Upload
schneider-electric
View
1.620
Download
1
Embed Size (px)
Citation preview
Cyber resilience – What’s in a number? The real threat to industrial control systems today
Confidential Property of Schneider Electric
Jay Abdallah | CISSP, CISM, CISA
Director – EMEA Cyber Security Services
Page 2 Confidential Property of Schneider Electric |
1 The current threat landscape
2 Statistics
3 Schneider Electric’s commitment
to security
4 Train-ride surprise – the importance of
security awareness
Agenda
Page 4 Confidential Property of Schneider Electric |
The danger of malware 390,000 new infections per day
AV-Test.org Jan 2016
0
20 000 000
40 000 000
60 000 000
80 000 000
100 000 000
120 000 000
140 000 000
160 000 000
2012 2013 2014 2015 2016*
Page 5 Confidential Property of Schneider Electric |
Recent industrial cyber incidents
German steel mill Ukraine power grid USA water dam
Page 7 Confidential Property of Schneider Electric |
Attacks targeted towards
German industrial systems
• 1 in every 7 registered security attacks in Q4, 2015, came from Germany
• Germany ranked #2 globally in critical infrastructure targets
• Critical infrastructure infections from Germany have doubled every year since 2012
• 78% of malicious software installation attempts from Germany in 2015 were successful
Page 8 Confidential Property of Schneider Electric |
German cyber attack sequence
Source: TFOT 2015
56,3%
Cyber crime
20%
Hacktivism
16,1%
Cyber espionage
7,6%
Cyber war
Page 9 Confidential Property of Schneider Electric |
• With so many statistics, which ones matter
the most? Are one set more important
than another?
• How reliable is our source TFOT?
Data reliability
• The previous slides about Germany
contained false statistics from a fake source
• Did you notice?
Page 10 Confidential Property of Schneider Electric |
How do we identify and manage our
biggest vulnerabilities?
Where is the weak link?
More than just IT security
Critical infrastructure systems require high reliability and uptime:
• Need 99.999% or greater uptime
• Critical performance
• Fast reaction time
Page 12 Confidential Property of Schneider Electric |
Confidentiality
Integrity
Availability
Availability
Integrity
Confidentiality
IT security OT security
OT
PR
IOR
ITIE
S
CONTROL SYSTEMS
SECURITY / OT
IT SECURITY
PHYSICAL
SECURITY
Page 13 Confidential Property of Schneider Electric |
Cyber security at Schneider Electric Defense in depth
POLICIES, PROCEDURES & AWARENESS
PERIMETER
INTERNAL NETWORK
HOST
APPLICATION
DATA
PHYSICAL SECURITY
Page 14 Confidential Property of Schneider Electric |
Cyber security at Schneider Electric Specialized industrial security services – our offers
• Cyber security training
• Cyber security control design & implementation
• Cyber security consulting
• Cyber security maintenance services
Train ride surprise – the importance of security awareness
London, United Kingdom
Page 15 Confidential Property of Schneider Electric |
Page 17 Confidential Property of Schneider Electric |
Train ride surprise
• On a phone call, with no line disturbance
• Perfectly clear, normal conversation:
• “Enjoy the train ride along the
English countryside”
• “Are you coming home tonight?”
• “Be sure to order a nice hot cup of tea”
• “I’m sure it’s much colder there than it is here”
• Begins acting strangely after five minutes
– seems incoherent.
• When I ask the her what she is doing, she
doesn’t answer and instead says one of the
above statements randomly
• Answers yes or no questions flawlessly
• Responds to other questions with one of the
above random statements
Page 20 Confidential Property of Schneider Electric |
What happened? • Technical malfunction causing me to hear
recorded sayings?
• What about coherent responses?
• Why is my conversation being recorded?
• Scrambler device?
• Not sophisticated enough for real-time responses
• 212 area code is in Manhattan, New York.
When called, I get a strange error.
• Recorded sentences used as fillers or common
talk to encourage me to lead the discussion
(and possibly say something incriminating)
• Stealth listening
• Similar to behavior of advanced malware,
spyware, and Trojans
Page 21 Confidential Property of Schneider Electric |
Who is behind this?
• MI6 (UK)
• Unknown body
It is likely, however, we do not and will
not ever know who is really behind most
cyber attacks.
• CIA and NSA (USA)
• FSB (Russia)
Page 22 Confidential Property of Schneider Electric |
Moral of the story
• Appreciation of privacy and confidentiality
• Importance of security awareness
• Always be alert, Big Brother is always
listening
• It is unsettling the first time it happens to
you …
• … but it is likely not to be the first time, it’s
just the first time you have noticed