Uploaded byBGA Cyber Security
Critical Infrastructure Protection from Terrorist Attacks
Candan Bölükbas presented information on critical infrastructure protection from terrorist attacks. The document discussed supervisory control and data acquisition (SCADA) systems and industrial control systems (ICS), noting key differences from traditional IT security including more severe impacts of failures, difficulty patching old systems, and additional threat vectors. It also outlined ICS security requirements, common threat agents targeting ICS like organized crime and nation-states, and the need for continuous security assessments given frequent vulnerabilities.
In this document
Powered by AI
Overview of Critical Infrastructure Protection focusing on terrorist attack prevention.
Introduction of Candan BÖLÜKBAŞ, detailing their credentials and experience in cybersecurity.
Explanation of SCADA systems and their applications in various industrial sectors.
Comparison of Industrial Control Systems (ICS) security with traditional IT security highlighting significant differences.
Description of Safety Instrumented Systems (SIS) and their role in operational safety within ICS.
Discussion on the increasing vulnerabilities in ICS with a 161% rise in the previous year.
Estimates of connectivity growth among ICS devices, predicting 7 billion by 2020.
Distinct security considerations for ICS, including performance and risk management aspects.
Profiles of various threat agents targeting ICS, including organized crime, espionage, and terrorism.
Profiles of various threat agents targeting ICS, including organized crime, espionage, and terrorism.
Profiles of various threat agents targeting ICS, including organized crime, espionage, and terrorism.
Profiles of various threat agents targeting ICS, including organized crime, espionage, and terrorism.
Profiles of various threat agents targeting ICS, including organized crime, espionage, and terrorism.
Profiles of various threat agents targeting ICS, including organized crime, espionage, and terrorism.
Insights into the issues relating to incident response in ICS and the risk of collateral damage.
Importance of continuous security scanning in ICS and the inevitability of network breaches.
List of references and resources providing additional information on ICS security topics.
More Related Content
Similar to Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist Attacks
- 1. Critical Infrastructure Protection fromTerrorist Attacks Candan BOLUKBAS BGA Information Security & Consulting NATO's Centre of Excellence Defense Against Terrorism (COE-DAT)
- 2. About me Candan BÖLÜKBAŞ •about.me/bolukbas • METU Computer Eng. • CCNA, CCNP, CEH, CAPT, ITIL, MCP, ECSP, ECIH, CHFI • Enterprise Security Services Manager | Whitehat Hacker • 7-year .Net & Obj-C Developer, 5-year Security Analysts • ex Presidency of the Republic of Turkey Network & Security Admin • [email protected] • @candanbolukbas BGA Information Security & Consulting
- 4. Supervisory Control andData Acquisition (SCADA) “ Process control system (PCS), distributed control system (DCS), and supervisory control and data acquisition (SCADA) are names frequently applied to the systems that control, monitor, and manage large production systems. In 2008, the NIST applied SCADA as industry control systems (ICS), in its landmark publication of NIST 800-82 • Electric Power Generators, • Transportation Systems, • Dams, • Chemical Facilities, • Petrochemical Operations, • Pipelines ”
- 5. Is Industrial ControlSystem Security Different Than Regular IT Security? Comparing techniques, tools, and terminology, ICS security is not entirely different from current IT security. There are differences, however. These differences largely center around the following principles: • ICS security failures impacts are frequently more severe and immediate. • ICS security can be more difficult to manage: old systems that can’t be patched • Cyber threats to an ICS include myriad additional threat vectors, including non- typical network protocols, commands that cannot be blocked due to safety or production issues • Conventional protections such as antivirus or firewall that may not be able to be utilized • No luxury of development and test environments.
- 6. ICS Compared toSafety Instrumented Systems ICS includes safety instrumented systems (SIS), which are specifically hardened ICS elements built for high reliability and associated with failing safe. SIS have functional elements contributing substantially to operational safety and risk management, and often share technical architectures and features with more general purpose ICS. SIS are generally designed with a single purpose in mind: avoiding dangerous situations in the production system by stopping or shutting down processes if unsafe conditions develop.
