industrial control systems cybersecurity … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a...
TRANSCRIPT
![Page 1: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/1.jpg)
FORGING A CYBERSECURITY DEFENSE FOR UTILITIES
JASON D. CHRISTOPHER
I N D U S T R I A L C O N T R O L S Y S T E M S C Y B E R S E C U R I T Y
S A F E G U A R D I N G C I V I L I Z AT I O N
![Page 2: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/2.jpg)
3
Focused on processes that impact the realworld, using industrial control systems(ICS) and operational technology (OT)
INDUSTRIALTECHNOLOGIES
24 x 710-30
16
operations
year lifecycle
critical infrastructure sectors
![Page 3: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/3.jpg)
What are industrial control systems?
When a 0 or 1impacts the physical world.
Devices and systems include:
Sensors
Controllers
Motors Generators
Safety Systems
I/O Devices
Field Devices IEDs
Human-Machine Interface
4
![Page 4: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/4.jpg)
Evolution of Operational Technology (OT)
3rd Industrial Revolution Automation of Production by Electronics
DCS | Distributed Control SystemSCADA | Supervisory Control & Data Acquisition
4th Industrial Revolution Smart Connected Systems
“Industry 4.0” // “Industrial IoT”
STAND-ALONE LOOSELY CONNECTED HIGHLY CONNECTED
s t a n d a r d i z a t i o n
5
![Page 5: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/5.jpg)
Traditional IT Security Issues in OT
Endpoint Agents
ENCRYPTION
VULNERABILITY SCANNING
ANTI-VIRUS
PATCHING
6
![Page 6: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/6.jpg)
Real-world cyber-based industrial-impacts
7
AGAIN
Think physical processes…
2009: Centrifuge
Failure
2012: Telvent
Espionage
2001: Sewage
Spill
2014: Furnace Loss of Control
2015 & 2016: Power
Outages
2017: (un)Safety
System
![Page 7: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/7.jpg)
STAG
E 1
STAG
E 2
Stage 1 and Stage 2 worktogether to impact industrialprocesses, stretching acrossboth IT and OT networks
INDUSTRIALATTACKS:IT and OT
Corporate ITPlant OT
![Page 8: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/8.jpg)
Industrial Process Impacts
For ICS-specific capabilities, the
impact would be focused on
operationalimpacts.
9
![Page 9: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/9.jpg)
ICS Attack Difficulty
The knowledge involved in ICS attacks, with physical impact, includes:
• IT security• OT security• OT-specific protocols• Engineering processes• Incident response• Disaster recovery
10
![Page 10: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/10.jpg)
WannaCry
230+ companies
150+ countries
11Animated map from New York Times, accessed 2020-03-30: https://www.nytimes.com/interactive/2017/05/12/world/europe/wannacry-ransomware-map.html
![Page 11: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/11.jpg)
12
“Wiper disguised as ransomware,”with increased collateral damagebeyond any initial targets.
NotPetya…Not Ransomware
+$10B2M
+65
in estimated damages
computers impacted in 2HRs
countries involved in response
![Page 12: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/12.jpg)
13
The ICS Security Crucible
![Page 13: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/13.jpg)
14
cru·ci·ble/ˈkro͞osəb(ə)l/
noun:a ceramic or metal container in which metals or other substances may be melted or subjected to very high temperatures.
a situation of severe trial, or in which different elements interact, leading to the creation of something new.
Very high temperatures
These programs need tons of energy to achieve success.
Situation of severe trial
Managing competing interests and resources across operations
Creating something new
A sustainable, business-or iented & goal-busting ICS security program
![Page 14: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/14.jpg)
Forging an ICS Security Program
15
Metals
Weapons & Armor
![Page 15: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/15.jpg)
starting with
BRONZEstrengthen using
IRONfurther refine with
STEEL
Initial defenses may be resource-constrained
No documentation, no lessons learned
Loss of “lotto winners” could cripple the program
Moving beyond ”oral history” to written law
Partnered with multiplestakeholders
Resources are less scarce
People are trained, ready, and exercised
Executives are active participants in ICS security
Capabilities are “double-checked” and reviewed
![Page 16: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/16.jpg)
17
THE CYBER ARSENAL
The metals describe resources and resilience across your program, whereas the weapons are how utilities can defend themselves from attackers.
Assess criticality
Link ICS security to cr it ical processes, systems, and devices
Segments & ZonesInvest in strong per imeters around the crown jewels
Hunt evil…
Log and monitor across both IT & OT environments
Incident Response
Build and tra in incident response and recovery teams
"Your enemy cares not that the maintainer of an Internet-
connected server left 10 years ago."
@SunTzuCyber
![Page 17: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/17.jpg)
Assess where you are Roadmap where you are headedBuild organically
§ Map back to crit ical ity and impacts.
§ Talk in terms of business risk.
§ Roadmaps help address current gaps and bui ld budgets.
§ Be honest. Brutal ly so.§ Think about processes,
people, and technology§ Include discussions about
things l ike “the lotto winner” or executive engagement.
§ Do you have a champion?§ Can you scale a team?§ Can you effectively use
your tools?
What metal is right for your program?
![Page 18: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/18.jpg)
What metal is right for your program?
![Page 19: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/19.jpg)
What metal is right for your program?
![Page 20: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/20.jpg)
What metal is right for your program?
![Page 21: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/21.jpg)
What standard is right for your program?
IDEN
TIFY
PRO
TEC
T
DET
ECT
RES
PON
DR
ECO
VER
![Page 22: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/22.jpg)
HOW...?
WE USED AMATURITY MODEL
23
![Page 23: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/23.jpg)
24
The ICS Security Crucible is applying standards & maturity models
across business units, with executive support.
…so how do we get there?
![Page 24: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/24.jpg)
And start with literally any standard
26
National Institue ofStandards and TechnologyU.S. Department of Commerce
![Page 25: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/25.jpg)
27
SO WE CAN USETHE RIGHT TOOLS
AWESOME.
![Page 26: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/26.jpg)
28
cru·ci·ble/ˈkro͞osəb(ə)l/
noun:A plan to create and sustain an ICS security program, with governance and executive support, based on industry-accepted standards.
Roadmap the destination
Make an honest evaluation of where you are & where you are headed
Find (or be) a champion
Management, IT, OT, legal , HR– you are not a lone.
Adopt ICS standards
ICS security needs to be “how we do business,” not “that weird thing over in the corner.”
![Page 27: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/27.jpg)
PREVENTION IS IDEAL.DETECTION IS A MUST.*
*detection without response, however, is of little value
![Page 28: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/28.jpg)
Dragos’ Year in Review provides insights and lessons learned from our team’s first-hand experience hunting, combatting, and responding to ICS adversaries throughout the year.
Provides an analysis of ICS-specific vulnerabilities and discusses impacts, risks, and mitigation options for defenders
ICS VULNERABILITIES REPORT
Provides insights on the state of ICS cybersecurity, the latest trends and observations of ICS-specific adversaries, and proactive defensive recommendations.
ICS THREAT LANDSCAPE REPORT
Provides a synopsis of trends observed within the industry and lessons learned from Dragos’ proactive and responsive service engagements
LESSONS LEARNED FROM THE FRONT LINES REPORT
30
![Page 29: INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY … · 14 cru·ci·ble /ˈkro͞os əb(ə)l/ noun: a ceramic or metal container in which metals or other substances may be melted or subjected](https://reader033.vdocuments.mx/reader033/viewer/2022051909/5ffe11495b2f6e1e9f478d8c/html5/thumbnails/29.jpg)
THANK YOU
@jdchristopherlinkedin.com/in/jdchristopher