirementsCapturing Measurable Non Functional Requirements
Capturing Measurable Non Functional RequirementsShehzad Lakdawala
 
The Power Of RPA Using Rapise
The Power Of RPA Using RapiseThe Power Of RPA Using Rapise
The Power Of RPA Using RapiseInflectra
 
Employee monitoring-solutions-from-refog
Employee monitoring-solutions-from-refogEmployee monitoring-solutions-from-refog
Employee monitoring-solutions-from-refogRefogCom
 
Build recurring revenue from reactive customers 20140924
Build recurring revenue from reactive customers 20140924Build recurring revenue from reactive customers 20140924
Build recurring revenue from reactive customers 20140924Solarwinds N-able
 
Ais Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesAis Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesSharing Slides Training
 
Non functional requirements. do we really care…?
Non functional requirements. do we really care…?Non functional requirements. do we really care…?
Non functional requirements. do we really care…?OSSCube
 
Digital process management
Digital process managementDigital process management
Digital process managementLarry Karisny
 
AMB400: How to Build a Successful IT Asset Management Program
AMB400: How to Build a Successful IT Asset Management ProgramAMB400: How to Build a Successful IT Asset Management Program
AMB400: How to Build a Successful IT Asset Management ProgramIvanti
 
Network Configuration and Audit Simplified
Network Configuration and Audit SimplifiedNetwork Configuration and Audit Simplified
Network Configuration and Audit SimplifiedChristopher Willard
 
Non-Functional Requirements
Non-Functional RequirementsNon-Functional Requirements
Non-Functional RequirementsYuriy Guts
 
Non functional performance requirements v2.2
Non functional performance requirements v2.2Non functional performance requirements v2.2
Non functional performance requirements v2.2Ian McDonald
 
Cybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD IssueCybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD IssueRobert E Jones
 
3 florin coada - sast in the days of dev ops
3   florin coada - sast in the days of dev ops3   florin coada - sast in the days of dev ops
3 florin coada - sast in the days of dev opsIevgenii Katsan
 

Tendances (19)

Validating Non Functional Requirements
Validating Non Functional RequirementsValidating Non Functional Requirements
Validating Non Functional Requirements
 
2008 Presentation Intelli Check
2008 Presentation Intelli Check2008 Presentation Intelli Check
2008 Presentation Intelli Check
 
Florin Coada: MOBILE TESTING - A SIMPLE SOLUTION TO YOUR MOBILE SECURITY TESTING
Florin Coada: MOBILE TESTING - A SIMPLE SOLUTION TO YOUR MOBILE SECURITY TESTINGFlorin Coada: MOBILE TESTING - A SIMPLE SOLUTION TO YOUR MOBILE SECURITY TESTING
Florin Coada: MOBILE TESTING - A SIMPLE SOLUTION TO YOUR MOBILE SECURITY TESTING
 
9. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber519. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber51
 
Capturing Measurable Non Functional Requirements
Capturing Measurable Non Functional RequirementsCapturing Measurable Non Functional Requirements
Capturing Measurable Non Functional Requirements
 
The Power Of RPA Using Rapise
The Power Of RPA Using RapiseThe Power Of RPA Using Rapise
The Power Of RPA Using Rapise
 
Employee monitoring-solutions-from-refog
Employee monitoring-solutions-from-refogEmployee monitoring-solutions-from-refog
Employee monitoring-solutions-from-refog
 
Build recurring revenue from reactive customers 20140924
Build recurring revenue from reactive customers 20140924Build recurring revenue from reactive customers 20140924
Build recurring revenue from reactive customers 20140924
 
Ais Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesAis Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development Strategies
 
Non functional requirements. do we really care…?
Non functional requirements. do we really care…?Non functional requirements. do we really care…?
Non functional requirements. do we really care…?
 
