Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
Cop
yrig
ht ©
200
4 Ve
rano
CO
MPA
NY
CO
NFI
DEN
TIAL
All
right
s re
serv
ed
Kn
ow
ing
th
e A
vail
ab
le T
ech
no
log
ies
SC
AD
A S
ecu
rity
Wo
rksh
op
UT
C T
ele
com
20
04
May 1
6-1
8,
20
04
Ron
Der
ynck
Dire
ctor
, Pro
duct
Str
ateg
ies
rder
ynck
@ve
rano
.com
2
Cop
yrig
ht ©
200
4 Ve
rano
CO
MPA
NY
CO
NFI
DEN
TIAL
All
right
s re
serv
ed
Wh
at�
s V
era
no
?
1.
The
Span
ish
wor
d fo
r sum
mer
2.
An in
dust
rial s
oftw
are
com
pany
•H
ead
Off
ice
near
Bos
ton,
Mas
s•
Soft
war
e D
evel
opm
ent
offi
ce in
Cal
gary
, Can
ada
•20
00 -
acqu
ired
aut
omat
ion
soft
war
e bu
sine
ss f
rom
HP
•20
02 -
intr
oduc
ed L
inux
SC
AD
A s
yste
m•
2003
-la
unch
es I
ndus
tria
l Def
ende
r pr
oduc
t su
ite
3
Cop
yrig
ht ©
200
4 Ve
rano
CO
MPA
NY
CO
NFI
DEN
TIAL
All
right
s re
serv
ed
Inte
rnet
Poin
ts o
f P
ote
nti
al V
uln
era
bilit
y
Con
trol
ler
or
PLC
Proc
ess
Con
trol N
etw
ork
(Pro
prie
tary
or E
ther
net)
HM
IC
ontr
ol S
yste
m
Appl
icat
ion
Serv
er
Ethe
rnet
SAP
Cor
pora
te N
etw
ork
Mai
lSe
rver
Bro
wse
r C
lient
s
Des
ktop
s
Plan
t Net
wor
k
His
toria
nW
eb
Serv
er
MES
Fire
wal
l
Vend
or D
iagn
ostic
s
Rem
ote
Acce
ss
Serv
er
POTS
Rem
ote
Acce
ss
Mob
ileO
pera
tor
Con
trac
tor
Hac
king
/Mal
war
e
Res
ourc
eC
onst
rain
ts
Wire
less
AP
Dis
grun
tled
Empl
oyeeB
row
er
Mal
war
e
VPN
Pe
netr
atio
n
Emai
l Vi
ruse
s
Vuln
erab
ility
Expl
oit
IM
Dow
nloa
ds
Prot
ocol
Vu
lner
abili
ties
EMS/
Indi
rect
Sys
tem
Pe
netr
atio
n
Fire
wal
lPe
netr
atio
nU
naut
horiz
ed
Acce
ss
4
Cop
yrig
ht ©
200
4 Ve
rano
CO
MPA
NY
CO
NFI
DEN
TIAL
All
right
s re
serv
ed
Corp
ora
te S
ecu
rity
Measu
res
Are
Not
Su
ffic
ien
t
Exte
rnal
pen
etra
tion
still
occ
urs�
and
no b
arrie
r to
inte
rnal
mis
use
exis
ts
50
%
90
%8
9%
0%
20
%
40
%
60
%
80
%
10
0%
Fir
ew
all
AV
Secu
reLog
in
% o
f Res
pond
ents
Usi
ng
Secu
rity
Tech
nolo
gies
Sou
rces
: 200
2 FB
I Sur
vey,
Info
Tech
Tre
nds
0%
10
%
20
%
30
%
40
%
50
%
60
%
1 t
o 5
6 t
o1
01
1 t
o3
03
1 t
o6
06
0+
Inte
rnal
Exte
rnal
% o
f Res
pond
ent R
epor
ting
Num
ber
of S
ecur
ity In
cide
nts
By
Sour
ce
50
%6
3%
63
%6
8%
72
%8
2%
0%
20
%
40
%
60
%
80
%
10
0%
Viru
