SlideShare a Scribd company logo

Critical Infrastructure Security by Subodh Belgi

ClubHack
ClubHack

Industrial Automation & Control Systems are an integral part of various manufacturing & process industries as well as national critical infrastructure. Concerns regarding cyber-security of control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to corporate networks. These concerns have led to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain. Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability and performance can preclude using contemporary cyber-security solutions. To address cyber-security issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required. The session will highlight some of the latest cyber security risks faced by industrial automation and control systems along with essential security controls & countermeasures.

1 of 19
Subodh Belgi VP & Chief Security Evangelist
Critical Infrastructure & Control Systems • Modern society is dependent on several critical infrastructure industries • Industrial Control Systems (SCADA/DCS/PLCs) are extensively used to manage the operation of critical infrastructure Copyright © 2012 MIEL e-Security Pvt. Ltd. 2
Critical Infrastructure is Under Attack !! Copyright © 2012 MIEL e-Security Pvt. Ltd. 3
SCADA/Control Systems Becoming Easy Target.. Copyright © 2012 MIEL e-Security Pvt. Ltd. 4
Stuxnet Attack – The Wakeup Call ! • Most sophisticated and targeted attack on Industrial Control Systems • Disabling specific types of drives used in Uranium Enrichment process by infecting a specific model of Siemens PLC • 7 different modes of propagation, 4 different zero day vulnerabilities exploited • 2 rootkits – For windows and Siemens PLC • Using stolen certificates to sign the rootkit code • Remote command & control • P2P update capability Copyright © 2012 MIEL e-Security Pvt. Ltd. 5
ICS Security : Risk Drivers Increased Connectivity • Need for ‘REAL TIME’ information, for taking Informed decisions. • Control systems are linked to corporate information systems & networks. Open Technology • Increasingly using standardized IT Technologies • IP based network for PLCs, DCS, IEDs, Field devices etc. Copyright © 2012 MIEL e-Security Pvt. Ltd. 6
ICS Security : Risk Drivers Design Limitations • Historically, designed for productivity, safety and reliability • Security by obscurity – Proprietary protocols, air gapped network Lack of Cyber Security Awareness • Enterprise IT Security professionals lack control systems expertise • Control systems professionals not aware of security issues and controls Copyright © 2012 MIEL e-Security Pvt. Ltd. 7
Industrial Control Systems in an Organization Copyright © 2012 MIEL e-Security Pvt. Ltd. 8
ICS Security Not Same as IT Security Topic IT Systems Industrial Control Systems Typical Lifespan 3-5 years 10-15 years Security Awareness Good Poor, except physical Time Critical Content Generally delays accepted Critical due to safety Availability Occasional downtime 24x7x365 accepted Security Testing/Audit Scheduled, mandated Occasional, uncommon Patch Management Regular, Scheduled Slow, vendor dependent Change Management Regular, scheduled Uncommon Security Controls Extensively deployed Uncommon, except safety related Business Impact Disruption, Monetary Loss, Loss of Life, Loss of Business, Legal sanctions Physical Damage, Environmental Impact, National Security & Economy Copyright © 2012 MIEL e-Security Pvt. Ltd. 9
Who are the Adversaries? • Usual Suspects.. – Script Kiddies – Hackers – Cyber Criminals – Malware Authors/Operators – Organized Crime Groups • Growing Threat.. – Industrial Espionage – Hacktivists – Disgruntled Insiders – State Sponsored Terrorists – Foreign Intelligence Agencies Copyright © 2012 MIEL e-Security Pvt. Ltd. 10
Reported Vulnerabilities – Tip of the Iceberg Inadequate Security Architecture & Design No Periodic Security Assessment/Audit Firewall Non-existent or Improperly Configured Unsecured Remote Access OS and Application Patches not Updated Use of Default Configuration, User Accounts Lack of Verifying Data Authenticity, Integrity Malware Protection not Installed Copyright © 2012 MIEL e-Security Pvt. Ltd. 11
Critical Infrastructure Security Challenges & Opportunities 12
Typical ICS Architecture Copyright © 2012 MIEL e-Security Pvt. Ltd. 13
ICS Communication Protocols • SCADA Modbus, DNP3, ICCP, IEC 60870, IEC 61850 • DCS/Process Automation CIP, ControlNet, DeviceNet, DirectNet, EtherCAT, EtherNet/IP, EtherNet Powerlink, HART, Fieldbus, Modbus, Hostlink, Modbus RTU, Modbus TCP, Profibus, ProfiNet, RAPIENet, Honeywell SDS, SERCOS III, GE SRTP, Sinec, OPC, OPC UA • Smart Buildings/Meters/Vehicles BACnet, C-Bus, CC-Link, Dynet, LonTalk, S-Bus, VSCP, xAP, X10, Zigbee ANSI C12.18, DLMS/IEC 62056, IEC 61107, M-Bus, Zigbee Smart Energy CAN, DC-Bus, FlexRay, IEBus, J1708, J1939, VAN, SMARTWireX, LIN Copyright © 2012 MIEL e-Security Pvt. Ltd. 14
ICS Communication Protocols – Challenges • Lack of Authentication - Works with device addresses and function codes • Lack of Encryption - Command and addresses sent in clear-text • Lack of Message Integrity - No data validity checking • Broadcast Functionality - All devices receive all messages • Programmability - Able to program controllers, PLCs and RTUs • Susceptible to Message spoofing, MITM, DOS attacks • Protocols not supported by commercial firewalls • Not supported by security tools – Snort, Wireshark Copyright © 2012 MIEL e-Security Pvt. Ltd. 15
Automation Devices – Controllers, PLC, RTUs, IEDs… • Used for Communication, Control, I/O, Protection, Monitoring, Metering etc. • Runs vxworks, embedded linux/windows, or proprietary OS on custom hardware • TCP/IP connectivity • Lack of basic security features • Highly susceptible to cyber attacks Copyright © 2012 MIEL e-Security Pvt. Ltd. 16
Automation Devices – Challenges Copyright © 2012 MIEL e-Security Pvt. Ltd. 17
How Could You Contribute ? Building Research Community Focused on Industrial Control Systems Security  Network Protocol Analysis  Firmware Analysis/Hacking  Embedded Systems Hacking  Vulnerability Analysis  Exploit Development  Malware Analysis  Security Tools Development Copyright © 2012 MIEL e-Security Pvt. Ltd. 18
Thank you! Subodh Belgi sbelgi@miel.in

