1 / 0

Cyber Threats to Utilities

Cyber Threats to Utilities. Cyber Security Protection for Critical Infrastructure Assets™. Cyber Security Overview. Current threats Who we are Services for utilities Protection planning Integration. Remember When. Present Day- Attack Surfaces . The cyber threat is escalating.

lilka
Download Presentation

Cyber Threats to Utilities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Threats toUtilities Cyber Security Protection for Critical Infrastructure Assets™
  2. Cyber Security Overview Current threats Who we are Services for utilities Protection planning Integration
  3. Remember When
  4. Present Day- Attack Surfaces
  5. The cyber threat is escalating
  6. There is no “official” solution “If I had a cyber threat that was revealed to me in a letter tomorrow, there is little I could do the next day to ensure that that threat was mitigated effectively by the utilities that were targeted.” Federal Energy Regulatory Commission Chairman Jon Wellinghoff September, 2012 – Source: The Hill
  7. Medium sized utilities are at greatest risk HIGHER Most Impact Largest IOUs Cyber-security resources Other IOUs PRIME TARGETS Most Vulnerable Public Power & Cooperatives Smallest Utilities LOWER HIGHER Impact from Attack
  8. Your org chart may be your biggest security gap Accountability gaps between IT and Operations make critical assets vulnerable to attack Functional Role Area of Responsibility Sr. Management Overall Results Point of Attack IT / Asset interconnections Departmental silos Areas of overlap are vague Asset and IT inroads open Information Tech. Operations IT Systems Assets
  9. OT closes security gaps between IT and Operations “An independent world of "operational technology" (OT) is developing separately from IT groups. If IT organizations do not engage with OT environments …they may be sidelined from major technology decisions - and place OT systems at risk.” Sr. Management OT Source: IT Systems Assets
  10. Recovery cost benchmarks Unlimited Additional costs arising from privacy breaches and other litigation 20x Utility industry cost to recover vs. cost to protect 5x Industry standard cost recover vs. cost to protect 15% Cost to secure as a percentage of total IT investment Industry standard in telecom and banking Cost to secure as a percentage of total IT investment Proven in municipals 5%
  11. Technology Trends Increasing Cyber Security Risks Technology Trends Increasing Cyber Security Risk Adoption of common technology Connectivity of utility control systems to other systems Increasing automation External Attackers: Hackers conferences are identifying utility systems as valuable target Hackers Tool Kits specific to Utility systems are available for download and use Internal Users (Insiders) can knowingly or unknowingly exploit systems Creates increased attack surface that can be exploited Increasingly advanced and persistent threats to a growing attack surface
  12. Built on a Defense-in-Depth strategy Elements of a Defense in Depth Strategy Identify Isolate Insulate Electronic security perimeters Monitoring Layered defenses Cyber-resilience Frustrate threat progression Mitigate impact Speed recovery and reconstitution People Technology Operations !
  13. Typical Utility – Minimal Security Typical Utility – Risk Points Email Web Facebook Basic Internet Security 3rd parties trusted unpatched systems dialup modems Flat Network shared or default pwds unprotected comms
  14. Cyber Attack Aftermath Disconnect Operation (s) Systems Muni- Water, gas, police, courts Fly blind for awhile Engage a team of subject matter experts Locate and isolate Data Analysis loss Utility and member’s data Forensics Replace necessary hardware and software Deploy a cyber security solution Public relations Media Customers Legal and regulatory issues
  15. Cyber Security – what you can do Education-Awareness Assessment Monitoring Network Protection
  16. Cyber Awareness Training Example Phishing! Phishing is the act of attempting to gain credentials or other confidential information by impersonating a trusted entity in an electronic transaction. Examples: A user attempts to go to their banking website and is redirected by malicious code to a website that looks identical to their bank’s. The attacker obtains the user’s username and password and redirects them to the actual banking site after they have entered their login credentials.
  17. Cyber security technical services Vulnerability Assessments Can be condensed or detailed Can expand into penetration testing Development of Cyber Security Plans Development of Cyber Security Programs
  18. Typical Utility Flat Network – With No Monitoring Service Hacker Hacker starts finding out information to get into the utility’s network Hacker finds a hole and easily penetrates through the firewall & scans the network. Since there is no defense-in-depth or any type of monitoring, hacker easily compromises com ports.
  19. Typical Utility Flat Network – With Monitoring Service Incident Detected! Hacker Hacker starts finding out information to get into the utility’s network Hacker finds a hole and easily penetrates through the firewall & scans the network. n-Platform’s IDS detects the intrusion & alerts 3rd party / Utility immediately. If 3rd party, then it contacts utility immediately & helps to understand the incident & utility mitigates the incident.
  20. Monitoring discoveries- 3 utilities summery This is a summary of key issues from the most recent 30 day logs for Co-ops and Munis on the program: Priority 1: Malware-CNC Win.Trojan.AllAple Variant (possible illegal botnet) Priority 2: Sensitive Data: Credit Card Number (2,844 incidents) Priority 2: US Social Security Number (139 incidents) Priority 2: Decoy Portscan (225 incidents)
  21. Monitoring- One utility- One Month Critical Event Summary Upon processing the current set of log files we have detected malicious network activity. There is indication of compromised systems participating in command control type behavior as multiple alerts (1578) were found matching the traffic patterns of Win.Trojan.AllAple network Trojan: MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood attempt [Classification: A Network Trojan was Detected] [Priority: 1] {ICMP} This activity suggests command and control / botnet like behavior. This coupled with outbound scans and other internal malicious activity – points to system compromise. The utility in question has begun investigation and is currently working to clean up any internal problems that are as a result of the contamination
  22. Typical Utility – Minimal Security Typical Utility – Risk Points Email Web Facebook Basic Internet Security 3rd parties trusted unpatched systems dialup modems Flat Network shared or default pwds unprotected comms
  23. Defense-in-Depth with N-Dimension Strongly Controlled Remote Access Separation of Control Network 3rd party connections secured Tightly Controlled In/Out Traffic Cyber Security & Infrastructure Technology Professional Services protection inside Control Network Security Monitoring Protected Comms Protected Comms
  24. Benefits of comprehensive cyber-security
  25. Thank You Bruce Gordon VP Sales and Marketing N-Dimension Solutions Inc. Office: 832.289.5735 Bruce.gordon@n-dimension.com
More Related