Digital process management
Digital process managementDigital process management
Digital process management
 
Writing srs
Writing srsWriting srs
Writing srs
 
AMB400: How to Build a Successful IT Asset Management Program
AMB400: How to Build a Successful IT Asset Management ProgramAMB400: How to Build a Successful IT Asset Management Program
AMB400: How to Build a Successful IT Asset Management Program
 
Noc outsourcing
Noc outsourcingNoc outsourcing
Noc outsourcing
 
Network Configuration and Audit Simplified
Network Configuration and Audit SimplifiedNetwork Configuration and Audit Simplified
Network Configuration and Audit Simplified
 
Non-Functional Requirements
Non-Functional RequirementsNon-Functional Requirements
Non-Functional Requirements
 
Non functional performance requirements v2.2
Non functional performance requirements v2.2Non functional performance requirements v2.2
Non functional performance requirements v2.2
 
Cybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD IssueCybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD Issue
 
3 florin coada - sast in the days of dev ops
3   florin coada - sast in the days of dev ops3   florin coada - sast in the days of dev ops
3 florin coada - sast in the days of dev ops
 

En vedette

Willowglen Canada, Total SCADA Solutions
Willowglen Canada, Total SCADA SolutionsWillowglen Canada, Total SCADA Solutions
Willowglen Canada, Total SCADA SolutionsMikeVanderZee
 
The Building Blocks of Manufacturing Excellence
The Building Blocks of Manufacturing ExcellenceThe Building Blocks of Manufacturing Excellence
The Building Blocks of Manufacturing ExcellenceControlEng
 
Wireless Mobility
Wireless MobilityWireless Mobility
Wireless MobilityControlEng
 
Instructivo instructivo 2013
Instructivo   instructivo 2013Instructivo   instructivo 2013
Instructivo instructivo 2013MundoImpositivo
 
Gumienny Przemysław T-5 SpaceUP
Gumienny Przemysław T-5 SpaceUPGumienny Przemysław T-5 SpaceUP
Gumienny Przemysław T-5 SpaceUPPrzemyslaw Gumienny
 
Presentation1
Presentation1Presentation1
Presentation1Andy Mac
 
Energy in Factory Automation and the Role of Industrial Networks
Energy in Factory Automation and the Role of Industrial Networks Energy in Factory Automation and the Role of Industrial Networks
Energy in Factory Automation and the Role of Industrial Networks ControlEng
 
중국에서 스타트업하는 육하원칙 꿀팁 유채원
중국에서 스타트업하는 육하원칙 꿀팁 유채원중국에서 스타트업하는 육하원칙 꿀팁 유채원
중국에서 스타트업하는 육하원칙 꿀팁 유채원Eva Yoo
 
Creating an Integrated Marketing Campaign for Impact and Results
Creating an Integrated Marketing Campaign for Impact and ResultsCreating an Integrated Marketing Campaign for Impact and Results
Creating an Integrated Marketing Campaign for Impact and ResultsControlEng
 
Presentation ferrari
Presentation ferrariPresentation ferrari
Presentation ferrariling_tum
 
Integrating the Marketing and Engineering Points of View in Marketing Communi...
Integrating the Marketing and Engineering Points of View in Marketing Communi...Integrating the Marketing and Engineering Points of View in Marketing Communi...
Integrating the Marketing and Engineering Points of View in Marketing Communi...ControlEng
 
State of the Industry Update and How Thriving Companies Succeed
State of the Industry Update andHow Thriving Companies SucceedState of the Industry Update andHow Thriving Companies Succeed
State of the Industry Update and How Thriving Companies SucceedControlEng
 
Social Media in the B-to-B World, Part 2
Social Media in the B-to-B World, Part 2Social Media in the B-to-B World, Part 2
Social Media in the B-to-B World, Part 2ControlEng
 
Marketing New Product Introductions in Mobility & SaaS: Ideation to Marketing...
Marketing New Product Introductions in Mobility & SaaS: Ideation to Marketing...Marketing New Product Introductions in Mobility & SaaS: Ideation to Marketing...
Marketing New Product Introductions in Mobility & SaaS: Ideation to Marketing...ControlEng
 
