Assuring Operational Continuity Assuring operational continuity is harder than ever Cyber Threats...
Transcript of Assuring Operational Continuity Assuring operational continuity is harder than ever Cyber Threats...
Assuring Operational
Continuity
CyberShieldTM
AnD for SCADA(Analysis & Detection)
Neri Zin
Vice President, Asia Pacific
Cyberbit Commercial Solutions
www.cyberbitc.com
© 2015 by CYBERBIT │
CYBERBIT Proprietary DETECT ANALYZE RESPOND
So many concerns…
2
Assuring operational continuity is harder than ever
Cyber
ThreatsHuman
Errors
Tampering
Attempts
System
Malfunctions
© 2015 by CYBERBIT │
CYBERBIT Proprietary DETECT ANALYZE RESPOND3
With So Many Built-in
Challenges
Old unsecured
technology
Geographically
dispersed sites
Increasing network
connectivity
Exacerbating
Regulation Multiple vendors
and protocols
© 2015 by CYBERBIT │
CYBERBIT Proprietary DETECT ANALYZE RESPOND
Exponential growth in Number of Industrial Cyber Attacks
4
Norwegian oil
companies
September 2014
More than 50 companies
Black Energy
November 2014
America’s power grids,
nuclear plants and oil
pipelines have been
targeted by Russian hackers
Who Will Be
Hit Next?
STUXNET
2010
Affected 233M
Users
Night Dragon
2011
Large Scale APT
targeting the
energy sector
Shamoon
2012
Largest Wipe Attack
targeting the energy
sector
HAVEX
2014
Industrial Control System
Remote Access Trojan
DUQU
2011
Worm targeting ICS
Ukrainian power grid
December 2015
Larges scale attack on
the Ukrainian power grid
and supporting factories
© 2015 by CYBERBIT │ CYBERBIT Proprietary 6
In todays reality, the only way to regain
control over your operations and minimize
downtime is consistently inspecting and
analyzing all network transmissions.
Old technologies cannot be trusted.
© 2015 by CYBERBIT │
CYBERBIT Proprietary DETECT ANALYZE RESPOND
Security Use Cases
• Unauthorized communications between two devices (PLC/PLC, PLC/RTU)
• Unauthorized actions (device performing write when permitted read only)
• Unknown/ Unauthorized devices in network
• Unauthorized maintenance activity 7
Field
to
Field
C&C to Field
Corporate to Field
Maintenance
Corporate to
Control Center
© 2015 by CYBERBIT │ CYBERBIT Proprietary 8
Operational Use Cases• Malformed packets:
causes system breakdown
• Error code identification:
know failures when they occur
• Reset commands and crash messages:
sent over the network to an operational unit
• Changes in network volumes/speeds/rates:
to indicate exceptional behaviors
© 2015 by CYBERBIT │
CYBERBIT Proprietary DETECT ANALYZE RESPOND
CyberShieldTM AnD – Trustworthy SCADA
Refineries AirportsPower Plants Water Supply Distribution systems
Network detection and response – providing visibility, discovery and security of ICS networks
non-intrusive plug & play
network DPI sensor protocol and hardware agnostic
alerts, forensics &
mapping
© 2015 by CYBERBIT │
CYBERBIT Proprietary DETECT ANALYZE RESPOND
The New Operational Toolbox
10
Industrial
Control Systems
CyberShieldTM AnD
for SCADA
• Real network map
• Overview of all network communications
• Security and malfunction alarms
• “Keep alive” monitoring
• Alarm investigation and analysis
• Network forensics
• unreliable network schematic representation (manual update)
• Alarm handling
• Meter readings
• Remote configuration
HMI
SCADA
server
Historian
PLCs/RTUs Blackbox Netmap
AlerterInsight
© 2015 by CYBERBIT │
CYBERBIT Proprietary DETECT ANALYZE RESPOND
CyberShieldTM AnD for SCADA Application
12
© 2015 by CYBERBIT │
CYBERBIT Proprietary DETECT ANALYZE RESPOND
Typical Deployment
15
Corporate LAN
HMI HMI
ECC
AnD server (FMS)
Syslog \ SNMP
NMS Server
SIEMTypical Substation
Switch
RTU IED PLC
AnD Blackbox
Vlan\Inline\Separate
Physical Network
AnD Components
Existing System
SCADA Network
Historian FEP SCADA Server
Syslo
g \
SN
MP
Mirror\Tapping port
Ethernet\Serial
Communication Links
First TIER European Power Utility Secures its OT Network
with CyberShield AnD for SCADA
Selected Solution: Cyber Shield MnR
IDS and IPS mode
Deployed in country-
wide OT transmission
network
visibility of the OT
network, full network
communications in-
depth analysis, and
enhanced security
A major European
power utility (power
generation and
transmission)
© 2015 by CYBERBIT │
CYBERBIT Proprietary DETECT ANALYZE RESPOND
4 Steps for Assuring Operational Continuity
Identify system malfunctions &
human errors before damage
occurs
Obtain reliable and
genuine network
map
Conduct forensics &
investigations for root cause
analysis
Detect and respond
to cyber threats
Minimize downtime Minimize time to response
Thank YouNeri Zin
Vice President, Asia Pacific
Cyberbit Commercial Solutions
www.cyberbitc.com