Cyber Security ∙ Critical Infrastructure Protection ∙ ...
Transcript of Cyber Security ∙ Critical Infrastructure Protection ∙ ...
Securing Grids & Smart CitiesCyber Security ∙ Critical Infrastructure Protection ∙ Energy Management
Cyber Labs as a Service® (CLaaS®) • 2021 MPUA Virtual Conference
Since 2014: California | Louisiana | New Jersey | Texas | Virginia
No Vaccines for today’s CyberSecurity threats & vulnerabilitiesHigh Impact Cyber Security Vulnerabilities across all concerns
https://www.forbes.com/sites/stevebanker/2019/02/04/which-global-risks-are-increasing-in-2019/#719614a051e3
Weapons of mass
destruction
Failure of climate-change mitigation
and adaptation
Extreme weather events
Natural disastersWater crises
GLOBAL SITUATION
Significant cyber vulnerabilities exist across US Critical Infrastructure
USA GRID SITUATION: White House 100 Day Initiative
• Persistent & Sophisticated Cyber threats • Operational Technology (OT)• Information Technology (IT)• Industrial Control Systems (ICS)• Cloud Infrastructure
• Recent High Profile attacks• Colonial Pipeline & JBS Foods
• Critical Infrastructure Systems• Degradation• Destruction• Malfunction
https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/fact-sheet-biden-administration-announces-further-actions-to-protect-u-s-critical-infrastructure/
USA GRID SITUATION: White House Results
Cascading physical Consequences & Debilitating effects on
https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/fact-sheet-biden-administration-announces-further-actions-to-protect-u-s-critical-infrastructure/
• National Security• Economic Security• Public Health • Safety of the American people
Provide Secure technology solutions and Services for today’s complex global challenges & problems
Cyber Security Threats • Energy Grid Stability Risks • Public Safety Dangers
Vision & Mission – IPKeys Role
IPKeys solutions portfolio encompasses standards-based cybersecurity, networks, data
centers, software & IoT
Artificial Intelligence meets Human Intelligence
Cyber Lab as a Service (CLaaS )
CLaaS Networks Implementation
®
® ®
Lock All Cyber Doors• Access Controls• Assessments• Software Assurance• Physical Security Analysis• Incident Response
Readiness Review• Supply Chain Risk
Management
Monitor Networks & Cyber Locks
• Utility IT & OT network monitoring• Managed Anomaly Detection &
Response• Automated Vulnerability Scanning• Expert SOC Analyst• Threat Intelligence
Automate Cyber Compliance
• Evidence Collection
• Workflow Automation
• Compliance Reporting
• Baseline Monitoring
• Patch Management
• Tickets• Concerns• Alert Classifications• Geo Map• Sensor Status
Customer Portal
Reporting: In-depth knowledge and expert insights
Secure Critical Infrastructure
• Focus on key systems, not everything all at once• Identify critical servers and focus on:
• Isolating these servers from the network and limiting access by IP and Port
• Patching• Physical isolation• Regular backups can make ransomware less painful while
redundancy can make it only about the data
Defending Against Ransomware
Defending Against Cyber-Physical Attacks
What is a Cyber-Physical attack?• It’s a cyber attack with the side effect that it can affect a physical devices in an OT network
• Water supply systems• Gas pipeline
What is considered a Physical Device?• A physical device can be a switch, pump, generator or really any kind of SCADA device
The solution to protect against a cyber physical attack is:• Identify the critical servers that affect physical devices• Identify the physical devices that can be controlled remotely• Continuous monitoring of the networks both isolated and otherwise• Scan the network for vulnerabilities
Secure Critical Infrastructure
• Most utilities are understaffed or lack cyber expertise
• Spotify, Facebook, Dropbox, and other internet facing services are possible ways for hackers to gain an internal foothold to the network
• Phishing emails will eventually be successful
• Remote access to networks that used to have no external access is becoming the norm due to COVID
• Social engineering is still the biggest threat to any network
• Internal threats are not always malicious
• Make sure you can trust your IT vendor to be secure or they could be a possible attack vector
Lessons learned from our customers and my experience in the OT industry
Cyber Labs as a Service® (CLaaS®) • 2021 MPUA Virtual Conference
Mike HooverVice President, Municipal & Public Safety
847-875-3700