Industrial Branding: The Lost Art in the Industrial Marketplace
Industrial Branding: The Lost Art in the Industrial MarketplaceIndustrial Branding: The Lost Art in the Industrial Marketplace
Industrial Branding: The Lost Art in the Industrial MarketplaceControlEng
 
How to Run a Successful Integrated Marketing Program
How to Run a Successful Integrated Marketing ProgramHow to Run a Successful Integrated Marketing Program
How to Run a Successful Integrated Marketing ProgramControlEng
 

En vedette (20)

Willowglen Canada, Total SCADA Solutions
Willowglen Canada, Total SCADA SolutionsWillowglen Canada, Total SCADA Solutions
Willowglen Canada, Total SCADA Solutions
 
Musik fighters i
Musik fighters iMusik fighters i
Musik fighters i
 
The Building Blocks of Manufacturing Excellence
The Building Blocks of Manufacturing ExcellenceThe Building Blocks of Manufacturing Excellence
The Building Blocks of Manufacturing Excellence
 
Wireless Mobility
Wireless MobilityWireless Mobility
Wireless Mobility
 
Instructivo instructivo 2013
Instructivo   instructivo 2013Instructivo   instructivo 2013
Instructivo instructivo 2013
 
Gumienny Przemysław T-5 SpaceUP
Gumienny Przemysław T-5 SpaceUPGumienny Przemysław T-5 SpaceUP
Gumienny Przemysław T-5 SpaceUP
 
Presentation1
Presentation1Presentation1
Presentation1
 
Vitisens EU FP7 Project
Vitisens EU FP7 ProjectVitisens EU FP7 Project
Vitisens EU FP7 Project
 
Apex 2012 2013
Apex 2012 2013Apex 2012 2013
Apex 2012 2013
 
Energy in Factory Automation and the Role of Industrial Networks
Energy in Factory Automation and the Role of Industrial Networks Energy in Factory Automation and the Role of Industrial Networks
Energy in Factory Automation and the Role of Industrial Networks
 
중국에서 스타트업하는 육하원칙 꿀팁 유채원
중국에서 스타트업하는 육하원칙 꿀팁 유채원중국에서 스타트업하는 육하원칙 꿀팁 유채원
중국에서 스타트업하는 육하원칙 꿀팁 유채원
 
Creating an Integrated Marketing Campaign for Impact and Results
Creating an Integrated Marketing Campaign for Impact and ResultsCreating an Integrated Marketing Campaign for Impact and Results
Creating an Integrated Marketing Campaign for Impact and Results
 
Presentation ferrari
Presentation ferrariPresentation ferrari
Presentation ferrari
 
Integrating the Marketing and Engineering Points of View in Marketing Communi...
Integrating the Marketing and Engineering Points of View in Marketing Communi...Integrating the Marketing and Engineering Points of View in Marketing Communi...
Integrating the Marketing and Engineering Points of View in Marketing Communi...
 
State of the Industry Update and How Thriving Companies Succeed
State of the Industry Update andHow Thriving Companies SucceedState of the Industry Update andHow Thriving Companies Succeed
State of the Industry Update and How Thriving Companies Succeed
 
Social Media in the B-to-B World, Part 2
Social Media in the B-to-B World, Part 2Social Media in the B-to-B World, Part 2
Social Media in the B-to-B World, Part 2
 
Marketing New Product Introductions in Mobility & SaaS: Ideation to Marketing...
Marketing New Product Introductions in Mobility & SaaS: Ideation to Marketing...Marketing New Product Introductions in Mobility & SaaS: Ideation to Marketing...
Marketing New Product Introductions in Mobility & SaaS: Ideation to Marketing...
 
