Critical Infrastructure and Industrial Automation OT Security · PDF fileCritical...
-
Upload
hoangkhuong -
Category
Documents
-
view
247 -
download
2
Transcript of Critical Infrastructure and Industrial Automation OT Security · PDF fileCritical...
©2016 Check Point Software Technologies Ltd. 1
Critical Infrastructure and Industrial Automation OT Security
©2016 Check Point Software Technologies Ltd. 2
Industrial Control Systems (ICS)/SCADA are All Around Us
… and we rely on it every day for our basic functions and needs.
Industrial Automation Traffic Control First Responder Dispatch
Water Treatment Power Transportation
©2016 Check Point Software Technologies Ltd. 3
Facts and Reality
©2016 Check Point Software Technologies Ltd.
Dec 2015 Blackout across western Ukraine due to BlackEnergy Spear Phishing
malware attack (And again on January 19th)
Dec 2014 German Steel Mill was hacked by Spear Phishing – Massive damage to
the factory
March 2016 Hackers breached a water utility’s control system and changed the levels
of chemicals being used to treat tap water (Kemuri Water Company)
©2016 Check Point Software Technologies Ltd. 4
ICS-CERT 2015 Summary: United States Critical Infrastructure Increasingly Targeted
Cyber Security Breaches
Most Common Method of Attack
The Most Targeted Sectors
Spear Phishing Manufacturing, then Energy
20% increase
ICS-CERT: These attacks were enabled by insufficiently
architected ICS networks
©2016 Check Point Software Technologies Ltd. 5
WHO ARE THE
ATTACKERS? EXAMPLES OF
INDUSTRY ATTACKS
OVER THE
PAST YEARS
Activists Operation Green Rights
Insiders Maroochy County Sewage
Teenagers Lodz Tram
Energetic Bear, Stuxnet
State Actors
©2016 Check Point Software Technologies Ltd.
©2016 Check Point Software Technologies Ltd. 6
Why Are These Attacks Possible?
Legacy System Default Configuration
Less/No Updates Less/No Encryption
Policies & Procedures
Less/No Segmentation
Latency Concerns
©2016 Check Point Software Technologies Ltd. 7
Attack Vectors Reaching the OT Network
Guest Networks Unprotected Sockets
Software Vulnerabilities
Removable Media
Email Phishing and Attachments
Remote Technicians
©2016 Check Point Software Technologies Ltd. 8
How Can a Critical Infrastructure be attacked?
• Identify the target – google it
• Find employees – LinkedIn
Find position
Find Automation vendor of choice
• Find vendor solution Look for known vulnerabilities
• Select Attack vector
Spear Phishing
USB
Other
• Deliver the malicious payload
• Carry out the attack
Reconnaissance
Weaponization + Attack
©2016 Check Point Software Technologies Ltd. 9 Source: ComputerWeekly.com
Raymond unsuspectingly opens the attached file
A seemingly innocent mail from a familiar customer
©2016 Check Point Software Technologies Ltd. 10
Malware starts spreading laterally moving to OT Malware installed in SCADA network awaiting for execution
command
Raymond's computer is infected with malware WITHIN SECONDS
WITHIN MINUTES
WITHIN HOURS
©2016 Check Point Software Technologies Ltd. 11
Or maybe a simple USB stick
©2016 Check Point Software Technologies Ltd.
HOW CAN WE SECURELY
AND RELIABLY
STAY AHEAD?
©2016 Check Point Software Technologies Ltd. 13
Best Practices for Securing OT
Secure Both
OT and IT
Environments
Protect IT with Advanced Threat
Prevention Technologies
Clear Segmentation between OT and IT/Internet
Deploy Specialized ICS/SCADA Security Technologies
©2016 Check Point Software Technologies Ltd. 14
Endpoint Security – In both IT and OT
©2016 Check Point Software Technologies Ltd. 15
SANDBLAST
Local Server
SandBlast – Sandbox Emulation and Extraction
Files sent to
SandBlast local
server (or cloud) 1 Sanitized version
delivered promptly 2 Original file emulated
in the background 3
©2016 Check Point Software Technologies Ltd. 16
Security Solutions
for Industrial Control Systems/SCADA
CHECK POINT’S
C Y B E R D E F E N S E
Visibility and
Granular Control of
ICS/SCADA Traffic
SCADA-Aware
Threat Prevention
Ruggedized
Appliances for
Harsh
Environments
©2016 Check Point Software Technologies Ltd. 17
Real Time SCADA Network monitoring
Field Devices
Industrial Control Systems (PLC)
Sensor Data Pressure Flow Temp. Voltage State
Analyze the
Network Traffic
Control Network
Control Center
Network
Traffic
SCADA
Historian
Control
©2016 Check Point Software Technologies Ltd. 18
Most Extensive Support of SCADA/ICS-Specific Protocols
Over 800 SCADA commands
in Check Point Application Control
Modbus MMS
Siemens
Step7
IEC 60870-5-104
IEC 61850
ICCP
OPC
DA & UA
Profinet
BACnet
CIP
DNP3
©2016 Check Point Software Technologies Ltd. 19
Detailed forensics for
incident investigations
Granular level logging of SCADA traffic
DETAILED
GROUPED
ANALYZED
by
Check Point SMARTLOG &
SMARTEVENT
©2016 Check Point Software Technologies Ltd. 20
VIEWED
by
