modern malware demands modern defense · blackenergy 2 (various ics modules) ny dam intrusion tion...
TRANSCRIPT
Modern Malware Demands Modern Defense
Robert M. Lee & Tim Conway
ICS.SANS.ORG
Learning LeadingDefending
Learning
Defending
Defending
ics-community.sans.org
Major Public ICS Incidents & Access Campaigns
Low HighICS IMPACTS
High
ICS Recon
Stuxnet (all versions)
(Nuisance) (Lost Productivity/Data) (Lost Value)
ICS Targeting
ICS Delivery
ICS Exploits
ICS Payload
Low
UnspecifiedGerman Facility
Havex(OPC module)
Critical InfrastructureData Exfiltration
BlackEnergy 2(various ICS modules)
NY Dam Intrusion
BE3
ICS
CU
STO
MIZ
ATI
ON
(Loss of Safety, Reliability, Assets)
Dec 2016Ukraine Power Outage
Dec 2015Ukraine Power Outage
Stage One
Stage Two
TRISIS
Defending
ics-community.sans.org
ICS
Atta
cks
225kUkraine 2015
Three electric utilities attacked through a cyber means resulting in 225k customers out of power
200 MW
Ukraine 2016Electric transmission substation attacked
through a cyber means
SISMiddle East Facility 2017
Safety Instrumented System, targeted and
impacted
?Combination
Safety or protection system manipulation
followed by intentional control system misuse to cause equipment damage
and human health and safety impact
Defending
ics-community.sans.org
Leading
Vendors
EducatorsICS
Community OEM
Government
Asset Owners
Integrators
ics-community.sans.org
Vendors
EducatorsOEM
Government
Asset Owners
IntegratorsLearning LeadingDefending
Join the Community that is defending our Critical Infrastructure