s Hst
lCod
e
Wor
mEx
tHac
k
Una
uthI
ntlA
cc IntlH
acki
ng
Bre
ache
s Ex
perie
nced
By
IT
Lead
ers
In T
he L
ast 1
2 M
onth
s
5
Cop
yrig
ht ©
200
4 Ve
rano
CO
MPA
NY
CO
NFI
DEN
TIAL
All
right
s re
serv
ed
Con
tro
l S
yst
em
Secu
rity
Ch
allen
ges
�In
dust
ry d
riven
to o
pen
arch
itect
ures
ove
r the
last
10
year
s�
Con
trol
sys
tem
s w
ere
not d
esig
ned
with
sec
urity
in m
ind
�C
onne
ctin
g IT
and
con
trol
net
wor
ks c
reat
ed a
n ac
cess
pat
h fo
r con
trol
ne
twor
k in
trus
ion
6
Cop
yrig
ht ©
200
4 Ve
rano
CO
MPA
NY
CO
NFI
DEN
TIAL
All
right
s re
serv
ed
Resp
on
din
g t
o t
he C
hallen
ge
�D
efin
e an
d do
cum
ent y
our n
etw
ork
perim
eter
�Pl
an fo
r "D
efen
se in
Dep
th�
�Pr
otec
t aga
inst
inte
rnal
as
wel
l as
exte
rnal
thre
ats
�Se
gmen
t you
r net
wor
k
�H
arde
n th
e co
ntro
l equ
ipm
ent
7
Cop
yrig
ht ©
200
4 Ve
rano
CO
MPA
NY
CO
NFI
DEN
TIAL
All
right
s re
serv
ed
Sp
eci
al C
on
sid
era
tion
s fo
r C
on
tro
l S
yst
em
s
�D
iffer
ing
risk
man
agem
ent g
oals
�D
iffer
ing
arch
itect
ure
secu
rity
focu
s�
Diff
erin
g av
aila
bilit
y re
quire
men
ts�
Uni
nten
ded
cons
eque
nces
�Ti
me
criti
cal r
espo
nses
�D
iffer
ing
resp
onse
tim
e re
quire
men
ts�
Syst
em s
oftw
are
�R
esou
rce
cons
train
ts�
Info
rmat
ion
inte
grity
�C
omm
unic
atio
ns�
Softw
are
Upd
ates
Sour
ce: I
SA—
TR
99.0
0.02
—20
04 I
nteg
rati
ng E
lect
roni
c Se
curi
ty in
to th
e M
anuf
actu
ring
an
d C
ontr
ol S
yste
ms
Env
iron
men
t
8
Cop
yrig
ht ©
200
4 Ve
rano
CO
MPA
NY
CO
NFI
DEN
TIAL
All
right
s re
serv
ed
Pro
tect
ing
th
e C
on
tro
l N
etw
ork
P
eri
mete
r
�Fi
rew
all
�En
sure
s on
ly a
utho
rized
traf
fic e
nter
s th
e pe
rimet
er�
Mul
ti-po
rt s
witc
hes
�Se
gmen
ts tr
affic
to m
axim
ize
secu
rity
�N
etw
ork
viru
s pr
otec
tion
�D
etec
t and
blo
ck in
com
ing
and
outg
oing
viru
ses
at th
e ne
twor
k pe
rimet
er�
Con
trol s
yste
ms
typi
cally
can
/sho
uld
not r
un A
V �
Best
pra
ctic
es d
icta
te y
ou s
houl
d ha
ve A
V on
the
desk
top
and
at th
e pe
rimet
er�
In-li
ne in
trus
ion
prev
entio
n�
Det
ect a
nd b
lock
100
0+ ty
pes
of in
trusi
ons
�C
onte
nt fi
lterin
g�
Dee
p pa
cket
insp
ectio
n to
det
ect a
nd re
mov
e th
reat
s an
