Amster 2003 - patterns of exclusion sanitizing space, criminali
Sistemi SCADA e profili criminali
-
Upload
alessio-pennasilico -
Category
Technology
-
view
383 -
download
4
description
Transcript of Sistemi SCADA e profili criminali
Alessio L.R. [email protected]: mayhemsppFaceBook: alessio.pennasilico
Roma, 6 Aprile 2011
Sistemi SCADA e profili criminali
di cosa ci dobbiamo preoccupare?
Sistemi SCADA e profili criminali [email protected]
$ whois mayhem
Board of Directors:CLUSIT, Associazione Informatici Professionisti (AIP/OPSI),
Associazione Italiana Professionisti Sicurezza Informatica (AIPSI), Italian Linux Society (ILS), OpenBSD Italian User Group,
Hacker’s Profiling Project
2
Security Evangelist @
Sistemi SCADA e profili criminali [email protected]
Infrastrutture critiche
I sistemi SCADA possono gestire
automazione industriale
centrali elettriche
fornitura di gas o acqua
comunicazioni
trasporti
3
Di chi mi devo preoccupare?
Sistemi SCADA e profili criminali [email protected]
“Il sistema di gestione della centrale elettrica non r ispondeva. L’operatore stava guardando un DVD sul computer di gestione”
CSO di una utility di distribuzione energia elettrica
Blockbuster
5
Sistemi SCADA e profili criminali [email protected]
“In August 2003 Slammer infected a private computer network at the idled Davis-Besse nuclear power plant in Oak Harbor, Ohio, disabling a safety monitoring system for nearly five hours.”
Nist,Guide to SCADA
Worm
6
Sistemi SCADA e profili criminali [email protected]
Disgruntled employee
Vitek Boden, in 2000, was arrested, convicted and jailed because he released millions of liters of untreated sewage using
his wireless laptop. It happened in Maroochy Shire, Queensland, may be as a revenge against his last former employer.
http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/
7
Sistemi SCADA e profili criminali [email protected]
Gazprom
“Russian authorities revealed this week that Gazprom, a state-run gas utility, came
under the control of malicious hackers last year. […]The report said hackers used a
Trojan horse program, which stashes lines of harmful computer code in a benign-
looking program.”
http://findarticles.com/p/articles/mi_qa3739/is_200403/ai_n9360106
8
Sistemi SCADA e profili criminali [email protected]
Sabotaggio
Thomas C. Reed, Ronald Regan’s Secretary, described in his book “At the abyss” how the U.S. arranged for the Soviets to receive
intentionally flawed SCADA software to manage their natural gas pipelines.
"The pipeline software that was to run the pumps, turbines, and values was programmed to go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds." A 3
kiloton explosion was the result, in 1982 in Siberia.
http://www.themoscowtimes.ru/stories/2004/03/18/014.html
9SCADA Security, Security Summit Milano – 11 Giugno 2009
R. Chiesa, F. Guasconi, A. Pennasilico, E. Tieghi
Sistemi SCADA e profili criminali [email protected]
Incidenti recenti
Texas: warning, zombies aheadTransportation officials in Texas are scrambling
to prevent hackers from changing messages on digital road signs after one sign in Austin
was altered to read, "Zombies Ahead."
Chris Lippincott, director of media relations for the Texas Department of Transportation, confirmed
that a portable traffic sign at Lamar Boulevard and West 15th Street, near the University of Texas at Austin, was hacked into during the early hours of
January 19 2009."It was clever, kind of cute, but not what it was
intended for. Those signs are deployed for a reason — to improve traffic conditions, let folks
know there's a road closure."
10
Sistemi SCADA e profili criminali [email protected]
Previsioni
Critical Infrastructure Prime Target For Cyber Criminals
The report, "Cyber Threats and Trends" seeks to aid education efforts about cyber security threats facing networks, enterprises and end-users by highlighting important trends that emerged in previous years, and attempts to predict security trends and disruptors that may develop in next years with lasting consequences for businesses in the coming decade.
http://www.secprodonline.com/articles/70136/
12
Sistemi SCADA e profili criminali [email protected]
Esempio di intrusione
13
fonte INL (Idaho National Lab – DHS US
14
Il wireless arriva in fabbrica
Smart Control Systems
Smart Analytical
Smart FinalControl
Smart AssetOptimization
Smart Safety
Smart Measurement
Smart MachineryHealth
Smart Wireless
Sistemi SCADA e profili criminali [email protected]
Stuxnet
Come intendiamo bloccare le minacce?
(pensiamo a quel che ha detto Dennis Bergstrom di Sonicwall prima di me)
15
Conclusioni
Sistemi SCADA e profili criminali [email protected]
Conclusioni
Tutte le infrastrutture sono a rischio
Collaboratori distratti o infedeliAttaccanti casuali, attaccanti motivati,
più o meno esperti
19
Sistemi SCADA e profili criminali [email protected]
Conclusioni
Gli strumenti tecnologici Le strategie organizzativeGli standard da seguire
per prevenire e mitigare rischi ed attacchi esistono!
20
Alessio L.R. [email protected]: mayhemsppFaceBook: alessio.pennasilico
Roma, 6 Aprile 2011
Domande?
These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution-ShareAlike 2.5 version; you can copy, modify or sell them. “Please” cite your source and use the same licence :)
Grazie per l’attenzione!