1 / 20

Fides – Trustworthy SCADA

Fides – Trustworthy SCADA. Critical Infrastructures. The Need. Critical infrastructures are operating their business using a suite of real-time applications and protocols which differ greatly from the generic IT domain

connie
Download Presentation

Fides – Trustworthy SCADA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fides – Trustworthy SCADA www.c4-security.com

  2. Critical Infrastructures www.c4-security.com

  3. The Need • Critical infrastructures are operating their business using a suite of real-time applications and protocols which differ greatly from the generic IT domain • Operating without a reliable and resilient system will result in irreversible damage • Blackout • Oil spill • Drinking water contamination • The harsh operating environments and low acceptance thresholds for errors require the utilities to deploy safety and reliability solutions www.c4-security.com

  4. Insufficient Reliability • US Blackout in 2003 • High voltage transmission lines disrupted • No alarms to operators • Domino effect caused a multi-state blackout for several hours till power was restored • Cause, the extremely brief version: • The alarming function was not reliable • Malfunctioning code • Many other incidents cannot be properly investigated due to lack of logging of the C&C (SCADA) data www.c4-security.com

  5. Goal Fides will greatly contribute to the control network trustworthiness: • Reliability • Safety • Security www.c4-security.com

  6. Fides Suite A small-form “blackbox” that logs all C&C information by intercepting the data communication between the field devices and the control center Blackbox Insight Software that retrieves blackbox-collected data and allows viewing, filtering and intelligent analysis Alerter Application-aware profiler that will alert of network anomalies, mainly to detect malicious activities Inventory and load monitoring of the control network and its nodes, with visualization and trending features NetMap www.c4-security.com

  7. Fides Elements Blackbox FidesServer www.c4-security.com

  8. Blackbox • The Blackbox (BB) is the key component of the Fides suite • Small-factor computer, fits in the palm of your hand • No need for extra room in your communication rack • No need for special cooling, room temp. is fine • High speed communications tapping, analysis and validation • Royalty free support for 3rd parties who want to add their protocol www.c4-security.com

  9. Fides Insight • The problem • Many incidents, intentional or unintentional, remain a mystery • Operator accountability – major concern in production lines and DCS environments • Limited forensics capability – incidents in the field are studied through SCADA logs and physical evidence only www.c4-security.com

  10. Fides Insight • This is a major issue: • Should an incident occur, malicious or not, how will you investigate the cause? How will you rule out potential options? • SIEM software offers to assist, but reliance on the SCADA software logs is partial at best • RTU/PLC Logs? You’ve got to be kidding… www.c4-security.com

  11. Fides Insight • Gain Insight into your control network! • Collect all control protocol messages as recorded by the Blackboxes • Support for standalone mode for smaller installations • View messages in a table with all the protocol fields and their values, time & date and Blackbox • Sort and filter according to all fields • For example, display only the commands sent to RTU x between 9pm and 10pm www.c4-security.com

  12. Fides Insight • Quick look www.c4-security.com

  13. Fides Alerter • The problem • The SCADA network between the control center and the field is rarely monitored for security events • Field firewalls provide unscalable protection, data diodes are irrelevant • Alerter will monitor any abnormal transmissions using the Blackbox • Define how the network normally behaves • Any other network traffic will trigger an alert • Passive www.c4-security.com

  14. Fides Alerter • “But I have a SIEM software for that” • What are the sources it’s relying on? Oh, logs… • Fides Alerter can serve as an additional, field-level source of information for your existing SIEM • Harnessing the power of Fides with any SIEM software gives unprecedented visibility into your network security stance www.c4-security.com

  15. Fides Alerter • Although originally thought off strictly as a security module, many operational “quirks” were found in some of our customers which assisted them in finding safety faults • Quick look www.c4-security.com

  16. Fides NetMap • The problem • Reliance on a single SCADA system • Vendor bugs, configuration errors (US 2003) • NetMap provides a “Second Opinion” • Are there a RTUs or servers which are not responding to commands sent to them? • Network load visualization • Latency trending for all equipment, critical for maintenance and preventive measures • Fully independent from the SCADA software www.c4-security.com

  17. Fides Roadmap • Protocols • IEC 60870-104 & 101, DNP3 • Ethernet/IP, Landis+Gyr 805/809 • Open call for vendors to integrate their stacks – we’ll actively assist! • Alerter • Active mode for blocking capability • Auto-Learn mode www.c4-security.com

  18. Fides Roadmap • Blackbox • Serial communications interception without IP converters • Radio module • And most importantly: your input • Next release – June 1st 2011(Fides 1.3) www.c4-security.com

  19. About C4 Security • Based in Israel, fully owned by Elbit Systems • Consists of security experts, reverse engineers and protocol analysts • Provide “red team” penetration tests to utilities, financial institutions and governmental agencies • Successfully penetrated electric, gas and water utilities • Our team’s skills enable us to find and exploit vulnerabilities in proprietary systems • Contact: info@c4-security.com www.c4-security.com www.c4-security.com

  20. Thank You www.c4-security.com

More Related