Certrec , profile picture
Uploaded byCertrec
PDF, PPTX45 views

Power Plants Security Webinar Presentation

The document discusses the vulnerabilities of power plants and utilities to cybersecurity threats, highlighting the importance of strong security measures in the face of increasing risks. It outlines key concerns such as the merging of operational technology (OT) and information technology (IT) networks and emphasizes the need for robust password policies and multi-factor authentication. Action steps are provided for improving cybersecurity awareness and organizational culture to mitigate potential threats.

Download as PDF, PPTX
Why are Plants so Vulnerable? 1 Fas Mosleh Certrec Alliances, Strategic Marketing - Software, cybersecurity, systems executive - Helped develop HP’s Information security business October 2022 Understanding Cybersecurity Threats within Utilities
Mission: Helping utilities be more reliable and secure for a better, safer grid/BES How: SaaS apps and technology to reduce risk of non-compliance for utilities
3 Key Electric Grid Components Digitization Compliance Cybersec
Agenda • The Security Landscape • Why are Power Plants Vulnerable? • Critical Infrastructure Attacks • Examples of What Went Wrong • Action Steps to Take •Q&A
The Security Landscape
6 1 2 3
Security: Industry Importance 2021 State of the Electric Utility Survey of early 500 utility professionals 7 Utility Dive’s most recent State of the Electric Utility Survey named cyber and physical security the most pressing concerns for utilities, with 72% saying it is either “important” or “very important” today. Figure 2 shows the top five power sector issues. Electric power generation, transmission and distribution are part of the utilities sector (NAICS 22). This sector includes all electric generating facilities powered by fossil fuels, including coal, petroleum, or gas as the power source #1 Concern
Security: Where We Are [IMMINENT THREAT] “Clearly, the threat isn’t on the horizon. It’s already on the doorstep.” Source: Siemens @ WEF 8 Cybersecurity attacks on the energy sector = risk for public safety, economy, business operations and the environment Source: West Monroe survey 67% of utility leaders cited cybersecurity as their top concern of their converged IT and OT network. 1,726 electric utility professionals surveyed WW- gas, solar, wind Source: Siemens
Security: Where We’re Going [INCREASED OCCURRENCES] 9 X5 +70% In 4 years Source: Cisco
10 •Trend No. 1: Attack surface expansion Remote work Public cloud More connected supply chains •Trend No. 2: Identity system defense Misuse of credentials is now a primary method •Trend No. 3: Digital supply chain risk Gartner:by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, X3 in 2021. •Trend No. 4: Vendor consolidation Security products converging. Vendors are consolidating security complexity, cut costs and improve efficiency •Trend No. 5: Cybersecurity mesh Deploy and integrate security to assets, on premises, in data centers or in the cloud. •Trend No. 6: Distributed decisions CISO and centralized role will set policy, with cybersecurity leaders placed in different orgs to decentralize security decisions. •Trend No. 7: Beyond awareness Human error features in most data breaches, Traditional approaches to security awareness training superceded by holistic behavior and culture change programs Security: Where We’re Going [TRENDS]
11 Source PWC 2022 Global Digital Trust Insights Survey
Security Landscape: Who & Why [TOP THREAT ACTORS] 12 Who are They? 1) Nations 2) Cybercriminals Why do They Do it? • Creating Havoc •Aggression Threat-Attack-War • Money • Fame • Fun
13
Security Landscape: How They Do it [MALWARE] 14 Disguised as legitimate code or software. • Trojan Replicates and spreads itself • Worm Needs a human to deploy • Virus Uses your trust as a weapon • Phishing emails [Smishing] Malicious Software
15 Using your trust as a weapon Deeper Dive: Phishing Cyber criminals use your trust to easily gain unauthorized access to your assets
