This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
8/20/2015
1
Protecting Critical Infrastructure
in the Design-Build Framework
…A Focus on Cybersecurity
Chuck McGregor, CISM
VP, Parsons Converged Security Team
Overview
Owner-Operator Pressures
View: Converged Security
Update: Cybersecurity Threats
Security in the Engineering Process
Call to Action
2ITAR CM.01.2014
8/20/2015
2
Owner-Operator Pressures
Resources
Operational Effectiveness
Environmental Efficiency
Regulatory Compliance
Converged
SECURITY
ITAR CM.01.2014 3
Converged Security – Critical Asset
Protection• Physical Security
– Surveillance Systems
– Access Control Systems
– Anti-trespass Systems
• Cybersecurity
– Operational Technology Security
• Industrial Control Systems
– Endpoint Security
– Configuration Change Management Systems
– Alert Warning Systems
Cyber Threats
• Espionage
• Reconnaissance
• Remote Control
• Disruption of
Critical HW
• ICS Interdiction
• Irreversible
Damage
Cyber Threats
• Espionage
• Reconnaissance
• Remote Control
• Disruption of
Critical HW
• ICS Interdiction
• Irreversible
Damage
ITAR CM.01.2014 4
8/20/2015
3
Cyber Attacks - the Numbers
Source: Symantec Internet Security Threat Report XVIII, April 2013
ITAR CM.01.2014
Source: 2014 Verizon Cybersecurity Report
5
Critical Infrastructure Attacks on the Rise• Gazprom, Bellingham Gas Pipeline
(1999)
• Maroochy Water System (2000)
• Davis-Besse Nuclear Poser Plant (2003)
• CSX Corporation (2003)
• Tehama Colusa Canal Authority (2007)
• STUXNET (2010)
• Night Dragon (2011)
• Shady RAT (2011)
• DUQU (2011) Flame (2012)
• Aramco-Shamoom (2012)
• Red October (2013)
• Carmel Tunnel (2013)
• Monju Japan Nuclear Plant (2014)
• Havex – Energetic Bear (2014)
6
DHS ICS-CERT reported a 52%
increase in reported attacks in 2012.
2013 attack number was greater
DHS ICS-CERT reported a 52%
increase in reported attacks in 2012.
2013 attack number was greater
ITAR CM.01.2014
8/20/2015
4
Threat Evolution• Change in Motives
• Sophistication & Intensity
– Viruses � Denial of Service Attacks �Malware Injection
– Advanced Persistent Threats (APTs)
• Scope Evolution – the main targets are changing…
– Military � Gov’t Actors � Defense Contractors �
– Critical Infrastructure Owners/Operators
• We are in a “New Era” of Cyber Warfare
ITAR CM.01.2014 7
Focus on ICS/SCADA Systems
8
8/20/2015
5
Cri#cal Infrastructure Defined −
SCADA/ICS Drill-Down
• Industrial Control Systems (ICS) refer to a broad
array of control systems
– SCADA (Supervisory Control and Data Acquisition)
– BMS (Building Management Systems)
– DCS (Distributed Control Systems)
– PCS (Process Control Systems)
– EMS (Emergency Management Systems)
– AS (Automation Systems)
– SIS (Safety Instrumented Systems)
– HMI (Human Machine Interface)
ITAR CM.01.2014 9
SCADA System Vulnerabilities
• Aged Technology
• Low Sophistication
• Extremely Sensitive
• Increasingly Connected to Enterprise Systems
• Increasingly Windows™ based
• Operational Mindsets– Operations and Downtime
– Competition for Investment Resources
• Increase in RF Technology Connectivity
ITAR CM.01.2014 10
8/20/2015
6
Steps to Secure Critical Asset ICS1. Lock your PLC Closets and Server Rooms!
2. Disable internet access to trusted resources
3. Maintain trusted resources at latest patch levels
4. Require two-factor combinations for all systems
5. Control contractor access
6. Use network segmentation
7. Forbid ICS protocols on corporate networks
8. Implement external media lockdown
9. Follow a standard (NIST 800-52)
10. Red Team often / Exercises
ITAR CM.01.2014 11
Focus on the Impact of Building
Information Modeling (BIM)
12
8/20/2015
7
13
Steps to Secure the Engineering Process1. Solution design � Ops & Maintenance
� Decommissioning
2. Organization, structure of data, securing the data
– Impact of Building Information Modeling (BIM data)
3. Securing communications with contractors - encryptions