Recommended

Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxChandanChandu928137
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
IT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesIT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesSlideTeam
 
Insider threat
Insider threatInsider threat
Insider threatARCON TECHSOLUTIONS
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessCyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessArjith K Raj
 

Recommended

Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxChandanChandu928137
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
IT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesIT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesSlideTeam
 
Insider threat
Insider threatInsider threat
Insider threatARCON TECHSOLUTIONS
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessCyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessArjith K Raj
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
Introduction to ICS/SCADA security
Introduction to ICS/SCADA securityIntroduction to ICS/SCADA security
Introduction to ICS/SCADA securityCysinfo Cyber Security Community
 
Industrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceIndustrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceMichelle Holley
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Physical Security.ppt
Physical Security.pptPhysical Security.ppt
Physical Security.pptBiggBoss4Unseen
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Fatih Ozavci
 
Cyber security threats and trends
Cyber security threats and trendsCyber security threats and trends
Cyber security threats and trendsHadeel Sadiq Obaid
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
IoT security
IoT securityIoT security
IoT securityYashKesharwani2
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
ICS security
ICS securityICS security
ICS securityAhmed Shitta
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 
Security awareness
Security awarenessSecurity awareness
Security awarenessJosh Chandler
 
Physical Security
Physical SecurityPhysical Security
Physical SecurityKriscila Yumul
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
 

More Related Content

What's hot

The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
Industrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceIndustrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceMichelle Holley
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Fatih Ozavci
 
Cyber security threats and trends
Cyber security threats and trendsCyber security threats and trends
Cyber security threats and trendsHadeel Sadiq Obaid
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 

What's hot (20)

Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
Introduction to ICS/SCADA security
Introduction to ICS/SCADA securityIntroduction to ICS/SCADA security
Introduction to ICS/SCADA security
 
Industrial IoT and OT/IT Convergence
Industrial IoT and OT/IT ConvergenceIndustrial IoT and OT/IT Convergence
Industrial IoT and OT/IT Convergence
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Physical Security.ppt
Physical Security.pptPhysical Security.ppt
Physical Security.ppt
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!
 
