defending your base of operations: how industrial control systems are being targeted at technet...
TRANSCRIPT
![Page 1: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/1.jpg)
Defending Your Base of Operations
How Industrial Control Systems are being Targeted
TechNet Augusta 2015
![Page 2: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/2.jpg)
Role of Cyber in Conflict?
![Page 3: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/3.jpg)
Cyber Statecraft
Russia is using cyber attacks including online network disruptions, espionage, disinformation and propaganda activities in the Ukraine conflict.
Iran and North Korea now consider disruptive and destructive cyberspace operations a valid instrument of statecraft, including during what the U.S. considers peacetime. These states likely view cyberspace operations as an effective means of imposing costs on their adversaries while limiting the likelihood of damaging reprisals.
Terrorist groups and non-state actors also have shown an interest in cyber attacks but lack the capability of state-sponsored threats.
The director of the Defense Intelligence Agency, Marine Corps Lt. Gen. Vincent Stewart,House Armed Services CommitteeFeb. 3, 2015
![Page 4: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/4.jpg)
![Page 5: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/5.jpg)
Artic Competition Scenario
![Page 6: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/6.jpg)
Cyber Espionage & IPB
www.fireye.com
FireEye Threat Intelligence assesses that threat actors aggressively target strategic industries and government and military organizations in search of valuable economic, political, or military intelligence.
• State sponsored threat actors• Possibility of strategic offensive computer network attacks
“Russia-based threat groups are known to target Nordic governments and industries that compete with Russia in the European energy market. Russia and its Arctic Circle neighbors have overlapping territorial claims and conflicting interests in the region.”
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-nordic-threat-landscape.pdf
![Page 7: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/7.jpg)
IPB & Espionage: The Patient Warrior?
The patient warrior codex: Do no instantly
recognizable harm today. Maneuver to gain the
advantage and accumulate small victories in time. Act
so not to be perceived as striking. All the time learning,
taking, and eventually formulating a decisive blow.
Is IPB the cyber equivalent of the Battle of Ilipa in 206 BC?
Day after day, the battle lines formed up as both sides sized each other up. One side was being lulled by the routine, while the other was learning and formulating their attack. Each day the Carthaginian force took the field, Scipio was taking away something valuable from them...until he understood their critical weakness
…and on any given day we may wake to a surprise as the opponent’s line draws down with the full benefit of knowing us
![Page 8: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/8.jpg)
What Has Changed?The value-driven business model of targeted cyber attack.
![Page 9: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/9.jpg)
Installation ‘ICS’ Susceptibility
![Page 10: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/10.jpg)
Dangerous Seas - Behind?
OPM Espionage
Havex
Black Energy
APT1 Energy Campaign
German Iron Works
![Page 11: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/11.jpg)
Tip of the Iceberg (ICS Attackers)
![Page 12: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/12.jpg)
Observed Attack Trends• ICS-specific targeting, delivery, payloads (Stuxnet, Havex, BE2)
• Overcome expected defenses - gap jumping (Stuxnet, Havex)
• Protocol custom/capable attacks (Havex)
• ICS-specific exploit tool development (Researchers, Havex, BE2)
• ICS-specific exploit tools used (Honeypot research, Havex, BE2)
• Process-focused & equipment under control (Stuxnet, BSI Incident)• Firmware aware (Honeypot research)
• Data destruction/resource depletion (Incidents, BE2 Module)
• Sophisticated cyber tradecraft able to defeat security tools
![Page 13: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/13.jpg)
Requires Multi-Staged Attacks
![Page 14: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/14.jpg)
Stage 1 - ICS Kill Chain
![Page 15: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/15.jpg)
Stage 2 - ICS Kill Chain
![Page 16: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/16.jpg)
![Page 17: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/17.jpg)
![Page 18: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/18.jpg)
Energy Targeting
![Page 19: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/19.jpg)
![Page 20: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/20.jpg)
![Page 21: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/21.jpg)
![Page 22: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/22.jpg)
How Sophisticated is It?
![Page 23: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/23.jpg)
![Page 24: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/24.jpg)
![Page 25: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/25.jpg)
ICS 515
![Page 26: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/26.jpg)
![Page 27: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/27.jpg)
Importance of Engineering
Technology
O
p
e
r
a
t
i
o
n
s
P
r
o
c
e
s
s
“Attackers are learning the importance of what is below the waterline…so
should we”
![Page 28: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/28.jpg)
Cyber Informed engineering
![Page 29: Defending Your Base of Operations: How Industrial Control Systems are Being Targeted at TechNet Augusta 2015](https://reader031.vdocuments.net/reader031/viewer/2022030319/58ea1a621a28ab064e8b63f5/html5/thumbnails/29.jpg)
Questions?