Patrick Miller presented a brief overview of the NESCO program and a deeper dive into various cyber security concerns related to industrial control environments at an Emerson User Group Board of Director meeting.
- 1. National Electric SectorCybersecurity Organization Patrick C
Miller, President and CEOApril 14 2011 Emerson Ovation User Group
Board of Directors Meeting
2. ELECTRIC SECTORSECURITY: CURRENT STATE 3. Advantage:
Adversaries Security approaches favor newinstallations, legacy
environments are stillvulnerable Very difficult to replace/patch
in-service devices Isolation has diminishing security value
Security products vs. buying secure products Engineering (N-1) and
Security are different Nature may be sophisticated, but it isnt
malicious Hackers dont use a compliance checklist Following a
compliance checklist wont make youThe National Electric Sector
Cybersecurity Organizationsecure(NESCO) is a DOE-funded EnergySec
Program 2 4. Advantage: Attackers Intelligent, adaptive adversaries
exist Cyberwar: Stuxnet is a game changer, sets the new bar
Espionage: Project, market and customer data Organized crime: Same
old tricks, new platformThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 3 5.
Advantage: Adversaries Google search for APT 34 hits in Jul 09 169
hits in Jan 10 1.4M+ today Google search for cyber war 416 hits Dec
09 1.4M hits Feb 10 2.7M+ hits today Welcome to the cyberarms
raceThe National Electric Sector Cybersecurity Organization(NESCO)
is a DOE-funded EnergySec Program 4 6. SHODAN, ERIPP, ETCThe
National Electric Sector Cybersecurity Organization(NESCO) is a
DOE-funded EnergySec Program 5 7. SHODAN, ERIPP, ETCBerkeley
Cyclotron HMI imagesThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 6 8. The
Air-Gap MythThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 7 9.
TwitBookBlogosphereThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 8 10. Theres
An App For That Get mobile access to yourcontrol system via an
iPhone,iPad, Android and othersmartphones and tablet devices.The
Ignition Mobile Modulegives you instant access to anyHMI / SCADA
project createdwith the Ignition Vision Module.The National
Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded
EnergySec Program 9 11. HMI In The CloudUse any standard browser on
anydevice to access HMI. Nodownloads, no tedious installs,
noplug-ins. Login and you have theHMI in your hands wherever
youare: factory cafeteria, or parking lot,or on the beach, or even
the golfcourse!GoToMyHMI provides Secure, Easy and Fast accessfrom
any Browser to InstantHMI 6.0, ready to serve youon the cloud
today. Remotely Monitor, ACK Alarms andControl your HMI for one low
flat fee.The National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 10 12. Public
DomainThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 11 13.
Research and Disclosure46 zero-day SCADA vulnerabilities issued a
two-weekspanThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 12 14.
Research and Disclosure October 24, 2010, 12:39PM, Threat Post
SCADA Vendors Still Need Security Wake Up Call
http://threatpost.com/en_us/blogs/scada-vendors-still-need-security-wake-call-102410
Please dont waste my time October 28, 2010: ICSJWG Seattle Meeting
Invensys, IOActive, ICS-CERT presented on casestudy on Wonderware
vulnerability Disclosure positions are hotly debatedThe National
Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded
EnergySec Program13 15. From Obscurity To Novelty Smart Meter
hacking Hacking cookbooks Metasploit, Core Impact, etc Fuzzers
Supply chain attacks Manuals available in all languages on
InternetThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 14 16. Shiny
Object Shiny object for the mass media 60 minutes Wall Street
Journal, National Journal, CNN Too many IT trade publications to
name Blockbuster films Prime time television shows Social Media
(blogosphere, Twitter)The National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 15 17.
Economic Drivers Recession economy brings unique challenges
Decreased participation working groups andconferences Static or
shrinking headcount; increasedworkload Downsizing, pay freezes, etc
increase insiderthreat Decreased spending on new equipment Older
products extended beyond intendedlifespanThe National Electric
Sector Cybersecurity Organization Security more expensive for
customers and(NESCO) is a DOE-funded EnergySec Program 16 18.
People Problem Humans are the weakest link in any securitysystem
Passwords for candy; Social engineering Humans are also the
strongest link The Aware Person System (APS) ICS culture shift is
very slow, but powerful Danger: untrained operators of powertools
can cause significant damage Increasing complexity = training
treadmillThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 17 19. Back
In The Good OldDays Pneumatic, electromechanical, analog Telephone
meant POTS or bat phone noVoIP No Internet Less automation Less
complexity Proprietary Long life spanThe National Electric Sector
Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program
18 20. ICS Gen-X Automation, more complexity Internet Protocol
(TCP/UDP/etc) Data, more data and even more data Processing power,
memory, bandwidth Interconnected business Migration from flat to
segmented networks COTS software and hardware Increasingly shorter
lifespansThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 19 21.