16 Deeper Dive: Phishing Example
17 Do the following to reduce the risk • Do not click on ANY link ….until you review the email carefully, taking note of the sender, and the sender’s domain • Is it real? Check the communication carefully and its source/domain • Ask yourself, “how likely is it that xxxxxxx would have asked me to do this?” • Corroborate via non-email. At the slightest suspicion, contact the sender via phone or text to validate it. Do not reply to the email • Ensure your virus/email scanning programs are up to date. Deeper Dive: Phishing Don’t get caught.
Why are Power Plants Vulnerable? Cybersecurity attacks on the energy sector = a way to attack public safety, the economy, and the environment
19 Merging OT and IT networks Authentication weaknesses [Hackers, Devices] Remote access on the increase Slow installation of security updates Why are Power Plants Vulnerable?: MARS Source: Certrec Market Research
20 MARS: Merging OT and IT Networks IT systems Data-centric computing; OT systems Monitor events, processes and real world devices Analog, isolated, discrete Digital, connected, global OT and IT – Closer than ever
21 MARS: Authentication weaknesses Network-accessible devices with weak or default passwords serve as gateways to more critical systems
22 MARS: Remote access on the increase Entry points for hackers have grown due to IoT devices, remote access via VPNs, and smart phones
23 MARS: Slow installation of security updates Reduced or non-dedicated IT means delayed software security patches and update
24 MARS: Threat Impacts
25 Deeper Dive: Passwords Weak passwords, password-sharing raises the risk of security breaches and damages • Passwords are not to be shared or displayed publicly • No default or weak passwords • If the system has been compromised, change passwords immediately • Use a password policy enforcer
Good Passwords are Long, Complex, Hard to Guess 26 Deeper Dive: Passwords
Critical Infrastructure Examples
28 1. 18000 2. 100 3. 320,000 4. 499/F 500 •Russians compromised ~100 companies inc. Microsoft, Intel and Cisco; • plus a dozen government agencies: US Treasury, Justice and Energy departments and the Pentagon. •Hackers compromised SolarWinds' Orion software build via an already-compromised Microsoft Office 365 account. •Backdoors distributed into user networks once tainted Orion updates were installed. Infrastructure Attacks: Solar Winds
29 1. 5500 2. 5M 3. 100 Attackers got into the Colonial Pipeline network through an exposed password for a VPN account, which used the same password for the VPN in another location ( whose password was compromised in a prior breach.) Infrastructure Attacks: Colonial Pipeline
30 Infrastructure Attacks: Ukraine On December 23, 2015, the power grid of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours During the outage, threat actors flooded customer services phone lines with calls to prevent reporting https://www.bbc.com/news/technology-61085480
31 Sandworm hackers deployed Industroyer2 malware against high-voltage electrical sub-stations in Ukraine + other destructive malware like CaddyWiper. Which is being spread around Ukraine, deletes data on infected computer systems. Infrastructure Attacks: Ukraine
Examples: What Went Wrong
33 Stuxnet, is a worm that was designed to target the nuclear capabilities of Iran. It overcomes physical barriers because it spreads by USBs, which creators know will get plugged into the power plant environment. What Went Wrong?: Found USB
34 What Went Wrong?: Found USB [SOLUTIONS] •Free – is probably not free •Culture of always be suspicious because hackers are always finding new ways to get inside •Train employees to not bring in foreign items •NO USB drives allowed – implement strong rules/procedures
35 Physical crash What Went Wrong?: Car Crash
36 What Went Wrong?: Car Crash [SOLUTIONS] •Surveillance cameras with AI •Strengthen the perimeter •Perimeter breach alert system • Leverage Multi-Layer Security
37 What Went Wrong?: Disgruntled Employee
38 What Went Wrong?: Disgruntled Employee
39 Improve access control and deploy integrated employee access controls with system authentication – THEIR ACCESS is removed automatically and immediately on resignation/firing Deploy surveillance with (AI) based image recognition warning system Train the management team to recognize internal threats and speak up ! Cyberlock What Went Wrong?: Disgruntled Employee [SOLUTIONS]
Actions Steps to Take
Actions: What did we learn? 41 Cyberattacks are on the rise Nation threat actors are capable and motivated Ransomware is data kidnapping Basic cybersecurity practices like strong passwords and MFA Training and awareness Patch devices and sw constantly Strengthening perimeters Trends Important It’s not a matter of if but when Culture and procedures
Actions: Learning and Take Aways How to protect against attacks 42 • Strong passwords and policy enforcement • Deploy Multi Factor Authentication • Change employee behaviors • Physical security and surveillance • Enhance or augment IT Stop the invaders Address internal inhibitors
Actions: Learning and Takeaways How to protect against attacks 43 • Strong passwords and policy enforcement • Deploy Multi Factor Authentication • Change employee behaviors • Physical security and surveillance • Enhance or augment IT Stop the invaders Address internal inhibitors • Frequent and protected backups • Access control integrated with authentication and authorization • Operational Technology oversight OT/IT linkage points – identify SPOFs • Encryption across networks, servers, clients • Video surveillance with embedded IP video analytics, motion detection • Penetration testing (physical and cyber across OT and IT) Improve proactivity
44 Password policy enforcement solution e.g. Netwrix PPE (Anixis) MFA (e.g. Duo, Okta, Eset, MS, G) SIEM (e.g. Tripwire ) SoC monitoring Training the staff Gap analysis for OT, IT, Physical = address those gaps Actions: Solutions to Consider Make cybersecurity awareness, prevention, and security best practices a part of your culture. PHYSICAL DATA OT Review the cybersecurity risk plan
45 Actions: Solutions to Consider Certrec CIP Healthcheck at https://www.certrec.com/cip-health-check/
Legit companies – don’t request your sensitive information via email – have links that match legitimate URLs (no hidden hyperlinks) – don’t send unsolicited attachments – don’t force you to their website – know how to spell – know grammar and punctuation – have domain emails 46 Is the logo off? Is the grammar or punctuation off? Is the spelling poor? Did they include a link or an attachment? Did they ask for sensitive info? Are the links genuine or come with hidden links Are the emails using a company domain? Anything else? Actions: Phishing - Things to Communicate/ Check
47 Actions: Resources • Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Video: Why Big Tech Wants You To Ditch Your Password - https://youtu.be/faU_d7DqoiY Why MFA? https://www.okta.com/resources/whitepaper-security-built-to-work-outside-the-perimeter-v2 How to address cybersecurity in the energy sector (McKinsey) https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-energy-sector-threat-how-to- address-cybersecurity-vulnerabilities Cyber security for Utilities: https://www.certrec.com/resources/white-papers-presentations/cyber-security- critical-infrastructure-threats-and-examples-white-paper-presentation/ NERC CIP: https://www.certrec.com/resources/white-papers-presentations/white-paper-the-importance- of-critical-infrastructure-protection-in-the-energy-sector/
Conclusions 48 Cyber threats are on the rise Be informed and implement simple measures Expect the unexpected and plan aggressively Prevent damage by reducing the chances of a breach (to facility and BES)
Q & A
Thank you Linkedin Certrec @Certrec Twitter Fas Mosleh MSEE BS Physics ARCS Certrec Corporation Office: 817-738-7661 www.RegSource.us On-demand help at www.CertrecSaaS.com Critical infrastructure checkup at NERC CIP Healthcheck Marketing@Certrec.com to get a copy of the presentation

More Related Content

PPTX
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...
byCertrec
 
PDF
Cybersecurity | Risk. Impact. Innovations.
byVertex Holdings
 
PPTX
CyberSecurity SONI CHANDAN TEACHER TRAINING MATERIALS
bySoniChandan
 
PPTX
CyberSecurity presented by satyam Siddharth university
bysatyamsahani184
 
PDF
Cyber security white paper final PMD 12_28_16
byDave Darnell
 
PDF
CyberSecurityConclaveAtVigyanBhavanDelhi_1.pdf
bygejamienterprises
 
PPTX
Cybersecurity All information and topic wise
byparthpatelm1342
 
PDF
Toward Continuous Cybersecurity with Network Automation
byE.S.G. JR. Consulting, Inc.
 
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation...
byCertrec
 
Cybersecurity | Risk. Impact. Innovations.
byVertex Holdings
 
CyberSecurity SONI CHANDAN TEACHER TRAINING MATERIALS
bySoniChandan
 
CyberSecurity presented by satyam Siddharth university
bysatyamsahani184
 
Cyber security white paper final PMD 12_28_16
byDave Darnell
 
CyberSecurityConclaveAtVigyanBhavanDelhi_1.pdf
bygejamienterprises
 
Cybersecurity All information and topic wise
byparthpatelm1342
 
Toward Continuous Cybersecurity with Network Automation
byE.S.G. JR. Consulting, Inc.
 

Similar to Power Plants Security Webinar Presentation

PDF
Toward Continuous Cybersecurity With Network Automation
byKen Flott
 
PPTX
23BIT243 Kavya Agrawal Cybersecurity-Threats-and-Prevention.pptx
byKavyaAgrawal44
 
PDF
Cyber-Security-Threats-Understanding-the-Landscape.pdf
byVAIBHAVSAHU55
 
PPTX
Event: George Washington University -- National Security Threat Convergence: ...
byChuck Brooks
 
PPTX
2019 Cyber Security Trends
byInternetwork Engineering (IE)
 
PDF
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
byMatthew Rosenquist
 
PPTX
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
byInternetwork Engineering (IE)
 
PDF
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
byIRJET Journal
 
PPTX
Tsc2021 cyber-issues
byErnest Staats
 
PDF
2014 the future evolution of cybersecurity
byMatthew Rosenquist
 
PDF
Cybersecurity for Energy: Moving Beyond Compliance
byEnergySec
 
PDF
CII Whitepaper India Cyber Risk & Resilience Review 2018
byConfederation of Indian Industry
 
PDF
Cyber security
byBhavin Shah
 
PPTX
Cyber Security: Understanding Emerging Threats and Defense Strategies
byironhide9707
 
PPTX
Cyber Security – Emerging Threats and Countermeasures
byironhide9707
 
PPTX
FY Msc IT Cs Notes for Module 1_76e8ec671605f8123b9fee3f71d22c31.pptx
byarjunpanditarjunpand
 
PDF
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
byAPNIC
 
PPTX
2024 Security Outlook & Essential Security Practices
byDan Houser
 
PDF
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
byPROFIBUS and PROFINET InternationaI - PI UK
 
PPTX
The 2018 Threatscape
byPeter Wood
 
Toward Continuous Cybersecurity With Network Automation
byKen Flott
 
23BIT243 Kavya Agrawal Cybersecurity-Threats-and-Prevention.pptx
byKavyaAgrawal44
 
Cyber-Security-Threats-Understanding-the-Landscape.pdf
byVAIBHAVSAHU55
 
Event: George Washington University -- National Security Threat Convergence: ...
byChuck Brooks
 
2019 Cyber Security Trends
byInternetwork Engineering (IE)
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
byMatthew Rosenquist
 
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
byInternetwork Engineering (IE)
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
byIRJET Journal
 
Tsc2021 cyber-issues
byErnest Staats
 
2014 the future evolution of cybersecurity
byMatthew Rosenquist
 
Cybersecurity for Energy: Moving Beyond Compliance
byEnergySec
 
CII Whitepaper India Cyber Risk & Resilience Review 2018
byConfederation of Indian Industry
 
Cyber security
byBhavin Shah
 
Cyber Security: Understanding Emerging Threats and Defense Strategies
byironhide9707
 
Cyber Security – Emerging Threats and Countermeasures
byironhide9707
 
FY Msc IT Cs Notes for Module 1_76e8ec671605f8123b9fee3f71d22c31.pptx
byarjunpanditarjunpand
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
byAPNIC
 
2024 Security Outlook & Essential Security Practices
byDan Houser
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
byPROFIBUS and PROFINET InternationaI - PI UK
 
The 2018 Threatscape
byPeter Wood
 

Recently uploaded

PDF
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
PDF
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
PDF
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
PDF
Database Performance at Scale: The TL;DR
byScyllaDB
 
