1 / 14

Identifying & Responding to External Threats in a PCS Network

<Omar Faruk, Cheah Zi Bin> {faruk,cheah}@stud.ntnu.no Specialization Course Autumn 2007. Identifying & Responding to External Threats in a PCS Network. Outline. PCS Threats Project Flow Defense Tools Project Topology PCS Tools Incident Handling Questions. PCS Threats.

leanna
Download Presentation

Identifying & Responding to External Threats in a PCS Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. <Omar Faruk, Cheah Zi Bin> {faruk,cheah}@stud.ntnu.no Specialization Course Autumn 2007 Identifying & Responding to External Threats in a PCS Network

  2. Outline • PCS Threats • Project Flow • Defense Tools • Project Topology • PCS Tools • Incident Handling • Questions

  3. PCS Threats • Process Control System(PCS) handles oil, water, power and other industrial processes. • PCS were thought as highly secure. • Threat-increase reasons : • Internet • standard protocol • hacker motivation • Attacks cause blackout, sewage spills, etc.

  4. Project Flow

  5. Defense Tools • Honeypots • Deployed to lure attackers • Deploying Honeypot called Honeynet • Honeywall is used to analyze packets • Snort(in honeywall) drops packets • Router firewall • iptables • NAT table • Filter table

  6. Topology • Router • Honeywall • 3 Layers • DMZ • Admin Network • Process Network

  7. OPC(1) • OLE For Process Control • Provides interoperability and scalability • Reduces implementation time and costs • Open Productivity Connectivity Before OPC After OPC

  8. OPC(2) • Based on COM,DCOM • Implemented in server-client pairs • OPC Connection Scenario • Aggregation • Tunnelling • Bridging (Server-Server)

  9. OPC(3) • OPC Foundation provides specifications • OPC DA : standardize real-time data access • OPC HDA : used to retrieve historical data • OPC DX : data exchange between servers • OPC Tools • Matrikon OPC Tools • Cogent OPC DataHub

  10. Incident Handling(1) • Incident Response (IR) • Mainly focus on technical aspects • Minimize downtime, loss and economical consequences • Incident Response MAnagement (IRMA) • Include technical, cultural & organizational issues • Introduce education and lessons learning • Risk management is a key factor

  11. Incident Handling(2) • Attack Detection and Analysis • Attack identification (monitor, logging) • Analysis of root cause • Identify changes based on risk assessment • Actions based on processes IRMA Framework

  12. References • Diagram 1 • http://www.elscolab.be • IRMA Presentation • http://ikt.hia.no/sqo/Seminars/IRMA_kick-off.pdf • OPC Tutorial • http://www.matrikonopc.com/training/opc-multimedia-tutorial/opc_tutorial_printable_version.pdf • OPC DataHub Manual • http://www.opcdatahub.com/Docs/dho-gettingstarted.html

  13. Thanks • Telematics Dept – Svein • SINTEF – Martin, Maria

  14. Questions ?

More Related