Webinar - Reducing the Risk of a Cyber Attack on Utilities

50 %
50 %
Information about Webinar - Reducing the Risk of a Cyber Attack on Utilities

Published on March 16, 2016

Author: WPICPE

Source: slideshare.net

1. Reducing the Risk of a Cyber Attack on Utilities Jim Girouard, Sr. Product Development Manager Corporate and Professional Education

2. About WPI  Fully accredited, non-profit, top quartile national university*  Founded in 1865 to teach both “Theory and Practice”  Robust Computer Science, Power Systems Engineering and Business Departments  DHS/NSA Designated Center of Excellence in Information Security Research *U.S. News and World Report

3. Today’s Dialogue – Cybersecurity Education Outline: – The Growing Menace – New vulnerabilities due to Smart Grid Technology – National Framework for Cybersecurity Workforce Education – Essentials of a cyber security education program – How to craft a customized education program – Discussion

4. Bushehr Nuclear Facility - Iran

5. Bushehr Centrifuges

6. Stuxnet

7. Stuxnet • Infiltrates Microsoft Windows OS to infect SCADA Systems

8. Stuxnet • Infiltrates Microsoft Windows OS to infect SCADA Systems • A Virus, Worm and Trojan

9. Stuxnet • Infiltrates Microsoft Windows OS to infect SCADA Systems • A Virus, Worm and Trojan • Evades Detection. Erases its path as it jumps to next system

10. Stuxnet • Infiltrates Microsoft Windows OS to infect SCADA Systems • A Virus, Worm and Trojan • Evades Detection. Erases its path as it jumps to next system • Disables Safety systems

11. Stuxnet • Infiltrates Microsoft Windows OS to infect SCADA Systems • A Virus, Worm and Trojan • Evades Detection. Erases its path as it jumps to next system • Disables Safety systems • Utilizes “Man in the Middle” Attack Strategy

12. Stuxnet • Infiltrates Microsoft Windows OS to infect SCADA Systems • A Virus, Worm and Trojan • Evades Detection. Erases its path as it jumps to next system • Disables Safety systems • Utilizes “Man in the Middle” Attack Strategy • Once it infects SCADA PLCs it waits, observes then acts

13. Stuxnet • Infiltrates Microsoft Windows OS to infect SCADA Systems • A Virus, Worm and Trojan • Evades Detection. Erases its path as it jumps to next system • Disables Safety systems • Utilizes “Man in the Middle” Attack Strategy • Once it infects SCADA PLCs it waits, observes then acts • Returns recording of normal operation to operators

14. Stuxnet • Infiltrates Microsoft Windows OS to infect SCADA Systems • A Virus, Worm and Trojan • Evades Detection. Erases its path as it jumps to next system • Disables Safety systems • Utilizes “Man in the Middle” Attack Strategy • Once it infects SCADA PLCs it waits, observes then acts • Returns recording of normal operation to operators • Successfully destroyed ~1,000 centrifuges.

15. Stuxnet • Infiltrates Microsoft Windows OS to infect SCADA Systems • A Virus, Worm and Trojan • Evades Detection. Erases its path as it jumps to next system • Disables Safety systems • Utilizes “Man in the Middle” Attack Strategy • Once it infects SCADA PLCs it waits, observes then acts • Returns recording of normal operation to operators • Successfully destroyed ~1,000 centrifuges. 30% of capacity • Source code available on web for $150K

16. BLACK ENERGY

17. Black Energy PowerSource • Also a Virus, Worm and Trojan • Reported in October 2014 but could have been around in 2011 • Suspected Country of Origin: Russia • Infects Human-Machine Interfaces including: GE Cimplicity, Seimens WinCC and Advantech/Broadwin WebAccess • Attempts to damage, modify, or otherwise disrupt the victim systems’ control processes • Modular and difficult to detect

18. ICS-CERT 2014 Annual Report • 245 Incidents Reported, including: – Unauthorized access and exploitation of internet facing SCADA – Exploitation of zero-day vulnerabilities – Infections within “air gapped” control networks – SQL injection and exploitation – Network Scanning – Watering hole attacks – Spear-phishing campaigns