Millennium Systems Highly digital, highly complex Highly
interconnected, highly layered Bitflocking, dynamic emergent
behavior New protocols New interdependencies Homogenization
Innovation treadmill; constant lifespan fluxThe National Electric
Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec
Program 20 22. Current Landscape Regulatory compliance is stealing
the show Mixing legacy and bleeding edge tech is difficult Logical
distance between kinetic endpoint andHMI is exponentially
increasing;hyperembeddedness Many vendors are forced to put
features aheadof security due to market conditions Researchers and
hackers know all of this andmore Sufficient motive, means and
opportunity exist toThe National Electric Sector Cybersecurity
Organizationtake the threat seriously(NESCO) is a DOE-funded
EnergySec Program 21 23. NATIONAL ELECTRIC
SECTORCYBERSECURITYORGANIZATION 24. History 7/2004: EnergySec
founded as E-Sec NW 1/2008: SANS Information Sharing Award 12/2008:
Incorporated as EnergySec 10/2009: 501(c)(3) nonprofit
determination 4/2010: EnergySec applied for NationalElectric Sector
Cybersecurity Organization(NESCO) FOA 7/2010: NESCO grant award
from DOE 10/2010: NESCO became operationalThe National Electric
Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec
Program23 25. What Is The NESCO? Mission: Lead a broad-based,
public-privatepartnership to improve electric sector energysystems
cyber security; become the security voiceof the electric industry
Goals: Identify and disseminate common, effective cyber
securitypractices Analyze, monitor and relay infrastructure threat
information Focus cybersecurity research and development priorities
Work with federal agencies to improve electric sector cybersecurity
Encourage key electric sector supplier and vendor support/
interactionThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 24 26.
Participant Statistics 651 members from 167 organizations US
Nameplate GenerationUS Residential Distribution74%60%The National
Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded
EnergySec Program 25 27. Holy Grail: Info Sharing Many asset owners
are already sharing Challenges: Increase and improve asset-owner
sharing Establish two-way sharing from the governmentand vendor
segments Connect/harmonize all of the existingcybersecurity efforts
and minimize duplication Turn the tide of negative perception on
industrysecurity postureThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program26 28. Connect
and SupportThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 27 29.
Public-Private Perceptions Government moves too slowly,
over-classifiesand narrowly distributes Industry cant protect the
shared information anddoesnt respond appropriately Lack of parity
in degree and quality ofinformation shared in both directions
Differing goals and motivation betweenGovernment and IndustryThe
National Electric Sector Cybersecurity Organization(NESCO) is a
DOE-funded EnergySec Program 28 30. How Does This Work? Sharing
requires trust Trust is built on relationships NESCO fosters
trustworthy relationships Bringing people together Flexible
technology options to extendand enhance relationships Organic
growth; birds of a featherThe National Electric Sector
Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program
29 31. NESCO Outreach NESCO outreach programs Annual Summit
(October 2011, San Diego) Town Hall Meetings (April 27, Austin)
Voice Of The Industry Meetings (everywhere) Interest Groups
(WorkforceDevelopment, Forensics, etc) Webinars, Briefings
Portal/Forums Email distribution lists Social mediaThe National
Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded
EnergySec Program 30 32. NESCO Technology Email distribution lists
Secure portal with forums Secure instant messaging Rapid
notification mechanisms Web collaboration Resource repository* Most
technologies have non-attribution (anonymous)optionsThe National
Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded
EnergySec Program 31 33. Resource Repository Code snippets
IDS/attack signatures Audit templates Reference architectures
System configurations Policy, process, procedure templates
Compliance practices And moreThe National Electric Sector
Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program
32 34. Industry Collaboration What works, what doesnt Informal
benchmarking Situational (tactical) awareness Threat and
vulnerability analysis Shared/crowd-sourced resources (repository)
MentoringThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program 33 35. Case
Study: Tactical Aid Over the weekend between 13:00 - 15:00 and19:00
- 20:00 PST we saw significant portscanning of our edge,
originating from;60.29.244.11 Great discussion of port scanning
threats Many follow up posts with yes/no indicators Dumps of all
activity from source addressThe National Electric Sector
Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program
34 36. Case Study: Night Dragon 2.9.11:1400 - McAfee reached out to
NESCO withpre-release draft of Night Dragon white paper 2.9.11:1747
- NESCO staff completed analysis,summarized paper and posted to
secure portal 2.10.11:0800 - NESCO & McAfee held jointtechnical
call with over 60 attendees across NA Dmitri Alperovitch, McAfees
VP Threat Research Technical talk, answered questions from members
2.10.11:1200 - McAfee executive public call NESCO utilities were
reviewing the report over sixhours prior to public releaseThe
National Electric Sector Cybersecurity Organization(NESCO) is a
DOE-funded EnergySec Program 35 37. Case Study: DOE Request DOE was
interested in getting informal "boots onthe ground feedback quickly
Question: Does an FBI report about a terroristtargeting various
critical assets help strengthen thecase for your organization to
further improve physicalor cyber security? Does it help the
business case? NESCO was able to collect responses
withoutattribution and submit a response to DOE in amatter of a few
days DOE stated that this rapid method for informalquestions and
answers is very valuable to themThe National Electric Sector
Cybersecurity Organization(NESCO) is a DOE-funded EnergySec
Program36 38. Case Study: Compliance Much initial confusion and
uncertainty aroundRegional compliance audits What is the auditor
disposition? What was the depth and breadth of questions? What did
they cover? What failed and what succeeded? Conference calls with
entities willing to share Real stories of audits were shared Real
documentation was sharedThe National Electric Sector Cybersecurity
Organization(NESCO) is a DOE-funded EnergySec Program37 39. NESCO
Summary Unique non-profit, independent, public-privateinformation
sharing organization Focused on building trust through
relationships Security collaboration, facilitation and sharinghub
Flexible technology facilitates and catalyzesinformation and
resource sharing efforts Security voice of the electric sector
Supports existing successful programsThe National Electric Sector
Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program
38 40. Questions?Non-profit. Independent. Trusted.Patrick C Miller,
President and CEO [email protected] 503-446-1212The National
Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded
EnergySec Program39
