Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine:...
Transcript of Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine:...
![Page 1: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/1.jpg)
Ciberseguridad en Redes Industriales
Ing. Gerardo Viar
![Page 2: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/2.jpg)
![Page 3: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/3.jpg)
Aceleración de Ataques a OT
2015Ukraine:Grid taken down for up to 6 hours
2017Attack triggers 150+ warning sirens across Dallas
2014Germany:Attackers damage smelter
2016Ukraine:Second Electric Grid Attack
2017Hospitals, FactoriesImpacted by Wannacry Ransomware
2014US:Paper Mill damaged remotely by former worker
2017Malware used in 2016 Ukraine attack found to have ICS unique modules
Evolución de los Ataques• Ataques IT en puntos de entrada• Brechas de IDMZ • Tools de ataque específicas para OT m
![Page 4: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/4.jpg)
Search Engine for IoT Devices
![Page 5: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/5.jpg)
Title
![Page 6: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/6.jpg)
Panorama en Latinoamerica
![Page 7: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/7.jpg)
2016
![Page 8: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/8.jpg)
2016
![Page 9: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/9.jpg)
• Real-Time Control
• Fast Convergence
• Traffic Segmentation and Management
• Ease of Use
• Site Operations and Control
• Multi-Service Networks
• Network and Security Management
• Routing
• Application and Data share
• Access Control
• Malware Protection
• Enterprise/IT Integration
• Collaboration
• Wireless
• Application Optimization
Cell/Area ZoneLevels 0–2
Layer 2 Access
Manufacturing ZoneLevel 3
Distribution and Core
Industrial DemilitarizedZone
(IDMZ) Firewalls
Enterprise NetworkLevels 4–5
Arquitectura Industrial – Modelo ISA99/ISA95
Factory Talk
Application and
Service Platform
Servers
Web Apps DNS FTP
Internet
Patch Management
Terminal Services
Application Mirror
AV ServerGbps Linkfor Failover Detection
Firewall
(Active)
Firewall
(Standby)
Switches L3 Flow Sensor
Network
Services
Robotics
Material
Handling
Machines
Basic Control
Process
I/O SensorController /
PLC
HMI
Switches
![Page 10: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/10.jpg)
Qué hacer? NERC-CIP v5
![Page 11: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/11.jpg)
Los Riesgos por Sector
![Page 12: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/12.jpg)
Title
![Page 13: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/13.jpg)
Title
LERC – Low Impact External Routable Connectivity
![Page 14: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/14.jpg)
Vulnerabilidades
• Equipos sin funciones de Seguridad
• Diseño de red sin Seguridad
• Servicios innecesarios levantados
• Falta de integración Seguridad Física y Seguridad Lógica
• Insuficiente Auditoria y Monitoreo
• Falta de Autenticación/Autorización para las HMI
• Conocimiento de Normas y Ciberseguridad
![Page 15: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/15.jpg)
• Real-Time Control
• Fast Convergence
• Traffic Segmentation and Management
• Ease of Use
• Site Operations and Control
• Multi-Service Networks
• Network and Security Management
• Routing
• Application and Data share
• Access Control
• Malware Protection
• Enterprise/IT Integration
• Collaboration
• Wireless
• Application Optimization
Cell/Area ZoneLevels 0–2
Layer 2 Access
Manufacturing ZoneLevel 3
Distribution and Core
Industrial DemilitarizedZone
(IDMZ) Firewalls
Enterprise NetworkLevels 4–5
Arquitectura Industrial – Modelo ISA99/ISA95
Factory Talk
Application and
Service Platform
Servers
Web Apps DNS FTP
Internet
Patch Management
Terminal Services
Application Mirror
AV ServerGbps Linkfor Failover Detection
Firewall
(Active)
Firewall
(Standby)
Switches L3 Flow Sensor
Network
Services
Robotics
Material
Handling
Machines
Basic Control
Process
I/O SensorController /
PLC
HMI
Switches
Passive/Active HybridPLC/RTU Config Management
Passive/Active HybridIDS, Zone enforcement, app control, Malware protection, etc.
ActiveIPS, Firewall, malware protection, etc.
ActiveIPS, Firewall, app. control, web content, malware protection, etc.
![Page 16: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/16.jpg)
• Real-Time Control
• Fast Convergence
• Traffic Segmentation and Management
• Ease of Use
• Site Operations and Control
• Multi-Service Networks
• Network and Security Management
• Routing
• Application and Data share
• Access Control
• Malware Protection
• Enterprise/IT Integration
• Collaboration
• Wireless
• Application Optimization
Cell/Area ZoneLevels 0–2
Layer 2 Access
Manufacturing ZoneLevel 3
Distribution and Core
Industrial DemilitarizedZone
(IDMZ) Firewalls
Enterprise NetworkLevels 4–5
Factory Talk
Application and
Service Platform
Servers
Web Apps DNS FTP
Internet
Patch Management
Terminal Services
Application Mirror
AV ServerGbps Linkfor Failover Detection
Firewall
(Active)
Firewall
(Standby)
Switches L3 Flow Sensor
Network
Services
Robotics
Material
Handling
Machines
Basic Control
Process
I/O SensorController /
PLC
HMI
Switches
SIEM
NGFWNGFW
NGFW
IAM
IAM
NBAD
![Page 17: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/17.jpg)
![Page 18: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/18.jpg)
![Page 19: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/19.jpg)
Recomendaciones Generales
• Establecer políticas para el control de la Seguridad
• Crear una DMZ para comunicar IT/OT
• Proteger el interior y las fronteras de la red
• Crear Políticas de Acceso Remoto
• Integrar la Seguridad física y electrónica
• Activar funciones de seguridad en HW disponible
![Page 20: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/20.jpg)
Visibilidad y
Analisis
Acceso RemotoSegmentación Servicios
![Page 21: Ciberseguridad en Redes Industriales - uruman.org · Aceleración de Ataques a OT 2015 Ukraine: Grid taken down for up to 6 hours 2017 Attack triggers 150+ warning sirens across Dallas](https://reader031.fdocuments.net/reader031/viewer/2022031106/5ba49ff709d3f2ee718b5633/html5/thumbnails/21.jpg)
Gracias !