Critical Infrastructure and Industrial Automation OT Security · PDF fileCritical...

©2016 Check Point Software Technologies Ltd. 1

Critical Infrastructure and Industrial Automation OT Security


Industrial Control Systems (ICS)/SCADA are All Around Us

… and we rely on it every day for our basic functions and needs.

Industrial Automation Traffic Control First Responder Dispatch

Water Treatment Power Transportation


Facts and Reality

©2016 Check Point Software Technologies Ltd.

Dec 2015 Blackout across western Ukraine due to BlackEnergy Spear Phishing

malware attack (And again on January 19th)

Dec 2014 German Steel Mill was hacked by Spear Phishing – Massive damage to

the factory

March 2016 Hackers breached a water utility’s control system and changed the levels

of chemicals being used to treat tap water (Kemuri Water Company)


ICS-CERT 2015 Summary: United States Critical Infrastructure Increasingly Targeted

Cyber Security Breaches

Most Common Method of Attack

The Most Targeted Sectors

Spear Phishing Manufacturing, then Energy

20% increase

ICS-CERT: These attacks were enabled by insufficiently

architected ICS networks


WHO ARE THE

ATTACKERS? EXAMPLES OF

INDUSTRY ATTACKS

OVER THE

PAST YEARS

Activists Operation Green Rights

Insiders Maroochy County Sewage

Teenagers Lodz Tram

Energetic Bear, Stuxnet

State Actors



Why Are These Attacks Possible?

Legacy System Default Configuration

Less/No Updates Less/No Encryption

Policies & Procedures

Less/No Segmentation

Latency Concerns

https://youtu.be/k3A_pzCUwRA?t=27s


Attack Vectors Reaching the OT Network

Guest Networks Unprotected Sockets

Software Vulnerabilities

Removable Media

Email Phishing and Attachments

Remote Technicians


How Can a Critical Infrastructure be attacked?

• Identify the target – google it

• Find employees – LinkedIn

Find position

Find Automation vendor of choice

• Find vendor solution Look for known vulnerabilities

• Select Attack vector

Spear Phishing

USB

Other

• Deliver the malicious payload

• Carry out the attack

Reconnaissance

Weaponization + Attack

©2016 Check Point Software Technologies Ltd. 9 Source: ComputerWeekly.com

Raymond unsuspectingly opens the attached file

A seemingly innocent mail from a familiar customer


Malware starts spreading laterally moving to OT Malware installed in SCADA network awaiting for execution

command

Raymond's computer is infected with malware WITHIN SECONDS

WITHIN MINUTES

WITHIN HOURS


Or maybe a simple USB stick


HOW CAN WE SECURELY

AND RELIABLY

STAY AHEAD?


Best Practices for Securing OT

Secure Both

OT and IT

Environments

Protect IT with Advanced Threat

Prevention Technologies

Clear Segmentation between OT and IT/Internet

Deploy Specialized ICS/SCADA Security Technologies


Endpoint Security – In both IT and OT


SANDBLAST

Local Server

SandBlast – Sandbox Emulation and Extraction

Files sent to

SandBlast local

server (or cloud) 1 Sanitized version

delivered promptly 2 Original file emulated

in the background 3


Security Solutions

for Industrial Control Systems/SCADA

CHECK POINT’S

C Y B E R D E F E N S E

Visibility and

Granular Control of

ICS/SCADA Traffic

SCADA-Aware

Threat Prevention

Ruggedized

Appliances for

Harsh

Environments


Real Time SCADA Network monitoring

Field Devices

Industrial Control Systems (PLC)

Sensor Data Pressure Flow Temp. Voltage State

Analyze the

Network Traffic

Control Network

Control Center

Network

Traffic

SCADA

Historian

Control


Most Extensive Support of SCADA/ICS-Specific Protocols

Over 800 SCADA commands

in Check Point Application Control

Modbus MMS

Siemens

Step7

IEC 60870-5-104

IEC 61850

ICCP

OPC

DA & UA

Profinet

BACnet

CIP

DNP3


Detailed forensics for

incident investigations

Granular level logging of SCADA traffic

DETAILED

GROUPED

ANALYZED

by

Check Point SMARTLOG &

SMARTEVENT


VIEWED

by

Check Point SMARTLOG &

SMARTEVENT

Full Report on SCADA Traffic

PROTOCOL DETAIL


Setting Policy/Rules based on Functions and Values

Allowed values and

ranges

Protocol

Command

(Function)

