2012 02 14 afcom presentation
DESCRIPTION
AFCOM 2012 Data Center World Presentation. Cybersecurity for Mission Critical InfrastructureTRANSCRIPT
![Page 1: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/1.jpg)
Cyber Security for Data Center InfrastructureAFCOM Data Center WorldLas Vegas 2012Presenter: Eric Gallant
![Page 2: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/2.jpg)
Agenda:
• Emergence of cyber weapons that target Industrial Control Systems (ICS/DCS/SCADA).
• Why should Data Centers care?• Who would target a Data Center? • Challenges to securing ICS-SCADA systems.• Recommendations.• Summary.
![Page 3: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/3.jpg)
Natanz Nuclear Fuel Enrichment Plant (FEP)
• Key facility in Iranian nuclear program
• Extremely secure facility• Located in a rugged, rural area• Centrifuges located in
hardened bunkers under 22 meters of soil.
• No Internet connection• In 2010, a cyber-weapon called
STUXNET infected ICS-SCADA systems and caused catastrophic physical damage to centrifuges.
![Page 4: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/4.jpg)
STUXNET was a “game changer”
• Groundbreaking features:– First SCADA “worm”– Crossed the barrier
between the “cyber” and the “real”
– Crossed the “air gap” to infect un-networked systems
– First PLC rootkit– Sent false data to HMI
![Page 5: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/5.jpg)
Stuxnet was a game changer
• The STUXNET cyber attack was of great interest to:– Cyber security community– Homeland Security and Intelligence communities– Providers of Infrastructure of National interest
• But data center infrastructure?
![Page 6: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/6.jpg)
Why should data centers care?
• What is ICS-SCADA?– ICS Industrial Control System– SCADA Supervisory Control and Data Acquisition– DCS Distributed Control System
• Systems consist of:– SCADA controller (Windows or Linux PC)– Human Machine Interface (HMI)– Programmable Logic Controllers (PLC)– Field Devices (Sensors)– Communication Infrastructure
![Page 7: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/7.jpg)
Why should data centers care?
• How are ICS-SCADA systems used?– At Natanz to control centrifuge speed– At electrical utilities to control flow of
current – At water purification plant to control
flow and process • How are ICS-SCADA systems used in data
centers?– Switchgear– Mechanical Systems – Building Automation
![Page 8: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/8.jpg)
Why should data centers care?
• Langner’s prediction, “The next cyber weapon will be considerably cheaper, since much of the attack vector and the specifics of how to use automation equipment will simply be copied. Sabotage with the motivation of extortion will get a commonplace scenario. At this time targets are no longer limited to critical infrastructure but will especially cover the private sector — a TARGET-RICH AREA where it cannot be assumed that organizations will install countermeasures large scale in a reasonable amount of time.”
![Page 9: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/9.jpg)
Why should data centers care?
• Most data centers use some type of ICS-SCADA to monitor and control their electrical and/or mechanical infrastructure.
• Data center ICS-SCADA systems have precisely the same vulnerabilities as the systems at Natanz.
• Since STUXNET, cyber weapons that target physical infrastructure through ICS-SCADA vulnerabilities have proliferated.
• ICS-SCADA malware, malware development tools and exploits are becoming more common and a wide variety of bad actors are developing capabilities.
• More Advanced Persistent Threats (APT) similar to STUXNET have been discovered.
• ICS-CERT has issued alerts for every major ICS manufacturer. Including: GE, Schneider, Siemens, Koyo, ABB, Rockwell/Allen Bradley
![Page 10: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/10.jpg)
Aurora Generator Test
![Page 11: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/11.jpg)
Who would attack a data center’s ICS-SCADA?
• National Agencies
– Disrupt Banking and Commerce– Disrupt Intelligence Gathering– Disrupt Communication Infrastructure
• In 2007 a Blue Horizons paper, titled, “State Actor Threats in 2025” was prepared by the US Air Force. The paper identified a number of scenarios that could threaten the United States in the future. The scenario with “the highest potential for a state actor to inflict catastrophic damage to the US” is known as Phantom Menace. In this scenario, cyber attacks are used, “against the enemy so that the civilian electricity network, traffic dispatching network, financial transaction network, telephone communications network, and mass media network are completely paralyzed, this will cause the enemy nation to fall into social panic, street riots, and a political crisis.”
![Page 12: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/12.jpg)
Who would attack a data center’s ICS-SCADA?
• Cybercriminals – Many Data Centers have deep pockets and are
vulnerable to extortion
![Page 13: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/13.jpg)
Who would attack a data center’s ICS-SCADA?
• Corporate Espionage – Gain a competitive advantage
• Operation Aurora: Google, Adobe Systems, Juniper Networks and Rackspace have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical were also among the targets.
![Page 14: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/14.jpg)
Who would attack a data center’s ICS-SCADA?
• Hacktivists – Anonymous– Radical Environmentalists– Occupy Movement
![Page 15: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/15.jpg)
Who would attack a data center’s ICS-SCADA?
• Script Kiddies
![Page 16: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/16.jpg)
Challenges to securing ICS-SCADA systems
• ICS-SCADA systems are squarely in the gap between facilities and IT
• Awareness of vulnerability is low among IT and Facilities teams
• Security is assumed• Standard cyber security tactics are ineffective and
often counterproductive• No authentication in communication protocols • ICS-SCADA systems have very complex attack surface
![Page 17: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/17.jpg)
Complex Attack Surfaces
![Page 18: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/18.jpg)
Control System Vulnerabilities
![Page 19: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/19.jpg)
Recommendations
• Physical Security• Dedicated Networks• Ban Removable Storage Devices• Training• 3rd Party Penetration/Vulnerability Testing• White Listing
![Page 20: 2012 02 14 Afcom Presentation](https://reader033.vdocuments.mx/reader033/viewer/2022052619/5567abbad8b42ada108b506b/html5/thumbnails/20.jpg)
Summary
• There's a cyberwar raging all around us. – Nation vs. nation– Nation vs. corporation– Corporation vs. corporation– Extremists vs. everyone
• ICS-SCADA systems are now on the battlefield• Hackers and malware have the motivation and
capability to strike data centers• Yesterday’s security strategies are no longer
effective