Cyber security threats and trends
Cyber security threats and trendsCyber security threats and trends
Cyber security threats and trends
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
IoT security
IoT securityIoT security
IoT security
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 Workshop
 
ICS security
ICS securityICS security
ICS security
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
Physical Security
Physical SecurityPhysical Security
Physical Security
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
 
Incident Response
Incident Response Incident Response
Incident Response
 

Similar to Critical Infrastructure Security by Subodh Belgi

Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud SecurityIT@Intel
 
Enterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesEnterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesHakan Yüksel
 
Security and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalSecurity and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalJohn Chowdhury
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales PresentationKey Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentationrfragola
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused EnterpriseNovell
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cCharles Li
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Kenneth de Brucq
 
Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012henkpieper
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 

Similar to Critical Infrastructure Security by Subodh Belgi (20)

Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
 
Enterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesEnterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security Cases
 
Security and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalSecurity and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 final
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real life
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales PresentationKey Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentation
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
 
Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012
 
Security on a budget
Security on a budget Security on a budget
Security on a budget
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 

More from ClubHack

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)ClubHack
 

More from ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)
 

Critical Infrastructure Security by Subodh Belgi

  • 1. Subodh Belgi VP & Chief Security Evangelist
  • 2. Critical Infrastructure & Control Systems • Modern society is dependent on several critical infrastructure industries • Industrial Control Systems (SCADA/DCS/PLCs) are extensively used to manage the operation of critical infrastructure Copyright © 2012 MIEL e-Security Pvt. Ltd. 2
  • 3. Critical Infrastructure is Under Attack !! Copyright © 2012 MIEL e-Security Pvt. Ltd. 3
  • 4. SCADA/Control Systems Becoming Easy Target.. Copyright © 2012 MIEL e-Security Pvt. Ltd. 4
  • 5. Stuxnet Attack – The Wakeup Call ! • Most sophisticated and targeted attack on Industrial Control Systems • Disabling specific types of drives used in Uranium Enrichment process by infecting a specific model of Siemens PLC • 7 different modes of propagation, 4 different zero day vulnerabilities exploited • 2 rootkits – For windows and Siemens PLC • Using stolen certificates to sign the rootkit code • Remote command & control • P2P update capability Copyright © 2012 MIEL e-Security Pvt. Ltd. 5
  • 6. ICS Security : Risk Drivers Increased Connectivity • Need for ‘REAL TIME’ information, for taking Informed decisions. • Control systems are linked to corporate information systems & networks. Open Technology • Increasingly using standardized IT Technologies • IP based network for PLCs, DCS, IEDs, Field devices etc. Copyright © 2012 MIEL e-Security Pvt. Ltd. 6
  • 7. ICS Security : Risk Drivers Design Limitations • Historically, designed for productivity, safety and reliability • Security by obscurity – Proprietary protocols, air gapped network Lack of Cyber Security Awareness • Enterprise IT Security professionals lack control systems expertise • Control systems professionals not aware of security issues and controls Copyright © 2012 MIEL e-Security Pvt. Ltd. 7
  • 8. Industrial Control Systems in an Organization Copyright © 2012 MIEL e-Security Pvt. Ltd. 8
