[class 2014] palestra técnica - diego bernal
DESCRIPTION
Título da Palestra: O Estado atual da segurança cibernética industrial na ColômbiaTRANSCRIPT
![Page 1: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/1.jpg)
![Page 2: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/2.jpg)
Agenda
CIBERSECURITY IN COLOMBIA
• Risks
• Challenges
• Tendencies in Cibersecurity
• Strategies
• Models
• CIBERSEGURY´S ROADMAP
• CONCLUSIONS
![Page 3: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/3.jpg)
Objectives and benefitsFraud, cyber-security, solutions
Cybersecurity framework in Colombia
![Page 4: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/4.jpg)
Ludolf Luehmann, Gerente de Tecnología de Shellasegura que tanto su compañía como otras del sector, estánexperimentando una ¨nueva dimensión¨ de ataques quepodrían poner la maquinaria física en riesgo.
¨Si alguien logra entrar a un área en la que puede controlar laapertura o el cierre de válvulas, pueden imaginar lo quesucederá…costará vidas, dinero y producción, causará incendiosy la pérdida del control de los daños al medio ambiente. Ladestrucción podría ser enorme, enorme¨
BBC News, Diciembre 2011
The Economist
REPRESENTATIVE ATACKS
The average annual cost of a security in 2013 incident was 5.9 million dollars for the services sector and energy was 19,78
million dollars.
Ponemon Institute, Agosto 2011
![Page 5: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/5.jpg)
![Page 6: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/6.jpg)
![Page 7: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/7.jpg)
![Page 8: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/8.jpg)
SCADA
CRITICAL INFRAESTRUCTURES IN COLOMBIA
![Page 9: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/9.jpg)
CRITICAL INFRAESTRUCTURES IN COLOMBIA
![Page 10: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/10.jpg)
ACTUAL VIEW
![Page 11: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/11.jpg)
RISKS IN CRITICAL INFRAESTRUCTURES IN COLOMBIA
Overconfidence in security due to ignorance in Industrial technology, large visibility.
Interconnection of SCADA systems with corporate networks
Use of multiple technologies and solutions of general purpose
Generalization and expansion of the use of monitoring and control systems
Configurations by default in technologies critical operation
Architectures of CONTROL without safety network
The possibilities of attacks increase
Inappropriate uses of components
Lock/intercept/counterfeiting of industrial communications
Computer virus or malware (SCADA)
STUXNET, FLAME, DUQU.
Internal attack: sabotage and espionage
Unautorized Access Operational mistakes
![Page 12: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/12.jpg)
IC/HMI/SCADA ATACKS
![Page 13: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/13.jpg)
LAWS
World Wide & USA
• Creation of a CERT or CSIRT (USCERT, PerCert, ArCert, CRISIS, CTIR-GOV, CCIRC, CERTUy, VenCERT) 55 National CERT by U. Carnegie Mellon
• IC Protection and sovereignty (Cibersecurity´s Strategies, DHS CIP, Germany, Australia, Canada, Latvia, France)
CriticalInfraestructure
•NERC CIP•ISA SP99•Others (AGA 12, API 1164, ISO 17799/27001/15408, NIST PCSRF, HIPAA, FIPS, IEC 62351, IEEE 1402-2000, ANSI Homeland Security Department.)
Colombia
• OEA CICTE (May 2011)
• COMPES (3701 Julio 14 de 2011)
• LAWS AND REGULATIONS of Security Systems (527 Electrónic commerce, 599 penal, 962 Transactions, 1150 transparency, 1273 Data and Information Security, 1341 Creation of the NationalAgency of new technologies Min TIC , 2258 Regulation of Comunications, Circular 052)
![Page 14: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/14.jpg)
![Page 15: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/15.jpg)
![Page 16: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/16.jpg)
![Page 17: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/17.jpg)
![Page 18: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/18.jpg)
![Page 19: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/19.jpg)
![Page 20: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/20.jpg)
![Page 21: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/21.jpg)
![Page 22: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/22.jpg)
SUPORT INSTITUTIONS
![Page 23: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/23.jpg)
COORDINATION MODEL
![Page 24: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/24.jpg)
SUPPORT INSTITUTIONS: GOVERMENT THE MOST EVOLVEDSECTOR ENERGY
![Page 25: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/25.jpg)
![Page 26: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/26.jpg)
COLOMBIA PROTECTS IT SELF?. COLCERT
![Page 27: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/27.jpg)
CIBERSECURITY´S MAINLINES
![Page 28: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/28.jpg)
PROTECTION DIAGRAM
IPS
Unidades
Generación
Proveedores
Terceros
Outsorcing TIC
Soporte
Replica Históricos,
Servidores Scada, RTU,
DB, Scada WEB, Soporte
Switch Red Control
IDS SCADA
Source Fire
Servidores
PublicosServidores
Corporativos
Matrix
PLANT
![Page 29: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/29.jpg)
Activities in periods of six months
Short Time
Middle
Time
Long Time
1 2 3 4 5 6 7 8 10 11 12 13 14
Training
IDENTIFY CYBER COMPONENTS AND CYBER CRITICAL IC INFRASTRUCTURE
MANAGE RISKS OF IC – SCADA
CONTINUITY STRETEGIES, DRP IC
SECURITY AT ORGANIZATIONAL LEVEL
PHYSICALCAND LOGICAL SECURITY
INFRASTRUCTURE IC´S SECURITY SOLUTIONS
MANAGE IC SECURITY
MANAGING AND MONITORING
CHANGE´S MANAGEMENT, COMUNICATION´S CHANELS
SGSI IC AND SCADA SYSTEMS
APLICATION OF CIBERSECURITY ROADMAP
Energy´sevolution
![Page 30: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/30.jpg)
FUTURE CHALLENGES?
![Page 31: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/31.jpg)
CONCLUSIONS
![Page 32: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/32.jpg)
CONCLUSIONS
![Page 33: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/33.jpg)
CONCLUSIONS
![Page 34: [CLASS 2014] Palestra Técnica - Diego Bernal](https://reader034.vdocuments.mx/reader034/viewer/2022052621/558c0141d8b42a031d8b4764/html5/thumbnails/34.jpg)
¨Security is, I would say, our number one priority, because all the exciting
things that we can do with computers - organize our lives, keep in touch with the people, be creative - if we do not resolve these security problems, we
will have to stop. ¨ Bill Gates
THANKS
Follow us:@IDENTIAN
Bogotá, Cra. 16 A No. 80-16 Of. 402 / +571 7042400 / +57 315 333 7483 / +57 300 688 1950
7682 Audubon Meadow Way, Alexandria, VA 22306 / +1 703 625 6699
www.identian.co - [email protected]