d in
appr
opria
te c
onte
nt
�VP
N�
secu
res
rem
ote
links
�H
igh
avai
labi
lity
�lo
ad s
harin
g an
d fa
il-ov
er
Mul
ti-fu
nctio
n se
curit
y ap
plia
nce
9
Cop
yrig
ht ©
200
4 Ve
rano
CO
MPA
NY
CO
NFI
DEN
TIAL
All
right
s re
serv
ed
Dyn
am
ic T
hre
at
Resp
on
se
Thre
at-le
vel I
nput
s
� � �
Thre
at-le
vel S
ettin
g
Th
rea
t L
eve
l S
ett
ing
Low
ris
k o
f att
acks
- N
orm
al s
ettin
gs
Genera
l risk o
f att
acks
- N
orm
al s
ettin
gs
Sig
nific
ant
risk o
f att
acks
- D
ial-in
an
d V
PN
dis
able
dH
igh r
isk o
f att
acks
- A
ll in
com
ing b
locke
d, only
vita
l ou
tgo
ing
Seve
re r
isk o
f att
acks
- C
on
trol n
etw
ork
tota
lly d
isc
onne
cte
d
Rea
l-tim
e M
onito
ring
�Mon
itor l
evel
s�S
elec
t app
ropr
iate
set
ting
�Pol
icie
s do
wnl
oade
d �V
erifi
ed a
nd m
onito
red
1 0C
opyr
ight
© 2
004
Vera
no C
OM
PAN
Y C
ON
FID
ENTI
AL A
ll rig
hts
rese
rved
Peri
mete
r d
efe
nse
is
a g
ood
sta
rt,
bu
t�
�D
oesn
�t pr
otec
t aga
inst
inte
rnal
thre
ats
�D
oesn
�t te
ll yo
u w
hen
the
perim
eter
has
bee
n pe
netr
ated
�D
oesn
�t te
ll yo
u w
hen
you
have
reso
urce
issu
es�
Doe
sn�t
tell
you
whe
n de
vice
s ar
e ad
ded
to th
e co
ntro
l net
wor
k
Secu
rity
Man
agem
ent
Con
sole
Con
trol
Appl
icat
ion
Serv
erC
ontro
l C
lient
Con
trol
Dev
ices
Con
trol
Dev
ices
Con
trol
Dev
ices
I/O N
etw
ork
Con
trol
Net
wor
k
Offi
ce
PCs
Plan
t Net
wor
k
His
toria
nW
eb
Serv
er
DM
Z
Perim
eter
Pro
tect
ion
App
lianc
e
Cor
pora
te N
etw
ork
1 1C
opyr
ight
© 2
004
Vera
no C
OM
PAN
Y C
ON
FID
ENTI
AL A
ll rig
hts
rese
rved
Intr
usi
on
Dete
ctio
n S
yst
em
s
�N
etw
ork
Intr
usio
n D
etec
tion
Syst
ems
(NID
S) -
Syst
ems
that
mon
itor
netw
ork
traf
fic a
nd id
entif
y pa
ttern
s th
at a
re d
eem
ed s
uspi
ciou
s.
NID
S us
es p
assi
ve p
acke
t sni
ffing
to c
ompa
re n
etw
ork
traffi
c ag
ains
t a
set o
f rul
es th
at d
eter
min
e w
heth
er th
e tr
affic
indi
cate
s an
atta
ck.
�H
ost I
ntru
sion
Det
ectio
n Sy
stem
s (H
IDS)
-So
ftwar
e th
at m
onito
rs a
sy
stem
or a
pplic
atio
n lo
g fil
es. T
hese
sys
tem
s re
spon
d w
ith a
n al
arm
or
cou
nter
mea
sure
whe
n a
user
atte
mpt
s to
gai
n ac
cess
to
unau
thor
ized
dat
a, fi
les,
or s
ervi
ces.
