monitoring the evolving threat landscape...2019/04/03 · 4 emerging threat landscape more active...
TRANSCRIPT
![Page 1: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/1.jpg)
www.encs.eu
Smart Grid Technical Forum
28th March 2019
Monitoring The Evolving Threat Landscape
![Page 2: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/2.jpg)
The European Network for Cyber Security (ENCS) is a non-profit organization thatbrings together critical infrastructure stakeholders and security experts to deploysecure European critical energy grids and infrastructure.
European Network for Cyber Security
![Page 3: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/3.jpg)
Emerging Smart Grids
![Page 4: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/4.jpg)
www.encs.eu 4
Emerging Threat Landscape
More Active Threat Actors
More InterconnectivityMore Standards
More Automated Attacks/ Artificial Intelligence
More Computing Power* and Better Tools
More Targeted Attacks
(Qua
ntum
Com
putin
g*)
![Page 5: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/5.jpg)
www.encs.eu 5
Security Experts at Grid Operators Know the Vulnerabilities
Source: SANS 2016 State of ICS Security Survey
SANS Survey: Control System Components considered risk for compromise?
![Page 6: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/6.jpg)
www.encs.eu 6
Attackers Also Know the Vulnerabilities
ICS-CERT Advisory (ICSA-17-187-03C)
![Page 7: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/7.jpg)
www.encs.eu 7
Exploits Are In Public Domain
![Page 8: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/8.jpg)
www.encs.eu 8
But Who Would Want to Exploit these Vulnerabilities
to Attack the Grid?
![Page 9: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/9.jpg)
www.encs.eu 9
Classes of Attackers
Script kiddies• Stereotype teenage
hacker• Intends no real
damage, but may cause it unintentionally
Researchers / Journalists• Show what’s possible• Like a good story
Hacktivists• Deface websites• Cause bad publicity
Opportunistic Criminals• Target IT, but may hit
OT• Just sending spams• Ransomware
Criminals targeting OT• Extortion• Could work for
terrorists of nation states
Disgruntled Employees• Taking revenge• Selling information on
the black market
Nation State Actors• Strategic assets• Espionage• Sabotage
Terrorists• May be interested in
causing power outage
Untargeted / opportunistic attackers
Targeted / determined attackers
![Page 10: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/10.jpg)
www.encs.eu 10
Cyber Meter Fraud
Bad Architectures Using Bad Protocols
Ukraine Incidents
PLC Malware
Targeted Malware for Energy Sector
Malware now knowsIndustrial Control Systems
ICS Actively Targeted
OT Threat Development
Malware As A Service(MaaS)
Increasing APTs
![Page 11: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/11.jpg)
www.encs.eu 11
Are we keeping up?
• Increasing nation state actor activity• Criminals get business models working• Fast development and distribution of malware
![Page 12: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/12.jpg)
www.encs.eu 12
How To Reduce The Risks
![Page 13: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/13.jpg)
www.encs.eu 13
Countermeasures
Prevention Response
Policies & Procedures
• Implement OT security policies and procedures
• Make employees aware of security risks• Enable information sharing
• Create an ISMS (ISO 27001)• Set up a Security Operations Center (SOC)• Be ready to respond to incidents, and
recover normal operations
SystemArchitecture
• Protect the perimeter of the OT domain• Validate with penetration tests
• Risk assess crown jewels• Risk based use cases
Components • Procure secure devices with good requirements
• Harden operational devices• Validate with lab tests
• Active or passive sensors• Use of honeypots and IDS• Accurate CMDB
![Page 14: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/14.jpg)
www.encs.eu 14
European Regulatory Perspective
• NIS Directive (effective May 2018)• Cybersecurity act
• New permanent mandate ENISA• European cybersecurity certification framework
for ICT products and services
• Network Code Cybersecurity• Harmonized Cybersecurity Baseline across the European Union• Advanced Cybersecurity Implementation for Operator of Essential Services• Supportive Elements for the Network Code on Cybersecurity
![Page 15: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/15.jpg)
www.encs.eu 15
ENCS helps its members solve cyber security challenges in the development and operation of smart grids across Europe
Research
Collaboration projects Testing Training
Information & Knowledge
sharing
Collaborative Approach to Capacity Building
![Page 16: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/16.jpg)
www.encs.eu 16
Threat Monitoring Focus
• What do we need to know/what are we looking for?• Analysis and interpretation of events• SOC development• Intrusion detection technology
![Page 17: Monitoring The Evolving Threat Landscape...2019/04/03 · 4 Emerging Threat Landscape More Active Threat Actors More Interconnectivity More Standards More Automated Attacks/ Artificial](https://reader033.vdocuments.mx/reader033/viewer/2022052014/602af1430b84c35853011943/html5/thumbnails/17.jpg)
www.encs.eu 17
Collaboration and Resource Sharing
• Collaboration focus on• Getting technology in control• Closing the skills gap• Information & knowledge sharing
• Security Community Building• Policy• Architecture• Operations
www.encs.eu 17