why%size%doesn’t%maaer%in%a%cyber%aaack% · etsi cyber security technical committee ! nist !...
TRANSCRIPT
Brad%Luna%Senior%Vice%President,%N4Dimension%Solu8ons%Inc.%
Why%Size%Doesn’t%MaAer%in%a%Cyber%AAack%
2%
Today’s%Agenda%
• A%bit%about%N4Dimension%Solu8ons%• Cyber%security’s%impact%on%our%industry%
• How%is%it%happening?%• What%should%I%be%doing?%• Risk%Mi8ga8on%Plan%• Q&A%
About&N(Dimension&Solu1ons…&&Since&2002&
Insurance%Companies%
• Since%2002,%N4Dimension%Solu8ons%has%been%focused%on%cybersecurity%for%Power%&%Energy%Industry.%
• Provides%Managed%Cybersecurity%Services%for%u8li8es%helping%them%discover%and%protect%from%cyber%threats%and%vulnerabili8es.%
• Partnered%with%global%industry%leaders%and%associa8ons.%
Tech%&%Vendor%Companies%
3%
Industry%%Associa8ons%
About&N(Dimension&Solu1ons… &
Cybersecurity%Groups%
Awards%/%Recogni8ons% • Working%with%cybersecurity%groups,%N4
Dimension%developed%and%co4wrote%different%documenta8on%to%help%u8li8es.%
• Strong%experience%in%providing%cybersecurity%services%such%as%cybersecurity%audits,%penetra8on%tes8ng%and%social%engineering,%and%others.%%
• Winner%of%many%awards%and%recogni8ons!%
4%
U.S.&Energy&Department&Announces&Up&to&$15&Million&to&Help&Improve&
the&Security&and&Resilience&of&the&Na1on’s&Public&Power&Grid&
***&&N(Dimension&is&the&Technology&selected&for&both.&&***&
%
4%5%4%
6%
“The&future&ain’t&what&it&used&to&be.”&–"Yogi"Berra
• The%first%“viruses”%(malware)%actually%appeared%prior%to%1980%
• Prac8cal%jokes,%coworker%annoyances,%coder%wars%
• Computer%espionage%followed%crea8on%of%networks%circa%mid41980’s%
• ARPANET,%MILNET,%TYMNET%• Why%is%Cybersecurity%a%“new”%issue%in%the%mid%2000’s?%
hAps://www.youtube.com/watch?v=n25L89E4lfY%%
The&Cybersecurity&Buzz&
Stuff&Happens&
–&Really.&
7%
hAp://www.reuters.com/ar8cle/us4ukraine4crisis4cyber4aAacks4idUSKBN1491ZF% hAp://www.reuters.com/ar8cle/us4ukraine4cyber4aAack4energy4idUSKBN1521BA%
8%
Cyber&Security&Issues&Affec1ng&U1li1es&
hAps://www.scmagazine.com/lansing4mich4u8lity4admits4paying4ransomware4demand/ar8cle/572180/%
RANSOMWARE
9%hAp://bethanyclipper.com/2016/09/smart4meter4hacking4traced4to4china/%
Cyber&Security&Issues&Affec1ng&U1li1es&
AMI hacked
10%
Cyber&Security&Issues&Affec1ng&U1li1es&
IoT hacked
hAp://www.csoonline.com/ar8cle/3124344/internet4of4things/armies4of4hacked4iot4devices4launch4unprecedented4ddos4aAacks.html%
hAps://boingboing.net/2016/08/08/proof4of4concept4ransomware4fo.html%
hAps://www.pentestpartners.com/blog/thermostat4ransomware4a4lesson4in4iot4security/%
11%
4%12%4%
How&are&the&Breach's&Occurring?&
Examples&of&Ac1vity&
Heartbleed,%Shellshock,%…%
CNC%Channels,%Exploit%Kits,%Black%Energy…%
Port%Scans…%
Cleartext%Passwords,%Cleartext%Credit%Card%Numbers%…%
NTP%Amplifica8on%AAacks…%
dll,%pdfs,%images%…%
Cyber&Threats&to&U1li1esats"to"U/li/es
INL%Aurora%2007%Stuxnet%2010%Duqu%2011%Night%Dragon%2011%ARAMCO%2012%Telvent%2012%Energe8c%Bear%2014%Black%Energy%2015%%
Sony%2011,%2014%Cryptolocker%2013%Target%2013%Unlimited%Opera8ons%2014%Carbanak%2015%IRS%2015%botnets%botnets%botnets%
Morris%worm%1988%I%Love%You%2000%Nimda%2001%Code%Red%2001%SQL%Slammer%2003%Zotob%2005%
Google%Aurora%2010%Opera8on%Shady%Rat%2011%DigiNotar%2011%Flame%2012%Snowden%2013%
worms,%viru
ses%
financial%
state%level%
energy%se
ctor%
Targeted%Threats%
Untargeted%Threats%
How&Threats&OXen&Gain&Access&&
AMI Head-End Server
Smart Meters Collectors
Internet
Corporate Applications
Engineering Applications
ISO Grid
Network Cloud Vendors
SCADA Operations
Servers
SCADA Operations Personnel
SCADA Host
1.%AAacks%that%pass%through%
firewall%
2.%Third%Party%Access%
4.%Communica8ons%
3.%Internal%Breaches%
System%Vulnerabili8es%5.%System%
Vulnerabili8es%
16%
• Perimeter%Protec8on%– Firewall,%IPS,%VPN,%AV%– Host%IDS,%Host%AV%– DMZ%
• Interior%Security%– Firewall,%VPN,%AV%– Host%IDS,%Host%AV%– Applica8on%Whitelis8ng%– NAC%
• Monitoring%– Host%&%Network%IDS%– Port%&%Vulner.%Scanning%
• Management%
IDS Intrusion Detection System IPS Intrusion Prevention System DMZ DeMilitarized Zone VPN Virtual Private Network AV Anti-Virus (anti-malware) NAC Network Access Control
Defense&in&Depth&
17%
• Firewalls%• SPAM%filters%• Pop4up%Blockers%• Protocol%Filters%• Virus%Scanning%(Is%it%dead?%No!)%
• Server,%Desktop,%Laptop,%Tablets,%other%• Intrusion%Detec8on%Systems%• Intrusion%Preven8on%Systems%• Network%Monitoring%• Data%Encryp8on%• Remote%Connec8on%Gateway/Monitoring%• Updates/Patching/Service%Packs/IOS%Upgrades%• Training%• Cyber%Insurance…?%
Defense&in&Depth&
18%
! IEEE ! ETSI Cyber Security Technical Committee ! NIST ! Standard of Good Practice (Information Security Forum) ! ISO 27001 and 27002 ! NERC (CIP) ! U.S. Banking Regulations (PCI-DSS) ! COBIT ! ISO 15408 ! RFC 2196 ! C2M2
! ISA/IEC-62443 (formerly ISA-99) ! IEC 62443 Conformity Assessment Program ! IASME
The&Standards&Landscape&
19%
1.%Define%the%system%
2.%Iden8fy/classify%assets%
3.%Execu8ve%Management%Sponsorship%
4.%Iden8fy%the%electronic%security%perimeter%(ESP)%
5.%Conduct%vulnerability%assessments%
6.%Assess%risks%
7.%Select%security%controls%
8.%Monitor%and%assess%
effec8veness%
Risk&Mi1ga1on&Plan&
Assign%Responsibility%to%Senior%Management%