Check Point SMARTLOG &
SMARTEVENT
Full Report on SCADA Traffic
PROTOCOL DETAIL
©2016 Check Point Software Technologies Ltd. 22
Setting Policy/Rules based on Functions and Values
Allowed values and
ranges
Protocol
Command
(Function)
Active or Passive Policy
©2016 Check Point Software Technologies Ltd. 23
REPORTED
by
Check Point COMPLIANCE BLADE
Real-time assessment of
compliance with major regulations
Dedicated compliance and regulation monitoring
SCADA SPECIFIC COMPLIANCE CHECKS
©2016 Check Point Software Technologies Ltd. 24
Security Solutions
for Industrial Control Systems/SCADA
CHECK POINT’S
C Y B E R D E F E N S E
Visibility and
Granular Control of
ICS/SCADA Traffic
SCADA-Aware
Threat Prevention
Ruggedized
Appliances for
Harsh
Environments
©2016 Check Point Software Technologies Ltd. 25
Legacy Systems Are Often Unpatched
©2016 Check Point Software Technologies Ltd. 26 [Confidential] For designated groups and individuals
PROTECTED
by
Check Point
IPS
Virtual patching with over 300 dedicated IDS/IPS signatures
NSS Labs
Highest Rating
Stops exploits of known
vulnerabilities and detects
anomalous traffic
©2016 Check Point Software Technologies Ltd. 27
Security Solutions
for Industrial Control Systems/SCADA
CHECK POINT’S
C Y B E R D E F E N S E
Visibility and
Granular Control of
ICS/SCADA Traffic
SCADA-Aware
Threat Prevention
Ruggedized
Appliances for
Harsh
Environments
©2016 Check Point Software Technologies Ltd. 28
• Fully featured Check Point security gateway
• Compliant to the most rigid regulations:
IEC 61850-3 and IEEE 1613
• 6x1GbE ports and firewall throughput of 2Gbps
• Compact fan-less design with no moving parts; temperature
range from -40°C to 75°C
• Can be used in In-line or Tap (Mirror) modes
• Routing and networking (e.g: BGP, OSPF, IPsec, etc.)
Check Point 1200R New Purpose-Built Ruggedized Security Gateway Appliance
©2016 Check Point Software Technologies Ltd. 29
OT Security Blueprint Management Facility
Shop Floor Shop Floor
Control &
monitor
SCADA
Historian
SCADA
VPN
PLC1 PLC2 PLC3 PLC4
Main Control
Center
Control
Monitor
SmartEvent
©2016 Check Point Software Technologies Ltd. 30
Full IT-OT Convergence Blueprint
IT Network
ERP
Domain Server
LAN
©2016 Check Point Software Technologies Ltd. 31
Industrial Security Process
Define Baseline (Known / Unknown / Not Allowed)
Identify Deviations and Attacks
Alert / Prevent
Independently log all SCADA activity
©2016 Check Point Software Technologies Ltd.
CASE STUDIES
©2016 Check Point Software Technologies Ltd. 33
Central Site Substation
SCADA Server
Data Center
RTU
LAN MPLS
IED
RTU –
Substation
Controller
IEC-104/
DNP3
Backup Site
Smart Event
• Typical power utility security deployment in substations
• Single or cluster solution for combined OT and IT traffic
• SCADA security
Power Utilities — Substation Security
SCADA Server
Data Center
Smart Event
©2016 Check Point Software Technologies Ltd. 34
Renewable Energy – Wind Turbine Farms, Generg Portugal
Over 50 wind farms are segmented and secured by Check Point appliances with
IT and SCADA protection
Reasons to Choose Check Point:
• Support for both IT and OT traffic with
single management
• Our security gateways’ capabilities to inspect
SCADA protocols
• Support for SCADA protocols by all
Check Point appliances
“We chose Check Point for its technological leadership, reliability, reduced
learning curve, timely implementation, technical support and close
relationship with us.“ — Miguel Mateus, Director of IT and Communications
©2016 Check Point Software Technologies Ltd. 35
Waste Water Treatment Network Applicable in Oil and Gas (Off/On-Shore)
MODBUS
CIP
OPC
MODBUS
Data
Center
SCADA
Server
Smart Center
PLC PLC
PLC
PLC
• Security Motivation: New regulation for Critical Infrastructure
• Business Potential per Project: Thousands of sites
• Popularity: Every nation, region, City, Smart City
• Challenge and CHKP Advantage: Managing thousands of remote sites
©2016 Check Point Software Technologies Ltd. 36
Customized Visibility
Unified Policy
Everywhere Monitoring
UNIFIED IT and OT MANAGEMENT FOR BEST ROI AND OPTIMAL PROTECTION
©2016 Check Point Software Technologies Ltd. 37
Security Solutions
for Industrial Control Systems/SCADA
CHECK POINT’S
C Y B E R D E F E N S E
Visibility and
Granular Control of
ICS/SCADA Traffic
SCADA-Aware
Threat Prevention
Ruggedized
Appliances for
Harsh
Environments
©2016 Check Point Software Technologies Ltd. 38
Check Point Offering- End to End Security suite for IT and OT networks
ICS/SCADA Visibility, Virtual Patching and Rugged Appliance
Full OT to IT security segmentation
Large Scale Management – Market “Gold Standard” (Gartner)
©2016 Check Point Software Technologies Ltd. 39 ©2016 Check Point Software Technologies Ltd. ©2016 Check Point Software Technologies Ltd.
THANK YOU