+ All Categories
Home > Technology > What's the Big Deal with Assessing ICS/SCADA?

What's the Big Deal with Assessing ICS/SCADA?

Date post: 15-Apr-2017
Category:

Technology
Upload: jim-gilsinn
View: 233 times
Download: 0 times
Download Report this document
Share this document with a friend
18
What’s the Big Deal with Assessing ICS/SCADA?
Transcript
Page 1: What's the Big Deal with Assessing ICS/SCADA?

What’s the Big Deal with Assessing ICS/SCADA?

Page 2: What's the Big Deal with Assessing ICS/SCADA?

Jim Gilsinn

• 4 Years Senior Investigator, Kenexis Consulting

• 20 Years Electronics Engineer, NIST Engineering Lab

• Got my first certification less than a year ago

• @JimGilsinn

[email protected]

mailto:[email protected]
Page 3: What's the Big Deal with Assessing ICS/SCADA?

Why Am I Here?

• ICS/SCADA systems are an extension of IT systems

• ICS/SCADA systems are being connected to IT systems

• ICS/SCADA systems don’t behave like IT systems

• ICS/SCADA systems are now being scrutinized

Page 4: What's the Big Deal with Assessing ICS/SCADA?

Traditional ICS/SCADA• ICS = Industrial Control Systems• DCS = Distributed Control Systems• SCADA = Supervisory Control And Data Acquisition

Page 5: What's the Big Deal with Assessing ICS/SCADA?

Non-Traditional ICS/SCADA or “Control Systems”• Building automation systems• Heating, ventilation, and air conditioning (HVAC) systems• Energy monitoring & conservation systems• Fire monitoring & suppression systems• Physical security systems• Traffic monitoring & control systems• Sensor networks

Page 6: What's the Big Deal with Assessing ICS/SCADA?

If You Live Here…

Page 7: What's the Big Deal with Assessing ICS/SCADA?

If You Live Here…

Page 8: What's the Big Deal with Assessing ICS/SCADA?

If You Live Here…

Page 9: What's the Big Deal with Assessing ICS/SCADA?

If You Live Here…

Page 10: What's the Big Deal with Assessing ICS/SCADA?

If You Live Here…

Page 11: What's the Big Deal with Assessing ICS/SCADA?

What Do A Lot Of Assessors Do?

• Discover ICS/SCADA systems inadvertently!

• Knock things over accidentally!

• Avoid them like the plague!

• There is a better way!

Page 12: What's the Big Deal with Assessing ICS/SCADA?

Understand the Risks

Page 13: What's the Big Deal with Assessing ICS/SCADA?

Understanding the Risks

• Talk to the customer!

• Very few assessment steps have a “Crater Factor”

• Most problems lead to system downtime

• Unplanned downtime is real $$$

Page 14: What's the Big Deal with Assessing ICS/SCADA?

Determine What The Customer REALLY Wants

• Passive Network Assessment

• Vulnerability Assessment

• Penetration Test

Page 15: What's the Big Deal with Assessing ICS/SCADA?

Figure Out How To Tailor Tools For Use

• Most are IT tools tailored for ICS/SCADA

• Slow things down

• Don’t be aggressive

• Second guess the tools

Page 16: What's the Big Deal with Assessing ICS/SCADA?

Questions To Ask – Pre-Engagement

• PPE = Personal Protective Equipment?

• Safety training?

• Can we actually plug in?

• Logistics of communication?

• Where/how are we allowed to store data?

Page 17: What's the Big Deal with Assessing ICS/SCADA?

Questions To Ask – During Engagement

• What are the risks?

• Walk-down?

• Will someone be monitoring the system?

• How do we report thing?

Page 18: What's the Big Deal with Assessing ICS/SCADA?

Questions• Jim Gilsinn• @JimGilsinn• [email protected]

mailto:[email protected]

Recommended
SCADA introduction - Poznań University of Technology · Introduction – What is SCADA? SCADA vs. ICS/DCS vs. PLC Term spaghetti: • Industrial Control System (ICS) - a contender

SCADA introduction - Poznań University of Technology · Introduction – What is SCADA? SCADA vs. ICS/DCS vs. PLC Term spaghetti: • Industrial Control System (ICS) - a contender

Documents

Communication network dependencies for ICS/SCADA Systems · ICS/SCADA systems security 50 Monitoring, maintenance and mitigation process 52 Contracting with network operators 52 Authentication

Communication network dependencies for ICS/SCADA Systems · ICS/SCADA systems security 50 Monitoring, maintenance and mitigation process 52 Contracting with network operators 52 Authentication