1 2C
opyr
ight
© 2
004
Vera
no C
OM
PAN
Y C
ON
FID
ENTI
AL A
ll rig
hts
rese
rved
Con
tro
l N
etw
ork
ID
S
HM
IH
MI
SCAD
A Se
rver
Rem
ote
I/O N
etw
ork
DC
S Ap
plic
atio
n Se
rver
I/O N
etw
ork
His
toria
n
Con
trol
LAN
Plan
t LAN
Engi
neer
Plan
t Man
ager
Inte
rnet
Inte
rnet
FWC
orpo
rate
LAN
Prot
ectio
n Ap
plia
nce
HM
I
Net
wor
k In
trus
ion
Det
ectio
n (N
IDS)
Secu
rity
Man
agem
ent
Con
sole
1 3C
opyr
ight
© 2
004
Vera
no C
OM
PAN
Y C
ON
FID
ENTI
AL A
ll rig
hts
rese
rved
Intr
usi
on
Ale
rt E
xam
ple
1 4C
opyr
ight
© 2
004
Vera
no C
OM
PAN
Y C
ON
FID
ENTI
AL A
ll rig
hts
rese
rved
Beyo
nd
ID
S
!C
ontr
ol n
etw
ork
intr
usio
n de
tect
ion
"co
ntro
l pro
toco
l sig
natu
res
"co
ntro
l net
wor
k an
omal
ies
"co
ntro
l net
wor
k ru
les
!C
ontr
ol n
etw
ork
inte
grity
"D
evic
e ad
ditio
n"
Dev
ice
mas
quer
adin
g"
Dev
ice
cont
inui
ty"
Net
wor
k eq
uipm
ent s
tatu
s!
Hos
t acc
ess
mon
itorin
g"
Faile
d lo
g-in
atte
mpt
s"
Faile
d pa
ssw
ord
chan
ge a
ttem
pts
"Pa
ssw
ord
age
stat
us"
Roo
t use
r cou
nt"
Tota
l use
r cou
nt!
Crit
ical
file
mon
itorin
g"
File
del
etio
n, m
odifi
catio
n"
File
per
mis
sion
cha
nges
"Fi
le c
heck
sum
mis
mat
ch
!H
ost p
erfo
rman
ce"
Res
ourc
e U
sage
(CPU
, dis
k sp
ace
swap
spa
ce)
"N
etw
ork
traffi
c co
unts
"H
ardw
are
stat
us (C
PU te
mpe
ratu
re,
fan
spee
d)"
Sys
tem
Upt
ime
"Id
entif
icat
ion
(nam
e, O
S ve
rsio
n,
hard
war
e ty
pe, I
P ad
dres
s)"
Even
t log
sta
tus
!C
ontr
ol a
pplic
atio
n In
tegr
ity
"In
stal
led
softw
are
"O
pen
liste
n so
cket
s"
Abno
rmal
pro
gram
exi
ts"
Con
trol A
pplic
atio
n sh
utdo
wn
"Pr
oces
s te
rmin
atio
ns"
Wat
chdo
g st
atus
"M
essa
ge q
ueue
sta
tus
Secu
rity
Perf
orm
ance
& In
tegr
ity
1 5C
opyr
ight
© 2
004
Vera
no C
OM
PAN
Y C
ON
FID
ENTI
AL A
ll rig
hts
rese
rved
Secu
rity
an
d P
erf
orm
an
ce A
gen
ts
HM
IH
MI
SCAD
A Se
rver
Rem
ote
I/O N
etw
ork
DC
S Ap
plic
atio
n Se
rver
I/O N
etw
ork
His
toria
n
Con
trol
LAN
Plan
t LAN
Engi
neer
Plan
t Man
ager
Inte
rnet
Inte
rnet
FWC
orpo
rate
LAN
Prot
ectio
n Ap
plia
nce
HM
ISe
curit
y M
anag
emen
t C
onso
le
Col
lect
ion
Agen
ts
SNM
P
1 6C
opyr
ight
© 2
004
Vera
no C
OM
PAN
Y C
ON
FID
ENTI
AL A
ll rig
hts
rese
rved
Perf
orm
an
ce M
etr
ic E
xam
ple
1 7C
opyr
ight
© 2
004
Vera
no C
OM
PAN
Y C
ON
FID
ENTI
AL A
ll rig
hts
