![Page 1: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/1.jpg)
1
Linking Critical
Infrastructure Protection
and Industrial
Cybersecurity: Is there a
Cyber-Tsunami in waiting?
Samuel LinaresIndustrial Cybersecurity Center (CCI)
Director
![Page 2: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/2.jpg)
![Page 3: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/3.jpg)
![Page 4: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/4.jpg)
Earthquake Research Institute, University of Tokyo
1960 Chile Great Earthquake Mw9.5
1964 Alaska Earthquake Mw 9.2
1957 Andreanof Islands Earthquaker Mw9.1
1952 Kamchatka Earthquake Mw9.0
2011 East Japan Great Earthquake Mw 9.0
2004 Indian Ocean Earthquake Mw9.0
2010 Chile Earthquake Mw8.8
![Page 5: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/5.jpg)
Changing
Environment?
![Page 6: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/6.jpg)
Convergence
![Page 7: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/7.jpg)
Consequences: Intangible
Web Portal unavailable
No email
Consequences: Tangible, Concrete
Production Losses
Environmental Damages
Public Health
Lower Company Valuation
Physical & Cyber Worlds Convergence
![Page 8: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/8.jpg)
8
IT in the Industrial World
Convergence
![Page 9: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/9.jpg)
IT in the Industrial World
Industrial devices have inherited
all problems from IT
Industrial Control
Systems are NOT
isolated anymore.
They have moved
from using
dedicated serial
lines to Ethernet or
WiFi
Now, most of
industrial protocols
are running over
TCP/IP
Industrial Control
Systems use general
purpose operating
systems
![Page 10: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/10.jpg)
10
IT in the Industrial World
Convergence
Different Cultures
![Page 11: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/11.jpg)
Plant vs IT vs Security
Plant / IT Conflict:
– “Watertight” environments. “Don’t get
into my lot, and I won’t into yours”
– Attention is not paid to communication
interfaces between both worlds
– Connection interfaces are no man’s land,
and many times, unknown (others
WWW… Wild Wild West ☺)
![Page 12: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/12.jpg)
12
IT in the Industrial World
Convergence
Different Cultures
¿Security?
![Page 13: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/13.jpg)
¿Cyber Security?Industrial Safety
Physical Security
Environmental
Safety
SECURITY
![Page 14: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/14.jpg)
14
Stuxnet
![Page 15: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/15.jpg)
Stuxnet
![Page 16: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/16.jpg)
16
Project Basecamp
& Project Robus
![Page 17: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/17.jpg)
Project Basecamp
SCADA Security
Scientific
Symposium (S4)
![Page 18: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/18.jpg)
18
Project Robus: Master Serial Killer
• Objective: Analysis of Implementation of
Industrial Protocols (First: DNP3)
• DNP3: 15 advisories, 28 tickets reported
• Fuzzing techniques
• All devices analyzed vulnerables: only 2 ok!
• Implementaciones se limitan a garantizar
funcionalidad, pero no la seguridad
• Hundreds of thousands vulnerable devices:
much of them connected to Internet
![Page 19: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/19.jpg)
19
Smart Grid and
Internet of Things are coming…
![Page 20: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/20.jpg)
Smart Grid
![Page 21: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/21.jpg)
Internet de las CosasInternet of Things
![Page 22: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/22.jpg)
22
Cybersecurity
Strategies and Regulations
![Page 23: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/23.jpg)
European Cyber Security Strategy
CYBERSECURITY
FRAMEWORK
CIP Regulations
![Page 24: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/24.jpg)
24
Shodan
![Page 25: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/25.jpg)
Shodan (www.shodanhq.com)
• Internet search engine that indexes internet-
connected services response (FTP, SSH, Telnet,
HTTP, HTTPS, SNMP, uPNP, SMB…)
• Provide cccess to millions of Internet-
connected devices
![Page 26: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/26.jpg)
26
![Page 27: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/27.jpg)
27
![Page 28: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/28.jpg)
28
![Page 29: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/29.jpg)
Internet-facing
Industrial Systems+2.000.000Located in
United States30%ISP’s Dynamic
Addresses80%
Project SHINESHodan INtelligence Extraction
![Page 30: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/30.jpg)
30
Shodan
Demo
![Page 31: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/31.jpg)
![Page 32: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/32.jpg)
![Page 33: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/33.jpg)
33
![Page 34: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/34.jpg)
34
![Page 35: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/35.jpg)
35
Who's Really Attacking
our ICS Devices?
![Page 36: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/36.jpg)
• ONLY attacks that were targeted
• ONLY attempted modification of
pump system
• ONLY attempted modification via
Modbus/DNP3
• DoS/DDoS were considered attacks
Kyle Wilhoit
(Trendmicro)
![Page 37: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/37.jpg)
…on the look-out
![Page 38: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/38.jpg)
![Page 39: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/39.jpg)
![Page 40: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/40.jpg)
RRRR
“C3R: Collaboration, Coordination and Commitment based
Relationships”
Collaboration
CoordinationCommitment
![Page 41: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/41.jpg)
![Page 42: [CLASS 2014] Palestra Técnica - Samuel Linares](https://reader034.vdocuments.mx/reader034/viewer/2022052507/558c00c5d8b42a1a1d8b4732/html5/thumbnails/42.jpg)
Industrial Cyber Security
Tsunami is here…
Will you keep
watching?
Thank youSamuel Linares - @infosecmanblog – [email protected]