Modern Malware Demands Modern Defense

Robert M. Lee & Tim Conway

ICS.SANS.ORG

Learning LeadingDefending

Learning

Defending

Defending

ics-community.sans.org

Major Public ICS Incidents & Access Campaigns

Low HighICS IMPACTS

High

ICS Recon

Stuxnet (all versions)

(Nuisance) (Lost Productivity/Data) (Lost Value)

ICS Targeting

ICS Delivery

ICS Exploits

ICS Payload

Low

UnspecifiedGerman Facility

Havex(OPC module)

Critical InfrastructureData Exfiltration

BlackEnergy 2(various ICS modules)

NY Dam Intrusion

BE3

ICS

CU

STO

MIZ

ATI

ON

(Loss of Safety, Reliability, Assets)

Dec 2016Ukraine Power Outage

Dec 2015Ukraine Power Outage

Stage One

Stage Two

TRISIS

Defending

ics-community.sans.org

ICS

Atta

cks

225kUkraine 2015

Three electric utilities attacked through a cyber means resulting in 225k customers out of power

200 MW

Ukraine 2016Electric transmission substation attacked

through a cyber means

SISMiddle East Facility 2017

Safety Instrumented System, targeted and

impacted

?Combination

Safety or protection system manipulation

followed by intentional control system misuse to cause equipment damage

and human health and safety impact

Defending

ics-community.sans.org

Leading

Vendors

EducatorsICS

Community OEM

Government

Asset Owners

Integrators

ics-community.sans.org

Vendors

EducatorsOEM

Government

Asset Owners

IntegratorsLearning LeadingDefending

Join the Community that is defending our Critical Infrastructure