Documents

Mechanics of an ICS/SCADA Man-In-The-Middle Attack

Mechanics of an ICS/SCADA Man-In-The-Middle Attack

Technology

ICS/SCADA SECURITY TESTING AND CERTIFICATION

ICS/SCADA SECURITY TESTING AND CERTIFICATION

Documents

ICS/SCADA Attack Detection 101 · proto, non-whitelisted function codes, serial function code use on non-serial devices etc. Known ICS/SCADA malware. Signatures associated with known

ICS/SCADA Attack Detection 101 · proto, non-whitelisted function codes, serial function code use on non-serial devices etc. Known ICS/SCADA malware. Signatures associated with known

Documents

What's Next for RTU2020 & Experion SCADA - Honeywell · What's Next for RTU2020 & Experion SCADA ... IEC 61850 SCADA Interface, update ... No Slide Title Author: dbottig Subject

What's Next for RTU2020 & Experion SCADA - Honeywell · What's Next for RTU2020 & Experion SCADA ... IEC 61850 SCADA Interface, update ... No Slide Title Author: dbottig Subject

Documents

SOC and ICS/SCADA Security

SOC and ICS/SCADA Security

Internet

ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) [email protected] STERGIOS KOLIOS [email protected] ICS-CSR CONFERENCE

Documents

SCADA/ICS › FTP_files › SCADAandICSLabJuly2015.pdf · SCADA and DCS systems. The two acronyms SCADA/ICS stand for “Supervisory Control and Data Acquisition” (SCADA) and “Industrial

SCADA/ICS › FTP_files › SCADAandICSLabJuly2015.pdf · SCADA and DCS systems. The two acronyms SCADA/ICS stand for “Supervisory Control and Data Acquisition” (SCADA) and “Industrial

Documents

ICS/SCADA Attack Detection 101 - Securonix · 2019-08-06 · Blackenergy* - Some Relevant high-level attack #RSAC techniques/behaviors - Highlights 11 *** No ICS/SCADA protocol or

ICS/SCADA Attack Detection 101 - Securonix · 2019-08-06 · Blackenergy* - Some Relevant high-level attack #RSAC techniques/behaviors - Highlights 11 *** No ICS/SCADA protocol or

Documents

Independent Study Pinpoints Significant SCADA/ICS ... · 3 REPORT: INDEPENDENT STUDY PINPOINTS SIGNIFICANT SCADA/ICS CYBERSECURITY RISKS EXECUTIVE SUMMARY Many businesses and government

Independent Study Pinpoints Significant SCADA/ICS ... · 3 REPORT: INDEPENDENT STUDY PINPOINTS SIGNIFICANT SCADA/ICS CYBERSECURITY RISKS EXECUTIVE SUMMARY Many businesses and government

Documents

A modern approach to safeguarding your ICS and SCADA systems

A modern approach to safeguarding your ICS and SCADA systems

Software

SCADA and Industrial Control Systems (ICS) …...Palo Alto Networks ® next-generation security platform can be used to protect SCADA and ICS networks in a range of critical infrastructure

SCADA and Industrial Control Systems (ICS) …...Palo Alto Networks ® next-generation security platform can be used to protect SCADA and ICS networks in a range of critical infrastructure

Documents

Who's Really Attacking Your ICS Equipment?€™s Really Attacking Your ICS Equipment? | 4 Internet-Facing ICS/SCADA Systems, Why So Insecure? Disturbing evidence recently surfaced

Who's Really Attacking Your ICS Equipment?€™s Really Attacking Your ICS Equipment? | 4 Internet-Facing ICS/SCADA Systems, Why So Insecure? Disturbing evidence recently surfaced

Documents

ICS/SCADA Top 10 Most Dangerous Software Weaknesses

ICS/SCADA Top 10 Most Dangerous Software Weaknesses

Documents

Internet connected ICS/SCADA/PLC

Internet connected ICS/SCADA/PLC

Technology

An Update on the Threat Landscape for ICS and SCADA Systems · An Update on the Threat Landscape for ICS and SCADA Systems. 2 ... (OPC UA) has the potential to unite protocols for

An Update on the Threat Landscape for ICS and SCADA Systems · An Update on the Threat Landscape for ICS and SCADA Systems. 2 ... (OPC UA) has the potential to unite protocols for

Documents

Developing Cyber Forensics for SCADA Industrial Control ...d.researchbib.com/f/5nZwD5ZQVhpTEz.pdf · SCADA, ICS, Cyber Forensics, Cyber Security 1. INTRODUCTION . Industrial Control

Developing Cyber Forensics for SCADA Industrial Control ...d.researchbib.com/f/5nZwD5ZQVhpTEz.pdf · SCADA, ICS, Cyber Forensics, Cyber Security 1. INTRODUCTION . Industrial Control

Documents