- 7. What Has Changedin ICS That Raises New Vulnerabilities? “ Recent industrial history has demonstrated that the life cycle of a control system is now between 15 and 30 years. As little as even 15 years ago, network and software security was not a top priority in the control systems environment. 161% increase in vulnerabilities over the prior year! ”
- 8. So what? “ Someanalysts estimated that 20% of all IP-enabled devices in existence today are ICS devices. This number of connected devices (versus people via PC and laptops) is expected to grow dramatically with a compound growth rate of 40% from 2015 to 2020—reaching as much 7 billion devices by that time and completely outnumbering people-oriented connections. ”
- 9. REQUIREMENT DESCRIPTION Performance ICSare generally time critical; neither delay nor jitter is acceptable. Availability Unexpected outages of systems that control industrial processes are not acceptable. Risk Management For an ICS, human safety and fault tolerance are the primary concerns. Architecture Security Focus For ICS, edge clients need to be carefully protected since they are directly responsible for controlling the end processes. Physical Interaction All security functions integrated into the ICS must be tested to prove that they do not compromise normal ICS functionality. Time-Critical Responses For some ICS, automated response time or system response to human interaction is very critical System Operation Software and hardware applications are more difficult to upgrade in an operational control system network Distinct ICS Security Requirements and Sensitivity
- 10. ICS Threat Agents THREATAGENT PROFILE TARGETED ASSETS Professional bot herders Like malware wholesalers. They invest in the development and management of bot herds, and then rent them out to any of the other threat agents. Seek to gain control of devices in order to repurpose them on demand and rent or sell the herd to any and all of the other agents Last year, a family of malware known as BlackEnergy had infected unknown numbers of internet-facing ICS sites. Machines from Siemens, Advantech, and GE had all been compromised.
- 12. ICS Threat Agents THREATAGENT PROFILE TARGETED ASSETS Organized Crime Gangs and crime syndicates, engaged in debit and card fraud, now find that chip-based technology is forcing them online for better returns. Personal identity information for identity theft and multiple forms of fraud.
- 15. ICS Threat Agents THREATAGENT PROFILE TARGETED ASSETS Industrial espionage Mercenary type entities hired to target specific corporate assets and industries. Intellectual property, financial, and production information, plans, and strategies.
- 17. ICS Threat Agents THREATAGENT PROFILE TARGETED ASSETS Foreign intelligence services / nation- states State-sponsored entities, possibly paramilitary, usually operating from identifiable networks or geographic regions, if you can trace them. National secrets, plans, and strategies, and industrial secrets, plans and strategies.
- 19. ICS Threat Agents THREATAGENT PROFILE TARGETED ASSETS Spammers Specialize in harvesting legitimate e-mail addresses from sources such as Web sites, blogs, social networks, Web mail providers, and any other possible source. Generate massive lists of addresses, both real and randomized/guessed to send junk e-mail (spam). Individuals who will either buy (semi)legitimate products, submit to fraudulent transactions, identity theft, or pyramid schemes, or fence stolen goods.
- 20. ICS Threat Agents THREATAGENT PROFILE TARGETED ASSETS Phishers In close effort with spammers, phishers attempt to attract individual users to Web sites loaded with malicious software in order to compromise the user devices once they connect to a Web site, and gain access to contents or make them into bots. Individual fraud and identity theft, industrial espionage as described above, and public sector entities for national security assets.
- 22. ICS Threat Agents THREATAGENT PROFILE TARGETED ASSETS Activists and terrorists Ideologically motivated entities typically without the resources to develop exploits independently but with enough resources to hire compromised devices from herders or leverage off-the-shelf exploit “kits.” Industrial sabotage of assets (physical or logical), public sector entities, and government and military for planning, strategic, or national security secrets.
- 25.
- 26. Collateral Damage The largestgeneralized threat to ICS security is related to collateral damage from systems that have been hi-jacked for the illicit purposes of organized crime and foreign intelligence.
- 27. Why Continuous SecurityScan (CSS) January Automatic and manual penetration testing starts. February Pentest finished. More than 20 vulnerabilities detected. 3 of them are critical, 4 high, 10 medium and rest are low. March Remediation process completed. Critical and high vulnerabilities are fixed. Mid and low vulns are accepted. Mid - March Retesting and confirmation. Now you are safe(!) April 3600 new vulnerabilities discovered. 900 of them are high or critical. April 5+ fraudulent domain registered. May Millions of e-mails, passwords leaked, and hundreds of them are your customers or employees. May New applications and services are deployed. June Are you still safe? t0 t1 Mid - February Remediation process started.
- 28. “ ” Network breaches areno longer a matter of “if,” but “when.”
- 29. References https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Sep2014-Feb2015.pdf http://www.escortsproject.eu European Committee forStandardization (Comité Européen de Normalisation); https://espace.cern.ch/EuroSCSIE/default.aspx http://sta.jrc.ec.europa.eu/index.php/cip-action-menu?start=10 http://www.first.org http://www.us-cert.gov/GFIRST http://www.us-cert.gov/control_systems/pdf/ICS_CERT Factsheet.pdf http://www.us-cert.gov/control_systems/icsjwg http://www.iee.org http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf http://ieeexplore.ieee.org/iel5/4453837/4453852/04453853.pdf?arnumber=4453853 http://www.qualitylogic.com/Contents/Smart-Grid/Technology/IEEE-1686-2007.aspx http://grouper.ieee.org/groups/sub/wgc6/documents/drafts/P1711%2020Draft%20203%20202008-08-16.pdf http://www.thei3p.org http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf