Assuring Operational Continuity Assuring operational continuity is harder than ever Cyber Threats...

Assuring Operational

Continuity

CyberShieldTM

AnD for SCADA(Analysis & Detection)

Neri Zin

Vice President, Asia Pacific

Cyberbit Commercial Solutions

www.cyberbitc.com

http://www.cyberbitc.com/

© 2015 by CYBERBIT │

CYBERBIT Proprietary DETECT ANALYZE RESPOND

So many concerns…

2

Assuring operational continuity is harder than ever

Cyber

ThreatsHuman

Errors

Tampering

Attempts

System

Malfunctions


CYBERBIT Proprietary DETECT ANALYZE RESPOND3

With So Many Built-in

Challenges

Old unsecured

technology

Geographically

dispersed sites

Increasing network

connectivity

Exacerbating

Regulation Multiple vendors

and protocols



Exponential growth in Number of Industrial Cyber Attacks

4

Norwegian oil

companies

September 2014

More than 50 companies

Black Energy

November 2014

America’s power grids,

nuclear plants and oil

pipelines have been

targeted by Russian hackers

Who Will Be

Hit Next?

STUXNET

2010

Affected 233M

Users

Night Dragon

2011

Large Scale APT

targeting the

energy sector

Shamoon

2012

Largest Wipe Attack

targeting the energy

sector

HAVEX

2014

Industrial Control System

Remote Access Trojan

DUQU

2011

Worm targeting ICS

Ukrainian power grid

December 2015

Larges scale attack on

the Ukrainian power grid

and supporting factories

© 2015 by CYBERBIT │ CYBERBIT Proprietary 6

In todays reality, the only way to regain

control over your operations and minimize

downtime is consistently inspecting and

analyzing all network transmissions.

Old technologies cannot be trusted.



Security Use Cases

• Unauthorized communications between two devices (PLC/PLC, PLC/RTU)

• Unauthorized actions (device performing write when permitted read only)

• Unknown/ Unauthorized devices in network

• Unauthorized maintenance activity 7

Field

to

Field

C&C to Field

Corporate to Field

Maintenance

Corporate to

Control Center

© 2015 by CYBERBIT │ CYBERBIT Proprietary 8

Operational Use Cases• Malformed packets:

causes system breakdown

• Error code identification:

know failures when they occur

• Reset commands and crash messages:

sent over the network to an operational unit

• Changes in network volumes/speeds/rates:

to indicate exceptional behaviors



CyberShieldTM AnD – Trustworthy SCADA

Refineries AirportsPower Plants Water Supply Distribution systems

Network detection and response – providing visibility, discovery and security of ICS networks

non-intrusive plug & play

network DPI sensor protocol and hardware agnostic

alerts, forensics &

mapping



The New Operational Toolbox

10

Industrial

Control Systems

CyberShieldTM AnD

for SCADA

• Real network map

• Overview of all network communications

• Security and malfunction alarms

• “Keep alive” monitoring

• Alarm investigation and analysis

• Network forensics

• unreliable network schematic representation (manual update)

• Alarm handling

• Meter readings

• Remote configuration

HMI

SCADA

server

Historian

PLCs/RTUs Blackbox Netmap

AlerterInsight



CyberShieldTM AnD for SCADA Application

12



Typical Deployment

15

Corporate LAN

HMI HMI

ECC

AnD server (FMS)

Syslog \ SNMP

NMS Server

SIEMTypical Substation

Switch

RTU IED PLC

AnD Blackbox

Vlan\Inline\Separate

Physical Network

AnD Components

Existing System

SCADA Network

Historian FEP SCADA Server

Syslo

g \

SN

MP

Mirror\Tapping port

Ethernet\Serial

Communication Links

First TIER European Power Utility Secures its OT Network

with CyberShield AnD for SCADA

Selected Solution: Cyber Shield MnR

IDS and IPS mode

Deployed in country-

wide OT transmission

network

visibility of the OT

network, full network

communications in-

depth analysis, and

enhanced security

A major European

power utility (power

generation and

transmission)



4 Steps for Assuring Operational Continuity

Identify system malfunctions &

human errors before damage

occurs

Obtain reliable and

genuine network

map

Conduct forensics &

investigations for root cause

analysis

Detect and respond

to cyber threats

Minimize downtime Minimize time to response

Thank YouNeri Zin

Vice President, Asia Pacific

Cyberbit Commercial Solutions

www.cyberbitc.com

http://www.cyberbitc.com/

Assuring Operational Continuity Assuring operational continuity is harder than ever Cyber Threats...

Documents

Transcript of Assuring Operational Continuity Assuring operational continuity is harder than ever Cyber Threats...