Industrial Branding: The Lost Art in the Industrial Marketplace
Industrial Branding: The Lost Art in the Industrial MarketplaceIndustrial Branding: The Lost Art in the Industrial Marketplace
Industrial Branding: The Lost Art in the Industrial Marketplace
 
How to Run a Successful Integrated Marketing Program
How to Run a Successful Integrated Marketing ProgramHow to Run a Successful Integrated Marketing Program
How to Run a Successful Integrated Marketing Program
 
Cdd main
Cdd mainCdd main
Cdd main
 

Similaire à Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial Control Systems

TACOM 2014: Back To Basics
TACOM 2014: Back To BasicsTACOM 2014: Back To Basics
TACOM 2014: Back To BasicsJoel Cardella
 
New technologies security threats (Brussels 2014)
New technologies security threats (Brussels 2014)New technologies security threats (Brussels 2014)
New technologies security threats (Brussels 2014)Alexey Kachalin
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxColorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxAkramAlqadasi1
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
Dncybersecurity
DncybersecurityDncybersecurity
DncybersecurityAnne Starr
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
Intrusion detection 2001
Intrusion detection 2001Intrusion detection 2001
Intrusion detection 2001eaiti
 
CNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookCNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookSam Bowne
 
Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglySegmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglyAlgoSec
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
 
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxthreat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxImXaib
 

Similaire à Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial Control Systems (20)

TACOM 2014: Back To Basics
TACOM 2014: Back To BasicsTACOM 2014: Back To Basics
TACOM 2014: Back To Basics
 
New technologies security threats (Brussels 2014)
New technologies security threats (Brussels 2014)New technologies security threats (Brussels 2014)
New technologies security threats (Brussels 2014)
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxColorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
Security.ppt
Security.pptSecurity.ppt
Security.ppt
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
 
Dncybersecurity
DncybersecurityDncybersecurity
Dncybersecurity
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
Chapter-2 (1).pptx
Chapter-2 (1).pptxChapter-2 (1).pptx
Chapter-2 (1).pptx
 
Intrusion detection 2001
Intrusion detection 2001Intrusion detection 2001
Intrusion detection 2001
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber Resiliency
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
CNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookCNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management Handbook
 
9 - Security
9 - Security9 - Security
9 - Security
 
Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglySegmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the Ugly
 
OT Solution Overview.pptx
OT Solution Overview.pptxOT Solution Overview.pptx
OT Solution Overview.pptx
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxthreat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
 

Plus de ControlEng

Digital Manufacturing and Design Innovation Institute
Digital Manufacturing and Design Innovation InstituteDigital Manufacturing and Design Innovation Institute
Digital Manufacturing and Design Innovation InstituteControlEng
 
Wireless for Stationary Applications
Wireless for Stationary ApplicationsWireless for Stationary Applications
Wireless for Stationary ApplicationsControlEng
 
Engineers: A Day in the Life
Engineers: A Day in the LifeEngineers: A Day in the Life
Engineers: A Day in the LifeControlEng
 
Industrial Ethernet, Part 2: Case Studies
Industrial Ethernet,Part 2: Case StudiesIndustrial Ethernet,Part 2: Case Studies
Industrial Ethernet, Part 2: Case StudiesControlEng
 
Industrial Ethernet, Part 1: Technologies
Industrial Ethernet, Part 1: TechnologiesIndustrial Ethernet, Part 1: Technologies
Industrial Ethernet, Part 1: TechnologiesControlEng
 
Create Marketing Engineers Love
Create Marketing Engineers LoveCreate Marketing Engineers Love
Create Marketing Engineers LoveControlEng
 

Plus de ControlEng (6)

Digital Manufacturing and Design Innovation Institute
Digital Manufacturing and Design Innovation InstituteDigital Manufacturing and Design Innovation Institute
Digital Manufacturing and Design Innovation Institute
 
Wireless for Stationary Applications
Wireless for Stationary ApplicationsWireless for Stationary Applications
Wireless for Stationary Applications
 
Engineers: A Day in the Life
Engineers: A Day in the LifeEngineers: A Day in the Life
Engineers: A Day in the Life
 