  • 9. ICS Security Not Same as IT Security Topic IT Systems Industrial Control Systems Typical Lifespan 3-5 years 10-15 years Security Awareness Good Poor, except physical Time Critical Content Generally delays accepted Critical due to safety Availability Occasional downtime 24x7x365 accepted Security Testing/Audit Scheduled, mandated Occasional, uncommon Patch Management Regular, Scheduled Slow, vendor dependent Change Management Regular, scheduled Uncommon Security Controls Extensively deployed Uncommon, except safety related Business Impact Disruption, Monetary Loss, Loss of Life, Loss of Business, Legal sanctions Physical Damage, Environmental Impact, National Security & Economy Copyright © 2012 MIEL e-Security Pvt. Ltd. 9
  • 10. Who are the Adversaries? • Usual Suspects.. – Script Kiddies – Hackers – Cyber Criminals – Malware Authors/Operators – Organized Crime Groups • Growing Threat.. – Industrial Espionage – Hacktivists – Disgruntled Insiders – State Sponsored Terrorists – Foreign Intelligence Agencies Copyright © 2012 MIEL e-Security Pvt. Ltd. 10
  • 11. Reported Vulnerabilities – Tip of the Iceberg Inadequate Security Architecture & Design No Periodic Security Assessment/Audit Firewall Non-existent or Improperly Configured Unsecured Remote Access OS and Application Patches not Updated Use of Default Configuration, User Accounts Lack of Verifying Data Authenticity, Integrity Malware Protection not Installed Copyright © 2012 MIEL e-Security Pvt. Ltd. 11
  • 13. Typical ICS Architecture Copyright © 2012 MIEL e-Security Pvt. Ltd. 13
  • 14. ICS Communication Protocols • SCADA Modbus, DNP3, ICCP, IEC 60870, IEC 61850 • DCS/Process Automation CIP, ControlNet, DeviceNet, DirectNet, EtherCAT, EtherNet/IP, EtherNet Powerlink, HART, Fieldbus, Modbus, Hostlink, Modbus RTU, Modbus TCP, Profibus, ProfiNet, RAPIENet, Honeywell SDS, SERCOS III, GE SRTP, Sinec, OPC, OPC UA • Smart Buildings/Meters/Vehicles BACnet, C-Bus, CC-Link, Dynet, LonTalk, S-Bus, VSCP, xAP, X10, Zigbee ANSI C12.18, DLMS/IEC 62056, IEC 61107, M-Bus, Zigbee Smart Energy CAN, DC-Bus, FlexRay, IEBus, J1708, J1939, VAN, SMARTWireX, LIN Copyright © 2012 MIEL e-Security Pvt. Ltd. 14
  • 15. ICS Communication Protocols – Challenges • Lack of Authentication - Works with device addresses and function codes • Lack of Encryption - Command and addresses sent in clear-text • Lack of Message Integrity - No data validity checking • Broadcast Functionality - All devices receive all messages • Programmability - Able to program controllers, PLCs and RTUs • Susceptible to Message spoofing, MITM, DOS attacks • Protocols not supported by commercial firewalls • Not supported by security tools – Snort, Wireshark Copyright © 2012 MIEL e-Security Pvt. Ltd. 15
  • 16. Automation Devices – Controllers, PLC, RTUs, IEDs… • Used for Communication, Control, I/O, Protection, Monitoring, Metering etc. • Runs vxworks, embedded linux/windows, or proprietary OS on custom hardware • TCP/IP connectivity • Lack of basic security features • Highly susceptible to cyber attacks Copyright © 2012 MIEL e-Security Pvt. Ltd. 16
  • 17. Automation Devices – Challenges Copyright © 2012 MIEL e-Security Pvt. Ltd. 17
  • 18. How Could You Contribute ? Building Research Community Focused on Industrial Control Systems Security  Network Protocol Analysis  Firmware Analysis/Hacking  Embedded Systems Hacking  Vulnerability Analysis  Exploit Development  Malware Analysis  Security Tools Development Copyright © 2012 MIEL e-Security Pvt. Ltd. 18

Editor's Notes

  1. Performance – Real time response is critical, May not require high-throughput Controls should not hamper normal or emergency operations Availability – Very high uptime requirement, Outages are not acceptable and may result into physical events, simply rebooting IT systems is not the solution, downtime planning is critical and any changes require extensive testingSecurity Goals differ – Availability is priority, unlike confidentiality for IT systemsResource Constraints – Compute power, memory, bandwidth limitation Typical IT security solutions do consume lot of computing resourcesLong Technology Life Cycle – 10-20 years compared to 3-5 years for IT. Proprietary and complex & non standard systems and communication protocols, not easy to deploy usual IT security solutions in IACS spaceSecurity Staff – Expertise widely differ, Control systems expertise is not available with typical IT staff, require special training and staff development