Active or Passive Policy


REPORTED

by

Check Point COMPLIANCE BLADE

Real-time assessment of

compliance with major regulations

Dedicated compliance and regulation monitoring

SCADA SPECIFIC COMPLIANCE CHECKS


Security Solutions


CHECK POINT’S


Visibility and

Granular Control of

ICS/SCADA Traffic

SCADA-Aware

Threat Prevention

Ruggedized

Appliances for

Harsh

Environments


Legacy Systems Are Often Unpatched

©2016 Check Point Software Technologies Ltd. 26 [Confidential] For designated groups and individuals

PROTECTED

by

Check Point

IPS

Virtual patching with over 300 dedicated IDS/IPS signatures

NSS Labs

Highest Rating

Stops exploits of known

vulnerabilities and detects

anomalous traffic


Security Solutions


CHECK POINT’S


Visibility and

Granular Control of

ICS/SCADA Traffic

SCADA-Aware

Threat Prevention

Ruggedized

Appliances for

Harsh

Environments


• Fully featured Check Point security gateway

• Compliant to the most rigid regulations:

IEC 61850-3 and IEEE 1613

• 6x1GbE ports and firewall throughput of 2Gbps

• Compact fan-less design with no moving parts; temperature

range from -40°C to 75°C

• Can be used in In-line or Tap (Mirror) modes

• Routing and networking (e.g: BGP, OSPF, IPsec, etc.)

Check Point 1200R New Purpose-Built Ruggedized Security Gateway Appliance


OT Security Blueprint Management Facility

Shop Floor Shop Floor

Control &

monitor

SCADA

Historian

SCADA

VPN

PLC1 PLC2 PLC3 PLC4

Main Control

Center

Control

Monitor

SmartEvent


Full IT-OT Convergence Blueprint

IT Network

ERP

Domain Server

LAN


Industrial Security Process

Define Baseline (Known / Unknown / Not Allowed)

Identify Deviations and Attacks

Alert / Prevent

Independently log all SCADA activity


CASE STUDIES


Central Site Substation

SCADA Server

Data Center

RTU

LAN MPLS

IED

RTU –

Substation

Controller

IEC-104/

DNP3

Backup Site

Smart Event

• Typical power utility security deployment in substations

• Single or cluster solution for combined OT and IT traffic

• SCADA security

Power Utilities — Substation Security

SCADA Server

Data Center

Smart Event


Renewable Energy – Wind Turbine Farms, Generg Portugal

Over 50 wind farms are segmented and secured by Check Point appliances with

IT and SCADA protection

Reasons to Choose Check Point:

• Support for both IT and OT traffic with

single management

• Our security gateways’ capabilities to inspect

SCADA protocols

• Support for SCADA protocols by all

Check Point appliances

“We chose Check Point for its technological leadership, reliability, reduced

learning curve, timely implementation, technical support and close

relationship with us.“ — Miguel Mateus, Director of IT and Communications


Waste Water Treatment Network Applicable in Oil and Gas (Off/On-Shore)

MODBUS

CIP

OPC

MODBUS

Data

Center

SCADA

Server

Smart Center

PLC PLC

PLC

PLC

• Security Motivation: New regulation for Critical Infrastructure

• Business Potential per Project: Thousands of sites

• Popularity: Every nation, region, City, Smart City

• Challenge and CHKP Advantage: Managing thousands of remote sites


Customized Visibility

Unified Policy

Everywhere Monitoring

UNIFIED IT and OT MANAGEMENT FOR BEST ROI AND OPTIMAL PROTECTION


Security Solutions


CHECK POINT’S


Visibility and

Granular Control of

ICS/SCADA Traffic

SCADA-Aware

Threat Prevention

Ruggedized

Appliances for

Harsh

Environments


Check Point Offering- End to End Security suite for IT and OT networks

ICS/SCADA Visibility, Virtual Patching and Rugged Appliance

Full OT to IT security segmentation

Large Scale Management – Market “Gold Standard” (Gartner)

©2016 Check Point Software Technologies Ltd. 39 ©2016 Check Point Software Technologies Ltd. ©2016 Check Point Software Technologies Ltd.

THANK YOU

Critical Infrastructure and Industrial Automation OT Security · PDF fileCritical...

Documents

Transcript of Critical Infrastructure and Industrial Automation OT Security · PDF fileCritical...