Industrial Ethernet, Part 2: Case Studies
Industrial Ethernet,Part 2: Case StudiesIndustrial Ethernet,Part 2: Case Studies
Industrial Ethernet, Part 2: Case Studies
 
Industrial Ethernet, Part 1: Technologies
Industrial Ethernet, Part 1: TechnologiesIndustrial Ethernet, Part 1: Technologies
Industrial Ethernet, Part 1: Technologies
 
Create Marketing Engineers Love
Create Marketing Engineers LoveCreate Marketing Engineers Love
Create Marketing Engineers Love
 

Dernier

Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxKatherine Villaluna
 
Education and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxEducation and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxraviapr7
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxheathfieldcps1
 
5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...CaraSkikne1
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational PhilosophyShuvankar Madhu
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptxraviapr7
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapitolTechU
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfMohonDas
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptxmary850239
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.raviapr7
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...raviapr7
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationMJDuyan
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfYu Kanazawa / Osaka University
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICESayali Powar
 
General views of Histopathology and step
General views of Histopathology and stepGeneral views of Histopathology and step
General views of Histopathology and stepobaje godwin sunday
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfMohonDas
 
M-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxM-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxDr. Santhosh Kumar. N
 

Dernier (20)

Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptx
 
Education and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxEducation and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptx
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptx
 
5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational Philosophy
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptx
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdf
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptx
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive Education
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICE
 
Prelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quizPrelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quiz
 
General views of Histopathology and step
General views of Histopathology and stepGeneral views of Histopathology and step
General views of Histopathology and step
 
Finals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quizFinals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quiz
 
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdfPersonal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdf
 
M-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxM-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptx
 

Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial Control Systems

  • 1. Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial Control Systems
  • 2. • Matt Luallen , Co-Founder, Dragos Security LLC • Robert M. Lee, Co-Founder, Dragos Security LLC • Peter Welander, Content Manager, Control Engineering, CFE Media Speakers:
  • 3. Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial Control Systems Matt E. Luallen and Robert M. Lee
  • 4. 1. Identifying a Compromise • How to determine you’ve been hacked – What are simple things you can do NOW to detect – Capabilities of hackers and general attack scenario • Be cautious in performing an active response immediately! – Keep in mind that the indication may be an outcome of months of backdoors or possibly just a false indicator
  • 5. Hacked – assumptions • At this time you must assume two things – Your communications and capabilities are being eavesdropped upon – Your assets can be denied service or misused • Does the hack immediately appear as if it can impact the entire operation? Could there be loss of life? Are you authorized to perform any changes such as the extreme situation of taking the operations offline? Do you have an out of band communication capability?
  • 6. 2. What’s Next? • After you’ve been compromised: – Tools available to identify and analyze intrusions – Handling “too much” data – Contact the right people • Internal • Trusted Peers • Vendors • Government
  • 7. Trustworthiness Validation • Interview personnel for history of odd behavior – (e.g. strange emails, system behavior, phone calls, control operations) • Physical facility inspections – Any devices and attributes that are abnormal • Review and compare system baselines to active host settings – Host images (Windows, *nix, Applications) – Processed logic – Device firmware – Network communications • Review operational logs for indicators – Historian, OPC, HMI, IT system logging and any other log-enabled device • Do you have mechanisms to compare active systems to known good images and communication profiles? • What if you do not have the capabilities in house? – Do you have an outsourcing agreement in place to manage incidents?
  • 8. 3. How Do We Prepare? • Preparing before or after the compromise – Tools for monitoring traffic – Creating chokepoints and understanding – Questions to ask to determine your readiness • Future Efforts and Research Needed – PLC/PAC/Embedded Device specific tools – Validation, customization, and testing of known methodologies/tools
  • 9. Follow on discussions at: www.DragosSecurity.com
  • 10. • Matt Luallen , Co-Founder, Dragos Security LLC • Robert M. Lee, Co-Founder, Dragos Security LLC • Peter Welander, Content Manager, Control Engineering, CFE Media Speakers:
  • 11. Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial Control Systems