19. Attacks by Sector

20. Smart Grid Field Area Networks (FAN) Patrick Grossetete, Cisco

21. Attack Strategies on Utilities Physical Attack Cyber Attack

22. Anatomy of a Sophisticated Cyber Attack Domain Knowledge Physical Attack Cyber Attack

23. Anatomy of a Sophisticated Cyber Attack Domain Knowledge Physical Attack Cyber Attack

24. “There are two types of companies. Those that have been attacked and those that don’t know it yet” Scott Aaronson, Senior Director Edison Electric Institute

25. All Other Personnel MIS & IT Professionals Resiliency via secure software design Resiliency via several barrier defense strategies Intrusion Detection ForensicsSoftware Engineers Cyber Defense Roles to prevent, detect and effectively respond Human Firewall Training Executive Response Training Graduate Cyber-CS Education Certifications, Professional Development & Graduate Cyber- CS Education

26. Scenario: A USB drive in the grass

27. What it looks like to the typical finder

28. What it represents to your network

29. The National Cybersecurity Workforce Framework* 30 * http://csrc.nist.gov/nice/framework/ • Issued by the National Initiative for Cybersecurity Education (NICE) • Provides a common lexicon for cybersecurity work. • A collaboration of federal agencies, academia and general industry. • Constructed of “Categories” and “Specialty Areas” to group similar types of work. • Provides tasks, knowledge, skills, and abilities (tKSAs) within each area. • Version 2.0 is currently being drafted

30. http://csrc.nist.gov/nice

31. National Cybersecurity Workforce Framework 32 Category Securely Provision Operate and Maintain Protect and Defend Investigate Collect and Operate Analyze Oversight and Development

32. National Cybersecurity Workforce Framework 33 Category Specialty Areas Include: Securely Provision Systems Security Architecture Secure Acquisition Software Assurance and Security Engineering Test and Evaluation Systems Development Operate and Maintain System Administration Network Services Systems Security Analysis Protect and Defend Incident Response Computer Network Defense Analysis Vulnerability Assessment and Management Investigate Digital Forensics Cyber Investigation Collect and Operate Federal Government Role Collection Operations Cyber Operations and Planning Cyber Intelligence Exploitation Analysis / Targets / Threat AnalysisAnalyze Oversight and Development Legal Advice and Advocacy Security Program Management Strategic Planning and Policy Development Training, Education and Awareness Knowledge Management

33. DHS Cyber Security Evaluation Tool

34. What to Look For: Academic Partner

35. What to Look For: Accreditations Computer Science Engineering Business Whole University

36. What to Look For: Domain Knowledge For example, at WPI:  NSA/DHS Designated Center of Excellence  Core Faculty Performing Current Research • Trusted Computing Platforms • Algorithms & Architectures for Cryptography • Analysis of Access-Control and Firewall Policies • Wireless Network Security • Cyber-Physical System Security  Power Systems Engineering – Utility technology, systems, equipment & culture

37. What to Look For: Program Tailored to Your Needs The Framework is Generic To Maximize Your ROI, your program must be relevant: • Address your unique requirements. • Address SCADA vulnerabilities • Include NERC CIP • Provide utility-based examples/case studies • Be convenient for your students

38. Timeline to a Customized Program The WPI Process: Identify Customer Needs Create Learning Objectives Meet with Executive Sponsor Go/ NoGo

39. Effective Learning Objectives “ As a result of this course, the student will be able to …” Verbs to Use Verbs to Avoid Explain, estimate, design, solve, prepare, detect, assess, determine, infer, illustrate, complete, operate, employ, rank, test, visualize, lead, etc. Appreciate, Understand, Learn, Cover, Believe, Study, Comprehend, etc.