PDF
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
PDF
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
PDF
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
PDF
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
PPSX
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
PDF
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
MathML Core in WebKit
byIgalia
 
PDF
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
PDF
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
PDF
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
PDF
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
PDF
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
PDF
Create, View and Edit Text Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
TrustArc Webinar - It’s Time to Rethink Privacy
byTrustArc
 
PDF
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
Database Performance at Scale: The TL;DR
byScyllaDB
 
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
MathML Core in WebKit
byIgalia
 
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
Create, View and Edit Text Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
TrustArc Webinar - It’s Time to Rethink Privacy
byTrustArc
 
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 

Power Plants Security Webinar Presentation

  • 1.
    Why are Plantsso Vulnerable? 1 Fas Mosleh Certrec Alliances, Strategic Marketing - Software, cybersecurity, systems executive - Helped develop HP’s Information security business October 2022 Understanding Cybersecurity Threats within Utilities
  • 2.
    Mission: Helping utilities bemore reliable and secure for a better, safer grid/BES How: SaaS apps and technology to reduce risk of non-compliance for utilities
  • 3.
    3 Key Electric GridComponents Digitization Compliance Cybersec
  • 4.
    Agenda • The SecurityLandscape • Why are Power Plants Vulnerable? • Critical Infrastructure Attacks • Examples of What Went Wrong • Action Steps to Take •Q&A
  • 5.
  • 6.
  • 7.
    Security: Industry Importance 2021State of the Electric Utility Survey of early 500 utility professionals 7 Utility Dive’s most recent State of the Electric Utility Survey named cyber and physical security the most pressing concerns for utilities, with 72% saying it is either “important” or “very important” today. Figure 2 shows the top five power sector issues. Electric power generation, transmission and distribution are part of the utilities sector (NAICS 22). This sector includes all electric generating facilities powered by fossil fuels, including coal, petroleum, or gas as the power source #1 Concern
  • 8.
    Security: Where WeAre [IMMINENT THREAT] “Clearly, the threat isn’t on the horizon. It’s already on the doorstep.” Source: Siemens @ WEF 8 Cybersecurity attacks on the energy sector = risk for public safety, economy, business operations and the environment Source: West Monroe survey 67% of utility leaders cited cybersecurity as their top concern of their converged IT and OT network. 1,726 electric utility professionals surveyed WW- gas, solar, wind Source: Siemens
  • 9.
    Security: Where We’reGoing [INCREASED OCCURRENCES] 9 X5 +70% In 4 years Source: Cisco
  • 10.
    10 •Trend No. 1:Attack surface expansion Remote work Public cloud More connected supply chains •Trend No. 2: Identity system defense Misuse of credentials is now a primary method •Trend No. 3: Digital supply chain risk Gartner:by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, X3 in 2021. •Trend No. 4: Vendor consolidation Security products converging. Vendors are consolidating security complexity, cut costs and improve efficiency •Trend No. 5: Cybersecurity mesh Deploy and integrate security to assets, on premises, in data centers or in the cloud. •Trend No. 6: Distributed decisions CISO and centralized role will set policy, with cybersecurity leaders placed in different orgs to decentralize security decisions. •Trend No. 7: Beyond awareness Human error features in most data breaches, Traditional approaches to security awareness training superceded by holistic behavior and culture change programs Security: Where We’re Going [TRENDS]
  • 11.
    11 Source PWC 2022 GlobalDigital Trust Insights Survey
  • 12.
    Security Landscape: Who& Why [TOP THREAT ACTORS] 12 Who are They? 1) Nations 2) Cybercriminals Why do They Do it? • Creating Havoc •Aggression Threat-Attack-War • Money • Fame • Fun
