How are cyber security standards and technologies …...How are cyber security standards and...
Transcript of How are cyber security standards and technologies …...How are cyber security standards and...
![Page 1: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/1.jpg)
Standards
Certification
Education & Training
Publishing
Conferences & Exhibits
How are cyber security standards and technologies relevant to Drilling Control Systems?
![Page 2: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/2.jpg)
2
Presenter
Kenneth Frische (“frish”) has over 25 years experience in providing IT & OT Solutions to Oil & Gas, Pharma, Food & Beverage, Packaging, Chemical, Water/Wastewater, and Correctional Facilities.
From hands-on coding to management and consulting, Kenneth Frische has worn many hats to include: IT Director, Solutions Architect, Enterprise Architect, Project Manager, Req/Tech Spec Writer, and Programmer Lead.
His domain expertise includes Process Control Systems, HMI Systems Development, MES integration, Database Design, Business Intelligence, Business Process Improvement, and Data Warehousing.
Kenneth Frische currently provides risk assessment services, cyber security consulting, and ISA IC32 Training as a member of the Cyber Security Services department at aeSolutions. [email protected]
Industrial Cyber Security Principal CISSP, C|EH, PMP, MBA, SS DBA, Agile ScrumMaster
![Page 3: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/3.jpg)
How are cyber security standards and technologies relevant to Drilling Control Systems?
This presentation is focused on providing a high level understanding of the ISA cyber security standards and how they may be applied to the process control and safety systems relevant to drilling control systems.
Discussion will include the following: • ISA Standards • Increased Automation and Real-world Threats • Risk Assessments • Mitigation Techniques • New Technologies and Interoperability
3
NIST to ISA
![Page 4: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/4.jpg)
Agenda
• ISA Standards • Increased Automation and Real-world Threats • Risk Assessments • Mitigation Techniques • New Technologies and Interoperability
4
-‐-‐-‐ Once size does not fit all -‐-‐-‐-‐
![Page 5: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/5.jpg)
NIST Framework Core Common Categories for Critical Infrastructure
Source: Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, 2014
![Page 6: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/6.jpg)
6
ISA Standards Best Practice Guides for Compliance Measurement, Risk Measurement, and Risk Mitigation
![Page 7: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/7.jpg)
NIST Framework Core - Sample
Source: Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, 2014
![Page 8: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/8.jpg)
Your operations are a target ….do you mind?
8
• July 2012: Hacker group Anonymous said it had successfully hacked into the servers of five oil and gas
companies operaTng in the ArcTc posTng hundreds of company email addresses and passwords online.
…acted in support of environmental organizaTon Greenpeace and that organizaTon's drive to cease oil and gas drilling on the ArcTc shelf.
…. The companies affected by the hack included Shell, BP Global, ExxonMobil, Gazprom and Rosne[.
• Aug 2012: Aramco Shamoon Work Hack: 30,000 infected; 20,000 PCs had data deleTon
• Aug 2014: Ongoing hack operaTons Oil & Gas worldwide
![Page 9: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/9.jpg)
Top Successful Approaches to Infect your System(s)
1. User Pull: Trojan via file download 2. User Pull: Trojan via USB or use of other ports by personal devices 3. User Pull: Script inserTon (cross site scripTng) from visiTng web site
4. Hacker Push: Web Site Vulnerability (modify for script inserTon on User Pull) 5. Hacker Push: Web Site/App Vulnerability (use SQL inserTon to hack into system) 6. Hacker Push: Hack through Firewall (access internal devices/OS)
Typical Crack Sequence 1. Get access to one device: onsite or will be onsite
![Page 10: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/10.jpg)
• Enumerate local SAM • Determine Admin Level Users • Crack Passwords (9 chars, upper, lower, special, no Dic or keywords) • Elevate Privileges to Admin • Handicap Defenses • Embed Trojans and Hide • Install tools
Typical Crack Sequence 2. Establish Beach head
![Page 11: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/11.jpg)
• Sniff network • Develop Network Topology to determine targets
Typical Crack Sequence 3. InvesTgate Network
![Page 12: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/12.jpg)
Drilling OperaTons Focus • Directly access PLCs/Devices:
– WIT/WITSML, Profibus, Modbus, OPC, DDE, CIP, etc..
• Data CollecTon: – Proprietary Methods and Data
• ProducTon: – ManipulaTng Pressure for Blowout / Reservoir Failure
• Drilling: – HMI Display and Controls ManipulaTon – Pump Failure – Control Speed/Trigger ManipulaTon
IT Focus – Replicate and Establish Botnet: command and control of
many devices for later use (anack or proxy) – Harvest login/passwords: loggers with send – Spoofing or MITM: hijack sessions for immediate access to
secured systems – Access and steal sensiTve data – Use as Stepping Stone
Typical Crack Sequence 4. Use and Abuse
![Page 13: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/13.jpg)
Risk Assessments Cyber PHA Example
Example © aeSolutions 2014
![Page 14: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/14.jpg)
14
Mitigation Techniques Zones and Conduit Definition and Enforcement
![Page 15: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/15.jpg)
15
Old Tech and Interoperability WIT/WITSML, OPC, Profibus, CIP, Modbus, DDE, etc…
Motors – Dry Works (Cable, Spool,..) Motors – RotaTon Pumps Other: Blowers, Coolers, Brakes, …
![Page 16: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/16.jpg)
16
New Tech and Interoperability OPC UA – Authentication, Encryption, and Nomenclature
![Page 17: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/17.jpg)
17
New Tech and Interoperability SecureTwo-Way Comm
![Page 18: How are cyber security standards and technologies …...How are cyber security standards and technologies relevant to Drilling Control Systems? 2 Presenter Kenneth Frische (“frish”)](https://reader034.fdocuments.in/reader034/viewer/2022042803/5f4800ae2fbc641f810dfef3/html5/thumbnails/18.jpg)
18
Thank you for your time
mobile: 423.413.3520
Industrial Cyber Security Principal CISSP, C|EH, PMP, MBA, SS DBA, Agile ScrumMaster