40. The WPI Process: Identify Customer Needs Create Learning Objectives Select Instructor(s) Meet with Executive Sponsor Select Best Delivery Method Develop Customized Curriculum Launch Pilot Program Assign Dedicated Support Team Survey Students Mid End Evaluate Surveys with Sponsor Go/ NoGo Timeline to a Customized Program

41. Courses Customized for the Power Industry Computer and Network Security Including SCADA Protection and NERC CIP Standards Operations Risk Management Focus on Social Media Phishing and Embedded Malware Risks Case Studies in Computer Security Including Power Industry Examples

42. A Custom Graduate Cybersecurity Program Framework Category Courses Securely Provision Computer and Network Security Software Security Design and Analysis Operate and Maintain Computer and Network Security Protect and Defend Intruder Detection Investigate Digital Forensics Collect and Operate Government Role - Not in Program Analyze Oversight and Development Operations Risk Management Case Studies in Computer Security Modeled after The National Cybersecurity Workforce Framework

43. In Summary

44. “There are known knowns, things we know that we know; and there are known unknowns, things that we know we don't know. But there are also unknown unknowns, things we do not know we don't know.” - Donald Rumsfeld

45. “There are known knowns, things we know that we know; and there are known unknowns, things that we know we don't know. But there are also unkown unknowns, things we do not know we don't know.” - Donald Rumsfeld

46. In Summary Attack Mode Counter Measures • Maintain Robust Cyber Security Infrastructure • Maintain Physical Security Measures (NERC CIP) • Continue Secure Process Training (Human Firewall) known knowns known unknowns unknown unknowns

47. In Summary Attack Mode Counter Measures • Maintain Robust Cyber Security Infrastructure • Maintain Physical Security Measures (NERC CIP) • Continue Secure Process Training (Human Firewall) • Evaluate Penetration Testing Results • Perform Cyber Security Gap Analysis (DHS CSET) • Practice Supply Chain Cyber Risk Management • Stay Informed on Evolving Vulnerability Assessments known knowns known unknowns unknown unknowns

48. In Summary Attack Mode Counter Measures • Maintain Robust Cyber Security Infrastructure • Maintain Physical Security Measures • Continue Secure Process Training (Human Firewall) • Conduct Penetration Testing & Analysis • Perform Cyber Security Gap Analysis (DHS CSET) • Practice Supply Chain Cyber Risk Management • Stay Informed on Evolving Vulnerability Assessments • Prepare for “the day after” • Perform Incident Response and Analysis - Forensics • Develop Systems Behavior Modeling • Invest in Continuing Education known knowns known unknowns unknown unknowns

49. Discussion What do you think?

50. Thank you 51

Add a comment

Related pages

Hacking Gets Physical: Utilities At Risk For Cyber Attacks ...

I track the world’s wealthiest people as part of the Forbes ... Utilities At Risk For Cyber Attacks. ... of a cyber attack on a ...
Read more

CyberWebinars - Information Technology - Information ...

View Archived CyberWebinars Webinar FAQs. ... impact associated with targeted cyber attacks; ... to solve their most complex cyber risk and security ...
Read more

[Webinar Series] The Challenging World of Cybersecurity

... on ways to reduce the risk of operational cyber-attacks on industrial control systems at utilities. The third webinar is more tactical with ...
Read more

Cyber Risk | Aon

... data security and cyber risk ... and an overview how cyber insurance solutions. Webinars. ... Aon Retail Cyber Risk and Solutions. Aon Utility Cyber ...
Read more

Report: The Trillion-Dollar Risk Of A Cyber Attack On U.S ...

... about managing cyber security risks. “Cyber attacks are ... governments and utilities lately as more ... FORBES. The One ...
Read more

Power Webinars | ABB

POWER WEBINARS; United States of ... grid is struck by a cyber or physical attack. ... 2014 electric utilities reported 348 physical attacks that caused ...
Read more

BCI webinar: What if cyber defence fails?

BCI webinar: What if cyber defence fails? This presentation compares the Cyber Program with the well ... Analysis can be used when a cyber-attack o ...
Read more

Cyber security guidance for business - Publications - GOV.UK

... including the 10 steps to cyber security. ... with the intention of avoiding all risks and following the ... on common cyber attacks 5 ...
Read more