  • 13.
  • 14.
    Security Landscape: HowThey Do it [MALWARE] 14 Disguised as legitimate code or software. • Trojan Replicates and spreads itself • Worm Needs a human to deploy • Virus Uses your trust as a weapon • Phishing emails [Smishing] Malicious Software
  • 15.
    15 Using your trustas a weapon Deeper Dive: Phishing Cyber criminals use your trust to easily gain unauthorized access to your assets
  • 16.
  • 17.
    17 Do the followingto reduce the risk • Do not click on ANY link ….until you review the email carefully, taking note of the sender, and the sender’s domain • Is it real? Check the communication carefully and its source/domain • Ask yourself, “how likely is it that xxxxxxx would have asked me to do this?” • Corroborate via non-email. At the slightest suspicion, contact the sender via phone or text to validate it. Do not reply to the email • Ensure your virus/email scanning programs are up to date. Deeper Dive: Phishing Don’t get caught.
  • 18.
    Why are Power PlantsVulnerable? Cybersecurity attacks on the energy sector = a way to attack public safety, the economy, and the environment
  • 19.
    19 Merging OT andIT networks Authentication weaknesses [Hackers, Devices] Remote access on the increase Slow installation of security updates Why are Power Plants Vulnerable?: MARS Source: Certrec Market Research
  • 20.
    20 MARS: Merging OTand IT Networks IT systems Data-centric computing; OT systems Monitor events, processes and real world devices Analog, isolated, discrete Digital, connected, global OT and IT – Closer than ever
  • 21.
    21 MARS: Authentication weaknesses Network-accessibledevices with weak or default passwords serve as gateways to more critical systems
  • 22.
    22 MARS: Remote accesson the increase Entry points for hackers have grown due to IoT devices, remote access via VPNs, and smart phones
  • 23.
    23 MARS: Slow installationof security updates Reduced or non-dedicated IT means delayed software security patches and update
  • 24.
  • 25.
    25 Deeper Dive: Passwords Weakpasswords, password-sharing raises the risk of security breaches and damages • Passwords are not to be shared or displayed publicly • No default or weak passwords • If the system has been compromised, change passwords immediately • Use a password policy enforcer
  • 26.
    Good Passwords areLong, Complex, Hard to Guess 26 Deeper Dive: Passwords
  • 27.
  • 28.
    28 1. 18000 2. 100 3.320,000 4. 499/F 500 •Russians compromised ~100 companies inc. Microsoft, Intel and Cisco; • plus a dozen government agencies: US Treasury, Justice and Energy departments and the Pentagon. •Hackers compromised SolarWinds' Orion software build via an already-compromised Microsoft Office 365 account. •Backdoors distributed into user networks once tainted Orion updates were installed. Infrastructure Attacks: Solar Winds
  • 29.
    29 1. 5500 2. 5M 3.100 Attackers got into the Colonial Pipeline network through an exposed password for a VPN account, which used the same password for the VPN in another location ( whose password was compromised in a prior breach.) Infrastructure Attacks: Colonial Pipeline
  • 30.
    30 Infrastructure Attacks: Ukraine OnDecember 23, 2015, the power grid of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours During the outage, threat actors flooded customer services phone lines with calls to prevent reporting https://www.bbc.com/news/technology-61085480
  • 31.
    31 Sandworm hackers deployedIndustroyer2 malware against high-voltage electrical sub-stations in Ukraine + other destructive malware like CaddyWiper. Which is being spread around Ukraine, deletes data on infected computer systems. Infrastructure Attacks: Ukraine
  • 32.
  • 33.
    33 Stuxnet, is aworm that was designed to target the nuclear capabilities of Iran. It overcomes physical barriers because it spreads by USBs, which creators know will get plugged into the power plant environment. What Went Wrong?: Found USB
  • 34.
    34 What Went Wrong?:Found USB [SOLUTIONS] •Free – is probably not free •Culture of always be suspicious because hackers are always finding new ways to get inside •Train employees to not bring in foreign items •NO USB drives allowed – implement strong rules/procedures
  • 35.
    35 Physical crash What WentWrong?: Car Crash
  • 36.
