Cyber resilience – What’s in a number? The real threat to industrial control systems today

Confidential Property of Schneider Electric

Jay Abdallah | CISSP, CISM, CISA

Director – EMEA Cyber Security Services

Page 2 Confidential Property of Schneider Electric |

1 The current threat landscape

2 Statistics

3 Schneider Electric’s commitment

to security

4 Train-ride surprise – the importance of

security awareness

Agenda

The current threat landscape

Page 3 Confidential Property of Schneider Electric |

Page 4 Confidential Property of Schneider Electric |

The danger of malware 390,000 new infections per day

AV-Test.org Jan 2016

0

20 000 000

40 000 000

60 000 000

80 000 000

100 000 000

120 000 000

140 000 000

160 000 000

2012 2013 2014 2015 2016*

Page 5 Confidential Property of Schneider Electric |

Recent industrial cyber incidents

German steel mill Ukraine power grid USA water dam

Statistics

Page 6 Confidential Property of Schneider Electric |

Page 7 Confidential Property of Schneider Electric |

Attacks targeted towards

German industrial systems

• 1 in every 7 registered security attacks in Q4, 2015, came from Germany

• Germany ranked #2 globally in critical infrastructure targets

• Critical infrastructure infections from Germany have doubled every year since 2012

• 78% of malicious software installation attempts from Germany in 2015 were successful

Page 8 Confidential Property of Schneider Electric |

German cyber attack sequence

Source: TFOT 2015

56,3%

Cyber crime

20%

Hacktivism

16,1%

Cyber espionage

7,6%

Cyber war

Page 9 Confidential Property of Schneider Electric |

• With so many statistics, which ones matter

the most? Are one set more important

than another?

• How reliable is our source TFOT?

Data reliability

• The previous slides about Germany

contained false statistics from a fake source

• Did you notice?

Page 10 Confidential Property of Schneider Electric |

How do we identify and manage our

biggest vulnerabilities?

Where is the weak link?

Schneider Electric’s commitment to security

Page 11 Confidential Property of Schneider Electric |

More than just IT security

Critical infrastructure systems require high reliability and uptime:

• Need 99.999% or greater uptime

• Critical performance

• Fast reaction time

Page 12 Confidential Property of Schneider Electric |

Confidentiality

Integrity

Availability

Availability

Integrity

Confidentiality

IT security OT security

OT

PR

IOR

ITIE

S

CONTROL SYSTEMS

SECURITY / OT

IT SECURITY

PHYSICAL

SECURITY

Page 13 Confidential Property of Schneider Electric |

Cyber security at Schneider Electric Defense in depth

POLICIES, PROCEDURES & AWARENESS

PERIMETER

INTERNAL NETWORK

HOST

APPLICATION

DATA

PHYSICAL SECURITY

Page 14 Confidential Property of Schneider Electric |

Cyber security at Schneider Electric Specialized industrial security services – our offers

• Cyber security training

• Cyber security control design & implementation

• Cyber security consulting

• Cyber security maintenance services

Train ride surprise – the importance of security awareness

London, United Kingdom

Page 15 Confidential Property of Schneider Electric |

Page 17 Confidential Property of Schneider Electric |

Train ride surprise

• On a phone call, with no line disturbance

• Perfectly clear, normal conversation:

• “Enjoy the train ride along the

English countryside”

• “Are you coming home tonight?”

• “Be sure to order a nice hot cup of tea”

• “I’m sure it’s much colder there than it is here”

• Begins acting strangely after five minutes

– seems incoherent.

• When I ask the her what she is doing, she

doesn’t answer and instead says one of the

above statements randomly

• Answers yes or no questions flawlessly

• Responds to other questions with one of the

above random statements

Page 20 Confidential Property of Schneider Electric |

What happened? • Technical malfunction causing me to hear

recorded sayings?

• What about coherent responses?

• Why is my conversation being recorded?

• Scrambler device?

• Not sophisticated enough for real-time responses

• 212 area code is in Manhattan, New York.

When called, I get a strange error.

• Recorded sentences used as fillers or common

talk to encourage me to lead the discussion

(and possibly say something incriminating)

• Stealth listening

• Similar to behavior of advanced malware,

spyware, and Trojans

Page 21 Confidential Property of Schneider Electric |

Who is behind this?

• MI6 (UK)

• Unknown body

It is likely, however, we do not and will

not ever know who is really behind most

cyber attacks.

• CIA and NSA (USA)

• FSB (Russia)

Page 22 Confidential Property of Schneider Electric |

Moral of the story

• Appreciation of privacy and confidentiality

• Importance of security awareness

• Always be alert, Big Brother is always

listening

• It is unsettling the first time it happens to

you …

• … but it is likely not to be the first time, it’s

just the first time you have noticed

Page 23 Confidential Property of Schneider Electric |