“cybersecurity · • modbus pemex • modbus plus • modbus rtu or ascii or tcp • osgp –the...
TRANSCRIPT
05 | 07 | 2018
Enrico Dani, senior level executive with 20+ years international experience in the security industry
“Cybersecurity:latest threats in industrial environments and their solutions”
05 | 07 | 2018
“Cybersecurity risks are also growing, both in their prevalence and in their disruptive potential. Attacks against businesses have almost doubled in five years, and incidents that would once have been considered extraordinary are becoming more and more commonplace. The financial impact of cybersecurity breaches is rising, and some of the largest costs in 2017 related to ransomware attacks, which accounted for 64% of all malicious emails.
Notable examples included the WannaCry attack attack—which affected 300,000 computers across 150 countries—and NotPetya, which caused quarterly losses of US$300 million for a number of affected businesses
Another growing trend is the use of cyberattacks to target critical infrastructure and strategic industrial sectors, raising fears that, in a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning”
CYBERCRIME IS RANKED #3 GLOBAL RISK
05 | 07 | 2018
Cybercrime today interferesheavily in our private life, in financial markets and atgeopolitical level
Cybercrime in 2017 grew in total by 14% (240% since2011)
CyberWarfare attacks grew by 24% and CyberEspionageattacks grew by 46%
CYBERCRIME IS RANKED #3 GLOBAL RISK
05 | 07 | 2018
Cybercrime costs in 2017 were 500 Billion USD
Estorsions, frauds, money and data theftshit 1 Billion people, approximately
The burden for private citizens was 180 BillionUSD
CYBERCRIME IS A NICE BUSINESS
05 | 07 | 2018
Network out of service:• 1-8 hours (45%)• 9-16 hours (11%)• 17-24 hours (11%)
One third of affectedcompanies has lost 20% of sales due to system downtime
50 days average time to resolve a malicious attack 23 days average time to resolve a ransomware attack
OUT OF SERVICE
05 | 07 | 2018
Old «analog» age
05 | 07 | 2018
EXTERNAL
• Internet
• Web
• Cloud
INTERNAL
• Hotspots
• Mobile devices
• USB/Media
TODAY ATTACK SURFACE IS MUCH LARGER…
05 | 07 | 2018
Multiple platforms…
05 | 07 | 2018
And SCADA (*):• AS-i – Actuator-sensor interface, a low level 2-wire bus establishing power and
communications to basic digital and analog devices
• BSAP – Bristol Standard Asynchronous Protocol, developed by Bristol Babcock Inc.
• CC-Link Industrial Networks – Supported by the CLPA
• CIP (Common Industrial Protocol) – can be treated as application layer common to DeviceNet, CompoNet, ControlNet and EtherNet/IP
• ControlNet – an implementation of CIP, originally by Allen-Bradley
• DC-BUS – communication over DC power lines, originally by Yamar Electronics Ltd
• DeviceNet – an implementation of CIP, originally by Allen-Bradley
• DF-1 - used by Allen-Bradley ControlLogix, CompactLogix, PLC-5, SLC-500, and MicroLogix class devices
• DirectNet – Koyo / Automation Direct proprietary, yet documented PLC interface
• EtherCAT
• Ethernet Global Data (EGD) – GE Fanuc PLCs (see also SRTP)
• EtherNet/IP – IP stands for "Industrial Protocol". An implementation of CIP, originally created by Rockwell Automation
• Ethernet Powerlink – an open protocol managed by the Ethernet POWERLINK Standardization Group (EPSG).
• FINS, Omron's protocol for communication over several networks, including ethernet.
• FOUNDATION fieldbus – H1 & HSE
• HART Protocol
• HostLink Protocol, Omron's protocol for communication over serial links.
• Interbus, Phoenix Contact's protocol for communication over serial links, now part of PROFINET IO
• IO-Link, for sensors, actuators and such[1]
• MECHATROLINK – open protocol originally developed by Yaskawa, supported by the MMA
• MelsecNet, and MelsecNet II, /B, and /H, supported by Mitsubishi Electric.
• Modbus PEMEX
• Modbus Plus
• Modbus RTU or ASCII or TCP
• OSGP – The Open Smart Grid Protocol, a widely use protocol for smart grid devices built on ISO/IEC 14908.1
• OpenADR – Open Automated Demand Response; protocol to manage electricity consuming/controlling devices
• Optomux – Serial (RS-422/485) network protocol originally developed by Opto 22 in 1982. The protocol was openly documented[2] and over time used for industrial automation applications.
• PieP – An Open Fieldbus Protocol
• Profibus – by PROFIBUS International.
• PROFINET IO
• RAPIEnet – Real-time Automation Protocols for Industrial Ethernet
• Honeywell SDS – Smart Distributed System – Originally developed by Honeywell. Currently supported by Holjeron.
• SERCOS III, Ethernet-based version of SERCOS real-time interface standard
• SERCOS interface, Open Protocol for hard real-time control of motion and I/O
• GE SRTP – GE Fanuc PLCs
• Sinec H1 – Siemens
• SynqNet – Danaher
• TTEthernet – TTTech
• MPI – Multi Point Interface
05 | 07 | 2018
Impossible to stop allattacks, it is a must to implement i) a properprevention and user education awareness, ii) a multi-levelsecurity system and iii) a incidentresponse and disasterrecovery capabilitywhen the attacksucceeds
05 | 07 | 2018
The detection must be based on behavior analysis and AI, rather than known patterns or signatures, and shall attempt to detect any type of misuse that falls out of normal system operation
Behavior analysis allowsdetection of new threats
05 | 07 | 2018
Machine-Learning algorithms, to automatically identify anomalies
Device Profiling, to detect immediately changes in behavior
Forensic: analysis of root cause and activation of the incident response
Awareness, user training and security policies
05 | 07 | 2018
Hackers are hectic in finding new vulnerabilities and in developing new methods of attack
The TTD is an important metric to measure the progress of the detection
In order to analyze the enormousamount of data in the shortesttime possible it is essential to make use of advanced automatedtools
05 | 07 | 2018
Conclusions: the rapid evolution of cyber threats and the complexity of next generation digital networks require a multi-level approach to security: companies have to improve user awareness, implement security policies and disaster response plans, employ expert SOC cyber analysts and provide them with advanced detection tools
05 | 07 | 2018
(*) References:
• WEF The Global Risks Report 2018
• Cisco 2017 Annual Report on Cybersecurity
• Clusit Report on 2018 on ICT security in Italy
• 2017 Ponemon Cost of Cybercrime Study report
• www.ReportsMonitor.com
• www.Ncsc.gov.uk
• https://en.wikipedia.org/wiki/List_of_automation_protocols
05 | 07 | 2018