    36 What Went Wrong?:Car Crash [SOLUTIONS] •Surveillance cameras with AI •Strengthen the perimeter •Perimeter breach alert system • Leverage Multi-Layer Security
  • 37.
    37 What Went Wrong?:Disgruntled Employee
  • 38.
    38 What Went Wrong?:Disgruntled Employee
  • 39.
    39 Improve access controland deploy integrated employee access controls with system authentication – THEIR ACCESS is removed automatically and immediately on resignation/firing Deploy surveillance with (AI) based image recognition warning system Train the management team to recognize internal threats and speak up ! Cyberlock What Went Wrong?: Disgruntled Employee [SOLUTIONS]
  • 40.
  • 41.
    Actions: What didwe learn? 41 Cyberattacks are on the rise Nation threat actors are capable and motivated Ransomware is data kidnapping Basic cybersecurity practices like strong passwords and MFA Training and awareness Patch devices and sw constantly Strengthening perimeters Trends Important It’s not a matter of if but when Culture and procedures
  • 42.
    Actions: Learning andTake Aways How to protect against attacks 42 • Strong passwords and policy enforcement • Deploy Multi Factor Authentication • Change employee behaviors • Physical security and surveillance • Enhance or augment IT Stop the invaders Address internal inhibitors
  • 43.
    Actions: Learning andTakeaways How to protect against attacks 43 • Strong passwords and policy enforcement • Deploy Multi Factor Authentication • Change employee behaviors • Physical security and surveillance • Enhance or augment IT Stop the invaders Address internal inhibitors • Frequent and protected backups • Access control integrated with authentication and authorization • Operational Technology oversight OT/IT linkage points – identify SPOFs • Encryption across networks, servers, clients • Video surveillance with embedded IP video analytics, motion detection • Penetration testing (physical and cyber across OT and IT) Improve proactivity
  • 44.
    44 Password policy enforcementsolution e.g. Netwrix PPE (Anixis) MFA (e.g. Duo, Okta, Eset, MS, G) SIEM (e.g. Tripwire ) SoC monitoring Training the staff Gap analysis for OT, IT, Physical = address those gaps Actions: Solutions to Consider Make cybersecurity awareness, prevention, and security best practices a part of your culture. PHYSICAL DATA OT Review the cybersecurity risk plan
  • 45.
    45 Actions: Solutions toConsider Certrec CIP Healthcheck at https://www.certrec.com/cip-health-check/
  • 46.
    Legit companies – don’trequest your sensitive information via email – have links that match legitimate URLs (no hidden hyperlinks) – don’t send unsolicited attachments – don’t force you to their website – know how to spell – know grammar and punctuation – have domain emails 46 Is the logo off? Is the grammar or punctuation off? Is the spelling poor? Did they include a link or an attachment? Did they ask for sensitive info? Are the links genuine or come with hidden links Are the emails using a company domain? Anything else? Actions: Phishing - Things to Communicate/ Check
  • 47.
    47 Actions: Resources • IndustrialControl Systems Cyber Emergency Response Team (ICS-CERT) Video: Why Big Tech Wants You To Ditch Your Password - https://youtu.be/faU_d7DqoiY Why MFA? https://www.okta.com/resources/whitepaper-security-built-to-work-outside-the-perimeter-v2 How to address cybersecurity in the energy sector (McKinsey) https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-energy-sector-threat-how-to- address-cybersecurity-vulnerabilities Cyber security for Utilities: https://www.certrec.com/resources/white-papers-presentations/cyber-security- critical-infrastructure-threats-and-examples-white-paper-presentation/ NERC CIP: https://www.certrec.com/resources/white-papers-presentations/white-paper-the-importance- of-critical-infrastructure-protection-in-the-energy-sector/
  • 48.
    Conclusions 48 Cyber threats areon the rise Be informed and implement simple measures Expect the unexpected and plan aggressively Prevent damage by reducing the chances of a breach (to facility and BES)
  • 49.
  • 50.
    Thank you Linkedin Certrec @CertrecTwitter Fas Mosleh MSEE BS Physics ARCS Certrec Corporation Office: 817-738-7661 www.RegSource.us On-demand help at www.CertrecSaaS.com Critical infrastructure checkup at NERC CIP Healthcheck [email protected] to get a copy of the presentation