rese
rved
Con
tro
l N
etw
ork
Secu
rity
Man
ag
em
en
t S
yst
em
Rea
l-tim
e D
atab
ase
Rep
ort
Gen
erat
or
His
toria
n &
Al
arm
Eng
ine
NID
S En
gine
ARP
Wat
chH
IDS
Man
ager
Secu
rity
& P
erfo
rman
ce
Age
nts
on C
ontr
ol
Dev
ices
Perim
eter
M
anag
er
SNM
P M
anag
erW
eb
Serv
er
Mai
l Se
rver
Expo
rt
Engi
ne
Net
wor
k Eq
uipm
ent
Not
ifica
tion
Dev
ices
Con
trol
Net
wor
k In
tegr
ity
Mon
itorin
g
Har
dene
d O
pera
ting
Syst
emSe
cure
B
row
ser H
MI
Perim
eter
Pr
otec
tion
App
lianc
e
Ethe
rnet
1 8C
opyr
ight
© 2
004
Vera
no C
OM
PAN
Y C
ON
FID
ENTI
AL A
ll rig
hts
rese
rved
Con
clu
sion
s
�Th
e in
crea
sing
sop
hist
icat
ion
of c
yber
thre
ats
dem
ands
a m
ulti-
laye
red
appr
oach
to p
rote
ctin
g th
e se
curit
y an
d in
tegr
ity o
f mis
sion
cr
itica
l sys
tem
s.�
Thre
ats
are
inte
rnal
as
wel
l as
exte
rnal
.�
Secu
rity
Even
t Man
agem
ent s
yste
ms
desi
gned
spe
cific
ally
for
cont
rol n
etw
orks
are
now
ava
ilabl
e.
1 9C
opyr
ight
© 2
004
Vera
no C
OM
PAN
Y C
ON
FID
ENTI
AL A
ll rig
hts
rese
rved
© C
opyr
ight
200
4 Ve
rano
Inc.
ow
ns c
opyr
ight
con
tent
of t
his
docu
men
t and
all a
ttach
men
ts u
nles
s ot
herw
ise
indi
cate
d. A
ll rig
hts
rese
rved
.Use
rs o
fVe
rano
Inc.
sof
twar
e an
d to
ols
asso
ciat
ed w
ith th
e so
ftwar
e su
chas
sal
es &
mar
ketin
g co
llate
ral,
pres
enta
tions
, use
r man
uals
, tra
inin
g do
cum
enta
tion
etc.
may
not
repu
blis
h no
r rep
rodu
ce in
who
le o
r in
part
the
info
rmat
ion,
inan
y fo
rm o
r by
any
mea
ns, i
n an
y m
anne
r wha
tsoe
ver w
ithou
t the
prio
r writ
ten
perm
issi
on o
f Ver
ano
Inc.
, and
any
suc
h un
auth
oriz
ed u
se c
onst
itute
sco
pyrig
ht in
fring
emen
t. An
ack
now
ledg
emen
t of t
he s
ourc
e m
ust b
ein
clud
edw
hene
ver V
eran
o In
c. m
ater
ial i
s co
pied
or p
ublis
hed.
If y
ou re
quire
furth
erin
form
atio
n on
a p
erm
itted
use
or l
icen
se to
repr
oduc
e or
repu
blis
h an
ym
ater
ial,
addr
ess
your
inqu
iry to
Ver
ano
Inc.
Suite
120
, 575
Wes
tStre
et,
Man
sfie
ld, M
assa
chus
etts
, 020
48-1
164.
Any
infri
ngem
ent o
f Ver
ano
Inc.
righ
tsw
ill re
sult
in a
ppro
pria
te le
gal a
ctio
n. V
eran
o In
c. d
iscl
aim
s an
y an
d al
llia
bilit
y fo
r any
con
sequ
ence
s w
hich
may
resu
lt fro
m a
ny u
naut
horiz
edre
prod
uctio
n or
use
of t
his
Wor
k w
hats
oeve
r.